sen-material: slides/slides04.tex@4e3bc09748f7 (annotated)

41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	2	\usepackage{../slides}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	3	\usepackage{../graphics}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	4	\usepackage{../langs}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usetikzlibrary{arrows}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usetikzlibrary{shapes}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	8	\setmonofont[Scale=.88]{Consolas}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	9	\newfontfamily{\consolas}{Consolas}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	11	\hfuzz=220pt
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	12
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	% beamer stuff
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	14	\renewcommand{\slidecaption}{SEN 04, King's College London}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	15	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	16
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\begin{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	20	\begin{frame}[t]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\frametitle{%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	\begin{tabular}{@ {}c@ {}}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\\
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	24	\LARGE Security Engineering (4)\\[-3mm]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	25	\end{tabular}}\bigskip\bigskip\bigskip
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	26
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	27	\normalsize
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\begin{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\begin{tabular}{ll}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	Email: & christian.urban at kcl.ac.uk\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	31	Office: & S1.27 (1st floor Strand Building)\\
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	32	Slides: & KEATS (also home work is there)\\
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	33	\end{tabular}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	\end{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	35
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	36	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	37	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	38
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	39	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	\begin{frame}[c]
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	41
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	42	\begin{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	43	\includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	44	last week: buffer overflow attacks
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	45	\end{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	46
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	47	\begin{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	48	\item no ``cheating'' needed for format string attacks;
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	49	\item the main point, no real cheating (Facebook no; printer, router
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	50	etc yes)
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	51	\end{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	52	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	53	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	54
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	55
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	56	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	57	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	58	\frametitle{Survey: Thanks!}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	59	\small
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	60
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	61	\begin{itemize}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	62	\item ``Would be good, if you provide more detailed explanations. I feel
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	63	your slides are not as structured as they could be.''
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	64	\item ``Please consider reference book chapters to cover core subject
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	65	areas.''\pause
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	66	\item ``The homework questions don't come directly from the
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	67	slides. So must go look things up.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	68	\item ``Could you please put the homework answers online, perhaps
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	69	just before the exam. That's late enough where we should have done
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	70	it and if not, we're screwed already then.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	71	\item ``Could you provide a brief basic answers to sheets for reference
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	72	and not to be relied on.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	73	\end{itemize}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	74
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	75	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	76	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	77
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	78	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	79	\begin{frame}[c]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	80
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	81	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	82	\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	83	last week: buffer overflow attacks
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	84	\end{center}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	85
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	86	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	87	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	88
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	89	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	90	\begin{frame}[c]
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	91	\frametitle{\begin{tabular}{c}Two General Counter\\[-1mm]
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	92	Measures against BOAs etc\end{tabular}}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	93
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	94	Both try to reduce the attack surface:\bigskip
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	95
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	96	\begin{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	97	\item \alert{\bf unikernels} -- the idea is to not have
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	98	an operating system at all
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	99	\item all functionality of the server is implemented in a
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	100	single, stand-alone program
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	101	\item all functionality an operating system would normally
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	102	provide (network stack, file system) is available through
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	103	libraries
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	104	\item the best known unikernel is MirageOS using Ocaml
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	105	(\url{https://mirage.io})
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	106	\end{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	107
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	108	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	109	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	110
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	111
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	112	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	113	\begin{frame}[c]
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	114	\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	115
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	116
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	117	\begin{center}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	118	\begin{tikzpicture}[scale=1]
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	119
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	120	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	121	\draw (4.7,1) node {Internet};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	122	\draw (-2.7,1.7) node {\footnotesize Application};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	123	\draw (0.6,1.7) node {\footnotesize Interface};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	124	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	125	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	126
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	127	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	128
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	129	\draw[white] (1.7,1) node (X) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	130	\draw[white] (3.7,1) node (Y) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	131	\draw[red, <->, line width = 2mm] (X) -- (Y);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	132
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	133	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	134	\end{tikzpicture}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	135	\end{center}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	136
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	137	\begin{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	138	\item the idea is make the attack surface smaller and mitigate the
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	139	consequences of an attack
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	140	\end{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	141	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	142	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	143
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	144
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	145	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	146	\mode<presentation>{
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	147	\begin{frame}[c]
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	148	\frametitle{\begin{tabular}{@ {}c@ {}}Infamous Security Flaws\\[-1mm] in Unix\end{tabular}}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	149
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	150
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	151	\begin{itemize}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	152	\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause\pause
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	153	\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	154	\item \texttt{mkdir foo} is owned by root\medskip
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	155	\begin{center}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	156	\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	157	\end{center}\medskip
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	158	it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	159	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	160
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	161	\only<5->{
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	162	\begin{textblock}{1}(3,7)
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	163	\begin{tikzpicture}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	164	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	165	{\begin{minipage}{8cm}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	166	Only failure makes us experts.
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	167	-- Theo de Raadt (OpenBSD, OpenSSH)
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	168	\end{minipage}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	169	\end{tikzpicture}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	170	\end{textblock}}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	171
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	172	\end{frame}}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	173	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	174
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	175
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	176
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	177
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	178	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	179	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	180	\frametitle{Unix-Style Access Control}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	181
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	182	How to do control access? In Unix you have
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	183
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	184	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	185	\item users and you have groups/roles:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	186	\item some special roles: root
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	187	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	188
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	189	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	190	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	191
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	192	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	193	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	194	\frametitle{Unix-Style Access Control}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	195	\small
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	196
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	197	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	198	\item
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	199	Q: ``I am using Windows. Why should I care?'' \\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	200	A: In Windows you have similar AC:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	201
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	202	\begin{center}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	203	\begin{tabular}{l}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	204	administrators group\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	205	\hspace{5mm}(has complete control over the machine)\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	206	authenticated users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	207	server operators\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	208	power users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	209	network configuration operators
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	210	\end{tabular}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	211	\end{center}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	212
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	213	\item Modern versions of Windows have more fine-grained AC than Unix;
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	214	they do not have a setuid bit, but have \texttt{runas} (asks for a
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	215	password).\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	216
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	217	\item OS-provided access control can \alert{\bf add} to your security.
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	218	(defence in depth)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	219	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	220
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	221	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	222	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	223
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	224	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	225	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	226	\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	227
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	228
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	229	\begin{center}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	230	\begin{tikzpicture}[scale=1]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	231
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	232	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	233	\draw (4.7,1) node {Internet};
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	234	\draw (-2.7,1.7) node {\footnotesize Application};
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	235	\draw (0.6,1.7) node {\footnotesize Interface};
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	236	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	237	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	238
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	239	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	240
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	241	\draw[white] (1.7,1) node (X) {};
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	242	\draw[white] (3.7,1) node (Y) {};
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	243	\draw[red, <->, line width = 2mm] (X) -- (Y);
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	244
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	245	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	246	\end{tikzpicture}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	247	\end{center}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	248
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	249	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	250	\item the idea is make the attack surface smaller and mitigate the
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	251	consequences of an attack
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	252	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	253
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	254	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	255	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	256
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	257	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	258	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	259	\frametitle{Weaknesses of Unix AC}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	260
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	261	Not just restricted to Unix:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	262
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	263	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	264	\item if you have too many roles (i.e.~too finegrained AC), then
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	265	hierarchy is too complex\\ \textcolor{gray}{you invite situations
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	266	like\ldots let's be root}\bigskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	267
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	268	\item you can still abuse the system\ldots
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	269	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	270
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	271	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	272	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	273
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	274	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	275	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	276	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	277
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	278	The idea is to trick a privileged person to do something on your
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	279	behalf:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	280
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	281	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	282	\item root:\\\texttt{rm /tmp//}\bigskip\bigskip\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	283
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	284	\footnotesize
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	285	\begin{minipage}{1.1\textwidth}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	286	\textcolor{gray}{the shell behind the scenes:}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	287	\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	288
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	289	\textcolor{gray}{this takes time}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	290	\end{minipage}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	291	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	292
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	293	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	294	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	295
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	296	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	297	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	298	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	299
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	300	\begin{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	301	\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	302	\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	303	\item root \textcolor{gray}{(does the daily cleaning)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	304	\texttt{rm /tmp//}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	305	\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	306	\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	307
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	308	\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	309	the real passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	310	\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	311	\item root now deletes the real passwd file
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	312	\end{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	313
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	314	\only<2>{
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	315	\begin{textblock}{11}(2,5)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	316	\begin{bubble}[8cm]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	317	\normalsize To prevent this kind of attack, you need additional
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	318	policies (don't do such operations as root).
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	319	\end{bubble}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	320	\end{textblock}}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	321
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	322	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	323	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	324	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	325	\begin{frame}[fragile]
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	326	\frametitle{D-Link Backdoors}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	327
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	328	D-Link router flaw lets anyone login through "Joel's Backdoor":\medskip
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	329
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	330	\begin{quote}\rm\small
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	331	If you tell your browser to identify itself as Joel's backdoor, instead of (say)
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	332	as Mozilla/5.0 AppleWebKit/536.30.1 Version/6.0.5, you're in without authentication.\medskip
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	333
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	334	"What is this string," I hear you ask?
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	335
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	336	You will laugh: it is\pause
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	337
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	338	\begin{center}\large
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	339	\pcode{xmlset_roodkcableoj28840ybtide}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	340	\end{center}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	341	\end{quote}\bigskip\bigskip
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	342
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	343	\hfill\footnotesize October 15, 2013\\
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	344	\hfill\footnotesize\url{http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	345
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	346	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	347	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	348
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	349	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	350	\begin{frame}[fragile]
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	351
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	352	CVE-2014-0476 \pcode{chkrootkit} vulnerability 4 Jun'14\medskip
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	353
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	354	\begin{quote}\rm\small
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	355	Hi,
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	356
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	357	we just found a serious vulnerability in the chkrootkit package, which
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	358	may allow local attackers to gain root access to a box in certain
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	359	configurations (\pcode{/tmp} not mounted noexec). Steps to reproduce:
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	360
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	361	\begin{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	362	\item Put an executable file named \pcode{update} with non-root owner in
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	363	\pcode{/tmp} (not mounted noexec, obviously)
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	364	\item Run chkrootkit (as uid \pcode{0})
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	365	\end{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	366
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	367	Result: The file \pcode{/tmp/update} will be executed as root, thus effectively
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	368	rooting your box, if malicious content is placed inside the file.
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	369
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	370	If an attacker knows you are periodically running chkrootkit (like in
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	371	\pcode{cron.daily}) and has write access to \pcode{/tmp} (not mounted noexec), he may
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	372	easily take advantage of this.
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	373	\end{quote}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	374	\mbox{}\\[-10mm]
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	375
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	376	\hfill\footnotesize\url{http://seclists.org/oss-sec/2014/q2/430}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	377
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	378	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	379	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	380
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	381
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	382	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	383	\begin{frame}[c]
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	384	\frametitle{Access Control in Unix}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	385
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	386	\begin{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	387	\item access control provided by the OS
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	388	\item authenticate principals
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	389	\item mediate access to files, ports, processes etc according to
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	390	\alert{roles} (user ids)\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	391	\item roles get attached with privileges\bigskip\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	392
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	393	\hspace{8mm}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	394	\begin{bubble}[8cm]
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	395	\alert{principle of least privilege:}\\
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	396	users and programs should only have as much privilege as they need to
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	397	accomplish a task
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	398	\end{bubble}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	399	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	400
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	401	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	402	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	403
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	404	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	405	\mode<presentation>{
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	406	\begin{frame}[c]
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	407	\frametitle{Access Control in Unix (2)}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	408
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	409
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	410	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	411	\item privileges are specified by file access permissions (``everything is a file'')\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	412	\item there are 9 (plus 2) bits that specify the permissions of a file
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	413
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	414	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	415	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	416	\texttt{\$ ls -la}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	417	\texttt{-rwxrw-r-{}- \hspace{3mm} foo\_file.txt}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	418	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	419	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	420	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	421
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	422	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	423	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	424
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	425	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	426	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	427	\frametitle{Login Process}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	428
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	429
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	430	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	431	\item login processes run under UID $=$ \pcode{0}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	432	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	433	\texttt{ps -axl \| grep login}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	434	\end{center}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	435
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	436	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	437	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	438	\texttt{id cu}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	439	\end{center}\medskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	440
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	441	\item non-root users are not allowed to change the UID --- would break
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	442	access control
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	443	\item but needed for example for accessing \texttt{passwd}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	444	\end{itemize}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	445
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	446	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	447	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	448
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	449	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	450	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	451	\frametitle{Setuid and Setgid}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	452
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	453	The solution is that Unix file permissions are 9 + \underline{2 Bits}:
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	454	\alert{Setuid} and \alert{Setgid} bits
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	455
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	456	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	457	\item When a file with setuid is executed, the resulting process will
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	458	assume the UID given to the \underline{owner} of the file.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	459	\item This enables users to create processes as root (or another
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	460	user).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	461
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	462	\item Essential for changing passwords, for example.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	463	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	464
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	465	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	466	\texttt{chmod 4755 fobar\_file}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	467	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	468
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	469	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	470	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	471
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	472	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	473	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	474	\frametitle{\Large Discretionary Access Control}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	475
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	476	\begin{itemize}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	477	\item Access to objects (files, directories, devices, etc.) is
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	478	permitted based on user identity. Each object is owned by a
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	479	user. Owners can specify freely (at their discretion) how they want to
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	480	share their objects with other users, by specifying which other users
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	481	can have which form of access to their objects.\medskip
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	482
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	483	\item Discretionary access control is implemented on any modern multi-user
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	484	OS (Unix, Windows NT, etc.).
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	485	\end{itemize}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	486
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	487	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	488	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	489
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	490	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	491	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	492	\frametitle{\Large Mandatory Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	493
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	494	\begin{itemize}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	495	\item Access to objects is controlled by a system-wide policy, for
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	496	example to prevent certain flows of information. In some forms, the
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	497	system maintains security labels for both objects and subjects
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	498	(processes, users) based on which access is granted or
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	499	denied. Labels can change as the result of an access. Security
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	500	policies are enforced without the cooperation of users or
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	501	programs.\medskip
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	502
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	503	\item This is implemented in banking or military operating system
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	504	versions (SELinux).
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	505	\end{itemize}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	506
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	507	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	508	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	509
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	510	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	511	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	512	\frametitle{\Large Discretionary Access Control}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	513
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	514	In its most generic form usually given by an \alert{Access Control
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	515	Matrix} of the form
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	516
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	517	\begin{center}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	518	\begin{tabular}{r\|c\|c\|c}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	519	& /mail/jane & edit.exe & postfix \\\hline
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	520	jane & r, w & r, x & r, x\\\hline
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	521	john & $\varnothing$ & r, w, x& r, x\\\hline
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	522	postfix & a & $\varnothing$ & r, x\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	523	\end{tabular}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	524	\end{center}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	525
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	526	access privileges: {\bf r}ead, {\bf w}rite, e{\bf x}ecute, {\bf a}ppend
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	527	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	528	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	529
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	530	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	531	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	532	\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	533
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	534	\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	535
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	536
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	537	\begin{center}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	538	\begin{tabular}{@{\hspace{-24mm}}ll}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	539	members of group staff: & ping, bob, emma\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	540	members of group students: & emma\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	541	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	542	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	543
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	544	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	545	\begin{tabular}{@{\hspace{-7mm}}r\|c\|c\|c\|c\|c@{}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	546	& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	547	ping & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	548	bob & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	549	emma & & & & &\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	550	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	551	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	552
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	553	\end{frame}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	554	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	555
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	556	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	557	\begin{frame}[c]
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	558	\frametitle{Mandatory Access Control}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	559	\small
45 24d08d7c582f added Christian Urban <urbanc@in.tum.de> parents: 44 diff changeset	560
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	561	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	562	\item Restrictions to allowed information flows are not decided at the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	563	user's discretion (as with Unix \pcode{chmod}), but instead enforced
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	564	by system policies.
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	565
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	566	\item Mandatory access control mechanisms are aimed in particular at
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	567	preventing policy violations by untrusted programs, which typically
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	568	have at least the same access privileges as the invoking
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	569	user.\medskip\pause
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	570
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	571	Simple example: Air Gap Security. Uses a completely separate network
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	572	and computer hardware for different application classes.
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	573	\end{itemize}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	574
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	575	\end{frame}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	576	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	577
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	578
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	579	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	580	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	581	\frametitle{The Bell-LaPadula Model}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	582	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	583
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	584	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	585	\item Formal policy model for mandatory access control in a military
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	586	multi-level security environment. All subjects (processes, users,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	587	terminals, files, windows, connections) are labeled
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	588	with a confidentiality level, e.g.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	589	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	590	unclassified < confidential < secret < top secret
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	591	\end{center}\medskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	592
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	593	\item The system policy automatically prevents the flow of information
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	594	from high-level objects to lower levels. A process that reads top
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	595	secret data becomes tagged as top secret by the operating system, as
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	596	will be all files into which it writes afterwards.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	597	%Each user has a maximum allowed confidentiality level specified and
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	598	%cannot receive data beyond that level. A selected set of trusted
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	599	%subjects is allowed to bypass the restrictions, in order to permit
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	600	%the declassification of information.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	601	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	602
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	603	\end{frame}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	604	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	605
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	606	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	607	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	608	\frametitle{Bell-LaPadula}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	609	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	610
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	611	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	612	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	613	\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	614	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	615	\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	616
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	617	\item Meta-Rule: All principals in a system should have a sufficiently high security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	618	in order to access an object.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	619	\end{itemize}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	620
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	621	This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	622
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	623	Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	624
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	625	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	626	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	627
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	628	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	629	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	630	\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	631
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	632	\begin{bubble}[10cm]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	633	A principal should have as few privileges as possible to access a resource.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	634	\end{bubble}\bigskip\bigskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	635	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	636
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	637	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	638	\item Bob ($T\!S$) and Alice ($S$) want to communicate
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	639	\item[] $\Rightarrow$ Bob should lower his security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	640	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	641
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	642	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	643	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	644
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	645	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	646	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	647	\frametitle{Biba Policy}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	648	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	649
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	650	Data Integrity (rather than data confidentiality)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	651
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	652	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	653	\item Biba: {\bf `no read down'} - {\bf `no write up'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	654	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	655	\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	656	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	657	\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	658	\end{itemize}\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	659
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	660	E.g.~Firewalls: you can read from inside the firewall, but not from outside\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	661	Phishing: you can look at an approved PDF, but not one from a random email\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	662
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	663	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	664	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	665
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	666	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	667	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	668	\frametitle{Security Levels (2)}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	669
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	670	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	671	\item Bell-La Padula preserves data secrecy, but not data
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	672	integrity\bigskip\pause
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	673
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	674	\item Biba model is for data integrity
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	675
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	676	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	677	\item read: your own level and above
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	678	\item write: your own level and below
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	679	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	680	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	681
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	682	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	683	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	684
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	685	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	686	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	687	\frametitle{Shared Access Control}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	688
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	689	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	690	\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	691	\end{center}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	692
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	693	\begin{textblock}{11}(10.5,10.5)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	694	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	695	To take an action you\\[-1mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	696	need at least either:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	697	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	698	\item 1 CEO\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	699	\item 2 MDs, or\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	700	\item 3 Ds
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	701	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	702	\end{textblock}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	703
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	704	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	705	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	706
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	707	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	708	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	709	\frametitle{\Large Lessons from Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	710
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	711	Not just restricted to Unix:
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	712
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	713	\begin{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	714	\item if you have too many roles (i.e.~too finegrained AC), then
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	715	hierarchy is too complex\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	716	\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	717
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	718	\item you can still abuse the system\ldots\bigskip\pause
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	719
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	720	\item
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	721	policies (a finite system)\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	722	computer system (infinite)\medskip\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	723	Q: Does your policy ensure that a tainted file cannot affect your
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	724	core system files?
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	725
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	726	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	727
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	728	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	729	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	730
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	731	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	732	\begin{frame}[t]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	733	\frametitle{Protocols}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	734
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	735	\mbox{}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	736
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	737	\begin{tabular}{l}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	738	{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	739	\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	740	\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	741	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	742
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	743	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	744	\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	745	but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	746	\item<2-> indicates one ``protocol run'', or session, which specifies some
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	747	order in the communication
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	748	\item<2-> there can be several sessions in parallel (think of wifi routers)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	749	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	750
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	751	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	752	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	753
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	754	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	755	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	756	\frametitle{\Large Cryptographic Protocol Failures}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	757
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	758	Ross Anderson and Roger Needham wrote:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	759
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	760	\begin{quote}\rm
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	761	\alert{A lot of the recorded frauds were the result of this kind of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	762	blunder, or from management negligence pure and simple.} However,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	763	there have been a significant number of cases where the designers
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	764	protected the right things, used cryptographic algorithms which were
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	765	not broken, and yet found that their systems were still successfully
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	766	attacked.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	767	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	768
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	769	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	770	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	771
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	772	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	773	\begin{frame}<1-3>[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	774	\frametitle{Oyster Cards}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	775
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	776	\includegraphics[scale=0.4]{../pics/oysterc.jpg}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	777
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	778	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	779	\item good example of a bad protocol\\ (security by obscurity)\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	780	\item<3-> ``Breaching security on Oyster cards should not
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	781	allow unauthorised use for more than a day, as TfL promises to turn
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	782	off any cloned cards within 24 hours\ldots''
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	783	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	784
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	785	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	786	\begin{textblock}{12}(0.5,0.5)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	787	\begin{bubble}[11cm]\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	788	{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	789
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	790	The Mifare Classic is the most widely used contactless smartcard on the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	791	market. The stream cipher CRYPTO1 used by the Classic has recently been
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	792	reverse engineered and serious attacks have been proposed. The most serious
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	793	of them retrieves a secret key in under a second. In order to clone a card,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	794	previously proposed attacks require that the adversary either has access to
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	795	an eavesdropped communication session or executes a message-by-message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	796	man-in-the-middle attack between the victim and a legitimate
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	797	reader. Although this is already disastrous from a cryptographic point of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	798	view, system integrators maintain that these attacks cannot be performed
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	799	undetected.\smallskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	800
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	801	This paper proposes four attacks that can be executed by an adversary having
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	802	only wireless access to just a card (and not to a legitimate reader). The
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	803	most serious of them recovers a secret key in less than a second on ordinary
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	804	hardware. Besides the cryptographic weaknesses, we exploit other weaknesses
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	805	in the protocol stack. A vulnerability in the computation of parity bits
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	806	allows an adversary to establish a side channel. Another vulnerability
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	807	regarding nested authentications provides enough plaintext for a speedy
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	808	known-plaintext attack.\hfill{}(a paper from 2009)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	809	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	810	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	811
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	812	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	813	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	814
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	815	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	816	\begin{frame}<1->[t]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	817	\frametitle{Another Example}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	818
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	819	In an email from Ross Anderson\bigskip\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	820
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	821	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	822	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	823	Sender: cl-security-research-bounces@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	824	To: cl-security-research@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	825	Subject: Birmingham case\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	826	Date: Tue, 13 Aug 2013 15:13:17 +0100\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	827	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	828
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	829
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	830	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	831	\begin{textblock}{12}(0.5,0.8)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	832	\begin{bubble}[11cm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	833	\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	834	As you may know, Volkswagen got an injunction against the University of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	835	Birmingham suppressing the publication of the design of a weak cipher
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	836	used in the remote key entry systems in its recent-model cars. The paper
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	837	is being given today at Usenix, minus the cipher design.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	838
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	839	I've been contacted by Birmingham University's lawyers who seek to prove
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	840	that the cipher can be easily obtained anyway. They are looking for a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	841	student who will download the firmware from any newish VW, disassemble
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	842	it and look for the cipher. They'd prefer this to be done by a student
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	843	rather than by a professor to emphasise how easy it is.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	844
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	845	Volkswagen's argument was that the Birmingham people had reversed a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	846	locksmithing tool produced by a company in Vietnam, and since their key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	847	fob chip is claimed to be tamper-resistant, this must have involved a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	848	corrupt insider at VW or at its supplier Thales. Birmingham's argument
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	849	is that this is nonsense as the cipher is easy to get hold of. Their
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	850	lawyers feel this argument would come better from an independent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	851	outsider.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	852
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	853	Let me know if you're interested in having a go, and I'll put you in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	854	touch
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	855
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	856	Ross
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	857	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	858	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	859
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	860	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	861	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	862
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	863	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	864	\begin{frame}[c]
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	865	\frametitle{\Large Cryptographic Protocol Failures}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	866
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	867	Ross Anderson and Roger Needham wrote:\bigskip
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	868
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	869	\begin{quote}\rm
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	870	A lot of the recorded frauds were the result of this kind of blunder,
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	871	or from management negligence pure and simple. \alert{However, there
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	872	have been a significant number of cases where the designers
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	873	protected the right things, used cryptographic algorithms which were
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	874	not broken, and yet found that their systems were still successfully
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	875	attacked.}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	876	\end{quote}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	877
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	878	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	879	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	880
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	881
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	882	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	883	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	884	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	885	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	886
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	887
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	888	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	889
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	890	Passwords:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	891
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	892	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	893	\bl{$B \rightarrow A: K_{AB}$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	894	\end{center}\pause\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	895
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	896	Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	897	identity of \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	898
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	899	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	900	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	901
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	902	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	903	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	904	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	905	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	906
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	907	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	908
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	909	Simple Challenge Response:
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	910
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	911	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	912	\begin{tabular}{ll}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	913	\bl{$A \rightarrow B:$} & \bl{$N$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	914	\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	915	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	916	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	917
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	918
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	919	\end{frame}}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	920	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	921
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	922	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	923	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	924	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	925	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	926
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	927	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	928
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	929	Mutual Challenge Response:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	930
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	931	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	932	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	933	\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	934	\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	935	\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	936	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	937	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	938
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	939	%\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	940	%An attacker \bl{$E$} can launch an impersonation attack by
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	941	%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	942	%own challenges.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	943
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	944	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	945	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	946
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	947	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	948	\begin{frame}[c]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	949	\frametitle{Nonces}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	950
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	951	\begin{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	952	\item I generate a nonce (random number) and send it to you encrypted with a key we share
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	953	\item you increase it by one, encrypt it under a key I know and send
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	954	it back to me
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	955	\end{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	956
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	957
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	958	I can infer:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	959
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	960	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	961	\item you must have received my message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	962	\item you could only have generated your answer after I send you my initial
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	963	message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	964	\item if only you and me know the key, the message must have come from you
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	965	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	966
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	967	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	968	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	969
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	970	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	971	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	972	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	973
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	974	\begin{center}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	975	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	976	\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	977	\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{ab}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	978	\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	979	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	980	\end{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	981
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	982	The attack (let $A$ decrypt her own messages):
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	983
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	984	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	985	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	986	\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	987	\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	988	\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	989	\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	990	\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	991	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	992	\end{center}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	993
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	994	\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	995	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	996	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	997
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	998	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	999	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1000	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1001	\frametitle{Encryption to the Rescue?}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1002
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1003
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1004	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1005	\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1006	\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1007	\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1008	\end{itemize}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1009
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1010	means you need to send separate ``Hello'' signals (bad), or worse
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1011	share a single key between many entities
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1012	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1013	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1014
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1015	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1016	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1017	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1018	\frametitle{Protocol Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1019
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1020	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1021	\item replay attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1022	\item reflection attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1023	\item man-in-the-middle attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1024	\item timing attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1025	\item parallel session attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1026	\item binding attacks (public key protocols)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1027	\item changing environment / changing assumptions\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1028
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1029	\item (social engineering attacks)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1030	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1031	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1032	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1033
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1034
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1035	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1036	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1037	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1038	\frametitle{Public-Key Infrastructure}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1039
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1040	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1041	\item the idea is to have a certificate authority (CA)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1042	\item you go to the CA to identify yourself
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1043	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1044	\item CA must be trusted by everybody
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1045	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1046	explicitly limits liability to \$100.)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1047	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1048
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1049	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1050	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1051
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1052	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1053	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1054	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1055	\frametitle{Person-in-the-Middle}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1056
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1057	``Normal'' protocol run:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1058
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1059	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1060	\item \bl{$A$} sends public key to \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1061	\item \bl{$B$} sends public key to \bl{$A$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1062	\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1063	with its private key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1064	\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1065	with its private key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1066	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1067
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1068	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1069	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1070
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1071	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1072	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1073	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1074	\frametitle{Person-in-the-Middle}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1075
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1076	Attack:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1077
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1078	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1079	\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1080	\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1081	\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1082	with its private key, re-encrypts with \bl{$B$}'s public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1083	\item similar for other direction
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1084	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1085
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1086	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1087	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1088
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1089	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1090	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1091	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1092	\frametitle{Person-in-the-Middle}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1093
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1094	Prevention:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1095
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1096	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1097	\item \bl{$A$} sends public key to \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1098	\item \bl{$B$} sends public key to \bl{$A$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1099	\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1100	\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1101	\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1102	\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1103	\end{itemize}\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1104
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1105	\bl{$C$} would have to invent a totally new message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1106
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1107	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1108	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1109
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1110	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1111	\mode<presentation>{
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1112	\begin{frame}[c]
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1113	\frametitle{Public-Key Infrastructure}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1114
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1115	\begin{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1116	\item the idea is to have a certificate authority (CA)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1117	\item you go to the CA to identify yourself
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1118	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1119	\item CA must be trusted by everybody
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1120	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1121	explicitly limits liability to \$100.)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1122	\end{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1123
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1124	\end{frame}}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1125	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1126
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1127	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1128	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1129	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1130	\frametitle{Binding Attacks}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1131
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1132	with public-private keys it is important that the public key is \alert{bound}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1133	to the right owner (verified by a certification authority \bl{$CA$})
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1134
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1135	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1136	\begin{tabular}{l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1137	\bl{$A \rightarrow CA :$} \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1138	\bl{$CA \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{B}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1139	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1140	\end{center}\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1141
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1142	\bl{$A$} knows \bl{$K^{priv}_A$} and can verify the message came from \bl{$CA$}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1143	in response to \bl{$A$}'s message and trusts \bl{$K^{pub}_{B}$} is \bl{$B$}'s public key
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1144
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1145
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1146	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1147	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1148
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1149
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1150
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1151	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1152	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1153	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1154	\frametitle{Binding Attacks}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1155
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1156	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1157	\begin{tabular}{l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1158	\bl{$A \rightarrow I(CA) :$} \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1159	\bl{$I(A) \rightarrow CA :$} \bl{$A, I, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1160	\bl{$CA \rightarrow I(A) :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1161	\bl{$I(CA) \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1162	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1163	\end{center}\pause
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1164
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1165	\bl{$A$} now encrypts messages for \bl{$B$} with the public key of \bl{$I$}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1166	(which happily decrypts them with its private key)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1167
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1168	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1169	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1170
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1171
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1172	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1173	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1174	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1175	\frametitle{Replay Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1176
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1177	Schroeder-Needham protocol: exchange of a symmetric key with a trusted 3rd-party \bl{$S$}:
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1178
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1179	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1180	\begin{tabular}{r@ {\hspace{1mm}}l}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1181	\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1182	\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1183	\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1184	\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1185	\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1186	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1187	\end{center}\bigskip\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1188
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1189	at the end of the protocol both \bl{$A$} and \bl{$B$} should be in the possession of the secret key
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1190	\bl{$K_{AB}$} and know that the other principal has the key
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1191
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1192	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1193	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1194
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1195
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1196	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1197	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1198	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1199
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1200	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1201	\begin{tabular}{l}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1202	\bl{$A \rightarrow S :$} \bl{$A, B, N_A$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1203	\bl{$S \rightarrow A :$} \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1204	\bl{$A \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1205	\bl{$B \rightarrow A :$} \bl{$\{N_B\}_{K_{AB}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1206	\bl{$A \rightarrow B :$} \bl{$\{N_B-1\}_{K_{AB}}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1207	\hspace{5cm}compromise \bl{$K_{AB}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1208	\bl{$A \rightarrow S :$} \bl{$A, B, N'_A$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1209	\bl{$S \rightarrow A :$} \bl{$\{N'_A, B, K'_{AB},\{K'_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1210	\bl{$I(A) \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\hspace{0.5cm} replay of older run\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1211	\bl{$B \rightarrow I(A) :$} \bl{$\{N'_B\}_{K_{AB}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1212	\bl{$I(A) \rightarrow B :$} \bl{$\{N'_B-1\}_{K_{AB}}$}\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1213	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1214	\end{center}\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1215
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1216	\bl{$B$} believes it is following the correct protocol,
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1217	intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1218	talks to \bl{$B$} masquerading as \bl{$A$}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1219	\end{frame}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1220	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1221
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1222	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1223	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1224	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1225	\frametitle{Time-Stamps}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1226
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1227	The Schroeder-Needham protocol can be fixed by including a time-stamp (e.g., in Kerberos):
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1228
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1229	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1230	\begin{tabular}{r@ {\hspace{1mm}}l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1231	\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1232	\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1233	\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1234	\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1235	\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1236	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1237	\end{center}\bigskip\pause
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1238
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1239	but nothing is for free: then you need to synchronise time and possibly become a victim to
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1240	timing attacks
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1241
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1242	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1243	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1244
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1245	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1246	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1247	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1248
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1249	A Man-in-the-middle attack in real life:
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1250
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1251	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1252	\item the card only says yes to the terminal if the PIN is correct
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1253	\item trick the card in thinking transaction is verified by signature
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1254	\item trick the terminal in thinking the transaction was verified by PIN
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1255	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1256
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1257	\begin{minipage}{1.1\textwidth}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1258	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1259	\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1260	\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1261	\end{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1262	\end{minipage}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1263
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1264	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1265	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1266
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1267	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1268	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1269	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1270	\frametitle{Problems with EMV}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1271
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1272	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1273	\item it is a wrapper for many protocols
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1274	\item specification by consensus (resulted unmanageable complexity)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1275	\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1276	further parts are secret
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1277	\item other attacks have been found
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1278	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1279
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1280	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1281	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1282
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1283
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1284	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1285	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1286	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1287	\frametitle{\begin{tabular}{@{}c@{}}Problems with WEP (Wifi)\end{tabular}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1288
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1289	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1290	\item a standard ratified in 1999
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1291	\item the protocol was designed by a committee not including cryptographers
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1292	\item it used the RC4 encryption algorithm which is a stream cipher requiring a unique nonce
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1293	\item WEP did not allocate enough bits for the nonce
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1294	\item for authenticating packets it used CRC checksum which can be easily broken
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1295	\item the network password was used to directly encrypt packages (instead of a key negotiation protocol)\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1296	\item encryption was turned off by default
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1297	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1298
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1299	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1300	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1301
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1302
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1303	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1304	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1305	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1306	\frametitle{Protocols are Difficult}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1307
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1308	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1309	\item even the systems designed by experts regularly fail\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1310	\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1311	\item the one who can fix a system should also be liable for the losses\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1312	\item cryptography is often not {\bf the} answer\bigskip\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1313	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1314
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1315	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1316	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1317
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1318	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1319	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1320	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1321	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1322
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1323	{\bf Principle 1:} Every message should say what it means: the interpretation of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1324	a message should not depend on the context.\bigskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1325
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1326	{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1327	to mention the principal’s name explicitly in the message (though difficult).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1328
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1329
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1330	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1331	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1332
43 de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1333	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1334	\mode<presentation>{
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1335	\begin{frame}[c]
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1336
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1337	{\bf Principle 3:} Be clear about why encryption is being
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1338	done. Encryption is not cheap, and not asking precisely why it is
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1339	being done can lead to redundancy. Encryption is not synonymous with
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1340	security.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1341
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1342	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1343	Possible Uses of Encryption
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1344
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1345	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1346	\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1347	\item Guarantee authenticity: The partner is indeed some particular principal.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1348	\item Guarantee confidentiality and authenticity: binds two parts of a message ---
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1349	\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1350	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1351	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1352
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1353
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1354
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1355	\end{frame}}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1356	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1357
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1358	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1359	\mode<presentation>{
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1360	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1361	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1362
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1363	{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1364
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1365
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1366	Example Certification Authorities: CAs are trusted to certify a key only after proper steps
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1367	have been taken to identify the principal that owns it.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1368
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1369	\end{frame}}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1370	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1371
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1372	\end{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1373
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1374	%%% Local Variables:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1375	%%% mode: latex
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1376	%%% TeX-master: t
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1377	%%% End:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1378

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Tue, 13 Oct 2015 03:45:37 +0100
changeset 404	4e3bc09748f7
parent 391	a612dd3ddc81
child 405	6a54ee8b74c3
permissions	-rw-r--r--