| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Tue, 21 Oct 2014 09:33:13 +0100 | |
| changeset 253 | 4020ba76cc07 |
| parent 252 | fa151c0a3cf4 |
| child 254 | 0d491b5654f9 |
| permissions | -rw-r--r-- |
| 52 | 1 |
\documentclass[dvipsnames,14pt,t]{beamer}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
2 |
\usepackage{../slides}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
3 |
\usepackage{../graphics}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
4 |
\usepackage{../langs}
|
| 52 | 5 |
\usetikzlibrary{arrows}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
6 |
\usetikzlibrary{shapes}
|
| 52 | 7 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
8 |
\setmonofont[Scale=.88]{Consolas}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
9 |
\newfontfamily{\consolas}{Consolas}
|
| 52 | 10 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
11 |
\hfuzz=220pt |
| 52 | 12 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
13 |
% beamer stuff |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
14 |
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
15 |
\renewcommand{\slidecaption}{APP 05, King's College London}
|
|
124
382aad582d8b
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
123
diff
changeset
|
16 |
|
| 52 | 17 |
|
18 |
\begin{document}
|
|
19 |
||
20 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
21 |
\begin{frame}[t]
|
| 52 | 22 |
\frametitle{%
|
23 |
\begin{tabular}{@ {}c@ {}}
|
|
24 |
\\ |
|
25 |
\LARGE Access Control and \\[-3mm] |
|
26 |
\LARGE Privacy Policies (5)\\[-6mm] |
|
27 |
\end{tabular}}\bigskip\bigskip\bigskip
|
|
28 |
||
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
29 |
\normalsize |
| 52 | 30 |
\begin{center}
|
31 |
\begin{tabular}{ll}
|
|
32 |
Email: & christian.urban at kcl.ac.uk\\ |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
33 |
Office: & S1.27 (1st floor Strand Building)\\ |
| 52 | 34 |
Slides: & KEATS (also homework is there)\\ |
35 |
\end{tabular}
|
|
36 |
\end{center}
|
|
37 |
||
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
38 |
\end{frame}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
39 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 40 |
|
41 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
42 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
43 |
\frametitle{Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
44 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
45 |
Some examples where ``over-the-air'' protocols are used: |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
46 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
47 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
48 |
\item wifi |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
49 |
\item card readers (you cannot trust the terminals) |
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
50 |
\item RFID (passports) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
51 |
\item car transponders |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
52 |
\end{itemize}\medskip\pause
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
53 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
54 |
The point is that we cannot control the network: |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
55 |
An attacker can install a packet sniffer, inject packets, |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
56 |
modify packets, replay messages. |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
57 |
\end{frame}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
58 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
59 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
60 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
61 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
62 |
\frametitle{Keyless Car Transponders}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
63 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
64 |
\begin{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
65 |
\includegraphics[scale=0.1]{../pics/keyfob.jpg}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
66 |
\quad |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
67 |
\includegraphics[scale=0.27]{../pics/startstop.jpg}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
68 |
\end{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
69 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
70 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
71 |
\item There are two security mechanisms: one remote central |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
72 |
locking system and one passive RFID tag (engine immobiliser). |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
73 |
\item How can I get in? How can thieves be kept out? |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
74 |
How to avoid MITM attacks? |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
75 |
\end{itemize}\medskip
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
76 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
77 |
\footnotesize |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
78 |
\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
79 |
\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
80 |
\hfill a Vehicle Immobilizer |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
81 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
82 |
\end{frame}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
83 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
84 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
85 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
86 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
87 |
\frametitle{HTTPS / GSM}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
88 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
89 |
\begin{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
90 |
\includegraphics[scale=0.25]{../pics/barclays.jpg}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
91 |
\quad |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
92 |
\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
93 |
\end{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
94 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
95 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
96 |
\item I am sitting at Starbuck. How can I be sure I am |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
97 |
really visiting Barclays? I have no control of the access |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
98 |
point. |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
99 |
\item How can I achieve that a secret key is established |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
100 |
in order to encrypt my conversation? I have no control over |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
101 |
the access point. |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
102 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
103 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
104 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
105 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
106 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
107 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
108 |
\begin{frame}[c]
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
109 |
\frametitle{Handshakes}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
110 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
111 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
112 |
\item starting a TCP connection between a client and a server |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
113 |
initiates the following three-way handshake protocol: |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
114 |
\end{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
115 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
116 |
\begin{columns}[t]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
117 |
\begin{column}{5cm}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
118 |
\begin{minipage}[t]{4cm}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
119 |
\begin{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
120 |
\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
121 |
\end{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
122 |
\end{minipage}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
123 |
\end{column}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
124 |
\begin{column}{5cm}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
125 |
\begin{tabular}[t]{rl}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
126 |
Alice: & Hello server!\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
127 |
Server: & I heard you\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
128 |
Alice: & Thanks |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
129 |
\end{tabular}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
130 |
\end{column}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
131 |
\end{columns}\pause
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
132 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
133 |
\begin{center}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
134 |
\begin{tabular}{rl}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
135 |
\bl{$A \rightarrow S$}: & \bl{SYN}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
136 |
\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
137 |
\bl{$A \rightarrow S$}: & \bl{ACK}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
138 |
\end{tabular}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
139 |
\end{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
140 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
141 |
\only<2>{
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
142 |
\begin{textblock}{3}(11,5)
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
143 |
\begin{bubble}[3.2cm]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
144 |
SYNflood attacks:\medskip\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
145 |
\includegraphics[scale=0.4]{../pics/synflood.png}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
146 |
\end{bubble}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
147 |
\end{textblock}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
148 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
149 |
\end{frame}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
150 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
151 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
152 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
153 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
154 |
\frametitle{Authentication}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
155 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
156 |
\begin{columns}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
157 |
\begin{column}{8cm}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
158 |
\begin{minipage}[t]{7.5cm}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
159 |
\begin{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
160 |
\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
161 |
\end{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
162 |
\end{minipage}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
163 |
\end{column}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
164 |
\begin{column}{5cm}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
165 |
\begin{minipage}[t]{4.5cm}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
166 |
\begin{tabular}{l}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
167 |
Knock Knock!\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
168 |
Who's there?\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
169 |
Alice.\\ |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
170 |
Alice who? |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
171 |
\end{tabular}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
172 |
\end{minipage}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
173 |
\end{column}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
174 |
\end{columns}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
175 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
176 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
177 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
178 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
179 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
180 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
181 |
\frametitle{Authentication Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
182 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
183 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
184 |
\bl{$K_{AB}$}\bigskip
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
185 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
186 |
Passwords: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
187 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
188 |
\begin{center}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
189 |
\bl{$A \rightarrow B: K_{AB}$}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
190 |
\end{center}\pause\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
191 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
192 |
Problems: Eavesdropper can capture the secret and replay it; |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
193 |
\bl{$B$} cannot confirm the identity of \bl{$A$}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
194 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
195 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
196 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 197 |
|
198 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
199 |
\begin{frame}[c]
|
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
200 |
\frametitle{Authentication Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
201 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
202 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
203 |
\bl{$K_{AB}$}\bigskip
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
204 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
205 |
Simple Challenge Response: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
206 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
207 |
\begin{center}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
208 |
\begin{tabular}{lll}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
209 |
\bl{$A \rightarrow B:$} & \bl{Hi I am A}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
210 |
\bl{$B \rightarrow A:$} & \bl{$N$} & (challenge)\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
211 |
\bl{$A \rightarrow B:$} & \bl{$\{N\}_{K_{AB}}$}\\
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
212 |
\end{tabular}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
213 |
\end{center}\pause
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
214 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
215 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
216 |
\item cannot replay since next time will be another challenge |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
217 |
\item \bl{$B$} authenticates \bl{$A$}, but \bl{$A$} does not
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
218 |
authenticate \bl{$B$} (be Eve in the middle, intercept
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
219 |
messages from \bl{$A$} and ignore last)
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
220 |
\end{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
221 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
222 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
223 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 224 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
225 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
226 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
227 |
\frametitle{Authentication Protocols}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
228 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
229 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
230 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
231 |
Mutual Challenge Response: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
232 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
233 |
\begin{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
234 |
\begin{tabular}{ll}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
235 |
\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
236 |
\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
237 |
\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
238 |
\end{tabular}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
239 |
\end{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
240 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
241 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
242 |
\end{frame}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
243 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
244 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
245 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
246 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
247 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
248 |
\frametitle{Nonces}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
249 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
250 |
\begin{enumerate}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
251 |
\item I generate a nonce (random number) and send it to you encrypted with a key we share |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
252 |
\item you increase it by one, encrypt it under a key I know and send |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
253 |
it back to me |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
254 |
\end{enumerate}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
255 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
256 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
257 |
I can infer: |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
258 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
259 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
260 |
\item you must have received my message |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
261 |
\item you could only have generated your answer after I send you my initial |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
262 |
message |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
263 |
\item if only you and me know the key, the message must have come from you |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
264 |
\end{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
265 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
266 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
267 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
268 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
269 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
270 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
271 |
\begin{frame}[c]
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
272 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
273 |
\begin{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
274 |
\begin{tabular}{ll}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
275 |
\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
276 |
\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{ab}}$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
277 |
\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
278 |
\end{tabular}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
279 |
\end{center}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
280 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
281 |
The attack (let $A$ decrypt her own messages): |
| 52 | 282 |
|
283 |
\begin{center}
|
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
284 |
\begin{tabular}{ll}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
285 |
\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
286 |
\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
287 |
\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
288 |
\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
289 |
\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
290 |
\end{tabular}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
291 |
\end{center}\pause
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
292 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
293 |
\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
294 |
\end{frame}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
295 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
296 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
297 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
298 |
\mode<presentation>{
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
299 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
300 |
\frametitle{Encryption to the Rescue?}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
301 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
302 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
303 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
304 |
\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
305 |
\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
306 |
\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
307 |
\end{itemize}\pause
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
308 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
309 |
means you need to send separate ``Hello'' signals (bad), or worse |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
310 |
share a single key between many entities |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
311 |
\end{frame}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
312 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
313 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
314 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
315 |
\mode<presentation>{
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
316 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
317 |
\frametitle{Protocol Attacks}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
318 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
319 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
320 |
\item replay attacks |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
321 |
\item reflection attacks |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
322 |
\item man-in-the-middle attacks |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
323 |
\item timing attacks |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
324 |
\item parallel session attacks |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
325 |
\item binding attacks (public key protocols) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
326 |
\item changing environment / changing assumptions\bigskip |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
327 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
328 |
\item (social engineering attacks) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
329 |
\end{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
330 |
\end{frame}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
331 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
332 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
333 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
334 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
335 |
\mode<presentation>{
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
336 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
337 |
\frametitle{Public-Key Infrastructure}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
338 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
339 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
340 |
\item the idea is to have a certificate authority (CA) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
341 |
\item you go to the CA to identify yourself |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
342 |
\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
343 |
\item CA must be trusted by everybody |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
344 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
345 |
explicitly limits liability to \$100.) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
346 |
\end{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
347 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
348 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
349 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
350 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
351 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
352 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
353 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
354 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
355 |
\frametitle{Person-in-the-Middle}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
356 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
357 |
``Normal'' protocol run:\bigskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
358 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
359 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
360 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
361 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
362 |
\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
363 |
with its private key |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
364 |
\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
365 |
with its private key |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
366 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
367 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
368 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
369 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
370 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
371 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
372 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
373 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
374 |
\frametitle{Person-in-the-Middle}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
375 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
376 |
Attack: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
377 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
378 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
379 |
\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
380 |
\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
381 |
\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
382 |
with its private key, re-encrypts with \bl{$B$}'s public key
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
383 |
\item similar |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
384 |
\end{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
385 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
386 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
387 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
388 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
389 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
390 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
391 |
\frametitle{Person-in-the-Middle}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
392 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
393 |
Prevention: |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
394 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
395 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
396 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
397 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
398 |
\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
399 |
\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
400 |
\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
401 |
\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
402 |
\end{itemize}\pause
|
| 52 | 403 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
404 |
\bl{$C$} would have to invent a totally new message
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
405 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
406 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
407 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
408 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
409 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
410 |
\begin{frame}[c]
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
411 |
\frametitle{Car Transponder (HiTag2)}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
412 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
413 |
\begin{enumerate}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
414 |
\item \bl{$C$} generates a random number \bl{$r$}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
415 |
\item \bl{$C$} calculates \bl{$(F,G) = \{r\}_K$}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
416 |
\item \bl{$C \to T$}: \bl{$r, F$}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
417 |
\item \bl{$T$} calculates \bl{$(F',G') = \{r\}_K$}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
418 |
\item \bl{$T$} checks that \bl{$F = F'$}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
419 |
\item \bl{$T \to C$}: \bl{$r, G'$}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
420 |
\item \bl{$C$} checks that \bl{$G = G'$}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
421 |
\end{enumerate}\pause
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
422 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
423 |
\small |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
424 |
This process means that the transponder believes the car knows |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
425 |
the key \bl{$K$}, and the car believes the transponder knows
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
426 |
the key \bl{$K$}. They should have authenticated themselves
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
427 |
to each other. |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
428 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
429 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
430 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
431 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
432 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
433 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
434 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
435 |
\frametitle{Best Practices}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
436 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
437 |
{\bf Principle 1:} Every message should say what it means: the interpretation of
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
438 |
a message should not depend on the context.\bigskip\pause |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
439 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
440 |
{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
441 |
to mention the principal’s name explicitly in the message (though difficult).\bigskip |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
442 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
443 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
444 |
\end{frame}}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
445 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
446 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
447 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
448 |
\mode<presentation>{
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
449 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
450 |
\frametitle{Best Practices}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
451 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
452 |
{\bf Principle 3:} Be clear about why encryption is being
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
453 |
done. Encryption is not wholly cheap, and not asking precisely |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
454 |
why it is being done can lead to redundancy. Encryption is not |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
455 |
synonymous with security. |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
456 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
457 |
\small |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
458 |
\begin{center}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
459 |
Possible Uses of Encryption |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
460 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
461 |
\begin{itemize}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
462 |
\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
\item Guarantee authenticity: The partner is indeed some particular principal.
\item Guarantee confidentiality and authenticity: binds two parts of a message ---
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
463 |
\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
464 |
\end{itemize}
|
| 52 | 465 |
\end{center}
|
466 |
||
467 |
\end{frame}}
|
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
468 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
469 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
470 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
471 |
\begin{frame}[c]
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
472 |
\frametitle{Best Practices}
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
473 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
474 |
{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
|
| 52 | 475 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
476 |
Example Certification Authorities: CAs are trusted to certify a key only after proper steps |
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
477 |
have been taken to identify the principal that owns it. |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
478 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
479 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
480 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 481 |
|
482 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
483 |
\mode<presentation>{
|
|
484 |
\begin{frame}[c]
|
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
485 |
\frametitle{Formal Methods}
|
| 52 | 486 |
|
487 |
Ross Anderson about the use of Logic:\bigskip |
|
488 |
||
489 |
\begin{quote}
|
|
490 |
Formal methods can be an excellent way of finding |
|
491 |
bugs in security protocol designs as they force the designer |
|
| 53 | 492 |
to make everything explicit and thus confront dif$\!$ficult design |
| 52 | 493 |
choices that might otherwise be fudged. |
494 |
\end{quote}
|
|
495 |
||
496 |
\end{frame}}
|
|
497 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
498 |
||
499 |
\end{document}
|
|
500 |
||
501 |
%%% Local Variables: |
|
502 |
%%% mode: latex |
|
503 |
%%% TeX-master: t |
|
504 |
%%% End: |
|
505 |