| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Mon, 28 Sep 2015 21:02:01 +0100 | |
| changeset 388 | 770b58a7d754 |
| parent 381 | 036a762b02cf |
| child 391 | a612dd3ddc81 |
| permissions | -rw-r--r-- |
| 41 | 1 |
\documentclass[dvipsnames,14pt,t]{beamer}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
2 |
\usepackage{../slides}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
3 |
\usepackage{../graphics}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
4 |
\usepackage{../langs}
|
| 41 | 5 |
\usetikzlibrary{arrows}
|
6 |
\usetikzlibrary{shapes}
|
|
7 |
||
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
8 |
\setmonofont[Scale=.88]{Consolas}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
9 |
\newfontfamily{\consolas}{Consolas}
|
| 41 | 10 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
11 |
\hfuzz=220pt |
| 41 | 12 |
|
13 |
% beamer stuff |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
252
diff
changeset
|
14 |
\renewcommand{\slidecaption}{SEN 04, King's College London}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
15 |
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
|
| 41 | 16 |
|
17 |
\begin{document}
|
|
18 |
||
19 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
20 |
\begin{frame}[t]
|
| 41 | 21 |
\frametitle{%
|
22 |
\begin{tabular}{@ {}c@ {}}
|
|
23 |
\\ |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
252
diff
changeset
|
24 |
\LARGE Security Engineering (4)\\[-3mm] |
| 41 | 25 |
\end{tabular}}\bigskip\bigskip\bigskip
|
26 |
||
27 |
\normalsize |
|
28 |
\begin{center}
|
|
29 |
\begin{tabular}{ll}
|
|
30 |
Email: & christian.urban at kcl.ac.uk\\ |
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
31 |
Office: & S1.27 (1st floor Strand Building)\\ |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
32 |
Slides: & KEATS (also home work is there)\\ |
| 41 | 33 |
\end{tabular}
|
34 |
\end{center}
|
|
35 |
||
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
36 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
37 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 41 | 38 |
|
39 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40 |
\begin{frame}[c]
|
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
41 |
\frametitle{Survey: Thanks!}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
42 |
\small |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
43 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
44 |
\begin{itemize}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
45 |
\item ``Would be good, if you provide more detailed explanations. I feel |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
46 |
your slides are not as structured as they could be.'' |
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
47 |
\item ``Please consider reference book chapters to cover core subject |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
48 |
areas.''\pause |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
49 |
\item ``The homework questions don't come directly from the |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
50 |
slides. So must go look things up.'' |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
51 |
\item ``Could you please put the homework answers online, perhaps |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
52 |
just before the exam. That's late enough where we should have done |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
53 |
it and if not, we're screwed already then.'' |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
54 |
\item ``Could you provide a brief basic answers to sheets for reference |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
55 |
and not to be relied on.'' |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
56 |
\end{itemize}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
57 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
58 |
\end{frame}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
59 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
60 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
61 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
62 |
\begin{frame}[c]
|
| 41 | 63 |
|
64 |
\begin{center}
|
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
65 |
\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
66 |
last week: buffer overflow attacks |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
67 |
\end{center}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
68 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
69 |
\end{frame}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
70 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
71 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
72 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
73 |
\begin{frame}[fragile]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
74 |
\frametitle{D-Link Wifi Router, BOA}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
75 |
\small |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
76 |
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
77 |
As a proof-of-concept, the following URL allows |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
78 |
attackers to control the return value saved on |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
79 |
the stack (the vulnerability is triggered when |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
80 |
executing \pcode{"/usr/sbin/widget"}):
|
| 41 | 81 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
82 |
\begin{center}\footnotesize
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
83 |
\pcode{curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
84 |
\end{center}
|
| 41 | 85 |
|
|
121
01f7e799e6ce
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
120
diff
changeset
|
86 |
The value of the "hash" HTTP GET parameter consists of |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
87 |
292 occurrences of the \pcode{'A'} character, followed by four
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
88 |
occurrences of character \pcode{'B'}. In our lab setup, characters
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
89 |
\pcode{'B'} overwrite the saved program counter (\pcode{\%ra}).\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
90 |
|
| 41 | 91 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
92 |
\begin{tabular}{@{}ll}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
93 |
Discovery date: & 06/03/2013\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
94 |
Release date: & 02/08/2013 |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
95 |
\end{tabular}\bigskip
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
96 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
97 |
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
98 |
\footnotesize |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
99 |
\hfill\url{http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt}
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
100 |
\end{frame}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
101 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
102 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
103 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
104 |
\begin{frame}[fragile]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
105 |
\frametitle{D-Link Backdoors}
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
106 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
107 |
D-Link router flaw lets anyone login through "Joel's Backdoor":\medskip |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
108 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
109 |
\begin{quote}\rm\small
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
110 |
If you tell your browser to identify itself as Joel's backdoor, instead of (say) |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
111 |
as Mozilla/5.0 AppleWebKit/536.30.1 Version/6.0.5, you're in without authentication.\medskip |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
112 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
113 |
"What is this string," I hear you ask? |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
114 |
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
115 |
You will laugh: it is\pause |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
116 |
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
117 |
\begin{center}\large
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
118 |
\pcode{xmlset_roodkcableoj28840ybtide}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
119 |
\end{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
120 |
\end{quote}\bigskip\bigskip
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
121 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
122 |
\hfill\footnotesize October 15, 2013\\ |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
123 |
\hfill\footnotesize\url{http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
124 |
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
125 |
\end{frame}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
126 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
127 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
128 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
129 |
\begin{frame}[fragile]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
130 |
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
131 |
CVE-2014-0476 \pcode{chkrootkit} vulnerability 4 Jun'14\medskip
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
132 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
133 |
\begin{quote}\rm\small
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
134 |
Hi, |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
135 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
136 |
we just found a serious vulnerability in the chkrootkit package, which |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
137 |
may allow local attackers to gain root access to a box in certain |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
138 |
configurations (\pcode{/tmp} not mounted noexec). Steps to reproduce:
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
139 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
140 |
\begin{itemize}
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
141 |
\item Put an executable file named \pcode{update} with non-root owner in
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
142 |
\pcode{/tmp} (not mounted noexec, obviously)
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
143 |
\item Run chkrootkit (as uid \pcode{0})
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
144 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
145 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
146 |
Result: The file \pcode{/tmp/update} will be executed as root, thus effectively
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
147 |
rooting your box, if malicious content is placed inside the file. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
148 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
149 |
If an attacker knows you are periodically running chkrootkit (like in |
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
150 |
\pcode{cron.daily}) and has write access to \pcode{/tmp} (not mounted noexec), he may
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
151 |
easily take advantage of this. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
152 |
\end{quote}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
153 |
\mbox{}\\[-10mm]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
154 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
155 |
\hfill\footnotesize\url{http://seclists.org/oss-sec/2014/q2/430}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
156 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
157 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
158 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
388
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
159 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
160 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
161 |
\frametitle{Unix-Style Access Control}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
162 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
163 |
How to do control access? In Unix you have |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
164 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
165 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
166 |
\item users and you have groups/roles: |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
167 |
\item some special roles: root |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
168 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
169 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
170 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
171 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
172 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
173 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
174 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
175 |
\frametitle{Unix-Style Access Control}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
176 |
\small |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
177 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
178 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
179 |
\item |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
180 |
Q: ``I am using Windows. Why should I care?'' \\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
181 |
A: In Windows you have similar AC: |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
182 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
183 |
\begin{center}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
184 |
\begin{tabular}{l}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
185 |
administrators group\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
186 |
\hspace{5mm}(has complete control over the machine)\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
187 |
authenticated users\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
188 |
server operators\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
189 |
power users\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
190 |
network configuration operators |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
191 |
\end{tabular}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
192 |
\end{center}\medskip
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
193 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
194 |
\item Modern versions of Windows have more fine-grained AC than Unix; |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
195 |
they do not have a setuid bit, but have \texttt{runas} (asks for a
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
196 |
password).\pause |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
197 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
198 |
\item OS-provided access control can \alert{\bf add} to your security.
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
199 |
(defence in depth) |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
200 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
201 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
202 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
203 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
204 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
205 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
206 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
207 |
\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
208 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
209 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
210 |
\begin{center}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
211 |
\begin{tikzpicture}[scale=1]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
212 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
213 |
\draw[line width=1mm] (-.3, 0) rectangle (1.5,2); |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
214 |
\draw (4.7,1) node {Internet};
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
215 |
\draw (-2.7,1.7) node {\footnotesize Application};
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
216 |
\draw (0.6,1.7) node {\footnotesize Interface};
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
217 |
\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
218 |
\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
219 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
220 |
\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
221 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
222 |
\draw[white] (1.7,1) node (X) {};
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
223 |
\draw[white] (3.7,1) node (Y) {};
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
224 |
\draw[red, <->, line width = 2mm] (X) -- (Y); |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
225 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
226 |
\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
227 |
\end{tikzpicture}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
228 |
\end{center}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
229 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
230 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
231 |
\item the idea is make the attack surface smaller and mitigate the |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
232 |
consequences of an attack |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
233 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
234 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
235 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
236 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
237 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
238 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
239 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
240 |
\frametitle{Weaknesses of Unix AC}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
241 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
242 |
Not just restricted to Unix: |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
243 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
244 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
245 |
\item if you have too many roles (i.e.~too finegrained AC), then |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
246 |
hierarchy is too complex\\ \textcolor{gray}{you invite situations
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
247 |
like\ldots let's be root}\bigskip |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
248 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
249 |
\item you can still abuse the system\ldots |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
250 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
251 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
252 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
253 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
254 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
255 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
256 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
257 |
\frametitle{A ``Cron''-Attack}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
258 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
259 |
The idea is to trick a privileged person to do something on your |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
260 |
behalf: |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
261 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
262 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
263 |
\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
264 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
265 |
\footnotesize |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
266 |
\begin{minipage}{1.1\textwidth}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
267 |
\textcolor{gray}{the shell behind the scenes:}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
268 |
\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
269 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
270 |
\textcolor{gray}{this takes time}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
271 |
\end{minipage}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
272 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
273 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
274 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
275 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
276 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
277 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
278 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
279 |
\frametitle{A ``Cron''-Attack}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
280 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
281 |
\begin{enumerate}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
282 |
\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
283 |
\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
284 |
\item root \textcolor{gray}{(does the daily cleaning)}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
285 |
\texttt{rm /tmp/*/*}\medskip\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
286 |
\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
287 |
\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
288 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
289 |
\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
290 |
the real passwd file)}\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
291 |
\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
292 |
\item root now deletes the real passwd file |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
293 |
\end{enumerate}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
294 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
295 |
\only<2>{
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
296 |
\begin{textblock}{11}(2,5)
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
297 |
\begin{bubble}[8cm]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
298 |
\normalsize To prevent this kind of attack, you need additional |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
299 |
policies (don't do such operations as root). |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
300 |
\end{bubble}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
301 |
\end{textblock}}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
302 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
303 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
304 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
305 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
306 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
307 |
\begin{frame}[c]
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
308 |
\frametitle{Access Control in Unix}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
309 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
310 |
\begin{itemize}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
311 |
\item access control provided by the OS |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
312 |
\item authenticate principals |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
313 |
\item mediate access to files, ports, processes etc according to |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
314 |
\alert{roles} (user ids)\\
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
315 |
\item roles get attached with privileges\bigskip\\ |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
316 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
317 |
\hspace{8mm}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
318 |
\begin{bubble}[8cm]
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
319 |
\alert{principle of least privilege:}\\
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
320 |
users and programs should only have as much privilege as they need to |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
321 |
accomplish a task |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
322 |
\end{bubble}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
323 |
\end{itemize}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
324 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
325 |
\end{frame}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
326 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
327 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
328 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
329 |
\mode<presentation>{
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
330 |
\begin{frame}[c]
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
331 |
\frametitle{Access Control in Unix (2)}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
332 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
333 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
334 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
335 |
\item privileges are specified by file access permissions (``everything is a file'')\medskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
336 |
\item there are 9 (plus 2) bits that specify the permissions of a file |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
337 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
338 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
339 |
\begin{tabular}{l}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
340 |
\texttt{\$ ls -la}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
341 |
\texttt{-rwxrw-r-{}- \hspace{3mm} foo\_file.txt}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
342 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
343 |
\end{center}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
344 |
\end{itemize}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
345 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
346 |
\end{frame}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
347 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
348 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
349 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
350 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
351 |
\frametitle{Login Process}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
352 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
353 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
354 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
355 |
\item login processes run under UID $=$ \pcode{0}\medskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
356 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
357 |
\texttt{ps -axl | grep login}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
358 |
\end{center}\medskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
359 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
360 |
\item after login, shells run under UID $=$ user (e.g.~501)\medskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
361 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
362 |
\texttt{id cu}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
363 |
\end{center}\medskip\pause
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
364 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
365 |
\item non-root users are not allowed to change the UID --- would break |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
366 |
access control |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
367 |
\item but needed for example for accessing \texttt{passwd}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
368 |
\end{itemize}
|
| 41 | 369 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
370 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
371 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
372 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
373 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
374 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
375 |
\frametitle{Setuid and Setgid}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
376 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
377 |
The solution is that Unix file permissions are 9 + \underline{2 Bits}:
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
378 |
\alert{Setuid} and \alert{Setgid} bits
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
379 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
380 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
381 |
\item When a file with setuid is executed, the resulting process will |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
382 |
assume the UID given to the \underline{owner} of the file.
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
383 |
\item This enables users to create processes as root (or another |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
384 |
user).\bigskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
385 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
386 |
\item Essential for changing passwords, for example. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
387 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
388 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
389 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
390 |
\texttt{chmod 4755 fobar\_file}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
391 |
\end{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
392 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
393 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
394 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
395 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
396 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
397 |
\begin{frame}[c]
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
398 |
\frametitle{\Large Discretionary Access Control}
|
| 41 | 399 |
|
400 |
\begin{itemize}
|
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
401 |
\item Access to objects (files, directories, devices, etc.) is |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
402 |
permitted based on user identity. Each object is owned by a |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
403 |
user. Owners can specify freely (at their discretion) how they want to |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
404 |
share their objects with other users, by specifying which other users |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
405 |
can have which form of access to their objects.\medskip |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
406 |
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
407 |
\item Discretionary access control is implemented on any modern multi-user |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
408 |
OS (Unix, Windows NT, etc.). |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
409 |
\end{itemize}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
410 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
411 |
\end{frame}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
412 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
413 |
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
414 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
415 |
\begin{frame}[c]
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
416 |
\frametitle{\Large Mandatory Access Control}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
417 |
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
418 |
\begin{itemize}
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
419 |
\item Access to objects is controlled by a system-wide policy, for |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
420 |
example to prevent certain flows of information. In some forms, the |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
421 |
system maintains security labels for both objects and subjects |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
422 |
(processes, users) based on which access is granted or |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
423 |
denied. Labels can change as the result of an access. Security |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
424 |
policies are enforced without the cooperation of users or |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
425 |
programs.\medskip |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
426 |
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
427 |
\item This is implemented in banking or military operating system |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
428 |
versions (SELinux). |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
429 |
\end{itemize}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
430 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
431 |
\end{frame}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
432 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 41 | 433 |
|
434 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
435 |
\begin{frame}[c]
|
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
436 |
\frametitle{\Large Discretionary Access Control}
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
437 |
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
438 |
In its most generic form usually given by an \alert{Access Control
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
439 |
Matrix} of the form |
| 41 | 440 |
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
441 |
\begin{center}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
442 |
\begin{tabular}{r|c|c|c}
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
443 |
& /mail/jane & edit.exe & postfix \\\hline |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
444 |
jane & r, w & r, x & r, x\\\hline |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
445 |
john & $\varnothing$ & r, w, x& r, x\\\hline |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
446 |
postfix & a & $\varnothing$ & r, x\\ |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
447 |
\end{tabular}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
448 |
\end{center}
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
449 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
450 |
access privileges: {\bf r}ead, {\bf w}rite, e{\bf x}ecute, {\bf a}ppend
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
451 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
452 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
453 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
454 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
455 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
456 |
\small |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
457 |
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
458 |
\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
459 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
460 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
461 |
\begin{center}
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
462 |
\begin{tabular}{@{\hspace{-24mm}}ll}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
463 |
members of group staff: & ping, bob, emma\\ |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
464 |
members of group students: & emma\\ |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
465 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
466 |
\end{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
467 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
468 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
469 |
\begin{tabular}{@{\hspace{-7mm}}r|c|c|c|c|c@{}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
470 |
& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
471 |
ping & & & & &\\\hline |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
472 |
bob & & & & &\\\hline |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
473 |
emma & & & & &\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
474 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
475 |
\end{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
476 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
477 |
\end{frame}
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
478 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
479 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
480 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
481 |
\begin{frame}[c]
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
482 |
\frametitle{Mandatory Access Control}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
483 |
\small |
| 45 | 484 |
|
| 41 | 485 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
486 |
\item Restrictions to allowed information flows are not decided at the |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
487 |
user's discretion (as with Unix \pcode{chmod}), but instead enforced
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
488 |
by system policies. |
| 41 | 489 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
490 |
\item Mandatory access control mechanisms are aimed in particular at |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
491 |
preventing policy violations by untrusted programs, which typically |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
492 |
have at least the same access privileges as the invoking |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
493 |
user.\medskip\pause |
| 41 | 494 |
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
495 |
Simple example: Air Gap Security. Uses a completely separate network |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
496 |
and computer hardware for different application classes. |
| 41 | 497 |
\end{itemize}
|
498 |
||
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
499 |
\end{frame}
|
| 41 | 500 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
501 |
||
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
502 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
503 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
504 |
\begin{frame}[c]
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
505 |
\frametitle{The Bell-LaPadula Model}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
506 |
\small |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
507 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
508 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
509 |
\item Formal policy model for mandatory access control in a military |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
510 |
multi-level security environment. All subjects (processes, users, |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
511 |
terminals, files, windows, connections) are labeled |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
512 |
with a confidentiality level, e.g. |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
513 |
\begin{center}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
514 |
unclassified < confidential < secret < top secret |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
515 |
\end{center}\medskip
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
516 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
517 |
\item The system policy automatically prevents the flow of information |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
518 |
from high-level objects to lower levels. A process that reads top |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
519 |
secret data becomes tagged as top secret by the operating system, as |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
520 |
will be all files into which it writes afterwards. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
521 |
%Each user has a maximum allowed confidentiality level specified and |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
522 |
%cannot receive data beyond that level. A selected set of trusted |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
523 |
%subjects is allowed to bypass the restrictions, in order to permit |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
524 |
%the declassification of information. |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
525 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
526 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
527 |
\end{frame}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
528 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
529 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
530 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
531 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
532 |
\frametitle{Bell-LaPadula}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
533 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
534 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
535 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
536 |
\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
537 |
\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
538 |
\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
539 |
\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
540 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
541 |
\item Meta-Rule: All principals in a system should have a sufficiently high security level |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
542 |
in order to access an object. |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
543 |
\end{itemize}\bigskip
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
544 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
545 |
This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
546 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
547 |
Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
548 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
549 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
550 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
551 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
552 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
553 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
554 |
\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
555 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
556 |
\begin{bubble}[10cm]
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
557 |
A principal should have as few privileges as possible to access a resource. |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
558 |
\end{bubble}\bigskip\bigskip
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
559 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
560 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
561 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
562 |
\item Bob ($T\!S$) and Alice ($S$) want to communicate |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
563 |
\item[] $\Rightarrow$ Bob should lower his security level |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
564 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
565 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
566 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
567 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
568 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
569 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
570 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
571 |
\frametitle{Biba Policy}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
572 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
573 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
574 |
Data Integrity (rather than data confidentiality) |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
575 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
576 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
577 |
\item Biba: {\bf `no read down'} - {\bf `no write up'}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
578 |
\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
579 |
\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
580 |
\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
581 |
\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
582 |
\end{itemize}\bigskip\bigskip\pause
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
583 |
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
584 |
E.g.~Firewalls: you can read from inside the firewall, but not from outside\\ |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
585 |
Phishing: you can look at an approved PDF, but not one from a random email\\ |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
586 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
587 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
588 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
589 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
590 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
591 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
592 |
\frametitle{Security Levels (2)}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
593 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
594 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
595 |
\item Bell-La Padula preserves data secrecy, but not data |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
596 |
integrity\bigskip\pause |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
597 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
598 |
\item Biba model is for data integrity |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
599 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
600 |
\begin{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
601 |
\item read: your own level and above |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
602 |
\item write: your own level and below |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
603 |
\end{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
604 |
\end{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
605 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
606 |
\end{frame}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
607 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
608 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
609 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
610 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
611 |
\frametitle{Shared Access Control}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
612 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
613 |
\begin{center}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
614 |
\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
615 |
\end{center}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
616 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
617 |
\begin{textblock}{11}(10.5,10.5)
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
618 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
619 |
To take an action you\\[-1mm] |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
620 |
need at least either: |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
621 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
622 |
\item 1 CEO\\[-5mm] |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
623 |
\item 2 MDs, or\\[-5mm] |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
624 |
\item 3 Ds |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
625 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
626 |
\end{textblock}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
627 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
628 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
629 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
630 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
631 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
632 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
633 |
\frametitle{\Large Lessons from Access Control}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
634 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
635 |
Not just restricted to Unix: |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
636 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
637 |
\begin{itemize}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
638 |
\item if you have too many roles (i.e.~too finegrained AC), then |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
639 |
hierarchy is too complex\\ |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
640 |
\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
641 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
642 |
\item you can still abuse the system\ldots\bigskip\pause |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
643 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
644 |
\item |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
645 |
policies (a finite system)\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
646 |
computer system (infinite)\medskip\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
647 |
Q: Does your policy ensure that a tainted file cannot affect your |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
648 |
core system files? |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
649 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
650 |
\end{itemize}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
651 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
652 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
653 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
654 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
655 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
656 |
\begin{frame}[t]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
657 |
\frametitle{Protocols}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
658 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
659 |
\mbox{}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
660 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
661 |
\begin{tabular}{l}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
662 |
{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
663 |
\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
664 |
\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
665 |
\end{tabular}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
666 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
667 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
668 |
\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
669 |
but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
670 |
\item<2-> indicates one ``protocol run'', or session, which specifies some |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
671 |
order in the communication |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
672 |
\item<2-> there can be several sessions in parallel (think of wifi routers) |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
673 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
674 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
675 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
676 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
677 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
678 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
679 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
680 |
\frametitle{\Large Cryptographic Protocol Failures}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
681 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
682 |
Ross Anderson and Roger Needham wrote:\bigskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
683 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
684 |
\begin{quote}\rm
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
685 |
\alert{A lot of the recorded frauds were the result of this kind of
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
686 |
blunder, or from management negligence pure and simple.} However, |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
687 |
there have been a significant number of cases where the designers |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
688 |
protected the right things, used cryptographic algorithms which were |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
689 |
not broken, and yet found that their systems were still successfully |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
690 |
attacked. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
691 |
\end{quote}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
692 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
693 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
694 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
695 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
696 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
697 |
\begin{frame}<1-3>[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
698 |
\frametitle{Oyster Cards}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
699 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
700 |
\includegraphics[scale=0.4]{../pics/oysterc.jpg}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
701 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
702 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
703 |
\item good example of a bad protocol\\ (security by obscurity)\bigskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
704 |
\item<3-> ``Breaching security on Oyster cards should not |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
705 |
allow unauthorised use for more than a day, as TfL promises to turn |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
706 |
off any cloned cards within 24 hours\ldots'' |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
707 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
708 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
709 |
\only<2>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
710 |
\begin{textblock}{12}(0.5,0.5)
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
711 |
\begin{bubble}[11cm]\footnotesize
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
712 |
{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
713 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
714 |
The Mifare Classic is the most widely used contactless smartcard on the |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
715 |
market. The stream cipher CRYPTO1 used by the Classic has recently been |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
716 |
reverse engineered and serious attacks have been proposed. The most serious |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
717 |
of them retrieves a secret key in under a second. In order to clone a card, |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
718 |
previously proposed attacks require that the adversary either has access to |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
719 |
an eavesdropped communication session or executes a message-by-message |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
720 |
man-in-the-middle attack between the victim and a legitimate |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
721 |
reader. Although this is already disastrous from a cryptographic point of |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
722 |
view, system integrators maintain that these attacks cannot be performed |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
723 |
undetected.\smallskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
724 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
725 |
This paper proposes four attacks that can be executed by an adversary having |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
726 |
only wireless access to just a card (and not to a legitimate reader). The |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
727 |
most serious of them recovers a secret key in less than a second on ordinary |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
728 |
hardware. Besides the cryptographic weaknesses, we exploit other weaknesses |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
729 |
in the protocol stack. A vulnerability in the computation of parity bits |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
730 |
allows an adversary to establish a side channel. Another vulnerability |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
731 |
regarding nested authentications provides enough plaintext for a speedy |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
732 |
known-plaintext attack.\hfill{}(a paper from 2009)
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
733 |
\end{bubble}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
734 |
\end{textblock}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
735 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
736 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
737 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
738 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
739 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
740 |
\begin{frame}<1->[t]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
741 |
\frametitle{Another Example}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
742 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
743 |
In an email from Ross Anderson\bigskip\small |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
744 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
745 |
\begin{tabular}{l}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
746 |
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
747 |
Sender: cl-security-research-bounces@lists.cam.ac.uk\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
748 |
To: cl-security-research@lists.cam.ac.uk\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
749 |
Subject: Birmingham case\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
750 |
Date: Tue, 13 Aug 2013 15:13:17 +0100\\ |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
751 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
752 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
753 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
754 |
\only<2>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
755 |
\begin{textblock}{12}(0.5,0.8)
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
756 |
\begin{bubble}[11cm]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
757 |
\footnotesize |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
758 |
As you may know, Volkswagen got an injunction against the University of |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
759 |
Birmingham suppressing the publication of the design of a weak cipher |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
760 |
used in the remote key entry systems in its recent-model cars. The paper |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
761 |
is being given today at Usenix, minus the cipher design.\medskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
762 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
763 |
I've been contacted by Birmingham University's lawyers who seek to prove |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
764 |
that the cipher can be easily obtained anyway. They are looking for a |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
765 |
student who will download the firmware from any newish VW, disassemble |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
766 |
it and look for the cipher. They'd prefer this to be done by a student |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
767 |
rather than by a professor to emphasise how easy it is.\medskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
768 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
769 |
Volkswagen's argument was that the Birmingham people had reversed a |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
770 |
locksmithing tool produced by a company in Vietnam, and since their key |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
771 |
fob chip is claimed to be tamper-resistant, this must have involved a |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
772 |
corrupt insider at VW or at its supplier Thales. Birmingham's argument |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
773 |
is that this is nonsense as the cipher is easy to get hold of. Their |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
774 |
lawyers feel this argument would come better from an independent |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
775 |
outsider.\medskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
776 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
777 |
Let me know if you're interested in having a go, and I'll put you in |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
778 |
touch |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
779 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
780 |
Ross |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
781 |
\end{bubble}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
782 |
\end{textblock}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
783 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
784 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
785 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
786 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
787 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
788 |
\begin{frame}[c]
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
789 |
\frametitle{\Large Cryptographic Protocol Failures}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
790 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
791 |
Ross Anderson and Roger Needham wrote:\bigskip |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
792 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
793 |
\begin{quote}\rm
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
794 |
A lot of the recorded frauds were the result of this kind of blunder, |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
795 |
or from management negligence pure and simple. \alert{However, there
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
796 |
have been a significant number of cases where the designers |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
797 |
protected the right things, used cryptographic algorithms which were |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
798 |
not broken, and yet found that their systems were still successfully |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
799 |
attacked.} |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
800 |
\end{quote}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
801 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
802 |
\end{frame}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
803 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
804 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
805 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
806 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
807 |
\mode<presentation>{
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
808 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
809 |
\frametitle{Authentication Protocols}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
810 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
811 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
812 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
813 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
814 |
Passwords: |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
815 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
816 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
817 |
\bl{$B \rightarrow A: K_{AB}$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
818 |
\end{center}\pause\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
819 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
820 |
Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
821 |
identity of \bl{$B$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
822 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
823 |
\end{frame}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
824 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
825 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
826 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
827 |
\mode<presentation>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
828 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
829 |
\frametitle{Authentication Protocols}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
830 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
831 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
832 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
833 |
Simple Challenge Response: |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
834 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
835 |
\begin{center}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
836 |
\begin{tabular}{ll}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
837 |
\bl{$A \rightarrow B:$} & \bl{$N$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
838 |
\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
839 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
840 |
\end{center}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
841 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
842 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
843 |
\end{frame}}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
844 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
845 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
846 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
847 |
\mode<presentation>{
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
848 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
849 |
\frametitle{Authentication Protocols}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
850 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
851 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
852 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
853 |
Mutual Challenge Response: |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
854 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
855 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
856 |
\begin{tabular}{ll}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
857 |
\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
858 |
\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
859 |
\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
860 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
861 |
\end{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
862 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
863 |
%\pause |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
864 |
%An attacker \bl{$E$} can launch an impersonation attack by
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
865 |
%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
866 |
%own challenges. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
867 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
868 |
\end{frame}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
869 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
870 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
871 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
872 |
\begin{frame}[c]
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
873 |
\frametitle{Nonces}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
874 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
875 |
\begin{enumerate}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
876 |
\item I generate a nonce (random number) and send it to you encrypted with a key we share |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
877 |
\item you increase it by one, encrypt it under a key I know and send |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
878 |
it back to me |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
879 |
\end{enumerate}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
880 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
881 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
882 |
I can infer: |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
883 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
884 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
885 |
\item you must have received my message |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
886 |
\item you could only have generated your answer after I send you my initial |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
887 |
message |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
888 |
\item if only you and me know the key, the message must have come from you |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
889 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
890 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
891 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
892 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
893 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
894 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
895 |
\mode<presentation>{
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
896 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
897 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
898 |
\begin{center}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
899 |
\begin{tabular}{ll}
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
900 |
\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
901 |
\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{ab}}$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
902 |
\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
903 |
\end{tabular}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
904 |
\end{center}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
905 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
906 |
The attack (let $A$ decrypt her own messages): |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
907 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
908 |
\begin{center}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
909 |
\begin{tabular}{ll}
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
910 |
\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
911 |
\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
912 |
\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
913 |
\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
914 |
\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
915 |
\end{tabular}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
916 |
\end{center}\pause
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
917 |
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
918 |
\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
919 |
\end{frame}}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
920 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
921 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
922 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
923 |
\mode<presentation>{
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
924 |
\begin{frame}[c]
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
925 |
\frametitle{Encryption to the Rescue?}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
926 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
927 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
928 |
\begin{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
929 |
\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
930 |
\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
931 |
\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
932 |
\end{itemize}\pause
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
933 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
934 |
means you need to send separate ``Hello'' signals (bad), or worse |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
935 |
share a single key between many entities |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
936 |
\end{frame}}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
937 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
938 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
939 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
940 |
\mode<presentation>{
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
941 |
\begin{frame}[c]
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
942 |
\frametitle{Protocol Attacks}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
943 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
944 |
\begin{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
945 |
\item replay attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
946 |
\item reflection attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
947 |
\item man-in-the-middle attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
948 |
\item timing attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
949 |
\item parallel session attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
950 |
\item binding attacks (public key protocols) |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
951 |
\item changing environment / changing assumptions\bigskip |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
952 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
953 |
\item (social engineering attacks) |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
954 |
\end{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
955 |
\end{frame}}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
956 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
957 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
958 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
959 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
960 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
961 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
962 |
\frametitle{Public-Key Infrastructure}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
963 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
964 |
\begin{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
965 |
\item the idea is to have a certificate authority (CA) |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
966 |
\item you go to the CA to identify yourself |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
967 |
\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
968 |
\item CA must be trusted by everybody |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
969 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
970 |
explicitly limits liability to \$100.) |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
971 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
972 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
973 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
974 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
975 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
976 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
977 |
\mode<presentation>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
978 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
979 |
\frametitle{Person-in-the-Middle}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
980 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
981 |
``Normal'' protocol run:\bigskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
982 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
983 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
984 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
985 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
986 |
\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
987 |
with its private key |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
988 |
\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
989 |
with its private key |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
990 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
991 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
992 |
\end{frame}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
993 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
994 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
995 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
996 |
\mode<presentation>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
997 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
998 |
\frametitle{Person-in-the-Middle}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
999 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1000 |
Attack: |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1001 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1002 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1003 |
\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1004 |
\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1005 |
\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1006 |
with its private key, re-encrypts with \bl{$B$}'s public key
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1007 |
\item similar for other direction |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1008 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1009 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1010 |
\end{frame}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1011 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1012 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1013 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1014 |
\mode<presentation>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1015 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1016 |
\frametitle{Person-in-the-Middle}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1017 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1018 |
Prevention: |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1019 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1020 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1021 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1022 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1023 |
\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1024 |
\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1025 |
\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1026 |
\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1027 |
\end{itemize}\pause
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1028 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1029 |
\bl{$C$} would have to invent a totally new message
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1030 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1031 |
\end{frame}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1032 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1033 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1034 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1035 |
\mode<presentation>{
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1036 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1037 |
\frametitle{Public-Key Infrastructure}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1038 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1039 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1040 |
\item the idea is to have a certificate authority (CA) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1041 |
\item you go to the CA to identify yourself |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1042 |
\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1043 |
\item CA must be trusted by everybody |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1044 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1045 |
explicitly limits liability to \$100.) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1046 |
\end{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1047 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1048 |
\end{frame}}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1049 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1050 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1051 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1052 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1053 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1054 |
\frametitle{Binding Attacks}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1055 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1056 |
with public-private keys it is important that the public key is \alert{bound}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1057 |
to the right owner (verified by a certification authority \bl{$CA$})
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1058 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1059 |
\begin{center}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1060 |
\begin{tabular}{l}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1061 |
\bl{$A \rightarrow CA :$} \bl{$A, B, N_A$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1062 |
\bl{$CA \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{B}\}_{K^{pub}_{A}}$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1063 |
\end{tabular}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1064 |
\end{center}\bigskip
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1065 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1066 |
\bl{$A$} knows \bl{$K^{priv}_A$} and can verify the message came from \bl{$CA$}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1067 |
in response to \bl{$A$}'s message and trusts \bl{$K^{pub}_{B}$} is \bl{$B$}'s public key
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1068 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1069 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1070 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1071 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1072 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1073 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1074 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1075 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1076 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1077 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1078 |
\frametitle{Binding Attacks}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1079 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1080 |
\begin{center}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1081 |
\begin{tabular}{l}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1082 |
\bl{$A \rightarrow I(CA) :$} \bl{$A, B, N_A$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1083 |
\bl{$I(A) \rightarrow CA :$} \bl{$A, I, N_A$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1084 |
\bl{$CA \rightarrow I(A) :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1085 |
\bl{$I(CA) \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1086 |
\end{tabular}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1087 |
\end{center}\pause
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1088 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1089 |
\bl{$A$} now encrypts messages for \bl{$B$} with the public key of \bl{$I$}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1090 |
(which happily decrypts them with its private key) |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1091 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1092 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1093 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1094 |
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1095 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1096 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1097 |
\mode<presentation>{
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1098 |
\begin{frame}[c]
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1099 |
\frametitle{Replay Attacks}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1100 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1101 |
Schroeder-Needham protocol: exchange of a symmetric key with a trusted 3rd-party \bl{$S$}:
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1102 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1103 |
\begin{center}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1104 |
\begin{tabular}{r@ {\hspace{1mm}}l}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1105 |
\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1106 |
\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1107 |
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1108 |
\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1109 |
\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1110 |
\end{tabular}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1111 |
\end{center}\bigskip\pause
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1112 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1113 |
at the end of the protocol both \bl{$A$} and \bl{$B$} should be in the possession of the secret key
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1114 |
\bl{$K_{AB}$} and know that the other principal has the key
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1115 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1116 |
\end{frame}}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1117 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1118 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1119 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1120 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1121 |
\mode<presentation>{
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1122 |
\begin{frame}[c]
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1123 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1124 |
\begin{center}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1125 |
\begin{tabular}{l}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1126 |
\bl{$A \rightarrow S :$} \bl{$A, B, N_A$}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1127 |
\bl{$S \rightarrow A :$} \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1128 |
\bl{$A \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1129 |
\bl{$B \rightarrow A :$} \bl{$\{N_B\}_{K_{AB}}$}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1130 |
\bl{$A \rightarrow B :$} \bl{$\{N_B-1\}_{K_{AB}}$}\pause\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1131 |
\hspace{5cm}compromise \bl{$K_{AB}$}\pause\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1132 |
\bl{$A \rightarrow S :$} \bl{$A, B, N'_A$}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1133 |
\bl{$S \rightarrow A :$} \bl{$\{N'_A, B, K'_{AB},\{K'_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\pause\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1134 |
\bl{$I(A) \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\hspace{0.5cm} replay of older run\pause\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1135 |
\bl{$B \rightarrow I(A) :$} \bl{$\{N'_B\}_{K_{AB}}$}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1136 |
\bl{$I(A) \rightarrow B :$} \bl{$\{N'_B-1\}_{K_{AB}}$}\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1137 |
\end{tabular}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1138 |
\end{center}\pause
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1139 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1140 |
\bl{$B$} believes it is following the correct protocol,
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1141 |
intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1142 |
talks to \bl{$B$} masquerading as \bl{$A$}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1143 |
\end{frame}}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1144 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1145 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1146 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1147 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1148 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1149 |
\frametitle{Time-Stamps}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1150 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1151 |
The Schroeder-Needham protocol can be fixed by including a time-stamp (e.g., in Kerberos): |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1152 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1153 |
\begin{center}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1154 |
\begin{tabular}{r@ {\hspace{1mm}}l}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1155 |
\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1156 |
\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1157 |
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1158 |
\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1159 |
\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1160 |
\end{tabular}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1161 |
\end{center}\bigskip\pause
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1162 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1163 |
but nothing is for free: then you need to synchronise time and possibly become a victim to |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1164 |
timing attacks |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1165 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1166 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1167 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1168 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1169 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1170 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1171 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1172 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1173 |
A Man-in-the-middle attack in real life: |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1174 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1175 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1176 |
\item the card only says yes to the terminal if the PIN is correct |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1177 |
\item trick the card in thinking transaction is verified by signature |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1178 |
\item trick the terminal in thinking the transaction was verified by PIN |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1179 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1180 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1181 |
\begin{minipage}{1.1\textwidth}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1182 |
\begin{center}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1183 |
\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1184 |
\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1185 |
\end{center}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1186 |
\end{minipage}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1187 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1188 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1189 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1190 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1191 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1192 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1193 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1194 |
\frametitle{Problems with EMV}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1195 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1196 |
\begin{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1197 |
\item it is a wrapper for many protocols |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1198 |
\item specification by consensus (resulted unmanageable complexity) |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1199 |
\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1200 |
further parts are secret |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1201 |
\item other attacks have been found |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1202 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1203 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1204 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1205 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1206 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1207 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1208 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1209 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1210 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1211 |
\frametitle{\begin{tabular}{@{}c@{}}Problems with WEP (Wifi)\end{tabular}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1212 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1213 |
\begin{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1214 |
\item a standard ratified in 1999 |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1215 |
\item the protocol was designed by a committee not including cryptographers |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1216 |
\item it used the RC4 encryption algorithm which is a stream cipher requiring a unique nonce |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1217 |
\item WEP did not allocate enough bits for the nonce |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1218 |
\item for authenticating packets it used CRC checksum which can be easily broken |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1219 |
\item the network password was used to directly encrypt packages (instead of a key negotiation protocol)\bigskip |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1220 |
\item encryption was turned off by default |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1221 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1222 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1223 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1224 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1225 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1226 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1227 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1228 |
\mode<presentation>{
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1229 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1230 |
\frametitle{Protocols are Difficult}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1231 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1232 |
\begin{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1233 |
\item even the systems designed by experts regularly fail\medskip |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1234 |
\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1235 |
\item the one who can fix a system should also be liable for the losses\medskip |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1236 |
\item cryptography is often not {\bf the} answer\bigskip\bigskip
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1237 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1238 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1239 |
\end{frame}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1240 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1241 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1242 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1243 |
\mode<presentation>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1244 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1245 |
\frametitle{Best Practices}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1246 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1247 |
{\bf Principle 1:} Every message should say what it means: the interpretation of
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1248 |
a message should not depend on the context.\bigskip\pause |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1249 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1250 |
{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1251 |
to mention the principal’s name explicitly in the message (though difficult).\bigskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1252 |
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1253 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1254 |
\end{frame}}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1255 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1256 |
|
| 43 | 1257 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1258 |
\mode<presentation>{
|
|
1259 |
\begin{frame}[c]
|
|
1260 |
||
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1261 |
{\bf Principle 3:} Be clear about why encryption is being
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1262 |
done. Encryption is not cheap, and not asking precisely why it is |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1263 |
being done can lead to redundancy. Encryption is not synonymous with |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1264 |
security. |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1265 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1266 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1267 |
Possible Uses of Encryption |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1268 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1269 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1270 |
\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1271 |
\item Guarantee authenticity: The partner is indeed some particular principal. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1272 |
\item Guarantee confidentiality and authenticity: binds two parts of a message --- |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1273 |
\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1274 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1275 |
\end{center}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1276 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1277 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1278 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1279 |
\end{frame}}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1280 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 41 | 1281 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1282 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1283 |
\mode<presentation>{
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1284 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1285 |
\frametitle{Best Practices}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1286 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1287 |
{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1288 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1289 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1290 |
Example Certification Authorities: CAs are trusted to certify a key only after proper steps |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1291 |
have been taken to identify the principal that owns it. |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1292 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1293 |
\end{frame}}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1294 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1295 |
|
| 41 | 1296 |
\end{document}
|
1297 |
||
1298 |
%%% Local Variables: |
|
1299 |
%%% mode: latex |
|
1300 |
%%% TeX-master: t |
|
1301 |
%%% End: |
|
1302 |