| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Tue, 29 Oct 2013 10:33:21 +0000 | |
| changeset 123 | 2185acdb43bb |
| parent 90 | d1d07f05325a |
| child 124 | 382aad582d8b |
| permissions | -rw-r--r-- |
| 52 | 1 |
\documentclass[dvipsnames,14pt,t]{beamer}
|
2 |
\usepackage{proof}
|
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
3 |
\usepackage{beamerthemeplaincu}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
4 |
%\usepackage[T1]{fontenc}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
5 |
%\usepackage[latin1]{inputenc}
|
| 52 | 6 |
\usepackage{mathpartir}
|
7 |
\usepackage{isabelle}
|
|
8 |
\usepackage{isabellesym}
|
|
9 |
\usepackage[absolute,overlay]{textpos}
|
|
10 |
\usepackage{ifthen}
|
|
11 |
\usepackage{tikz}
|
|
12 |
\usepackage{courier}
|
|
13 |
\usepackage{listings}
|
|
14 |
\usetikzlibrary{arrows}
|
|
15 |
\usetikzlibrary{positioning}
|
|
16 |
\usetikzlibrary{calc}
|
|
17 |
\usepackage{graphicx}
|
|
18 |
||
19 |
\isabellestyle{rm}
|
|
20 |
\renewcommand{\isastyle}{\rm}%
|
|
21 |
\renewcommand{\isastyleminor}{\rm}%
|
|
22 |
\renewcommand{\isastylescript}{\footnotesize\rm\slshape}%
|
|
23 |
\renewcommand{\isatagproof}{}
|
|
24 |
\renewcommand{\endisatagproof}{}
|
|
25 |
\renewcommand{\isamarkupcmt}[1]{#1}
|
|
26 |
||
27 |
% Isabelle characters |
|
28 |
\renewcommand{\isacharunderscore}{\_}
|
|
29 |
\renewcommand{\isacharbar}{\isamath{\mid}}
|
|
30 |
\renewcommand{\isasymiota}{}
|
|
31 |
\renewcommand{\isacharbraceleft}{\{}
|
|
32 |
\renewcommand{\isacharbraceright}{\}}
|
|
33 |
\renewcommand{\isacharless}{$\langle$}
|
|
34 |
\renewcommand{\isachargreater}{$\rangle$}
|
|
35 |
\renewcommand{\isasymsharp}{\isamath{\#}}
|
|
36 |
\renewcommand{\isasymdots}{\isamath{...}}
|
|
37 |
\renewcommand{\isasymbullet}{\act}
|
|
38 |
||
39 |
||
40 |
||
41 |
\definecolor{javared}{rgb}{0.6,0,0} % for strings
|
|
42 |
\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
|
|
43 |
\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
|
|
44 |
\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
|
|
45 |
||
46 |
\lstset{language=Java,
|
|
47 |
basicstyle=\ttfamily, |
|
48 |
keywordstyle=\color{javapurple}\bfseries,
|
|
49 |
stringstyle=\color{javagreen},
|
|
50 |
commentstyle=\color{javagreen},
|
|
51 |
morecomment=[s][\color{javadocblue}]{/**}{*/},
|
|
52 |
numbers=left, |
|
53 |
numberstyle=\tiny\color{black},
|
|
54 |
stepnumber=1, |
|
55 |
numbersep=10pt, |
|
56 |
tabsize=2, |
|
57 |
showspaces=false, |
|
58 |
showstringspaces=false} |
|
59 |
||
60 |
\lstdefinelanguage{scala}{
|
|
61 |
morekeywords={abstract,case,catch,class,def,%
|
|
62 |
do,else,extends,false,final,finally,% |
|
63 |
for,if,implicit,import,match,mixin,% |
|
64 |
new,null,object,override,package,% |
|
65 |
private,protected,requires,return,sealed,% |
|
66 |
super,this,throw,trait,true,try,% |
|
67 |
type,val,var,while,with,yield}, |
|
68 |
otherkeywords={=>,<-,<\%,<:,>:,\#,@},
|
|
69 |
sensitive=true, |
|
70 |
morecomment=[l]{//},
|
|
71 |
morecomment=[n]{/*}{*/},
|
|
72 |
morestring=[b]", |
|
73 |
morestring=[b]', |
|
74 |
morestring=[b]""" |
|
75 |
} |
|
76 |
||
77 |
\lstset{language=Scala,
|
|
78 |
basicstyle=\ttfamily, |
|
79 |
keywordstyle=\color{javapurple}\bfseries,
|
|
80 |
stringstyle=\color{javagreen},
|
|
81 |
commentstyle=\color{javagreen},
|
|
82 |
morecomment=[s][\color{javadocblue}]{/**}{*/},
|
|
83 |
numbers=left, |
|
84 |
numberstyle=\tiny\color{black},
|
|
85 |
stepnumber=1, |
|
86 |
numbersep=10pt, |
|
87 |
tabsize=2, |
|
88 |
showspaces=false, |
|
89 |
showstringspaces=false} |
|
90 |
||
91 |
% beamer stuff |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
92 |
\renewcommand{\slidecaption}{APP 05, King's College London, 29 October 2013}
|
| 52 | 93 |
|
94 |
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
|
|
95 |
\begin{document}
|
|
96 |
||
97 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
98 |
\mode<presentation>{
|
|
99 |
\begin{frame}<1>[t]
|
|
100 |
\frametitle{%
|
|
101 |
\begin{tabular}{@ {}c@ {}}
|
|
102 |
\\ |
|
103 |
\LARGE Access Control and \\[-3mm] |
|
104 |
\LARGE Privacy Policies (5)\\[-6mm] |
|
105 |
\end{tabular}}\bigskip\bigskip\bigskip
|
|
106 |
||
107 |
%\begin{center}
|
|
108 |
%\includegraphics[scale=1.3]{pics/barrier.jpg}
|
|
109 |
%\end{center}
|
|
110 |
||
111 |
\normalsize |
|
112 |
\begin{center}
|
|
113 |
\begin{tabular}{ll}
|
|
114 |
Email: & christian.urban at kcl.ac.uk\\ |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
115 |
Office: & S1.27 (1st floor Strand Building)\\ |
| 52 | 116 |
Slides: & KEATS (also homework is there)\\ |
117 |
\end{tabular}
|
|
118 |
\end{center}
|
|
119 |
||
120 |
||
121 |
\end{frame}}
|
|
122 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
123 |
||
124 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
125 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
126 |
\begin{frame}[t]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
127 |
\frametitle{Last Week}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
128 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
129 |
\mbox{}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
130 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
131 |
\begin{tabular}{l}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
132 |
{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
133 |
\onslide<1->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
134 |
\onslide<1->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
135 |
\end{tabular}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
136 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
137 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
138 |
\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
139 |
but most likely they are programs |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
140 |
\item indicates one ``protocol run'', or session, which specifies an |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
141 |
order in the communication |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
142 |
\item there can be several sessions in parallel (think of wifi routers) |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
143 |
\item nonces (randomly generated numbers) used only once |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
144 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
145 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
146 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
147 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
148 |
|
| 52 | 149 |
|
150 |
||
151 |
||
152 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
153 |
\mode<presentation>{
|
|
154 |
\begin{frame}[c]
|
|
| 54 | 155 |
\frametitle{Cryptographic Protocol Failures}
|
156 |
||
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
157 |
Ross Anderson and Roger Needham wrote:\bigskip |
| 54 | 158 |
|
159 |
\begin{quote}
|
|
160 |
\textcolor{gray}{
|
|
161 |
A lot of the recorded frauds were the result of this kind of blunder, or from |
|
162 |
management negligence pure and simple.} However, there have been a |
|
163 |
significant number of cases where the designers protected the right things, |
|
164 |
used cryptographic algorithms which were not broken, and yet found that their |
|
165 |
systems were still successfully attacked. |
|
166 |
\end{quote}
|
|
167 |
||
| 52 | 168 |
|
169 |
\end{frame}}
|
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
170 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
171 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
172 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
173 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
174 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
175 |
\frametitle{Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
176 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
177 |
Examples where ``over-the-air'' protocols are used |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
178 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
179 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
180 |
\item wifi |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
181 |
\item card readers (you cannot trust the terminals) |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
182 |
\item RFI (passports) |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
183 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
184 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
185 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
186 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
187 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
188 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
189 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
190 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
191 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
192 |
\begin{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
193 |
\includegraphics[scale=0.5]{pics/dogs.jpg}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
194 |
\end{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
195 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
196 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
197 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
198 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
199 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
200 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
201 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
202 |
\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
203 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
204 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
205 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
206 |
\item A ``tamperesitant'' terminal playing Tetris on |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
207 |
\textcolor{blue}{\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}}.\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
208 |
\textcolor{lightgray}{\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
209 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
210 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
211 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
212 |
\includegraphics[scale=0.2]{pics/tetris.jpg}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
213 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
214 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
215 |
\end{frame}}
|
| 52 | 216 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
217 |
||
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
218 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
219 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
220 |
\begin{frame}<1-3>[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
221 |
\frametitle{Oyster Cards}
|
| 52 | 222 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
223 |
\includegraphics[scale=0.4]{pics/oysterc.jpg}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
224 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
225 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
226 |
\item good example of a bad protocol\\ (security by obscurity)\bigskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
227 |
\item<3-> ``Breaching security on Oyster cards should not |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
228 |
allow unauthorised use for more than a day, as TfL promises to turn |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
229 |
off any cloned cards within 24 hours\ldots'' |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
230 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
231 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
232 |
\only<2>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
233 |
\begin{textblock}{12}(0.5,0.5)
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
234 |
\begin{tikzpicture}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
235 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
236 |
{\color{darkgray}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
237 |
\begin{minipage}{11cm}\raggedright\footnotesize
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
238 |
{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
239 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
240 |
The Mifare Classic is the most widely used contactless smartcard on the |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
241 |
market. The stream cipher CRYPTO1 used by the Classic has recently been |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
242 |
reverse engineered and serious attacks have been proposed. The most serious |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
243 |
of them retrieves a secret key in under a second. In order to clone a card, |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
244 |
previously proposed attacks require that the adversary either has access to |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
245 |
an eavesdropped communication session or executes a message-by-message |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
246 |
man-in-the-middle attack between the victim and a legitimate |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
247 |
reader. Although this is already disastrous from a cryptographic point of |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
248 |
view, system integrators maintain that these attacks cannot be performed |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
249 |
undetected.\smallskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
250 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
251 |
This paper proposes four attacks that can be executed by an adversary having |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
252 |
only wireless access to just a card (and not to a legitimate reader). The |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
253 |
most serious of them recovers a secret key in less than a second on ordinary |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
254 |
hardware. Besides the cryptographic weaknesses, we exploit other weaknesses |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
255 |
in the protocol stack. A vulnerability in the computation of parity bits |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
256 |
allows an adversary to establish a side channel. Another vulnerability |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
257 |
regarding nested authentications provides enough plaintext for a speedy |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
258 |
known-plaintext attack. |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
259 |
\end{minipage}};
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
260 |
\end{tikzpicture}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
261 |
\end{textblock}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
262 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
263 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
264 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
265 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
266 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
267 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
268 |
\begin{frame}<1->[t]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
269 |
\frametitle{Another Example}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
270 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
271 |
In an email from Ross Anderson\bigskip\small |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
272 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
273 |
\begin{tabular}{l}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
274 |
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\ |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
275 |
Sender: cl-security-research-bounces@lists.cam.ac.uk\\ |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
276 |
To: cl-security-research@lists.cam.ac.uk\\ |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
277 |
Subject: Birmingham case\\ |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
278 |
Date: Tue, 13 Aug 2013 15:13:17 +0100\\ |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
279 |
\end{tabular}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
280 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
281 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
282 |
\only<2>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
283 |
\begin{textblock}{12}(0.5,0.5)
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
284 |
\begin{tikzpicture}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
285 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
286 |
{\color{darkgray}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
287 |
\begin{minipage}{11cm}\raggedright\footnotesize
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
288 |
As you may know, Volkswagen got an injunction against the University of |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
289 |
Birmingham suppressing the publication of the design of a weak cipher |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
290 |
used in the remote key entry systems in its recent-model cars. The paper |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
291 |
is being given today at Usenix, minus the cipher design.\medskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
292 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
293 |
I've been contacted by Birmingham University's lawyers who seek to prove |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
294 |
that the cipher can be easily obtained anyway. They are looking for a |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
295 |
student who will download the firmware from any newish VW, disassemble |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
296 |
it and look for the cipher. They'd prefer this to be done by a student |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
297 |
rather than by a professor to emphasise how easy it is.\medskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
298 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
299 |
Volkswagen's argument was that the Birmingham people had reversed a |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
300 |
locksmithing tool produced by a company in Vietnam, and since their key |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
301 |
fob chip is claimed to be tamper-resistant, this must have involved a |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
302 |
corrupt insider at VW or at its supplier Thales. Birmingham's argument |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
303 |
is that this is nonsense as the cipher is easy to get hold of. Their |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
304 |
lawyers feel this argument would come better from an independent |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
305 |
outsider.\medskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
306 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
307 |
Let me know if you're interested in having a go, and I'll put you in |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
308 |
touch |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
309 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
310 |
Ross |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
311 |
\end{minipage}};
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
312 |
\end{tikzpicture}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
313 |
\end{textblock}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
314 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
315 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
316 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
317 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
318 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
319 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
320 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
321 |
\frametitle{Authentication Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
322 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
323 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
324 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
325 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
326 |
Passwords: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
327 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
328 |
\begin{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
329 |
\bl{$B \rightarrow A: K_{AB}$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
330 |
\end{center}\pause\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
331 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
332 |
Problems: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
333 |
identity of \bl{$B$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
334 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
335 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
336 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 337 |
|
338 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
339 |
\mode<presentation>{
|
|
340 |
\begin{frame}[c]
|
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
341 |
\frametitle{Authentication Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
342 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
343 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
344 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
345 |
Simple Challenge Response: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
346 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
347 |
\begin{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
348 |
\begin{tabular}{ll}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
349 |
\bl{$A \rightarrow B:$} & \bl{$N$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
350 |
\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
351 |
\end{tabular}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
352 |
\end{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
353 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
354 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
355 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
356 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 357 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
358 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
359 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
360 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
361 |
\frametitle{Authentication Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
362 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
363 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
364 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
365 |
Mutual Challenge Response: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
366 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
367 |
\begin{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
368 |
\begin{tabular}{ll}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
369 |
\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
370 |
\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
371 |
\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
372 |
\end{tabular}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
373 |
\end{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
374 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
375 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
376 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
377 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
378 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
379 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
380 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
381 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
382 |
\frametitle{One Time Passwords}
|
| 52 | 383 |
|
384 |
\begin{center}
|
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
385 |
\bl{$B \rightarrow A: C, C_{K_{AB}}$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
386 |
\end{center}\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
387 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
388 |
A counter \bl{$C$} increases with each transmission; \bl{$A$} will not accept a
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
389 |
\bl{$C$} which has already been accepted (used in car key fob).
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
390 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
391 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
392 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
393 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
394 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
395 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
396 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
397 |
\frametitle{Person-in-the-Middle}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
398 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
399 |
``Normal'' protocol run:\bigskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
400 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
401 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
402 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
403 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
404 |
\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
405 |
with its private key |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
406 |
\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
407 |
with its private key |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
408 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
409 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
410 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
411 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
412 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
413 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
414 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
415 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
416 |
\frametitle{Person-in-the-Middle}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
417 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
418 |
Attack: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
419 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
420 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
421 |
\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
422 |
\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
423 |
\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
424 |
with its private key, re-encrypts with \bl{$B$}'s public key
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
425 |
\item similar |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
426 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
427 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
428 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
429 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
430 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
431 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
432 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
433 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
434 |
\frametitle{Person-in-the-Middle}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
435 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
436 |
Prevention: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
437 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
438 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
439 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
440 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
441 |
\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
442 |
\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
443 |
\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
444 |
\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
445 |
\end{itemize}\pause
|
| 52 | 446 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
447 |
\bl{$C$} would have to invent a totally new message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
448 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
449 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
450 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
451 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
452 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
453 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
454 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
455 |
\frametitle{Motivation}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
456 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
457 |
The ISO/IEC 9798 specifies authentication mechanisms which use security |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
458 |
techniques. These mechanisms are used to corroborate that an entity is the one |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
459 |
that is claimed. An entity to be authenticated proves its identity by showing its |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
460 |
knowledge of a secret. The mechanisms are defined as exchanges of information |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
461 |
between entities and, where required, exchanges with a trusted third party. |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
462 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
463 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
464 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
465 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
466 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
467 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
468 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
469 |
\frametitle{Motivation}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
470 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
471 |
But\ldots\bigskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
472 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
473 |
The ISO/IEC 9798 standard neither specifies a threat model nor defines the security properties that the protocols should satisfy.\pause\bigskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
474 |
Unfortunately, there are no general precise definitions for the goals of protocols. |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
475 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
476 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
477 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
478 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
479 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
480 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
481 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
482 |
\frametitle{Best Practices}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
483 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
484 |
{\bf Principle 1:} Every message should say what it means: the interpretation of
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
485 |
a message should not depend on the context.\bigskip\pause |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
486 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
487 |
{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
488 |
to mention the principal’s name explicitly in the message (though difficult).\bigskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
489 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
490 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
491 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
492 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
493 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
494 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
495 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
496 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
497 |
\frametitle{Best Practices}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
498 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
499 |
{\bf Principle 3:} Be clear about why encryption is being done. Encryption is not wholly cheap, and not asking precisely why it is being done can lead to redundancy. Encryption is not synonymous with security.
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
500 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
501 |
\begin{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
502 |
Possible Uses of Encryption |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
503 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
504 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
505 |
\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
\item Guarantee authenticity: The partner is indeed some particular principal.
\item Guarantee confidentiality and authenticity: binds two parts of a message ---
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
506 |
\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
507 |
\end{itemize}
|
| 52 | 508 |
\end{center}
|
509 |
||
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
510 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
511 |
|
| 52 | 512 |
\end{frame}}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
513 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
514 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
515 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
516 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
517 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
518 |
\frametitle{Best Practices}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
519 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
520 |
{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
|
| 52 | 521 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
522 |
Example Certification Authorities: CAs are trusted to certify a key only after proper steps |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
523 |
have been taken to identify the principal that owns it. |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
524 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
525 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
526 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
527 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
528 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
529 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
530 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 531 |
|
532 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
533 |
\mode<presentation>{
|
|
534 |
\begin{frame}[c]
|
|
535 |
\frametitle{Access Control Logic}
|
|
536 |
||
537 |
Ross Anderson about the use of Logic:\bigskip |
|
538 |
||
539 |
\begin{quote}
|
|
540 |
Formal methods can be an excellent way of finding |
|
541 |
bugs in security protocol designs as they force the designer |
|
| 53 | 542 |
to make everything explicit and thus confront dif$\!$ficult design |
| 52 | 543 |
choices that might otherwise be fudged. |
544 |
\end{quote}
|
|
545 |
||
546 |
\end{frame}}
|
|
547 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
548 |
||
549 |
||
550 |
\end{document}
|
|
551 |
||
552 |
%%% Local Variables: |
|
553 |
%%% mode: latex |
|
554 |
%%% TeX-master: t |
|
555 |
%%% End: |
|
556 |