| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Fri, 06 May 2016 13:15:08 +0100 | |
| changeset 455 | 2d9e005100f4 |
| parent 443 | 67d7d239c617 |
| child 463 | 39d66100d7a3 |
| permissions | -rw-r--r-- |
|
93
82ac034dcc9d
brought order into the repository
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1 |
\documentclass[dvipsnames,14pt,t, xelatex]{beamer}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
2 |
\usepackage{../slides}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
3 |
\usepackage{../graphics}
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
4 |
\usepackage{../langs}
|
| 0 | 5 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
6 |
\setmonofont[Scale=.88]{Consolas}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
7 |
\newfontfamily{\consolas}{Consolas}
|
| 0 | 8 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
9 |
\hfuzz=220pt |
| 0 | 10 |
|
11 |
% beamer stuff |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
12 |
\renewcommand{\slidecaption}{SEN 01, King's College London}
|
| 0 | 13 |
|
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
14 |
\lstset{language=JavaScript,
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
15 |
style=mystyle, |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
16 |
numbersep=0pt, |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
17 |
numbers=none, |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
18 |
xleftmargin=0mm} |
| 0 | 19 |
|
20 |
\begin{document}
|
|
21 |
||
| 9 | 22 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
23 |
\begin{frame}
|
| 0 | 24 |
\frametitle{%
|
| 1 | 25 |
\begin{tabular}{@ {}c@ {}}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
26 |
\LARGE Security Engineering (1)\\[-3mm] |
| 1 | 27 |
\end{tabular}}
|
28 |
||
29 |
\begin{center}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
30 |
\includegraphics[scale=0.3]{../pics/barrier.jpg}
|
| 1 | 31 |
\end{center}
|
32 |
||
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
33 |
\normalsize |
| 1 | 34 |
\begin{center}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
35 |
\begin{tabular}{ll}
|
| 1 | 36 |
Email: & christian.urban at kcl.ac.uk\\ |
|
93
82ac034dcc9d
brought order into the repository
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
37 |
Office: & S1.27 (1st floor Strand Building)\\ |
|
159
77cf0362b87a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
157
diff
changeset
|
38 |
Slides: & KEATS |
| 1 | 39 |
\end{tabular}
|
40 |
\end{center}
|
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
41 |
\end{frame}
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
42 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 0 | 43 |
|
| 8 | 44 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
45 |
\begin{frame}
|
|
46 |
||
47 |
\begin{center}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
48 |
\includegraphics[scale=0.5]{../pics/barrier.jpg}
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
49 |
\end{center}
|
|
96
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
50 |
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
51 |
\end{frame}
|
|
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
52 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
96
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
53 |
|
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
54 |
|
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
55 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
56 |
\begin{frame}
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
57 |
\frametitle{This is a Misconception!}
|
|
96
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
58 |
|
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
59 |
\begin{center}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
60 |
\includegraphics[scale=0.55]{../pics/cryptographic-small.png}
|
|
95
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
61 |
\end{center}
|
|
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
62 |
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
63 |
\centering |
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
64 |
\begin{bubble}[10cm]
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
65 |
\small |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
66 |
There is some consensus that the NSA can probably not |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
67 |
brute-force magically better than the ``public''. |
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
68 |
\end{bubble}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
69 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
70 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
71 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
72 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
73 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
74 |
\begin{frame}[c]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
75 |
The content of this course is very much inspired by the work of |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
76 |
three people:\bigskip |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
77 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
78 |
\small |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
79 |
\begin{center}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
80 |
\begin{tabular}{ccc}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
81 |
\includegraphics[scale=1.4]{../pics/schneier.png} &
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
82 |
\includegraphics[scale=0.103]{../pics/ross.jpg} &
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
83 |
\includegraphics[scale=0.2]{../pics/halderman.jpg} \\
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
84 |
Bruce Schneier & Ross Anderson & Alex Halderman\\ |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
85 |
\tiny\url{en.wikipedia.org/wiki/Bruce_Schneier} &
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
86 |
\tiny\url{www.cl.cam.ac.uk/~rja14} &
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
87 |
\tiny\url{jhalderm.com}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
88 |
\end{tabular}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
89 |
\end{center}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
90 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
91 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
92 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
95
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
93 |
|
|
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
94 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 1 | 95 |
\begin{frame}[c]
|
96 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
97 |
\alert{\bf Security engineers} require a particular \alert{\bf mindset}:
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
98 |
\bigskip\medskip |
| 1 | 99 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
100 |
\begin{overlayarea}{\textwidth}{5cm}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
101 |
\small |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
102 |
\only<1>{\begin{bubble}[10cm]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
103 |
``Security engineers --- at least the good ones --- see |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
104 |
the world differently. They can't walk into a store without |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
105 |
noticing how they might shoplift. They can't use a computer |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
106 |
without wondering about the security vulnerabilities. They |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
107 |
can't vote without trying to figure out how to vote twice. |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
108 |
They just can't help it.''\\ |
|
95
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
109 |
\hfill{}---Bruce Schneier
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
110 |
\end{bubble}}%
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
111 |
\only<2>{\begin{bubble}[10.5cm]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
112 |
``Security engineering\ldots requires you to think |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
113 |
differently. You need to figure out not how something works, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
114 |
but how something can be made to not work. You have to imagine |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
115 |
an intelligent and malicious adversary inside your system |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
116 |
\ldots, constantly trying new ways to |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
117 |
subvert it. You have to consider all the ways your system can |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
118 |
fail, most of them having nothing to do with the design |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
119 |
itself. You have to look at everything backwards, upside down, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
120 |
and sideways. You have to think like an alien.''\hfill{}---Bruce Schneier
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
121 |
\end{bubble}}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
122 |
\end{overlayarea}
|
| 1 | 123 |
|
124 |
\begin{flushright}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
125 |
\includegraphics[scale=0.0087]{../pics/schneierbook1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
126 |
\includegraphics[scale=0.0087]{../pics/schneierbook2.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
127 |
\includegraphics[scale=0.23]{../pics/schneierbook3.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
128 |
\includegraphics[scale=0.85]{../pics/schneier.png}
|
| 1 | 129 |
\end{flushright}
|
130 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
131 |
\end{frame}
|
| 1 | 132 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
133 |
||
| 4 | 134 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
135 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
136 |
\frametitle{Breaking Things}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
137 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
138 |
For example: |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
139 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
140 |
\begin{center}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
141 |
\begin{bubble}[10cm]\small
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
142 |
Prof.~V.~Nasty gives the following final exam question (closed books, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
143 |
closed notes):\bigskip |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
144 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
145 |
\noindent |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
146 |
\begin{tabular}{@ {}l}
|
|
102
8f2c3329c9b8
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
101
diff
changeset
|
147 |
Write the first 100 digits of $\pi$:\\ |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
148 |
3.\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_ |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
149 |
\end{tabular}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
150 |
\end{bubble}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
151 |
\end{center}
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
152 |
|
|
102
8f2c3329c9b8
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
101
diff
changeset
|
153 |
How can you cheat in this exam and how can you defend against such cheating? |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
154 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
155 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
156 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
157 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
158 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
159 |
\begin{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
160 |
\frametitle{\textcolor{red}{Warning}}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
161 |
\small |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
162 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
163 |
\begin{itemize}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
164 |
\item<1-> I will be teaching techniques that can be used to |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
165 |
compromise security and privacy. |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
166 |
\end{itemize}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
167 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
168 |
\onslide<2->{
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
169 |
\begin{itemize}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
170 |
\item Don’t be evil! |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
171 |
\only<3>{\item Using those techniques in the real world may
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
172 |
violate the law or King’s rules, and it may be unethical.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
173 |
\only<3>{\item Under some circumstances, even probing for weaknesses of a
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
174 |
system may result in severe penalties, up to and including |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
175 |
expulsion, fines and jail time.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
176 |
\only<3>{\item Acting lawfully and ethically is \underline{your} responsibility.}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
177 |
\only<4>{\item Ethics requires you to
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
178 |
refrain from doing harm.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
179 |
\only<4>{\item \underline{Always} respect privacy and rights of
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
180 |
others.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
181 |
\only<4>{\item Do not tamper with any of King's systems.}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
182 |
\only<5>{\item If you try
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
183 |
out a technique, always make doubly sure you are working in a |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
184 |
safe environment so that you cannot cause any harm, not even |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
185 |
accidentally.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
186 |
\only<5>{\item Don't be evil. Be an \underline{ethical} hacker.}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
187 |
\end{itemize}}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
188 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
189 |
\end{frame}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
190 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
191 |
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
192 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
193 |
\begin{frame}[c]
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
194 |
\frametitle{Secure Systems}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
195 |
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
196 |
For a secure system, four requirements need to come |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
197 |
together: |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
198 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
199 |
\begin{itemize}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
200 |
\item {\bf Policy}\\
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
201 |
{\small What is supposed to be achieved?}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
202 |
\item {\bf Mechanism}\\
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
203 |
{\small Cipher, access controls, tamper resistance, \ldots}
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
204 |
\item {\bf Assurance}\\
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
205 |
{\small The amount of reliance you can put on the mechanism.}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
206 |
\item {\bf Incentive}\\
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
207 |
{\small The motive that the people guarding and maintaining the
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
208 |
system have to do their job properly, and also the motive |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
209 |
that the attackers have to try to defeat your policy.} |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
210 |
\end{itemize}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
211 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
212 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
213 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
214 |
\end{frame}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
215 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
216 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
217 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
218 |
\begin{frame}[c]
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
219 |
\frametitle{Chip-and-PIN}
|
| 4 | 220 |
|
221 |
\begin{center}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
222 |
\includegraphics[scale=0.3]{../pics/creditcard1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
223 |
\includegraphics[scale=0.3]{../pics/creditcard2.jpg}
|
| 4 | 224 |
\end{center}
|
225 |
||
226 |
\begin{itemize}
|
|
227 |
\item Chip-and-PIN was introduced in the UK in 2004 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
228 |
\item before that customers had to sign a receipt\bigskip |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
229 |
\item \bf Is Chip-and-PIN a more secure system? |
| 4 | 230 |
\end{itemize}
|
231 |
||
232 |
\begin{flushright}
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
233 |
\small\textcolor{gray}{(some other countries still use the old method)}
|
| 4 | 234 |
\end{flushright}
|
235 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
236 |
\end{frame}
|
| 4 | 237 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
238 |
||
| 0 | 239 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
240 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
241 |
\frametitle{Yes \ldots}
|
| 1 | 242 |
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
243 |
\ldots if you believe the banks:\bigskip |
|
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
244 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
245 |
\begin{bubble}[10cm]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
246 |
\small ``Chip-and-PIN is so effective in this country [UK] |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
247 |
that fraudsters are starting to move their activities |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
248 |
overseas,''\smallskip\\ |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
249 |
\hfill{}said some spokesman for Lloyds TSB\\
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
250 |
\hfill(in The Guardian, 2006) |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
251 |
\end{bubble}\bigskip
|
| 1 | 252 |
|
| 0 | 253 |
|
| 1 | 254 |
\begin{itemize}
|
255 |
\item mag-stripe cards cannot be cloned anymore |
|
256 |
\item stolen or cloned cards need to be used abroad |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
257 |
\item fraud on lost, stolen and counterfeit credit |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
258 |
cards was down \pounds{60m} (24\%) on 2004's figure
|
| 1 | 259 |
\end{itemize}
|
260 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
261 |
\end{frame}
|
| 1 | 262 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
263 |
||
264 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
265 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
266 |
\frametitle{But let's see}
|
| 1 | 267 |
|
268 |
||
269 |
\begin{textblock}{1}(3,4)
|
|
270 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
271 |
\includegraphics[scale=0.3]{../pics/bank.png}\\[-2mm]
|
| 1 | 272 |
\small Bank |
| 0 | 273 |
\end{tabular}
|
274 |
\end{textblock}
|
|
| 1 | 275 |
|
276 |
\begin{textblock}{1}(7,4.5)
|
|
277 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
278 |
\includegraphics[scale=3]{../pics/store.png}\\[-2mm]
|
| 1 | 279 |
\end{tabular}
|
280 |
\end{textblock}
|
|
281 |
||
282 |
\begin{textblock}{1}(4.5,9.9)
|
|
283 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
284 |
\includegraphics[scale=0.16]{../pics/rman.png}\\[-1mm]
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
285 |
\small customer / you |
| 1 | 286 |
\end{tabular}
|
287 |
\end{textblock}
|
|
| 8 | 288 |
|
289 |
\only<2->{
|
|
290 |
\begin{textblock}{1}(4.5,7.5)
|
|
291 |
\begin{tikzpicture}[scale=1.3]
|
|
292 |
\draw[white] (0,0) node (X) {};
|
|
293 |
\draw[white] (1,-1) node (Y) {};
|
|
294 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
295 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
296 |
\end{tikzpicture}
|
|
297 |
\end{textblock}}
|
|
298 |
||
299 |
\only<3->{
|
|
300 |
\begin{textblock}{1}(6.8,7.5)
|
|
301 |
\begin{tikzpicture}[scale=1.3]
|
|
302 |
\draw[white] (0,0) node (X) {};
|
|
303 |
\draw[white] (1,1) node (Y) {};
|
|
304 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
305 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
306 |
\end{tikzpicture}
|
|
307 |
\end{textblock}
|
|
308 |
||
309 |
\begin{textblock}{1}(4.8,5.9)
|
|
310 |
\begin{tikzpicture}[scale=1.3]
|
|
311 |
\draw[white] (0,0) node (X) {};
|
|
312 |
\draw[white] (1.4,0) node (Y) {};
|
|
313 |
\draw[red, <->, line width = 2mm] (X) -- (Y); |
|
314 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
315 |
\end{tikzpicture}
|
|
316 |
\end{textblock}}
|
|
317 |
||
318 |
\only<4->{
|
|
319 |
\begin{textblock}{1}(12,6.5)
|
|
320 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
321 |
\includegraphics[scale=0.8]{../pics/factory.png}\\[-1mm]
|
| 8 | 322 |
\small card\\[-2mm]\small terminal\\[-2mm] \small producer |
323 |
\end{tabular}
|
|
324 |
\end{textblock}
|
|
325 |
||
326 |
\begin{textblock}{1}(10,7)
|
|
327 |
\begin{tikzpicture}[scale=1.6]
|
|
328 |
\draw[white] (0,0) node (X) {};
|
|
329 |
\draw[white] (-1,0.6) node (Y) {};
|
|
330 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
331 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
332 |
\end{tikzpicture}
|
|
333 |
\end{textblock}}
|
|
| 0 | 334 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
335 |
\end{frame}
|
| 0 | 336 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
337 |
||
338 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
339 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
340 |
\frametitle{Chip-and-PIN}
|
| 0 | 341 |
|
| 1 | 342 |
\begin{itemize}
|
| 5 | 343 |
\item A ``tamperesitant'' terminal playing Tetris on |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
344 |
\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}.\smallskip\\
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
345 |
\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})
|
| 1 | 346 |
\end{itemize}
|
347 |
||
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
348 |
\includegraphics[scale=0.2]{../pics/tetris.jpg}
|
| 1 | 349 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
350 |
\end{frame}
|
| 1 | 351 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 0 | 352 |
|
353 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
354 |
\begin{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
355 |
\frametitle{Chip-and-PIN}
|
| 0 | 356 |
|
357 |
\begin{itemize}
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
358 |
\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
359 |
\pounds{1M} had been stolen from customer accounts\smallskip
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
360 |
\item in 2008, hundreds of card readers for use in Britain, Ireland, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
361 |
the Netherlands, Denmark, and Belgium had been expertly tampered with |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
362 |
shortly after manufacture so that details and PINs of credit cards |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
363 |
were sent during the 9 months before over mobile phone networks |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
364 |
to criminals in Lahore, Pakistan |
| 0 | 365 |
\end{itemize}
|
366 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
367 |
\end{frame}
|
| 0 | 368 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
369 |
||
370 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
371 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
372 |
\frametitle{Chip-and-PIN is Broken}
|
| 0 | 373 |
|
| 1 | 374 |
\begin{flushright}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
375 |
\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
376 |
\includegraphics[scale=1.5]{../pics/anderson.jpg}
|
| 1 | 377 |
\end{flushright}
|
| 0 | 378 |
|
379 |
\begin{itemize}
|
|
| 5 | 380 |
\item man-in-the-middle attacks by the group around Ross Anderson\medskip |
| 0 | 381 |
\end{itemize}
|
382 |
||
| 1 | 383 |
\begin{center}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
384 |
\mbox{}\hspace{-20mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
|
| 1 | 385 |
\end{center}
|
| 5 | 386 |
|
387 |
\begin{textblock}{1}(11.5,13.7)
|
|
388 |
\begin{tabular}{l}
|
|
389 |
\footnotesize on BBC Newsnight\\[-2mm] |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
390 |
\footnotesize in 2010 or |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
391 |
\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}
|
| 5 | 392 |
\end{tabular}
|
393 |
\end{textblock}
|
|
| 0 | 394 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
395 |
\end{frame}
|
| 0 | 396 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
397 |
||
398 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
399 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
400 |
\frametitle{\Large Chip-and-PIN is Really Broken}
|
| 0 | 401 |
|
| 1 | 402 |
\begin{flushright}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
403 |
\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
404 |
\includegraphics[scale=1.5]{../pics/anderson.jpg}
|
| 1 | 405 |
\end{flushright}
|
| 0 | 406 |
|
407 |
\begin{itemize}
|
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
408 |
\item same group successfully attacked in 2012 card readers and ATM machines |
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
409 |
\item the problem was: several types of ATMs generate poor random numbers, |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
410 |
which are used as nonces |
| 0 | 411 |
\end{itemize}
|
| 1 | 412 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
413 |
\end{frame}
|
| 0 | 414 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
415 |
||
416 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
417 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
418 |
\frametitle{The Real Problem \ldots}
|
| 0 | 419 |
|
| 1 | 420 |
\begin{textblock}{1}(3,4)
|
421 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
422 |
\includegraphics[scale=0.3]{../pics/bank.png}\\[-2mm]
|
| 1 | 423 |
\small Bank |
424 |
\end{tabular}
|
|
425 |
\end{textblock}
|
|
426 |
||
427 |
\begin{textblock}{1}(7,4.5)
|
|
428 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
429 |
\includegraphics[scale=3]{../pics/store.png}\\[-2mm]
|
| 1 | 430 |
\end{tabular}
|
431 |
\end{textblock}
|
|
| 0 | 432 |
|
| 1 | 433 |
\begin{textblock}{1}(12,6.5)
|
434 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
435 |
\includegraphics[scale=0.8]{../pics/factory.png}\\[-1mm]
|
| 1 | 436 |
\small terminal\\[-2mm] \small producer |
437 |
\end{tabular}
|
|
| 0 | 438 |
\end{textblock}
|
| 1 | 439 |
|
440 |
\begin{textblock}{1}(4.5,9.9)
|
|
441 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
442 |
\includegraphics[scale=0.13]{../pics/rman.png}\\[-1mm]
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
443 |
\small customer / you |
| 1 | 444 |
\end{tabular}
|
445 |
\end{textblock}
|
|
| 0 | 446 |
|
| 8 | 447 |
\begin{textblock}{1}(4.5,7.5)
|
448 |
\begin{tikzpicture}[scale=1.3]
|
|
449 |
\draw[white] (0,0) node (X) {};
|
|
450 |
\draw[white] (1,-1) node (Y) {};
|
|
451 |
\draw[gray, ->, line width = 2mm] (X) -- (Y); |
|
452 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
453 |
\end{tikzpicture}
|
|
454 |
\end{textblock}
|
|
455 |
||
456 |
\begin{textblock}{1}(6.8,7.5)
|
|
457 |
\begin{tikzpicture}[scale=1.3]
|
|
458 |
\draw[white] (0,0) node (X) {};
|
|
459 |
\draw[white] (1,1) node (Y) {};
|
|
460 |
\draw[gray, ->, line width = 2mm] (X) -- (Y); |
|
461 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
462 |
\end{tikzpicture}
|
|
463 |
\end{textblock}
|
|
464 |
||
465 |
\begin{textblock}{1}(4.8,5.9)
|
|
466 |
\begin{tikzpicture}[scale=1.3]
|
|
467 |
\draw[white] (0,0) node (X) {};
|
|
468 |
\draw[white] (1.4,0) node (Y) {};
|
|
469 |
\draw[gray, <->, line width = 2mm] (X) -- (Y); |
|
470 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
471 |
\end{tikzpicture}
|
|
472 |
\end{textblock}
|
|
473 |
||
474 |
\begin{textblock}{1}(10,7)
|
|
475 |
\begin{tikzpicture}[scale=1.6]
|
|
476 |
\draw[white] (0,0) node (X) {};
|
|
477 |
\draw[white] (-1,0.6) node (Y) {};
|
|
478 |
\draw[gray, ->, line width = 2mm] (X) -- (Y); |
|
479 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
480 |
\end{tikzpicture}
|
|
481 |
\end{textblock}
|
|
482 |
||
| 1 | 483 |
\begin{textblock}{14}(1,13.5)
|
484 |
\begin{itemize}
|
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
485 |
\item the burden of proof for fraud and financial liability was shifted to the costumer (until approx.~2009/10) |
| 1 | 486 |
\end {itemize}
|
| 0 | 487 |
\end{textblock}
|
488 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
489 |
\end{frame}
|
| 0 | 490 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
491 |
||
492 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
493 |
\begin{frame}[c]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
494 |
\frametitle{The Bad Guy Again}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
495 |
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
168
diff
changeset
|
496 |
\begin{bubble}[10.5cm]
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
497 |
\small |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
498 |
The anonymous hacker from earlier:\medskip\\ ``Try to use |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
499 |
`Verified-By-Visa' and `Mastercard-Securecode' as rarely as |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
500 |
possible. If only your CVV2 code is getting sniffed, you are |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
501 |
not liable for any damage, because the code is physically |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
502 |
printed and could have been stolen while you payed with your |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
503 |
card at a store. Same applies if someone cloned your CC |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
504 |
reading the magnetic stripe or sniffing RFID. Only losing your |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
505 |
VBV or MCSC password can cause serious trouble.''\\ |
|
174
e2180cead443
updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
170
diff
changeset
|
506 |
\hfill{}\url{www.goo.gl/UWluh0}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
507 |
\end{bubble}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
508 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
509 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
510 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
511 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
512 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
513 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
514 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 0 | 515 |
\begin{frame}[c]
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
516 |
\frametitle{Being Screwed Again}
|
| 0 | 517 |
|
| 1 | 518 |
\begin{flushright}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
519 |
\includegraphics[scale=0.3]{../pics/rbssecure.jpg}
|
| 1 | 520 |
\end{flushright}
|
521 |
||
| 0 | 522 |
\begin{itemize}
|
| 1 | 523 |
\item {\bf Responsibility}\\
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
524 |
``You understand that you are financially responsible for all uses |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
525 |
of RBS Secure.''\medskip\\ |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
526 |
\footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp}
|
| 0 | 527 |
\end{itemize}
|
528 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
529 |
\end{frame}
|
| 0 | 530 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
531 |
||
| 2 | 532 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
533 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
534 |
\frametitle{Web Applications}
|
| 2 | 535 |
|
536 |
\begin{textblock}{1}(2,5)
|
|
537 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
538 |
\includegraphics[scale=0.15]{../pics/servers.png}\\[-2mm]
|
| 2 | 539 |
\small Servers from\\[-2mm] |
540 |
\small Dot.com Inc. |
|
541 |
\end{tabular}
|
|
542 |
\end{textblock}
|
|
543 |
||
| 6 | 544 |
\begin{textblock}{1}(5.6,6)
|
545 |
\begin{tikzpicture}[scale=2.5]
|
|
546 |
\draw[white] (0,0) node (X) {};
|
|
547 |
\draw[white] (1,0) node (Y) {};
|
|
| 8 | 548 |
\only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
|
| 6 | 549 |
\node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
|
| 8 | 550 |
\only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
|
| 6 | 551 |
\node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
|
| 8 | 552 |
\only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
|
| 6 | 553 |
\node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
|
554 |
\end{tikzpicture}
|
|
555 |
\end{textblock}
|
|
556 |
||
557 |
||
| 2 | 558 |
\begin{textblock}{1}(9,5.5)
|
559 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
560 |
\includegraphics[scale=0.15]{../pics/laptop.png}\\[-2mm]
|
| 8 | 561 |
\small Client(s) |
| 2 | 562 |
\end{tabular}
|
563 |
\end{textblock}
|
|
564 |
||
565 |
\begin{textblock}{13}(1,13)
|
|
566 |
\begin{itemize}
|
|
567 |
\item What are pitfalls and best practices? |
|
568 |
\end{itemize}
|
|
569 |
\end{textblock}
|
|
570 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
571 |
\end{frame}
|
| 2 | 572 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
573 |
||
| 5 | 574 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
575 |
\begin{frame}[c]
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
576 |
\frametitle{JavaScript + Node.js}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
577 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
578 |
A simple response from the server: |
| 5 | 579 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
580 |
\small |
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
581 |
\lstinputlisting{../progs/ap0.js}
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
582 |
\medskip\pause |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
583 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
584 |
\small |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
585 |
alternative response:\smallskip\\ |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
586 |
|
| 6 | 587 |
|
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
588 |
\lstinline{response.write('<H1>Hello World</H1>');}
|
| 5 | 589 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
590 |
\end{frame}
|
| 5 | 591 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
592 |
||
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
593 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
594 |
|
| 5 | 595 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
596 |
\begin{frame}[c]
|
|
597 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
598 |
\footnotesize |
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
599 |
\lstinputlisting{../progs/ap1.js}
|
| 5 | 600 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
601 |
\end{frame}
|
| 5 | 602 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
603 |
||
| 6 | 604 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
605 |
\begin{frame}[c]
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
606 |
\frametitle{Cookies}
|
| 6 | 607 |
|
608 |
\begin{textblock}{1}(1.5,5)
|
|
609 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
610 |
\includegraphics[scale=0.15]{../pics/servers.png}\\[-2mm]
|
| 6 | 611 |
\small Servers from\\[-2mm] |
612 |
\small Dot.com Inc. |
|
613 |
\end{tabular}
|
|
614 |
\end{textblock}
|
|
615 |
||
616 |
\begin{textblock}{1}(5.6,5.6)
|
|
617 |
\begin{tikzpicture}[scale=2.5]
|
|
618 |
\draw[white] (0,0) node (X) {};
|
|
619 |
\draw[white] (1,0) node (Y) {};
|
|
620 |
\draw[white] (0.05,-0.3) node (X1) {};
|
|
621 |
\draw[white] (0.95,-0.3) node (Y1) {};
|
|
622 |
\only<1-2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
|
|
623 |
\node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
|
|
| 8 | 624 |
\only<1>{\draw[white, <-, line width = 1mm] (X1) -- (Y1);
|
625 |
\node [inner sep=2pt,label=below:\textcolor{white}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
|
|
| 6 | 626 |
\only<2>{\draw[red, <-, line width = 1mm] (X1) -- (Y1);
|
627 |
\node [inner sep=2pt,label=below:\textcolor{black}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
|
|
628 |
\only<3->{\draw[red, ->, line width = 2mm] (X) -- (Y);
|
|
629 |
\node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
|
|
630 |
\only<3->{\draw[red, ->, line width = 1mm] (X1) -- (Y1);
|
|
631 |
\node [inner sep=2pt,label=below:\textcolor{black}{write a cookie}] at ($ (X1)!.5!(Y1) $) {};}
|
|
632 |
\end{tikzpicture}
|
|
633 |
\end{textblock}
|
|
634 |
||
635 |
||
636 |
\begin{textblock}{1}(9.5,5.5)
|
|
637 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
638 |
\includegraphics[scale=0.15]{../pics/laptop.png}\\[-2mm]
|
| 6 | 639 |
\small Client |
640 |
\end{tabular}
|
|
641 |
\end{textblock}
|
|
642 |
||
643 |
\only<4->{
|
|
644 |
\begin{textblock}{13}(1,11)
|
|
645 |
\small\begin{itemize}
|
|
646 |
\item cookies: max 4KB data\\[-2mm] |
|
647 |
\item cookie theft, cross-site scripting attacks\\[-2mm] |
|
648 |
\item session cookies, persistent cookies, HttpOnly cookies, third-party cookies, zombie cookies |
|
649 |
\end{itemize}
|
|
650 |
\end{textblock}}
|
|
651 |
||
652 |
\only<5>{
|
|
653 |
\begin{textblock}{11}(1,3)
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
654 |
\begin{bubble}[10cm]\small
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
655 |
{\bf EU Privacy Directive about Cookies:}\smallskip\\ ``In May 2011, a
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
656 |
European Union law was passed stating that websites that leave |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
657 |
non-essential cookies on visitors' devices have to alert the visitor |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
658 |
and get acceptance from them. This law applies to both individuals and |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
659 |
businesses based in the EU regardless of the nationality of their |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
660 |
website's visitors or the location of their web host. It is not enough |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
661 |
to simply update a website's terms and conditions or privacy |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
662 |
policy. The deadline to comply with the new EU cookie law was 26th May |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
663 |
2012 and failure to do so could mean a fine of up to |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
664 |
\pounds{500,000}.'' \hfill\small\textcolor{gray}{$\rightarrow$BBC
|
|
174
e2180cead443
updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
170
diff
changeset
|
665 |
News}, \url{www.goo.gl/RI4qhh}
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
666 |
\end{bubble}
|
| 6 | 667 |
\end{textblock}}
|
668 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
669 |
\end{frame}
|
| 6 | 670 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
671 |
||
| 9 | 672 |
|
673 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 6 | 674 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
675 |
\frametitle{My First Real Webapp}
|
| 6 | 676 |
|
677 |
{\bf GET request:}\smallskip
|
|
678 |
\begin{enumerate}
|
|
| 8 | 679 |
\item read the cookie from client |
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
680 |
\item if none is present, set \texttt{counter} to \textcolor{blue}{zero}
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
681 |
\item if cookie is present, extract \texttt{counter}
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
168
diff
changeset
|
682 |
\item if \texttt{counter} is greater or equal than \textcolor{blue}{$5$}, \\
|
| 8 | 683 |
print a valued customer message\\ |
684 |
otherwise just a normal message |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
685 |
\item increase \texttt{counter} by \textcolor{blue}{$1$} and store new cookie with client
|
| 6 | 686 |
\end{enumerate}
|
687 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
688 |
\end{frame}
|
| 6 | 689 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
690 |
||
691 |
||
692 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
693 |
\begin{frame}[c]
|
|
694 |
\mbox{}\\[-9mm]
|
|
695 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
696 |
\footnotesize |
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
697 |
\lstinputlisting{../progs/ap2.js}
|
| 6 | 698 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
699 |
\end{frame}
|
| 7 | 700 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
701 |
||
702 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
703 |
\begin{frame}[c]
|
|
704 |
||
| 8 | 705 |
\begin{center}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
706 |
\includegraphics[scale=0.5]{../pics/barrier.jpg}
|
| 8 | 707 |
\end{center}
|
708 |
||
709 |
\begin{itemize}
|
|
710 |
\item data integrity needs to be ensured |
|
711 |
\end{itemize}
|
|
| 7 | 712 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
713 |
\end{frame}
|
| 8 | 714 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 715 |
|
716 |
||
717 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
718 |
\begin{frame}[c]
|
|
| 8 | 719 |
\mbox{}\\[-7mm]
|
| 7 | 720 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
721 |
\footnotesize |
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
722 |
\lstinputlisting{../progs/ap3.js}
|
| 7 | 723 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
724 |
\end{frame}
|
| 6 | 725 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
726 |
||
| 9 | 727 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 728 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
729 |
\frametitle{SHA-1}
|
| 7 | 730 |
|
731 |
\begin{itemize}
|
|
| 8 | 732 |
\item SHA-1 is a cryptographic hash function\\ |
733 |
(MD5, SHA-256, SHA-512, \ldots) |
|
734 |
\item message $\rightarrow$ digest |
|
|
102
8f2c3329c9b8
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
101
diff
changeset
|
735 |
\item attacks exist: $2^{80} \rightarrow 2^{61}$ \bigskip\pause
|
|
8f2c3329c9b8
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
101
diff
changeset
|
736 |
\item but dictionary attacks are much more effective for extracting passwords (later) |
| 7 | 737 |
\end{itemize}
|
738 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
739 |
\end{frame}
|
| 9 | 740 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
741 |
||
| 7 | 742 |
|
743 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
744 |
\begin{frame}[c]
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
745 |
\mbox{}\\[-2mm]
|
| 7 | 746 |
|
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
747 |
{\footnotesize\lstinputlisting{../progs/ap4.js}}
|
| 7 | 748 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
749 |
\begin{textblock}{1}(9,0)
|
| 8 | 750 |
\begin{tikzpicture}[scale=1.3]
|
751 |
\draw[white] (0,0) node (X) {};
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
752 |
\draw[white] (3.5,0) node (Y) {};
|
| 8 | 753 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
754 |
\node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
|
|
755 |
\end{tikzpicture}
|
|
756 |
\end{textblock}
|
|
757 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
758 |
\begin{textblock}{1}(12.6,6.5)
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
759 |
\begin{tikzpicture}[scale=1.3]
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
760 |
\draw[white] (0,0) node (X) {};
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
761 |
\draw[white] (-1,-1) node (Y) {};
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
762 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
763 |
\node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
764 |
\end{tikzpicture}
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
765 |
\end{textblock}
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
766 |
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
767 |
\begin{textblock}{1}(9.9,11.5)
|
| 8 | 768 |
\begin{tikzpicture}[scale=1.3]
|
769 |
\draw[white] (0,0) node (X) {};
|
|
770 |
\draw[white] (1,-1) node (Y) {};
|
|
771 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
772 |
\node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
|
|
773 |
\end{tikzpicture}
|
|
774 |
\end{textblock}
|
|
775 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
776 |
\end{frame}
|
| 7 | 777 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
778 |
||
| 6 | 779 |
|
| 9 | 780 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 781 |
\mode<presentation>{
|
782 |
\begin{frame}[c]
|
|
783 |
\frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}
|
|
| 6 | 784 |
|
| 8 | 785 |
\begin{itemize}
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
786 |
\item passwords must \alert{\bf not} be stored in clear text
|
| 9 | 787 |
\item instead \texttt{/etc/shadow} contains
|
| 8 | 788 |
\end{itemize}
|
| 9 | 789 |
|
790 |
{\small
|
|
791 |
\texttt{name:\$1\$QIGCa\$/ruJs8AvmrknzKTzM2TYE.:other\_info}
|
|
792 |
} |
|
793 |
||
794 |
\begin{itemize}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
795 |
\item \texttt{\$} is the separator
|
| 9 | 796 |
\item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
797 |
\item \texttt{QIGCa} is the salt
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
798 |
\item \texttt{ruJs8AvmrknzKTzM2TYE.} $\rightarrow$ password + salt
|
| 9 | 799 |
\end{itemize}
|
800 |
||
801 |
\textcolor{gray}{\small
|
|
802 |
(\texttt{openssl passwd -1 -salt QIGCa pippo})
|
|
803 |
} |
|
| 7 | 804 |
% Unix password |
805 |
% http://ubuntuforums.org/showthread.php?p=5318038 |
|
806 |
||
807 |
\end{frame}}
|
|
| 9 | 808 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 809 |
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
810 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
811 |
\mode<presentation>{
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
812 |
\begin{frame}[c]
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
813 |
\frametitle{\begin{tabular}{@ {}c@ {}}Plain-Text Passwords\end{tabular}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
814 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
815 |
\pause |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
816 |
\small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
817 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
818 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
819 |
\begin{itemize}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
820 |
\item IEEE is a standards organisation (not-for-profit) |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
821 |
\item many standards in CS are by IEEE\medskip |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
822 |
\item 100k plain-text passwords were recorded in logs |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
823 |
\item the logs were openly accessible on their FTP server |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
824 |
\end{itemize}\bigskip
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
825 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
826 |
\begin{flushright}\small
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
827 |
\textcolor{gray}{\url{http://ieeelog.com}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
828 |
\end{flushright}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
829 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
830 |
\only<3->{
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
831 |
\begin{textblock}{11}(3,2)
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
832 |
\begin{tikzpicture}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
833 |
\draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm] |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
834 |
{\normalsize\color{darkgray}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
835 |
\begin{minipage}{7.5cm}\raggedright\small
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
836 |
\includegraphics[scale=0.6]{../pics/IEEElog.jpg}
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
837 |
\end{minipage}};
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
838 |
\end{tikzpicture}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
839 |
\end{textblock}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
840 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
841 |
\end{frame}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
842 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
843 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
844 |
|
| 9 | 845 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 846 |
\mode<presentation>{
|
847 |
\begin{frame}[c]
|
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
848 |
\frametitle{\begin{tabular}{c}Other Password Blunders\end{tabular}}
|
| 6 | 849 |
|
| 9 | 850 |
|
851 |
\begin{itemize}
|
|
852 |
\item in late 2009, when an SQL injection attack against online games |
|
853 |
service RockYou.com exposed 32 million \alert{plaintext} passwords
|
|
| 8 | 854 |
|
| 9 | 855 |
\item 1.3 million Gawker credentials exposed in December 2010 containing |
856 |
unsalted(?) \alert{MD5} hashes
|
|
857 |
||
| 12 | 858 |
\item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn |
| 3 | 859 |
% linkedIn password |
860 |
% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
861 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
862 |
\item in July 2015, hackers leaked a password database from |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
863 |
Ashley Madison containing 31 million passwords, many of them |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
864 |
poorly hashed |
| 9 | 865 |
\end{itemize}\medskip
|
| 8 | 866 |
|
| 9 | 867 |
\small |
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
868 |
(web user maintains 25 separate accounts but uses just 6.5 passwords.) |
| 8 | 869 |
|
| 7 | 870 |
\end{frame}}
|
| 9 | 871 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 872 |
|
| 8 | 873 |
%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits. |
874 |
||
875 |
||
| 3 | 876 |
% rainbow tables |
877 |
% http://en.wikipedia.org/wiki/Rainbow_table |
|
878 |
||
| 7 | 879 |
|
| 3 | 880 |
|
| 9 | 881 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 882 |
\begin{frame}[c]
|
883 |
\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}
|
|
884 |
||
885 |
\begin{itemize}
|
|
| 5 | 886 |
\item How fast can hackers crack SHA-1 passwords? \pause |
| 3 | 887 |
|
| 5 | 888 |
\item The answer is 2 billion attempts per second\\ |
889 |
using a Radeon HD 7970 |
|
| 3 | 890 |
\end{itemize}
|
891 |
||
892 |
\begin{center}
|
|
| 5 | 893 |
\begin{tabular}{@ {\hspace{-12mm}}rl}
|
| 3 | 894 |
password length & time\smallskip\\\hline |
895 |
5 letters & 5 secs\\ |
|
896 |
6 letters & 500 secs\\ |
|
897 |
7 letters & 13 hours\\ |
|
898 |
8 letters & 57 days\\ |
|
899 |
9 letters & 15 years\\ |
|
900 |
\end{tabular}
|
|
901 |
\end{center}
|
|
902 |
||
903 |
\small |
|
| 5 | 904 |
5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\ |
905 |
(1 letter - upper case, lower case, digits, symbols $\approx$ 100) |
|
906 |
||
907 |
\only<2->{
|
|
908 |
\begin{textblock}{1}(12,5)
|
|
909 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
910 |
\includegraphics[scale=0.3]{../pics/radeon.jpg}\\[-6mm]
|
| 5 | 911 |
\footnotesize graphics card\\[-1mm] |
912 |
\footnotesize ca.~\pounds{}300
|
|
913 |
\end{tabular}
|
|
914 |
\end{textblock}}
|
|
915 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
916 |
\end{frame}
|
| 9 | 917 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 918 |
|
| 9 | 919 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 4 | 920 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
921 |
\frametitle{Passwords}
|
| 4 | 922 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
923 |
How to recover from a break in?\pause\medskip |
| 9 | 924 |
|
| 4 | 925 |
\begin{itemize}
|
| 9 | 926 |
\item Do not send passwords in plain text. |
927 |
\item Security questions are tricky to get right. |
|
| 4 | 928 |
\end{itemize}
|
929 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
930 |
\end{frame}
|
| 9 | 931 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 4 | 932 |
|
| 9 | 933 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 934 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
935 |
\frametitle{This Course}
|
| 3 | 936 |
|
937 |
\begin{itemize}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
938 |
\item electronic voting |
| 9 | 939 |
\item break-ins (buffer overflows) |
940 |
\item access control\\ (role based, data security / data integrity) |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
941 |
\item protocols |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
942 |
\item zero-knowledge proofs |
| 7 | 943 |
\item privacy |
944 |
\begin{quote}
|
|
945 |
Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
|
946 |
\end{quote}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
947 |
\item trust, bitcoins |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
948 |
\item static analysis |
| 3 | 949 |
\end{itemize}
|
950 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
951 |
\end{frame}
|
| 9 | 952 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
953 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
954 |
\begin{frame}[c]
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
955 |
\frametitle{Books + Homework}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
956 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
957 |
\begin{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
958 |
\item There is no single book I am following, but |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
959 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
960 |
\begin{center}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
961 |
\includegraphics[scale=0.012]{../pics/andersonbook1.jpg}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
962 |
%%\includegraphics[scale=0.23]{../pics/accesscontrolbook.jpg}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
963 |
\end{center}\medskip\pause
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
964 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
965 |
\item The question ``\emph{Is this relevant for the exams?}''
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
966 |
is not appreciated!\medskip\\ |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
967 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
968 |
Whatever is in the homework (and is not marked optional) is |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
969 |
relevant for the exam. No code needs to be written. |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
970 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
971 |
\end{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
972 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
973 |
\end{frame}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
974 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
975 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
976 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
977 |
\begin{frame}[c]
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
978 |
\frametitle{Further Information}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
979 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
980 |
For your personal interest: |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
981 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
982 |
\begin{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
983 |
\item RISKS mailing list |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
984 |
\item Schneier's Crypto newsletter |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
985 |
\item Google+ Ethical Hacker group |
|
443
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
986 |
\item Chaos Computer Club Conferences\\ |
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
987 |
(every year in December) |
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
988 |
\begin{center}
|
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
989 |
\url{https://media.ccc.de/c/camp2015}
|
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
990 |
\end{center}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
991 |
\end{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
992 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
993 |
\end{frame}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
994 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
995 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
996 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
997 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
998 |
\begin{frame}[c]
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
999 |
\frametitle{Take-Home Points}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1000 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1001 |
\begin{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1002 |
\item Never store passwords in plain text.\medskip |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1003 |
\item Always salt your hashes!\medskip |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1004 |
\item Use an existing crypto algorithm; do not write your own!\medskip |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1005 |
\item Make the party responsible for losses that is in the position to improve |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1006 |
security. |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1007 |
\end{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1008 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1009 |
\end{frame}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1010 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1011 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1012 |
|
| 3 | 1013 |
|
| 9 | 1014 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 1015 |
\begin{frame}[c]
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1016 |
\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1017 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1018 |
Can you track a user {\bf without}:
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1019 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1020 |
\begin{itemize}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1021 |
\item Cookies |
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
1022 |
\item JavaScript |
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1023 |
\item LocalStorage/SessionStorage/GlobalStorage |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1024 |
\item Flash, Java or other plugins |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1025 |
\item Your IP address or user agent string |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1026 |
\item Any methods employed by Panopticlick\\ |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1027 |
\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1028 |
\end{itemize}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1029 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
1030 |
Even when you disabled cookies entirely, have JavaScript turned off and use a VPN service.\\\pause |
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
1031 |
(And numerous sites use it.) |
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1032 |
|
|
168
793ae8926a97
polished
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
167
diff
changeset
|
1033 |
\end{frame}
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1034 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1035 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1036 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1037 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1038 |
\begin{frame}[c]
|
|
168
793ae8926a97
polished
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
167
diff
changeset
|
1039 |
\frametitle{Web-Protocol}
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1040 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1041 |
\only<1->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1042 |
\begin{textblock}{1}(2,2)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1043 |
\begin{tikzpicture}[scale=1.3]
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
1044 |
\draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{../pics/firefox.jpg}};
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1045 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1046 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1047 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1048 |
\only<1->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1049 |
\begin{textblock}{1}(11,2)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1050 |
\begin{tikzpicture}[scale=1.3]
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
1051 |
\draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{../pics/servers.png}};
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1052 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1053 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1054 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1055 |
\only<1->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1056 |
\begin{textblock}{1}(5,2.5)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1057 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1058 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1059 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1060 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1061 |
\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1062 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1063 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1064 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1065 |
\only<2->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1066 |
\begin{textblock}{1}(5,6)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1067 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1068 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1069 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1070 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1071 |
\node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
1072 |
\node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{../pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1073 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1074 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1075 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1076 |
\only<3->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1077 |
\begin{textblock}{1}(4.2,11)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1078 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1079 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1080 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1081 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1082 |
\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1083 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1084 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1085 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1086 |
\only<4->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1087 |
\begin{textblock}{1}(4.2,13.9)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1088 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1089 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1090 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1091 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1092 |
\node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1093 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1094 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1095 |
|
|
168
793ae8926a97
polished
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
167
diff
changeset
|
1096 |
\end{frame}
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1097 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1098 |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1099 |
\end{document}
|
| 8 | 1100 |
|
| 2 | 1101 |
|
| 0 | 1102 |
|
1103 |
%%% Local Variables: |
|
|
94
caf08b02fa32
added pictures
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
93
diff
changeset
|
1104 |
%%% mode: xelatex |
| 0 | 1105 |
%%% TeX-master: t |
1106 |
%%% End: |
|
1107 |