sen-material: slides/slides04.tex@16cbb47ce0b9 (annotated)

41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	2	\usepackage{../slides}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	3	\usepackage{../graphics}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	4	\usepackage{../langs}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usetikzlibrary{arrows}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usetikzlibrary{shapes}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	8	\setmonofont[Scale=.88]{Consolas}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	9	\newfontfamily{\consolas}{Consolas}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	11	\hfuzz=220pt
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	12
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	% beamer stuff
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	14	\renewcommand{\slidecaption}{APP 04, King's College London}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	15	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	16
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\begin{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	20	\begin{frame}[t]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\frametitle{%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	\begin{tabular}{@ {}c@ {}}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\\
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	24	\LARGE Access Control and \\[-3mm]
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	25	\LARGE Privacy Policies (4)\\[-6mm]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	26	\end{tabular}}\bigskip\bigskip\bigskip
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	27
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\normalsize
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\begin{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	\begin{tabular}{ll}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	31	Email: & christian.urban at kcl.ac.uk\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	32	Office: & S1.27 (1st floor Strand Building)\\
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	33	Slides: & KEATS (also home work is there)\\
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	\end{tabular}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	35	\end{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	36
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	37	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	38	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	39
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	41	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	42	\frametitle{Survey: Thanks!}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	43	\small
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	44
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	45	\begin{itemize}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	46	\item ``Would be good, if you provide more detailed explanations. I feel
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	47	your slides are not as structured as they could be.''
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	48	\item ``Please consider reference book chapters to cover core subject
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	49	areas.''\pause
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	50	\item ``The homework questions don't come directly from the
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	51	slides. So must go look things up.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	52	\item ``Could you please put the homework answers online, perhaps
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	53	just before the exam. That's late enough where we should have done
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	54	it and if not, we're screwed already then.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	55	\item ``Could you provide a brief basic answers to sheets for reference
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	56	and not to be relied on.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	57	\end{itemize}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	58
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	59	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	60	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	61
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	62	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	63	\begin{frame}[c]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	64
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	65	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	66	\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	67	last week: buffer overflow attacks
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	68	\end{center}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	69
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	70	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	71	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	72
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	73	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	74	\begin{frame}[fragile]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	75	\frametitle{D-Link Wifi Router, BOA}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	76	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	77
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	78	As a proof-of-concept, the following URL allows
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	79	attackers to control the return value saved on
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	80	the stack (the vulnerability is triggered when
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	81	executing \pcode{"/usr/sbin/widget"}):
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	82
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	83	\begin{center}\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	84	\pcode{curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	85	\end{center}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	86
121 01f7e799e6ce added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 120 diff changeset	87	The value of the "hash" HTTP GET parameter consists of
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	88	292 occurrences of the \pcode{'A'} character, followed by four
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	89	occurrences of character \pcode{'B'}. In our lab setup, characters
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	90	\pcode{'B'} overwrite the saved program counter (\pcode{\%ra}).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	91
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	92
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	93	\begin{tabular}{@{}ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	94	Discovery date: & 06/03/2013\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	95	Release date: & 02/08/2013
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	96	\end{tabular}\bigskip
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	97
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	98
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	99	\footnotesize
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	100	\hfill\url{http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	101	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	102	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	103
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	104	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	105	\begin{frame}[fragile]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	106	\frametitle{D-Link Backdoors}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	107
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	108	D-Link router flaw lets anyone login through "Joel's Backdoor":\medskip
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	109
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	110	\begin{quote}\rm\small
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	111	If you tell your browser to identify itself as Joel's backdoor, instead of (say)
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	112	as Mozilla/5.0 AppleWebKit/536.30.1 Version/6.0.5, you're in without authentication.\medskip
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	113
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	114	"What is this string," I hear you ask?
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	115
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	116	You will laugh: it is\pause
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	117
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	118	\begin{center}\large
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	119	\pcode{xmlset_roodkcableoj28840ybtide}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	120	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	121	\end{quote}\bigskip\bigskip
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	122
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	123	\hfill\footnotesize October 15, 2013\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	124	\hfill\footnotesize\url{http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	125
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	126	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	127	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	128
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	129	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	130	\begin{frame}[fragile]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	131
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	132	CVE-2014-0476 \pcode{chkrootkit} vulnerability 4 Jun'14\medskip
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	133
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	134	\begin{quote}\rm\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	135	Hi,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	136
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	137	we just found a serious vulnerability in the chkrootkit package, which
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	138	may allow local attackers to gain root access to a box in certain
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	139	configurations (\pcode{/tmp} not mounted noexec). Steps to reproduce:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	140
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	141	\begin{itemize}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	142	\item Put an executable file named \pcode{update} with non-root owner in
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	143	\pcode{/tmp} (not mounted noexec, obviously)
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	144	\item Run chkrootkit (as uid \pcode{0})
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	145	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	146
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	147	Result: The file \pcode{/tmp/update} will be executed as root, thus effectively
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	148	rooting your box, if malicious content is placed inside the file.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	149
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	150	If an attacker knows you are periodically running chkrootkit (like in
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	151	\pcode{cron.daily}) and has write access to \pcode{/tmp} (not mounted noexec), he may
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	152	easily take advantage of this.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	153	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	154	\mbox{}\\[-10mm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	155
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	156	\hfill\footnotesize\url{http://seclists.org/oss-sec/2014/q2/430}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	157
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	158	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	159	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	160
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	161	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	162	\begin{frame}[c]
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	163	\frametitle{Access Control in Unix}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	164
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	165	\begin{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	166	\item access control provided by the OS
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	167	\item authenticate principals
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	168	\item mediate access to files, ports, processes etc according to
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	169	\alert{roles} (user ids)\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	170	\item roles get attached with privileges\bigskip\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	171
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	172	\hspace{8mm}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	173	\begin{bubble}[8cm]
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	174	\alert{principle of least privilege:}\\
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	175	users and programs should only have as much privilege as they need to
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	176	accomplish a task
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	177	\end{bubble}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	178	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	179
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	180	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	181	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	182
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	183	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	184	\mode<presentation>{
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	185	\begin{frame}[c]
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	186	\frametitle{Access Control in Unix (2)}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	187
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	188
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	189	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	190	\item privileges are specified by file access permissions (``everything is a file'')\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	191	\item there are 9 (plus 2) bits that specify the permissions of a file
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	192
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	193	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	194	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	195	\texttt{\$ ls -la}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	196	\texttt{-rwxrw-r-{}- \hspace{3mm} foo\_file.txt}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	197	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	198	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	199	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	200
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	201	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	202	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	203
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	204	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	205	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	206	\frametitle{Login Process}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	207
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	208
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	209	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	210	\item login processes run under UID $=$ \pcode{0}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	211	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	212	\texttt{ps -axl \| grep login}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	213	\end{center}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	214
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	215	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	216	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	217	\texttt{id cu}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	218	\end{center}\medskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	219
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	220	\item non-root users are not allowed to change the UID --- would break
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	221	access control
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	222	\item but needed for example for accessing \texttt{passwd}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	223	\end{itemize}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	224
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	225	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	226	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	227
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	228	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	229	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	230	\frametitle{Setuid and Setgid}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	231
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	232	The solution is that Unix file permissions are 9 + \underline{2 Bits}:
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	233	\alert{Setuid} and \alert{Setgid} bits
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	234
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	235	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	236	\item When a file with setuid is executed, the resulting process will
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	237	assume the UID given to the \underline{owner} of the file.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	238	\item This enables users to create processes as root (or another
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	239	user).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	240
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	241	\item Essential for changing passwords, for example.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	242	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	243
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	244	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	245	\texttt{chmod 4755 fobar\_file}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	246	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	247
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	248	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	249	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	250
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	251	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	252	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	253	\frametitle{\Large Discretionary Access Control}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	254
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	255	\begin{itemize}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	256	\item Access to objects (files, directories, devices, etc.) is
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	257	permitted based on user identity. Each object is owned by a
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	258	user. Owners can specify freely (at their discretion) how they want to
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	259	share their objects with other users, by specifying which other users
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	260	can have which form of access to their objects.\medskip
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	261
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	262	\item Discretionary access control is implemented on any modern multi-user
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	263	OS (Unix, Windows NT, etc.).
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	264	\end{itemize}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	265
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	266	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	267	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	268
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	269	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	270	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	271	\frametitle{\Large Mandatory Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	272
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	273	\begin{itemize}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	274	\item Access to objects is controlled by a system-wide policy, for
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	275	example to prevent certain flows of information. In some forms, the
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	276	system maintains security labels for both objects and subjects
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	277	(processes, users) based on which access is granted or
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	278	denied. Labels can change as the result of an access. Security
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	279	policies are enforced without the cooperation of users or
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	280	programs.\medskip
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	281
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	282	\item This is implemented in banking or military operating system
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	283	versions (SELinux).
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	284	\end{itemize}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	285
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	286	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	287	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	288
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	289	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	290	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	291	\frametitle{\Large Discretionary Access Control}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	292
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	293	In its most generic form usually given by an \alert{Access Control
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	294	Matrix} of the form
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	295
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	296	\begin{center}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	297	\begin{tabular}{r\|c\|c\|c}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	298	& /mail/jane & edit.exe & postfix \\\hline
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	299	jane & r, w & r, x & r, x\\\hline
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	300	john & $\varnothing$ & r, w, x& r, x\\\hline
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	301	postfix & a & $\varnothing$ & r, x\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	302	\end{tabular}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	303	\end{center}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	304
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	305	access privileges: {\bf r}ead, {\bf w}rite, e{\bf x}ecute, {\bf a}ppend
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	306	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	307	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	308
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	309	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	310	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	311	\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	312
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	313	\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	314
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	315
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	316	\begin{center}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	317	\begin{tabular}{@{\hspace{-24mm}}ll}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	318	members of group staff: & ping, bob, emma\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	319	members of group students: & emma\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	320	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	321	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	322
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	323	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	324	\begin{tabular}{@{\hspace{-7mm}}r\|c\|c\|c\|c\|c@{}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	325	& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	326	ping & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	327	bob & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	328	emma & & & & &\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	329	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	330	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	331
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	332	\end{frame}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	333	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	334
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	335	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	336	\begin{frame}[c]
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	337	\frametitle{Mandatory Access Control}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	338	\small
45 24d08d7c582f added Christian Urban <urbanc@in.tum.de> parents: 44 diff changeset	339
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	340	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	341	\item Restrictions to allowed information flows are not decided at the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	342	user's discretion (as with Unix \pcode{chmod}), but instead enforced
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	343	by system policies.
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	344
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	345	\item Mandatory access control mechanisms are aimed in particular at
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	346	preventing policy violations by untrusted programs, which typically
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	347	have at least the same access privileges as the invoking
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	348	user.\medskip\pause
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	349
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	350	Simple example: Air Gap Security. Uses a completely separate network
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	351	and computer hardware for different application classes.
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	352	\end{itemize}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	353
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	354	\end{frame}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	355	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	356
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	357
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	358	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	359	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	360	\frametitle{The Bell-LaPadula Model}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	361	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	362
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	363	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	364	\item Formal policy model for mandatory access control in a military
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	365	multi-level security environment. All subjects (processes, users,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	366	terminals, files, windows, connections) are labeled
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	367	with a confidentiality level, e.g.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	368	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	369	unclassified < confidential < secret < top secret
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	370	\end{center}\medskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	371
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	372	\item The system policy automatically prevents the flow of information
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	373	from high-level objects to lower levels. A process that reads top
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	374	secret data becomes tagged as top secret by the operating system, as
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	375	will be all files into which it writes afterwards.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	376	%Each user has a maximum allowed confidentiality level specified and
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	377	%cannot receive data beyond that level. A selected set of trusted
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	378	%subjects is allowed to bypass the restrictions, in order to permit
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	379	%the declassification of information.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	380	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	381
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	382	\end{frame}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	383	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	384
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	385	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	386	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	387	\frametitle{Bell-LaPadula}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	388	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	389
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	390	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	391	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	392	\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	393	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	394	\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	395
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	396	\item Meta-Rule: All principals in a system should have a sufficiently high security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	397	in order to access an object.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	398	\end{itemize}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	399
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	400	This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	401
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	402	Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	403
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	404	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	405	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	406
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	407	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	408	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	409	\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	410
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	411	\begin{bubble}[10cm]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	412	A principal should have as few privileges as possible to access a resource.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	413	\end{bubble}\bigskip\bigskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	414	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	415
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	416	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	417	\item Bob ($T\!S$) and Alice ($S$) want to communicate
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	418	\item[] $\Rightarrow$ Bob should lower his security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	419	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	420
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	421	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	422	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	423
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	424	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	425	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	426	\frametitle{Biba Policy}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	427	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	428
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	429	Data Integrity (rather than data confidentiality)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	430
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	431	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	432	\item Biba: {\bf `no read down'} - {\bf `no write up'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	433	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	434	\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	435	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	436	\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	437	\end{itemize}\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	438
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	439	E.g.~Firewalls: you can read from inside the firewall, but not from outside\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	440	Phishing: you can look at an approved PDF, but not one from a random email\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	441
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	442	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	443	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	444
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	445	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	446	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	447	\frametitle{Security Levels (2)}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	448
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	449	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	450	\item Bell-La Padula preserves data secrecy, but not data
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	451	integrity\bigskip\pause
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	452
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	453	\item Biba model is for data integrity
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	454
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	455	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	456	\item read: your own level and above
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	457	\item write: your own level and below
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	458	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	459	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	460
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	461	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	462	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	463
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	464	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	465	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	466	\frametitle{Shared Access Control}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	467
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	468	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	469	\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	470	\end{center}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	471
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	472	\begin{textblock}{11}(10.5,10.5)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	473	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	474	To take an action you\\[-1mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	475	need at least either:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	476	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	477	\item 1 CEO\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	478	\item 2 MDs, or\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	479	\item 3 Ds
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	480	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	481	\end{textblock}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	482
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	483	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	484	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	485
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	486	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	487	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	488	\frametitle{\Large Lessons from Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	489
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	490	Not just restricted to Unix:
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	491
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	492	\begin{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	493	\item if you have too many roles (i.e.~too finegrained AC), then
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	494	hierarchy is too complex\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	495	\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	496
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	497	\item you can still abuse the system\ldots\bigskip\pause
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	498
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	499	\item
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	500	policies (a finite system)\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	501	computer system (infinite)\medskip\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	502	Q: Does your policy ensure that a tainted file cannot affect your
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	503	core system files?
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	504
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	505	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	506
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	507	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	508	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	509
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	510	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	511	\begin{frame}[t]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	512	\frametitle{Protocols}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	513
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	514	\mbox{}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	515
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	516	\begin{tabular}{l}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	517	{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	518	\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	519	\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	520	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	521
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	522	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	523	\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	524	but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	525	\item<2-> indicates one ``protocol run'', or session, which specifies some
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	526	order in the communication
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	527	\item<2-> there can be several sessions in parallel (think of wifi routers)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	528	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	529
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	530	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	531	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	532
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	533	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	534	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	535	\frametitle{\Large Cryptographic Protocol Failures}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	536
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	537	Ross Anderson and Roger Needham wrote:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	538
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	539	\begin{quote}\rm
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	540	\alert{A lot of the recorded frauds were the result of this kind of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	541	blunder, or from management negligence pure and simple.} However,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	542	there have been a significant number of cases where the designers
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	543	protected the right things, used cryptographic algorithms which were
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	544	not broken, and yet found that their systems were still successfully
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	545	attacked.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	546	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	547
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	548	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	549	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	550
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	551	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	552	\begin{frame}<1-3>[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	553	\frametitle{Oyster Cards}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	554
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	555	\includegraphics[scale=0.4]{../pics/oysterc.jpg}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	556
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	557	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	558	\item good example of a bad protocol\\ (security by obscurity)\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	559	\item<3-> ``Breaching security on Oyster cards should not
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	560	allow unauthorised use for more than a day, as TfL promises to turn
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	561	off any cloned cards within 24 hours\ldots''
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	562	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	563
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	564	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	565	\begin{textblock}{12}(0.5,0.5)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	566	\begin{bubble}[11cm]\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	567	{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	568
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	569	The Mifare Classic is the most widely used contactless smartcard on the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	570	market. The stream cipher CRYPTO1 used by the Classic has recently been
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	571	reverse engineered and serious attacks have been proposed. The most serious
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	572	of them retrieves a secret key in under a second. In order to clone a card,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	573	previously proposed attacks require that the adversary either has access to
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	574	an eavesdropped communication session or executes a message-by-message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	575	man-in-the-middle attack between the victim and a legitimate
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	576	reader. Although this is already disastrous from a cryptographic point of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	577	view, system integrators maintain that these attacks cannot be performed
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	578	undetected.\smallskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	579
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	580	This paper proposes four attacks that can be executed by an adversary having
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	581	only wireless access to just a card (and not to a legitimate reader). The
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	582	most serious of them recovers a secret key in less than a second on ordinary
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	583	hardware. Besides the cryptographic weaknesses, we exploit other weaknesses
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	584	in the protocol stack. A vulnerability in the computation of parity bits
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	585	allows an adversary to establish a side channel. Another vulnerability
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	586	regarding nested authentications provides enough plaintext for a speedy
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	587	known-plaintext attack.\hfill{}(a paper from 2009)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	588	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	589	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	590
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	591	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	592	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	593
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	594	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	595	\begin{frame}<1->[t]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	596	\frametitle{Another Example}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	597
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	598	In an email from Ross Anderson\bigskip\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	599
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	600	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	601	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	602	Sender: cl-security-research-bounces@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	603	To: cl-security-research@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	604	Subject: Birmingham case\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	605	Date: Tue, 13 Aug 2013 15:13:17 +0100\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	606	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	607
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	608
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	609	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	610	\begin{textblock}{12}(0.5,0.8)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	611	\begin{bubble}[11cm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	612	\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	613	As you may know, Volkswagen got an injunction against the University of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	614	Birmingham suppressing the publication of the design of a weak cipher
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	615	used in the remote key entry systems in its recent-model cars. The paper
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	616	is being given today at Usenix, minus the cipher design.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	617
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	618	I've been contacted by Birmingham University's lawyers who seek to prove
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	619	that the cipher can be easily obtained anyway. They are looking for a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	620	student who will download the firmware from any newish VW, disassemble
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	621	it and look for the cipher. They'd prefer this to be done by a student
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	622	rather than by a professor to emphasise how easy it is.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	623
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	624	Volkswagen's argument was that the Birmingham people had reversed a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	625	locksmithing tool produced by a company in Vietnam, and since their key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	626	fob chip is claimed to be tamper-resistant, this must have involved a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	627	corrupt insider at VW or at its supplier Thales. Birmingham's argument
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	628	is that this is nonsense as the cipher is easy to get hold of. Their
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	629	lawyers feel this argument would come better from an independent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	630	outsider.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	631
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	632	Let me know if you're interested in having a go, and I'll put you in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	633	touch
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	634
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	635	Ross
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	636	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	637	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	638
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	639	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	640	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	641
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	642	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	643	\begin{frame}[c]
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	644	\frametitle{\Large Cryptographic Protocol Failures}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	645
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	646	Ross Anderson and Roger Needham wrote:\bigskip
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	647
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	648	\begin{quote}\rm
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	649	A lot of the recorded frauds were the result of this kind of blunder,
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	650	or from management negligence pure and simple. \alert{However, there
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	651	have been a significant number of cases where the designers
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	652	protected the right things, used cryptographic algorithms which were
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	653	not broken, and yet found that their systems were still successfully
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	654	attacked.}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	655	\end{quote}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	656
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	657	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	658	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	659
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	660
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	661	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	662	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	663	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	664	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	665
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	666
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	667	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	668
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	669	Passwords:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	670
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	671	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	672	\bl{$B \rightarrow A: K_{AB}$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	673	\end{center}\pause\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	674
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	675	Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	676	identity of \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	677
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	678	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	679	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	680
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	681	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	682	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	683	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	684	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	685
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	686	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	687
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	688	Simple Challenge Response:
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	689
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	690	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	691	\begin{tabular}{ll}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	692	\bl{$A \rightarrow B:$} & \bl{$N$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	693	\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	694	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	695	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	696
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	697
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	698	\end{frame}}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	699	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	700
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	701	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	702	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	703	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	704	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	705
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	706	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	707
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	708	Mutual Challenge Response:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	709
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	710	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	711	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	712	\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	713	\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	714	\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	715	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	716	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	717
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	718	%\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	719	%An attacker \bl{$E$} can launch an impersonation attack by
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	720	%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	721	%own challenges.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	722
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	723	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	724	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	725
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	726	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	727	\begin{frame}[c]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	728	\frametitle{Nonces}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	729
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	730	\begin{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	731	\item I generate a nonce (random number) and send it to you encrypted with a key we share
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	732	\item you increase it by one, encrypt it under a key I know and send
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	733	it back to me
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	734	\end{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	735
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	736
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	737	I can infer:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	738
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	739	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	740	\item you must have received my message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	741	\item you could only have generated your answer after I send you my initial
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	742	message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	743	\item if only you and me know the key, the message must have come from you
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	744	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	745
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	746	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	747	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	748
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	749	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	750	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	751	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	752
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	753	\begin{center}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	754	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	755	\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	756	\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{ab}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	757	\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	758	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	759	\end{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	760
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	761	The attack (let $A$ decrypt her own messages):
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	762
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	763	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	764	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	765	\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	766	\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	767	\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	768	\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	769	\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	770	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	771	\end{center}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	772
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	773	\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	774	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	775	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	776
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	777	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	778	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	779	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	780	\frametitle{Encryption to the Rescue?}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	781
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	782
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	783	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	784	\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	785	\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	786	\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	787	\end{itemize}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	788
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	789	means you need to send separate ``Hello'' signals (bad), or worse
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	790	share a single key between many entities
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	791	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	792	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	793
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	794	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	795	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	796	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	797	\frametitle{Protocol Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	798
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	799	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	800	\item replay attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	801	\item reflection attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	802	\item man-in-the-middle attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	803	\item timing attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	804	\item parallel session attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	805	\item binding attacks (public key protocols)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	806	\item changing environment / changing assumptions\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	807
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	808	\item (social engineering attacks)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	809	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	810	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	811	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	812
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	813
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	814	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	815	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	816	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	817	\frametitle{Public-Key Infrastructure}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	818
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	819	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	820	\item the idea is to have a certificate authority (CA)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	821	\item you go to the CA to identify yourself
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	822	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	823	\item CA must be trusted by everybody
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	824	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	825	explicitly limits liability to \$100.)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	826	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	827
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	828	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	829	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	830
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	831	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	832	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	833	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	834	\frametitle{Person-in-the-Middle}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	835
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	836	``Normal'' protocol run:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	837
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	838	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	839	\item \bl{$A$} sends public key to \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	840	\item \bl{$B$} sends public key to \bl{$A$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	841	\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	842	with its private key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	843	\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	844	with its private key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	845	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	846
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	847	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	848	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	849
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	850	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	851	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	852	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	853	\frametitle{Person-in-the-Middle}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	854
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	855	Attack:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	856
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	857	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	858	\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	859	\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	860	\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	861	with its private key, re-encrypts with \bl{$B$}'s public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	862	\item similar for other direction
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	863	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	864
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	865	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	866	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	867
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	868	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	869	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	870	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	871	\frametitle{Person-in-the-Middle}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	872
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	873	Prevention:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	874
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	875	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	876	\item \bl{$A$} sends public key to \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	877	\item \bl{$B$} sends public key to \bl{$A$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	878	\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	879	\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	880	\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	881	\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	882	\end{itemize}\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	883
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	884	\bl{$C$} would have to invent a totally new message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	885
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	886	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	887	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	888
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	889	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	890	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	891	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	892	\frametitle{Binding Attacks}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	893
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	894	with public-private keys it is important that the public key is \alert{bound}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	895	to the right owner (verified by a certification authority \bl{$CA$})
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	896
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	897	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	898	\begin{tabular}{l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	899	\bl{$A \rightarrow CA :$} \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	900	\bl{$CA \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{B}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	901	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	902	\end{center}\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	903
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	904	\bl{$A$} knows \bl{$K^{priv}_A$} and can verify the message came from \bl{$CA$}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	905	in response to \bl{$A$}'s message and trusts \bl{$K^{pub}_{B}$} is \bl{$B$}'s public key
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	906
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	907
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	908	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	909	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	910
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	911
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	912
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	913	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	914	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	915	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	916	\frametitle{Binding Attacks}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	917
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	918	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	919	\begin{tabular}{l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	920	\bl{$A \rightarrow I(CA) :$} \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	921	\bl{$I(A) \rightarrow CA :$} \bl{$A, I, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	922	\bl{$CA \rightarrow I(A) :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	923	\bl{$I(CA) \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	924	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	925	\end{center}\pause
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	926
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	927	\bl{$A$} now encrypts messages for \bl{$B$} with the public key of \bl{$I$}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	928	(which happily decrypts them with its private key)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	929
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	930	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	931	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	932
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	933
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	934	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	935	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	936	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	937	\frametitle{Replay Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	938
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	939	Schroeder-Needham protocol: exchange of a symmetric key with a trusted 3rd-party \bl{$S$}:
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	940
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	941	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	942	\begin{tabular}{r@ {\hspace{1mm}}l}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	943	\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	944	\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	945	\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	946	\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	947	\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	948	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	949	\end{center}\bigskip\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	950
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	951	at the end of the protocol both \bl{$A$} and \bl{$B$} should be in the possession of the secret key
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	952	\bl{$K_{AB}$} and know that the other principal has the key
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	953
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	954	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	955	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	956
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	957
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	958	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	959	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	960	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	961
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	962	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	963	\begin{tabular}{l}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	964	\bl{$A \rightarrow S :$} \bl{$A, B, N_A$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	965	\bl{$S \rightarrow A :$} \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	966	\bl{$A \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	967	\bl{$B \rightarrow A :$} \bl{$\{N_B\}_{K_{AB}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	968	\bl{$A \rightarrow B :$} \bl{$\{N_B-1\}_{K_{AB}}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	969	\hspace{5cm}compromise \bl{$K_{AB}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	970	\bl{$A \rightarrow S :$} \bl{$A, B, N'_A$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	971	\bl{$S \rightarrow A :$} \bl{$\{N'_A, B, K'_{AB},\{K'_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	972	\bl{$I(A) \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\hspace{0.5cm} replay of older run\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	973	\bl{$B \rightarrow I(A) :$} \bl{$\{N'_B\}_{K_{AB}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	974	\bl{$I(A) \rightarrow B :$} \bl{$\{N'_B-1\}_{K_{AB}}$}\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	975	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	976	\end{center}\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	977
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	978	\bl{$B$} believes it is following the correct protocol,
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	979	intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	980	talks to \bl{$B$} masquerading as \bl{$A$}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	981	\end{frame}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	982	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	983
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	984	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	985	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	986	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	987	\frametitle{Time-Stamps}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	988
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	989	The Schroeder-Needham protocol can be fixed by including a time-stamp (e.g., in Kerberos):
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	990
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	991	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	992	\begin{tabular}{r@ {\hspace{1mm}}l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	993	\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	994	\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	995	\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	996	\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	997	\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	998	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	999	\end{center}\bigskip\pause
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1000
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1001	but nothing is for free: then you need to synchronise time and possibly become a victim to
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1002	timing attacks
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1003
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1004	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1005	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1006
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1007	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1008	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1009	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1010
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1011	A Man-in-the-middle attack in real life:
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1012
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1013	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1014	\item the card only says yes to the terminal if the PIN is correct
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1015	\item trick the card in thinking transaction is verified by signature
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1016	\item trick the terminal in thinking the transaction was verified by PIN
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1017	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1018
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1019	\begin{minipage}{1.1\textwidth}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1020	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1021	\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1022	\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1023	\end{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1024	\end{minipage}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1025
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1026	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1027	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1028
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1029	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1030	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1031	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1032	\frametitle{Problems with EMV}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1033
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1034	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1035	\item it is a wrapper for many protocols
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1036	\item specification by consensus (resulted unmanageable complexity)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1037	\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1038	further parts are secret
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1039	\item other attacks have been found
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1040	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1041
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1042	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1043	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1044
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1045
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1046	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1047	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1048	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1049	\frametitle{\begin{tabular}{@{}c@{}}Problems with WEP (Wifi)\end{tabular}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1050
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1051	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1052	\item a standard ratified in 1999
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1053	\item the protocol was designed by a committee not including cryptographers
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1054	\item it used the RC4 encryption algorithm which is a stream cipher requiring a unique nonce
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1055	\item WEP did not allocate enough bits for the nonce
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1056	\item for authenticating packets it used CRC checksum which can be easily broken
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1057	\item the network password was used to directly encrypt packages (instead of a key negotiation protocol)\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1058	\item encryption was turned off by default
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1059	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1060
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1061	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1062	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1063
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1064
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1065	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1066	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1067	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1068	\frametitle{Protocols are Difficult}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1069
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1070	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1071	\item even the systems designed by experts regularly fail\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1072	\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1073	\item the one who can fix a system should also be liable for the losses\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1074	\item cryptography is often not {\bf the} answer\bigskip\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1075	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1076
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1077	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1078	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1079
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1080	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1081	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1082	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1083	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1084
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1085	{\bf Principle 1:} Every message should say what it means: the interpretation of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1086	a message should not depend on the context.\bigskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1087
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1088	{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1089	to mention the principal’s name explicitly in the message (though difficult).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1090
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1091
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1092	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1093	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1094
43 de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1095	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1096	\mode<presentation>{
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1097	\begin{frame}[c]
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1098
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1099	{\bf Principle 3:} Be clear about why encryption is being
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1100	done. Encryption is not cheap, and not asking precisely why it is
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1101	being done can lead to redundancy. Encryption is not synonymous with
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1102	security.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1103
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1104	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1105	Possible Uses of Encryption
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1106
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1107	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1108	\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1109	\item Guarantee authenticity: The partner is indeed some particular principal.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1110	\item Guarantee confidentiality and authenticity: binds two parts of a message ---
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1111	\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1112	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1113	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1114
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1115
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1116
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1117	\end{frame}}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1118	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1119
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1120	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1121	\mode<presentation>{
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1122	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1123	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1124
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1125	{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1126
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1127
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1128	Example Certification Authorities: CAs are trusted to certify a key only after proper steps
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1129	have been taken to identify the principal that owns it.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1130
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1131	\end{frame}}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1132	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1133
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1134	\end{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1135
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1136	%%% Local Variables:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1137	%%% mode: latex
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1138	%%% TeX-master: t
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1139	%%% End:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1140

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sat, 18 Oct 2014 02:17:51 +0100
changeset 246	16cbb47ce0b9
parent 244	9fc6ec22ad82
child 252	fa151c0a3cf4
permissions	-rw-r--r--