| author | Christian Urban <urbanc@in.tum.de> |
| Wed, 08 Mar 2017 00:11:49 +0000 | |
| changeset 512 | 174cc952ad36 |
| parent 484 | ddcc4ef4f82c |
| child 518 | e1fcfba63a31 |
| permissions | -rw-r--r-- |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
1 |
\PassOptionsToPackage{bookmarks=false}{hyperref}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
2 |
\documentclass[dvipsnames,14pt,t,hyperref={bookmarks=false}]{beamer}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
3 |
\usepackage{../style}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
4 |
\usepackage{../slides}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
5 |
\usepackage{../graphics}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
6 |
\usepackage{../langs}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
7 |
\usepackage{../data}
|
| 52 | 8 |
\usetikzlibrary{arrows}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
9 |
\usetikzlibrary{shapes}
|
| 52 | 10 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
11 |
\setmonofont[Scale=.88]{Consolas}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
12 |
\newfontfamily{\consolas}{Consolas}
|
| 52 | 13 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
14 |
\hfuzz=220pt |
| 52 | 15 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
16 |
% beamer stuff |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
17 |
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
18 |
\renewcommand{\slidecaption}{SEN 05, King's College London}
|
|
124
382aad582d8b
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
123
diff
changeset
|
19 |
|
| 52 | 20 |
|
21 |
\begin{document}
|
|
22 |
||
23 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
24 |
\begin{frame}[t]
|
| 52 | 25 |
\frametitle{%
|
26 |
\begin{tabular}{@ {}c@ {}}
|
|
27 |
\\ |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
28 |
\LARGE Security Engineering (5)\\[-3mm] |
| 52 | 29 |
\end{tabular}}\bigskip\bigskip\bigskip
|
30 |
||
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
31 |
\normalsize |
| 52 | 32 |
\begin{center}
|
33 |
\begin{tabular}{ll}
|
|
34 |
Email: & christian.urban at kcl.ac.uk\\ |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
35 |
Office: & S1.27 (1st floor Strand Building)\\ |
| 52 | 36 |
Slides: & KEATS (also homework is there)\\ |
37 |
\end{tabular}
|
|
38 |
\end{center}
|
|
39 |
||
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
40 |
\end{frame}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
41 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 42 |
|
43 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
44 |
\begin{frame}[c]
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
45 |
\frametitle{Protocols}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
46 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
47 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
48 |
\includegraphics[scale=0.11]{../pics/keyfob.jpg}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
49 |
\quad |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
50 |
\includegraphics[scale=0.3025]{../pics/startstop.jpg}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
51 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
52 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
53 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
54 |
\item Other examples: Wifi, Http-request, TCP-request, |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
55 |
card readers, RFID (passports)\ldots\medskip\pause |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
56 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
57 |
\item The point is that we cannot control the network: An attacker |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
58 |
can install a packet sniffer, inject packets, modify packets, |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
59 |
replay messages\ldots{}fake pretty much everything.
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
60 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
61 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
62 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
63 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
64 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
65 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
66 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
67 |
\frametitle{Keyless Car Transponders}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
68 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
69 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
70 |
\includegraphics[scale=0.1]{../pics/keyfob.jpg}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
71 |
\quad |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
72 |
\includegraphics[scale=0.27]{../pics/startstop.jpg}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
73 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
74 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
75 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
76 |
\item There are two security mechanisms: one remote central |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
77 |
locking system and one passive RFID tag (engine immobiliser). |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
78 |
\item How can I get in? How can thieves be kept out? |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
79 |
How to avoid MITM attacks? |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
80 |
\end{itemize}\medskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
81 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
82 |
\footnotesize |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
83 |
\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
84 |
\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
85 |
\hfill a Vehicle Immobilizer |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
86 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
87 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
88 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
89 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
90 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
91 |
\begin{frame}[c]
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
92 |
\frametitle{Problems with Key Fobs}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
93 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
94 |
\begin{columns}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
95 |
\begin{column}[T]{4cm}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
96 |
\includegraphics[scale=0.4]{../pics/car-standard.jpg}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
97 |
\end{column}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
98 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
99 |
\begin{column}[T]{6cm}\small
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
100 |
Circumventing the ignition protection: |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
101 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
102 |
\begin{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
103 |
\item either dismantling Megamos crypto, |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
104 |
\item or use the diagnostic port to program |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
105 |
blank keys |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
106 |
\end{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
107 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
108 |
\hspace{14mm}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
109 |
\includegraphics[scale=0.16]{../pics/Dismantling_Megamos_Crypto.png}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
110 |
\end{column}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
111 |
\end{columns}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
112 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
113 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
114 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
115 |
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
116 |
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
117 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
118 |
\begin{frame}[c]
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
119 |
\frametitle{HTTPS / GSM}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
120 |
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
121 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
122 |
\includegraphics[scale=0.25]{../pics/barclays.jpg}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
123 |
\quad |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
124 |
\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
125 |
\end{center}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
126 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
127 |
\begin{itemize}
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
128 |
\item I am sitting at Starbuck. How can I be sure I am really |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
129 |
visiting Barclays? I have no control of the access |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
130 |
point. |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
131 |
\item How can I achieve that a secret key is established in |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
132 |
order to encrypt my mobile conversation? I have no |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
133 |
control over the access points. |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
134 |
\end{itemize}
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
135 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
136 |
\end{frame}
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
137 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
138 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
139 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
140 |
\begin{frame}[c]
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
141 |
\frametitle{G20 Summit in 2009}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
142 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
143 |
\begin{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
144 |
\includegraphics[scale=0.1]{../pics/snowden.jpg}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
145 |
\end{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
146 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
147 |
\small |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
148 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
149 |
\item Snowden documents reveal ``that during the G20 |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
150 |
meetings\dots{}GCHQ used
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
151 |
`ground-breaking intelligence capabilities' to intercept |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
152 |
the communications of visiting delegations. This |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
153 |
included setting up internet cafes where they used an |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
154 |
email interception program and key-logging software to |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
155 |
spy on delegates' use of computers\ldots'' |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
156 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
157 |
\item ``The G20 spying appears to have been organised for the |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
158 |
more mundane purpose of securing an advantage in |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
159 |
meetings.'' |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
160 |
\end{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
161 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
162 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
163 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
164 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
165 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
166 |
\begin{frame}[c]
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
167 |
\frametitle{Handshakes}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
168 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
169 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
170 |
\item starting a TCP connection between a client and a server |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
171 |
initiates the following three-way handshake protocol: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
172 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
173 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
174 |
\begin{columns}[t]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
175 |
\begin{column}{5cm}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
176 |
\begin{minipage}[t]{4cm}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
177 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
178 |
\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
179 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
180 |
\end{minipage}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
181 |
\end{column}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
182 |
\begin{column}{5cm}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
183 |
\begin{tabular}[t]{rl}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
184 |
Alice: & Hello server!\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
185 |
Server: & I heard you\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
186 |
Alice: & Thanks |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
187 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
188 |
\end{column}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
189 |
\end{columns}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
190 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
191 |
\only<2>{
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
192 |
\begin{textblock}{3}(11,5)
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
193 |
\begin{bubble}[3.2cm]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
194 |
SYNflood attacks:\medskip\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
195 |
\includegraphics[scale=0.4]{../pics/synflood.png}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
196 |
\end{bubble}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
197 |
\end{textblock}}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
198 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
199 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
200 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
201 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
202 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
484
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
203 |
\begin{frame}[t]
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
204 |
\frametitle{Protocols}
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
205 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
206 |
\mbox{}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
207 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
208 |
\begin{tabular}{l}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
209 |
{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
210 |
\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
211 |
\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
212 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
213 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
214 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
215 |
\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
216 |
but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
217 |
\item<2-> indicates one ``protocol run'', or session, which specifies some |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
218 |
order in the communication |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
219 |
\item<2-> there can be several sessions in parallel (think of wifi routers) |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
220 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
221 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
222 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
223 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
484
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
224 |
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
225 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
226 |
\begin{frame}[t]
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
227 |
\frametitle{Messages}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
228 |
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
229 |
\mbox{}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
230 |
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
231 |
\begin{tabular}{l}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
232 |
{\Large \bl{$A\;\rightarrow\; B : msg$}}\\
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
233 |
\end{tabular}\bigskip
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
234 |
|
|
484
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
235 |
\begin{itemize}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
236 |
\item Unencrypted: \bl{$msg$}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
237 |
\item Random number (nonce): \bl{$N$}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
238 |
\item Encrypted: \bl{$\{msg\}_K$}, \bl{$\{msg_1, msg_2\}_K$}, \bl{$\{\{msg\}_{K_1}\}_{K_2}$}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
239 |
\end{itemize}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
240 |
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
241 |
\end{frame}
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
242 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
243 |
|
|
ddcc4ef4f82c
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
483
diff
changeset
|
244 |
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
245 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
246 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
247 |
\frametitle{Handshakes}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
248 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
249 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
250 |
\item starting a TCP connection between a client and a server |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
251 |
initiates the following three-way handshake protocol: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
252 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
253 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
254 |
\begin{columns}[t]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
255 |
\begin{column}{5cm}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
256 |
\begin{minipage}[t]{4cm}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
257 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
258 |
\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
259 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
260 |
\end{minipage}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
261 |
\end{column}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
262 |
\begin{column}{5cm}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
263 |
\begin{tabular}[t]{rl}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
264 |
Alice: & Hello server!\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
265 |
Server: & I heard you\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
266 |
Alice: & Thanks |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
267 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
268 |
\end{column}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
269 |
\end{columns}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
270 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
271 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
272 |
\begin{tabular}{rl}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
273 |
\bl{$A \rightarrow S$}: & \bl{SYN}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
274 |
\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
275 |
\bl{$A \rightarrow S$}: & \bl{ACK}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
276 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
277 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
278 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
279 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
280 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
281 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
282 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
283 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
284 |
\frametitle{\Large Cryptographic Protocol Failures}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
285 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
286 |
Ross Anderson and Roger Needham wrote:\bigskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
287 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
288 |
\begin{quote}\rm
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
289 |
A lot of the recorded frauds were the result of this kind of |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
290 |
blunder, or from management negligence pure and simple. |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
291 |
\alert{However,
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
292 |
there have been a significant number of cases where the designers |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
293 |
protected the right things, used cryptographic algorithms which were |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
294 |
not broken, and yet found that their systems were still successfully |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
295 |
attacked.} |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
296 |
\end{quote}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
297 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
298 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
299 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
300 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
301 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
302 |
\begin{frame}<1-3>[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
303 |
\frametitle{Oyster Cards}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
304 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
305 |
\includegraphics[scale=0.4]{../pics/oysterc.jpg}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
306 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
307 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
308 |
\item good example of a bad protocol\\ (security by obscurity)\bigskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
309 |
\item<3-> {\it``Breaching security on Oyster cards should not
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
310 |
allow unauthorised use for more than a day, as TfL promises to turn |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
311 |
off any cloned cards within 24 hours\ldots''} |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
312 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
313 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
314 |
\only<2>{
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
315 |
\begin{textblock}{12}(0.5,0.5)
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
316 |
\begin{bubble}[11cm]\footnotesize
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
317 |
{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
318 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
319 |
The Mifare Classic is the most widely used contactless smartcard on the |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
320 |
market. The stream cipher CRYPTO1 used by the Classic has recently been |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
321 |
reverse engineered and serious attacks have been proposed. The most serious |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
322 |
of them retrieves a secret key in under a second. In order to clone a card, |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
323 |
previously proposed attacks require that the adversary either has access to |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
324 |
an eavesdropped communication session or executes a message-by-message |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
325 |
man-in-the-middle attack between the victim and a legitimate |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
326 |
reader. Although this is already disastrous from a cryptographic point of |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
327 |
view, system integrators maintain that these attacks cannot be performed |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
328 |
undetected.\smallskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
329 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
330 |
This paper proposes four attacks that can be executed by an adversary having |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
331 |
only wireless access to just a card (and not to a legitimate reader). The |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
332 |
most serious of them recovers a secret key in less than a second on ordinary |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
333 |
hardware. Besides the cryptographic weaknesses, we exploit other weaknesses |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
334 |
in the protocol stack. A vulnerability in the computation of parity bits |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
335 |
allows an adversary to establish a side channel. Another vulnerability |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
336 |
regarding nested authentications provides enough plaintext for a speedy |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
337 |
known-plaintext attack.\hfill{}(a paper from 2009)
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
338 |
\end{bubble}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
339 |
\end{textblock}}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
340 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
341 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
342 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
343 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
344 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
345 |
\begin{frame}<1->[t]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
346 |
\frametitle{Another Example}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
347 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
348 |
In an email from Ross Anderson\bigskip\small |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
349 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
350 |
\begin{tabular}{l}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
351 |
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
352 |
Sender: cl-security-research-bounces@lists.cam.ac.uk\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
353 |
To: cl-security-research@lists.cam.ac.uk\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
354 |
Subject: Birmingham case\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
355 |
Date: Tue, 13 Aug 2013 15:13:17 +0100\\ |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
356 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
357 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
358 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
359 |
\only<2>{
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
360 |
\begin{textblock}{12}(0.5,0.8)
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
361 |
\begin{bubble}[11cm]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
362 |
\footnotesize |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
363 |
As you may know, Volkswagen got an injunction against the University of |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
364 |
Birmingham suppressing the publication of the design of a weak cipher |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
365 |
used in the remote key entry systems in its recent-model cars. The paper |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
366 |
is being given today at Usenix, minus the cipher design.\medskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
367 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
368 |
I've been contacted by Birmingham University's lawyers who seek to prove |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
369 |
that the cipher can be easily obtained anyway. They are looking for a |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
370 |
student who will download the firmware from any newish VW, disassemble |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
371 |
it and look for the cipher. They'd prefer this to be done by a student |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
372 |
rather than by a professor to emphasise how easy it is.\medskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
373 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
374 |
Volkswagen's argument was that the Birmingham people had reversed a |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
375 |
locksmithing tool produced by a company in Vietnam, and since their key |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
376 |
fob chip is claimed to be tamper-resistant, this must have involved a |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
377 |
corrupt insider at VW or at its supplier Thales. Birmingham's argument |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
378 |
is that this is nonsense as the cipher is easy to get hold of. Their |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
379 |
lawyers feel this argument would come better from an independent |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
380 |
outsider.\medskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
381 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
382 |
Let me know if you're interested in having a go, and I'll put you in |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
383 |
touch |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
384 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
385 |
Ross |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
386 |
\end{bubble}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
387 |
\end{textblock}}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
388 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
389 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
390 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
391 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
392 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
393 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
394 |
\frametitle{Authentication Protocols}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
395 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
396 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
397 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
398 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
399 |
Passwords: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
400 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
401 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
402 |
\bl{$B \rightarrow A: K_{AB}$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
403 |
\end{center}\pause\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
404 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
405 |
Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
406 |
identity of \bl{$B$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
407 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
408 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
409 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
410 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
411 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
412 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
413 |
\frametitle{Authentication?}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
414 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
415 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
416 |
\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
417 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
418 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
419 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
420 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
421 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
422 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
423 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
424 |
\frametitle{Authentication Protocols}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
425 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
426 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
427 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
428 |
Simple Challenge Response: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
429 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
430 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
431 |
\begin{tabular}{ll}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
432 |
\bl{$A \rightarrow B:$} & \bl{$N$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
433 |
\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
434 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
435 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
436 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
437 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
438 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
439 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
440 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
441 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
442 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
443 |
\frametitle{Authentication Protocols}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
444 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
445 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
446 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
447 |
Mutual Challenge Response: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
448 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
449 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
450 |
\begin{tabular}{ll}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
451 |
\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
452 |
\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
453 |
\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
454 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
455 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
456 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
457 |
%\pause |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
458 |
%An attacker \bl{$E$} can launch an impersonation attack by
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
459 |
%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
460 |
%own challenges. |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
461 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
462 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
463 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
464 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
465 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
466 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
467 |
\frametitle{Nonces}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
468 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
469 |
\begin{enumerate}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
470 |
\item I generate a nonce (random number) and send it to you encrypted with a key we share |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
471 |
\item you increase it by one, encrypt it under a key I know and send |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
472 |
it back to me |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
473 |
\end{enumerate}\medskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
474 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
475 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
476 |
I can infer: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
477 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
478 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
479 |
\item you must have received my message |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
480 |
\item you could only have generated your answer after I send you my initial |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
481 |
message |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
482 |
\item if only you and me know the key, the message must have come from you |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
483 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
484 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
485 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
486 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
487 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
488 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
489 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
490 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
491 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
492 |
\begin{tabular}{ll}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
493 |
\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
494 |
\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
495 |
\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
496 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
497 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
498 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
499 |
The attack (let $A$ decrypt her own messages): |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
500 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
501 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
502 |
\begin{tabular}{ll}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
503 |
\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
504 |
\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
505 |
\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
506 |
\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
507 |
\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
508 |
\end{tabular}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
509 |
\end{center}\pause
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
510 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
511 |
\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
512 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
513 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
514 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
515 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
516 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
517 |
\frametitle{Encryption to the Rescue?}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
518 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
519 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
520 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
521 |
\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
522 |
\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
523 |
\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
524 |
\end{itemize}\pause
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
525 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
526 |
means you need to send separate ``Hello'' signals (bad), or worse |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
527 |
share a single key between many entities |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
528 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
529 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
530 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
531 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
532 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
533 |
\frametitle{Protocol Attacks}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
534 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
535 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
536 |
\item replay attacks |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
537 |
\item reflection attacks |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
538 |
\item man-in-the-middle attacks |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
539 |
\item timing attacks |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
540 |
\item parallel session attacks |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
541 |
\item binding attacks (public key protocols) |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
542 |
\item changing environment / changing assumptions\bigskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
543 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
544 |
\item (social engineering attacks) |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
545 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
546 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
547 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
548 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
549 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
550 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
551 |
\frametitle{Public-Key Infrastructure}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
552 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
553 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
554 |
\item the idea is to have a certificate authority (CA) |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
555 |
\item you go to the CA to identify yourself |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
556 |
\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
557 |
\item CA must be trusted by everybody |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
558 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
559 |
explicitly limits liability to \$100.) |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
560 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
561 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
562 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
563 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
564 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
565 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
566 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
567 |
\frametitle{Man-in-the-Middle}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
568 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
569 |
``Normal'' protocol run:\bigskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
570 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
571 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
572 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
573 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
574 |
\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
575 |
with its private key |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
576 |
\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
577 |
with its private key |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
578 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
579 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
580 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
581 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
582 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
583 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
584 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
585 |
\frametitle{Man-in-the-Middle}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
586 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
587 |
Attack: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
588 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
589 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
590 |
\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
591 |
\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
592 |
\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
593 |
with its private key, re-encrypts with \bl{$B$}'s public key
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
594 |
\item similar for other direction |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
595 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
596 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
597 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
598 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
599 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
600 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
601 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
602 |
\frametitle{Man-in-the-Middle}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
603 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
604 |
Potential Prevention? |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
605 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
606 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
607 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
608 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
609 |
\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
610 |
\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
611 |
\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
612 |
\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
613 |
\end{itemize}\pause
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
614 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
615 |
%\bl{$C$} would have to invent a totally new message
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
616 |
\alert{Under which circumstances does this protocol prevent
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
617 |
MiM-attacks, or does it?} |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
618 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
619 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
620 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
621 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
622 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
623 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
624 |
\frametitle{Car Transponder (HiTag2)}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
625 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
626 |
\begin{enumerate}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
627 |
\item \bl{$C$} generates a random number \bl{$N$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
628 |
\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
629 |
\item \bl{$C \to T$}: \bl{$N, F$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
630 |
\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
631 |
\item \bl{$T$} checks that \bl{$F = F'$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
632 |
\item \bl{$T \to C$}: \bl{$N, G'$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
633 |
\item \bl{$C$} checks that \bl{$G = G'$}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
634 |
\end{enumerate}\pause
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
635 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
636 |
\small |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
637 |
This process means that the transponder believes the car knows |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
638 |
the key \bl{$K$}, and the car believes the transponder knows
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
639 |
the key \bl{$K$}. They have authenticated themselves
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
640 |
to each other, or have they? |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
641 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
642 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
643 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
644 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
645 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
646 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
647 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
648 |
A Man-in-the-middle attack in real life: |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
649 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
650 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
651 |
\item the card only says yes to the terminal if the PIN is correct |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
652 |
\item trick the card in thinking transaction is verified by signature |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
653 |
\item trick the terminal in thinking the transaction was verified by PIN |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
654 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
655 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
656 |
\begin{minipage}{1.1\textwidth}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
657 |
\begin{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
658 |
\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
659 |
\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
660 |
\end{center}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
661 |
\end{minipage}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
662 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
663 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
664 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
665 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
666 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
667 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
668 |
\frametitle{Problems with EMV}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
669 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
670 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
671 |
\item it is a wrapper for many protocols |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
672 |
\item specification by consensus (resulted unmanageable complexity) |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
673 |
\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
674 |
further parts are secret |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
675 |
\item other attacks have been found |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
676 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
677 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
678 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
679 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
680 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
681 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
682 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
683 |
\begin{frame}[c]
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
684 |
\frametitle{Protocols are Difficult}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
685 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
686 |
\begin{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
687 |
\item even the systems designed by experts regularly fail\medskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
688 |
\item the one who can fix a system should also be liable for the losses\medskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
689 |
\item cryptography is often not the problem\bigskip\bigskip |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
690 |
\end{itemize}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
691 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
692 |
\end{frame}
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
693 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
694 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
695 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
696 |
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
697 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
698 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
699 |
\frametitle{A Simple PK Protocol}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
700 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
701 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
702 |
\begin{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
703 |
\begin{tabular}{ll@{\hspace{2mm}}l}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
704 |
1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
705 |
2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
706 |
3. & \bl{$A \to B :$} & \bl{$\{A,m\}_{K^{pub}_B}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
707 |
4. & \bl{$B \to A :$} & \bl{$\{B,m'\}_{K^{pub}_A}$}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
708 |
\end{tabular}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
709 |
\end{center}\pause\bigskip
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
710 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
711 |
unfortunately there is a simple man-in-the- middle-attack |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
712 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
713 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
714 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
715 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
716 |
\begin{frame}[c]
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
717 |
\frametitle{A MITM Attack}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
718 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
719 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
720 |
\begin{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
721 |
\begin{tabular}{ll@{\hspace{2mm}}l}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
722 |
1. & \bl{$A \to E :$} & \bl{$K^{pub}_A$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
723 |
2. & \bl{$E \to B :$} & \bl{$K^{pub}_E$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
724 |
3. & \bl{$B \to E :$} & \bl{$K^{pub}_B$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
725 |
4. & \bl{$E \to A :$} & \bl{$K^{pub}_E$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
726 |
5. & \bl{$A \to E :$} & \bl{$\{A,m\}_{K^{pub}_E}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
727 |
6. & \bl{$E \to B :$} & \bl{$\{E,m\}_{K^{pub}_B}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
728 |
7. & \bl{$B \to E :$} & \bl{$\{B,m'\}_{K^{pub}_E}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
729 |
8. & \bl{$E \to A :$} & \bl{$\{E,m'\}_{K^{pub}_A}$}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
730 |
\end{tabular}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
731 |
\end{center}\pause\medskip
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
732 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
733 |
and \bl{$A$} and \bl{$B$} have no chance to detect it
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
734 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
735 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
736 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
737 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
738 |
\begin{frame}[c]
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
739 |
\frametitle{Interlock Protocol}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
740 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
741 |
The interlock protocol (``best bet'' against MITM): |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
742 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
743 |
\begin{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
744 |
\begin{tabular}{ll@{\hspace{2mm}}l}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
745 |
1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
746 |
2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
747 |
3. & & \bl{$\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
748 |
& & \bl{$\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
749 |
4. & \bl{$A \to B :$} & \bl{$H_1$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
750 |
5. & \bl{$B \to A :$} & \bl{$\{H_1, M_1\}_{K^{pub}_A}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
751 |
6. & \bl{$A \to B :$} & \bl{$\{H_2, M_1\}_{K^{pub}_B}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
752 |
7. & \bl{$B \to A :$} & \bl{$M_2$}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
753 |
\end{tabular}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
754 |
\end{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
755 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
756 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
757 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
758 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
759 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
760 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
761 |
\frametitle{Splitting Messages}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
762 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
763 |
\begin{center}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
764 |
$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\bl{\{A,m\}_{K^{pub}_B}}}$
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
765 |
\end{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
766 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
767 |
\begin{center}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
768 |
$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{\bl{H_1}}$\quad
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
769 |
$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{\bl{H_2}}$
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
770 |
\end{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
771 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
772 |
\begin{itemize}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
773 |
\item you can also use the even and odd bytes |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
774 |
\item the point is you cannot decrypt the halves, even if you |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
775 |
have the key |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
776 |
\end{itemize}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
777 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
778 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
779 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
780 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
781 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
782 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
783 |
\begin{frame}[c]
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
784 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
785 |
\begin{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
786 |
\begin{tabular}{l@{\hspace{9mm}}l}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
787 |
\begin{tabular}[t]{@{}l@{}}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
788 |
\bl{$A \to C : K^{pub}_A$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
789 |
\bl{$C \to B : K^{pub}_C$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
790 |
\bl{$B \to C : K^{pub}_B$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
791 |
\bl{$C \to A : K^{pub}_C$}\medskip\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
792 |
\bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
793 |
\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
794 |
\bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
795 |
\bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
796 |
\end{tabular} &
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
797 |
\begin{tabular}[t]{@{}l@{}}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
798 |
\bl{$A \to C : H_1$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
799 |
\bl{$C \to B : C_1$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
800 |
\bl{$B \to C : \{C_1, M_1\}_{K^{pub}_C}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
801 |
\bl{$C \to A : \{H_1, D_1\}_{K^{pub}_A}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
802 |
\bl{$A \to C : \{H_2, D_1\}_{K^{pub}_C}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
803 |
\bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
804 |
\bl{$B \to C : M_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
805 |
\bl{$C \to A : D_2$}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
806 |
\end{tabular}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
807 |
\end{tabular}
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
808 |
\end{center}\pause
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
809 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
810 |
\footnotesize |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
811 |
\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
812 |
weather today in London? |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
813 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
814 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
815 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
816 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
817 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
818 |
\begin{frame}[c]
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
819 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
820 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
821 |
\item you have to ask something that cannot be imitated |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
822 |
(requires \bl{$A$} and \bl{$B$} know each other)
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
823 |
\item what happens if \bl{$m$} and \bl{$m'$} are voice
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
824 |
messages?\bigskip\pause |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
825 |
|
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
826 |
\item So \bl{$C$} can either leave the communication unchanged,
|
|
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
420
diff
changeset
|
827 |
or invent a complete new conversation |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
828 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
829 |
\end{itemize}
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
830 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
831 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
832 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
833 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
834 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
835 |
\begin{frame}[c]
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
836 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
837 |
\begin{itemize}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
838 |
\item the moral: establishing a secure connection from |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
839 |
``zero'' is almost impossible---you need to rely on some |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
840 |
established trust\medskip |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
841 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
842 |
\item that is why PKI relies on certificates, which however are |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
843 |
badly, badly realised |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
844 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
845 |
\end{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
846 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
847 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
848 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
849 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
850 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
851 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
852 |
\frametitle{Trusted Third Parties}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
853 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
854 |
Simple protocol for establishing a secure connection via a |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
855 |
mutually trusted 3rd party (server): |
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
856 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
857 |
\begin{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
858 |
\begin{tabular}{r@ {\hspace{1mm}}l}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
859 |
\bl{$A \rightarrow S :$} & \bl{$A, B$}\\
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
860 |
\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
|
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
861 |
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
862 |
\bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
863 |
\end{tabular}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
864 |
\end{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
865 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
866 |
\end{frame}
|
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
867 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
868 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
869 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
870 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
871 |
\frametitle{PKI: The Main Idea}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
872 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
873 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
874 |
\item the idea is to have a certificate authority (CA) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
875 |
\item you go to the CA to identify yourself |
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
876 |
\item CA: ``I, the CA, have verified that public key |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
877 |
\bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
878 |
\item CA must be trusted by everybody\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
879 |
\item certificates are time limited, and can be revoked |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
880 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
881 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
882 |
explicitly limits liability to \$100.) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
883 |
\end{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
884 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
885 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
886 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
887 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
888 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
889 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
890 |
\frametitle{PKI: Chains of Trust}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
891 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
892 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
893 |
\begin{tikzpicture}[scale=1,
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
894 |
node/.style={
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
895 |
rectangle,rounded corners=3mm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
896 |
very thick,draw=black!50,minimum height=18mm, minimum width=23mm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
897 |
top color=white,bottom color=black!20}] |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
898 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
899 |
\node (A) at (0,0) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
900 |
\node [below right] at (A.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
901 |
{\small\begin{tabular}{@{}l}CA\\Root Cert.\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
902 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
903 |
\node (B) at (4,0) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
904 |
\node [below right=1mm] at (B.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
905 |
{\mbox{}\hspace{-1mm}\small
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
906 |
\begin{tabular}{@{}l}Subordinate\\ CA\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
907 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
908 |
\node (C) at (8,0) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
909 |
\node [below right] at (C.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
910 |
{\small\begin{tabular}{@{}l}Server\\ Bank.com\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
911 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
912 |
\draw [->,line width=4mm] (A) -- (B); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
913 |
\draw [->,line width=4mm] (B) -- (C); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
914 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
915 |
\node (D) at (6,-3) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
916 |
\node [below right] at (D.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
917 |
{\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
918 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
919 |
\node (E) at (2,-3) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
920 |
\node [below right] at (E.north west) |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
921 |
{\small\begin{tabular}{@{}l}Browser\\ Vendor\end{tabular}};
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
922 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
923 |
\draw [->,line width=4mm] (E) -- (D); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
924 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
925 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
926 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
927 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
928 |
\item CAs make almost no money anymore, because of stiff |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
929 |
competition |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
930 |
\item browser companies are not really interested in security; |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
931 |
only in market share |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
932 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
933 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
934 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
935 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
255
9cf486aea756
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
254
diff
changeset
|
936 |
|
|
9cf486aea756
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
254
diff
changeset
|
937 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
9cf486aea756
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
254
diff
changeset
|
938 |
\begin{frame}[c]
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
939 |
\frametitle{PKI: Weaknesses}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
940 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
941 |
CAs just cannot win (make any profit):\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
942 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
943 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
944 |
\item there are hundreds of CAs, which issue millions of |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
945 |
certificates and the error rate is small |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
946 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
947 |
\item users (servers) do not want to pay or pay as little as |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
948 |
possible\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
949 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
950 |
\item a CA can issue a certificate for any domain not needing |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
951 |
any permission (CAs are meant to undergo audits, |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
952 |
but\ldots DigiNotar) |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
953 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
954 |
\item if a CA has issued many certificates, it ``becomes too |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
955 |
big to fail'' |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
956 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
957 |
\item Can we be sure CAs are not just frontends of some |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
958 |
government organisation? |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
959 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
960 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
961 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
962 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
963 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
964 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
965 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
966 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
967 |
\frametitle{PKI: Weaknesses}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
968 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
969 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
970 |
|
|
420
c527a5142f2f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
419
diff
changeset
|
971 |
\item many certificates are issued via Whois, whether you own |
|
c527a5142f2f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
419
diff
changeset
|
972 |
the domain\ldots if you hijacked a domain, it is easy to |
|
c527a5142f2f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
419
diff
changeset
|
973 |
obtain certificates\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
974 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
975 |
\item the revocation mechanism does not work (Chrome has given |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
976 |
up on general revocation lists)\medskip |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
977 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
978 |
\item lax approach to validation of certificates |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
979 |
(Have you ever bypassed certification warnings?)\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
980 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
981 |
\item sometimes you want to actually install invalid |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
982 |
certificates (self-signed) |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
983 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
984 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
985 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
986 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
987 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
988 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
989 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
990 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
991 |
\frametitle{PKI: Attacks}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
992 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
993 |
\begin{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
994 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
995 |
\item Go directly after root certificates |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
996 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
997 |
\item governments can demand private keys\smallskip |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
998 |
\item 10 years ago it was estimated that breaking a 1024 bit |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
999 |
key takes one year and costs 10 - 30 Mio \$; this is now |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1000 |
reduced to 1 Mio \$ |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1001 |
\end{itemize}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1002 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1003 |
\item Go after buggy implementations of certificate |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1004 |
validation\smallskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1005 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1006 |
\item Social Engineering |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1007 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1008 |
\item in 2001 somebody pretended to be |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1009 |
from Microsoft and asked for two code-signing |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1010 |
certificates |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1011 |
\end{itemize}\bigskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1012 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1013 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1014 |
\small The eco-system is completely broken (it relies on |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1015 |
thousands of entities to do the right thing). Maybe DNSSEC |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1016 |
where keys can be attached to domain names is a way out. |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1017 |
|
|
256
e272713e34ff
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
255
diff
changeset
|
1018 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1019 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1020 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1021 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1022 |
\begin{frame}[c]
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1023 |
\frametitle{Real Attacks}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1024 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1025 |
\begin{itemize}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1026 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1027 |
\item In 2011, DigiNotar (Dutch company) was the first CA that |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1028 |
got compromised comprehensively, and where many |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1029 |
fraudulent certificates were issued to the wild. It |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1030 |
included approximately 300,000 IP addresses, mostly |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1031 |
located in Iran. The attackers (in Iran?) were likely |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1032 |
interested ``only'' in collecting gmail passwords.\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1033 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1034 |
\item The Flame malware piggy-bagged on this attack by |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1035 |
advertising malicious Windows updates to some targeted |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1036 |
systems (mostly in Iran, Israel, Sudan). |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1037 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1038 |
\end{itemize}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1039 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1040 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1041 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1042 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1043 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1044 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1045 |
\frametitle{PKI is Broken}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1046 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1047 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1048 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1049 |
\item PKI and certificates are meant to protect you against |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1050 |
MITM attacks, but if the attack occurs your are |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1051 |
presented with a warning and you need to decide whether |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1052 |
you are under attack.\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1053 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1054 |
\item Webcontent gets often loaded from 3rd-party servers, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1055 |
which might not be secured\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1056 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1057 |
\item Misaligned incentives: browser vendors are not |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1058 |
interested in breaking webpages with invalid |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1059 |
certificates |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1060 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1061 |
\end{itemize}
|
| 52 | 1062 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
1063 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1064 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1065 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1066 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1067 |
\begin{frame}[c]
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1068 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1069 |
Why are there so many invalid certificates?\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1070 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1071 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1072 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1073 |
\item insufficient name coverage (www.example.com should |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1074 |
include example.com) |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1075 |
|
|
419
667a39dda86e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
418
diff
changeset
|
1076 |
\item IoT: many appliances have web-based admin interfaces; |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1077 |
the manufacturer cannot know under which IP and domain name |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1078 |
the appliances are run (so cannot install a valid certificate) |
| 52 | 1079 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1080 |
\item expired certificates, or incomplete chains of trust |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1081 |
(servers are supposed to supply them) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1082 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1083 |
\end{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1084 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1085 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1086 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 1087 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1088 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1089 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1090 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1091 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1092 |
%\frametitle{Best Practices}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1093 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1094 |
%{\bf Principle 1:} Every message should say what it means: the
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1095 |
%interpretation of a message should not depend on the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1096 |
%context.\bigskip\pause |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1097 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1098 |
%{\bf Principle 2:} If the identity of a principal is essential
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1099 |
%to the meaning of a message, it is prudent to mention the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1100 |
%principal’s name explicitly in the message (though |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1101 |
%difficult).\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1102 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1103 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1104 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1105 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1106 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1107 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1108 |
%\frametitle{Best Practices}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1109 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1110 |
%{\bf Principle 3:} Be clear about why encryption is being
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1111 |
%done. Encryption is not wholly cheap, and not asking precisely |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1112 |
%why it is being done can lead to redundancy. Encryption is not |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1113 |
%synonymous with security. % |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1114 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1115 |
%\small |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1116 |
%\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1117 |
%Possible Uses of Encryption % |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1118 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1119 |
%\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1120 |
%\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
%\item Guarantee authenticity: The partner is indeed some particular principal.
%\item Guarantee confidentiality and authenticity: binds two parts of a message ---
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1121 |
%\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1122 |
%\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1123 |
%\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1124 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1125 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1126 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1127 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1128 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1129 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1130 |
%\frametitle{Best Practices}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1131 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1132 |
%{\bf Principle 4:} The protocol designers should know which
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1133 |
%trust relations their protocol depends on, and why the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1134 |
%dependence is necessary. The reasons for particular trust |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1135 |
%relations being acceptable should be explicit though they will |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1136 |
%be founded on judgment and policy rather than on |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1137 |
%logic.\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1138 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1139 |
% %Example Certification Authorities: CAs are trusted to certify |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1140 |
%a key only after proper steps have been taken to identify the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1141 |
%principal that owns it. |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1142 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1143 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1144 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1145 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1146 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1147 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1148 |
%\frametitle{Formal Methods}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1149 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1150 |
%Ross Anderson about the use of Logic:\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1151 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1152 |
%\begin{quote}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1153 |
%Formal methods can be an excellent way of finding |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1154 |
%bugs in security protocol designs as they force the designer |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1155 |
%to make everything explicit and thus confront difficult design |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1156 |
%choices that might otherwise be fudged. |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1157 |
%\end{quote}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1158 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1159 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1160 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1161 |
% |
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1162 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1163 |
\begin{frame}[c]
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1164 |
\frametitle{Mid-Term}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1165 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1166 |
\begin{itemize}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1167 |
\item homework, handouts, programs\ldots |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1168 |
\end{itemize}\bigskip\bigskip\bigskip
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1169 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1170 |
\begin{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1171 |
{\huge\bf\alert{Any Questions?}}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1172 |
\end{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1173 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1174 |
\end{frame}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1175 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
1176 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1177 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1178 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1179 |
\frametitle{Security Engineering}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1180 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1181 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1182 |
\begin{tabular}{cc}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1183 |
\raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} &
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1184 |
\includegraphics[scale=0.31]{../pics/airbus.jpg}\\
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1185 |
\small Wright brothers, 1901 & \small Airbus, 2005 \\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1186 |
\end{tabular}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1187 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1188 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1189 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1190 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1191 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1192 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1193 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1194 |
\frametitle{1st Lecture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1195 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1196 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1197 |
\item chip-and-pin, banks vs.~customers |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1198 |
\begin{quote}\small\rm
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1199 |
the one who can improve security should also be |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1200 |
liable for the losses |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1201 |
\end{quote}\pause\bigskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1202 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1203 |
\item hashes and salts to guarantee data integrity\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1204 |
\item storing passwords (you should know the difference between |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1205 |
brute force attacks and dictionary attacks; how do salts help?) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1206 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1207 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1208 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1209 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1210 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1211 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1212 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1213 |
\frametitle{1st Lecture: Cookies}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1214 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1215 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1216 |
\item good uses of cookies?\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1217 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1218 |
\item bad uses of cookies: snooping, tracking, profiling\ldots |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1219 |
the ``disadvantage'' is that the user is in |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1220 |
\alert{control}, because you can delete them
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1221 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1222 |
\begin{center} ``Please track me using cookies.''
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1223 |
\end{center}\bigskip\pause
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1224 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1225 |
\item fingerprinting beyond browser cookies |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1226 |
\begin{quote}\small\rm
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1227 |
Pixel Perfect: Fingerprinting Canvas in HTML5\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1228 |
(a research paper from 2012)\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1229 |
\footnotesize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1230 |
\url{http://cseweb.ucsd.edu/~hovav/papers/ms12.html}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1231 |
\end{quote}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1232 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1233 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1234 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1235 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1236 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1237 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1238 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1239 |
\frametitle{1st Lecture: Cookies}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1240 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1241 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1242 |
\item a bit of JavaScript and HTML5 + canvas\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1243 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1244 |
\begin{tabular}{cc}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1245 |
Firefox & Safari\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1246 |
\includegraphics[scale=0.31]{../pics/firefox1.png} &
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1247 |
\includegraphics[scale=0.31]{../pics/safari1.png} \\
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1248 |
\tiny |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1249 |
\pcode{55b2257ad0f20ecbf927fb66a15c61981f7ed8fc} &
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1250 |
\tiny |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1251 |
\pcode{17bc79f8111e345f572a4f87d6cd780b445625d3}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1252 |
\end{tabular}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1253 |
\end{center}\bigskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1254 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1255 |
\item\small no actual drawing needed\pause |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1256 |
\item\small in May 2014 a crawl of 100,000 popular |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1257 |
webpages revealed 5.5\% already use canvas |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1258 |
fingerprinting\smallskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1259 |
\begin{center}\scriptsize
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1260 |
\url{https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1261 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1262 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1263 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1264 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1265 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1266 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1267 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1268 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1269 |
\frametitle{1st Lecture: Cookies}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1270 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1271 |
Remember the small web-app I showed you where a cookie |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1272 |
protected a counter?\bigskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1273 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1274 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1275 |
\item NYT, the cookie looks the ``resource'' - harm\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1276 |
\item imaginary discount unlocked by cookie - no harm |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1277 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1278 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1279 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1280 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1281 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1282 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1283 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1284 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1285 |
\frametitle{2nd Lecture: E-Voting}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1286 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1287 |
Where are paper ballots better than voice voting?\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1288 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1289 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1290 |
\item Integrity |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1291 |
\item \alert{Ballot Secrecy}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1292 |
\item Voter Authentication |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1293 |
\item Enfranchisement |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1294 |
\item Availability |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1295 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1296 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1297 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1298 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1299 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1300 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1301 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1302 |
\frametitle{2nd Lecture: E-Voting}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1303 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1304 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1305 |
\item recently an Australian parliamentary committee |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1306 |
found: e-voting is highly vulnerable to hacking and Australia |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1307 |
will not use it any time soon\bigskip\pause |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1308 |
\item Alex Halderman, Washington D.C.~hack |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1309 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1310 |
\scriptsize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1311 |
\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1312 |
\end{center}\medskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1313 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1314 |
\item PDF-ballot tampering at the wireless router (the modification |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1315 |
is nearly undetectable and leaves no traces; MITM attack with firmware |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1316 |
updating) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1317 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1318 |
\scriptsize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1319 |
\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1320 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1321 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1322 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1323 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1324 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1325 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1326 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1327 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1328 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1329 |
\tikzset{alt/.code args={<#1>#2#3#4}{%
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1330 |
\alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1331 |
}} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1332 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1333 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1334 |
\frametitle{\begin{tabular}{c}3rd Lecture:\\ Buffer Overflow Attacks\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1335 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1336 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1337 |
\item the problem arises from the way C/C++ organises its function calls\\[-8mm]\mbox{}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1338 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1339 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1340 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1341 |
\begin{tikzpicture}[scale=1]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1342 |
%\draw[black!10,step=2mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1343 |
%\draw[black!10,thick,step=10mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1344 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1345 |
\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1346 |
\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1347 |
\draw[line width=0mm, white, alt=<9->{fill=red}{fill=blue}] (0,0.2) rectangle (1,0.5);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1348 |
\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1349 |
\draw[line width=1mm, alt=<6->{fill=red}{fill=blue}] (0,1.0) rectangle (1,2.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1350 |
\draw[line width=1mm, alt=<7->{fill=yellow}{fill=blue}] (0,0.5) rectangle (1,1.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1351 |
\draw[line width=1mm] (0,0) -- (0,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1352 |
\draw[line width=1mm] (1,0) -- (1,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1353 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1354 |
\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1355 |
\draw[line width=1mm, alt=<{4-5,8}>{fill=red}{fill=blue}] (3,1.0) rectangle (4,3.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1356 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1357 |
\onslide<3-4>{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1358 |
\onslide<5>{\draw[<-, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {res=24} (3,1);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1359 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1360 |
\onslide<7-8>{\draw[->, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {n=3} (3,3);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1361 |
\onslide<9>{\draw[<-, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {res=6} (3,1);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1362 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1363 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1364 |
\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1365 |
\draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1366 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1367 |
\onslide<3,4,7,8>{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1368 |
\node at (7.75, 1.4) {ret};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1369 |
\draw[line width=1mm] (7,1.1) -- (8.5,1.1); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1370 |
\node at (7.75, 2.0) {sp};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1371 |
\draw[line width=1mm] (7,2.3) -- (8.5,2.3); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1372 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1373 |
\onslide<3,4>{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1374 |
\node at (7.75, 0.8) {4};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1375 |
\draw[line width=1mm] (7,1.7) -- (8.5,1.7); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1376 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1377 |
\onslide<7,8>{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1378 |
\node at (7.75, 0.8) {3};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1379 |
\draw[line width=1mm] (7,1.7) -- (8.5,1.7); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1380 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1381 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1382 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1383 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1384 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1385 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1386 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1387 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1388 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1389 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1390 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1391 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1392 |
\begin{tikzpicture}[scale=1]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1393 |
%\draw[black!10,step=2mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1394 |
%\draw[black!10,thick,step=10mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1395 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1396 |
\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1397 |
\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1398 |
\draw[line width=1mm, white, fill=blue] (0,1.0) rectangle (1,2.0); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1399 |
\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1400 |
\draw[line width=1mm] (0,0) -- (0,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1401 |
\draw[line width=1mm] (1,0) -- (1,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1402 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1403 |
\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1404 |
\draw[line width=0mm, alt=<{4-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,3.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1405 |
\draw[line width=0mm, alt=<{5-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,2.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1406 |
\draw[line width=0mm, alt=<{7-}>{red, fill=red}{blue, fill=blue}] (3,2.0) rectangle (4,1.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1407 |
\draw[line width=1mm] (3,1.0) rectangle (4,3.0); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1408 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1409 |
\onslide<3->{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1410 |
\onslide<5->{\draw[<-, line width=2mm,red] (4,2) to node [above,sloped,midway]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1411 |
{\begin{tabular}{l}user\\[-1mm] input\end{tabular}} (6,2);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1412 |
\onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1413 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1414 |
\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1415 |
\draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1416 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1417 |
\onslide<3->{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1418 |
\node at (7.75, 0.2) {4};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1419 |
\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1420 |
\node at (7.75, 0.8) {\alt<6->{@a\#}{ret}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1421 |
\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1422 |
\node at (7.75, 1.4) {\alt<6->{!?w;}sp};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1423 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1424 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1425 |
\onslide<4->{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1426 |
\draw[line width=1mm,fill=red] (7,1.7) rectangle (8.5,3.0); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1427 |
\node[white] at (7.75, 2.4) {buffer};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1428 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1429 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1430 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1431 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1432 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1433 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1434 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1435 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1436 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1437 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1438 |
\frametitle{\begin{tabular}{c}3rd Lecture:\\[-3mm]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1439 |
Buffer Overflow Attacks\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1440 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1441 |
US National Vulnerability Database\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1442 |
\small(636 out of 6675 in 2014) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1443 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1444 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1445 |
\begin{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1446 |
\begin{axis}[
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1447 |
xlabel={year},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1448 |
ylabel={\% of total attacks},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1449 |
ylabel style={yshift=0em},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1450 |
enlargelimits=false, |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1451 |
xtick={1997,1999,...,2015},
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1452 |
xmin=1996.5, |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1453 |
xmax=2016, |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1454 |
ymax=21, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1455 |
ytick={0,5,...,20},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1456 |
scaled ticks=false, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1457 |
axis lines=left, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1458 |
width=11cm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1459 |
height=5cm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1460 |
ybar, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1461 |
nodes near coords= |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1462 |
{\footnotesize
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1463 |
$\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1464 |
x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1465 |
\addplot |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1466 |
table [x=Year,y=Percentage] {../handouts/bufferoverflows.data};
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1467 |
\end{axis}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1468 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1469 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1470 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1471 |
\scriptsize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1472 |
\url{http://web.nvd.nist.gov/view/vuln/statistics}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1473 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1474 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1475 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1476 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1477 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1478 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1479 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1480 |
\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1481 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1482 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1483 |
\item privileges are specified by file access permissions (``everything is a file'') |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1484 |
\end{itemize}\medskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1485 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1486 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1487 |
\begin{tikzpicture}[scale=1]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1488 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1489 |
\draw[line width=1mm] (-.3, 0) rectangle (1.5,2); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1490 |
\draw (4.7,1) node {Internet};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1491 |
\draw (-2.7,1.7) node {\footnotesize Application};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1492 |
\draw (0.6,1.7) node {\footnotesize Interface};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1493 |
\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1494 |
\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1495 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1496 |
\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1497 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1498 |
\draw[white] (1.7,1) node (X) {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1499 |
\draw[white] (3.7,1) node (Y) {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1500 |
\draw[red, <->, line width = 2mm] (X) -- (Y); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1501 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1502 |
\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1503 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1504 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1505 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1506 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1507 |
\item the idea is to make the attack surface smaller and |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1508 |
mitigate the consequences of an attack |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1509 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1510 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1511 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1512 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1513 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1514 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1515 |
\begin{frame}[fragile,t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1516 |
\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1517 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1518 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1519 |
\item when a file with setuid is executed, the resulting process will assume the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1520 |
UID given to the owner of the file |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1521 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1522 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1523 |
\footnotesize\tt |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1524 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1525 |
\begin{verbatim}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1526 |
$ ls -ld . * */* |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1527 |
drwxr-xr-x 1 ping staff 32768 Apr 2 2010 . |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1528 |
-rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1529 |
-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1530 |
-rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1531 |
dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1532 |
-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1533 |
-r--rw---- 1 emma students 959 Jan 23 2012 src/code.h |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1534 |
\end{verbatim}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1535 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1536 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1537 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1538 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1539 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1540 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1541 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1542 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1543 |
\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1544 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1545 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1546 |
\item Alice wants to have her files readable, |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1547 |
\alert{except} for her office mates.\bigskip
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1548 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1549 |
\item make sure you understand the setuid and setgid bits; |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
1550 |
why are they necessary for login and passwd |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1551 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1552 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1553 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1554 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1555 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1556 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1557 |
|
| 52 | 1558 |
\end{document}
|
1559 |
||
1560 |
%%% Local Variables: |
|
1561 |
%%% mode: latex |
|
1562 |
%%% TeX-master: t |
|
1563 |
%%% End: |
|
1564 |