sen-material: slides/slides04.tex@9332d1e54360 (annotated)

41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	2	\usepackage{../slides}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	3	\usepackage{../graphics}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	4	\usepackage{../langs}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usetikzlibrary{arrows}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usetikzlibrary{shapes}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	8	\setmonofont[Scale=.88]{Consolas}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	9	\newfontfamily{\consolas}{Consolas}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	11	\hfuzz=220pt
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	12
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	% beamer stuff
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	14	\renewcommand{\slidecaption}{SEN 04, King's College London}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	15	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	16
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\begin{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	20	\begin{frame}[t]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\frametitle{%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	\begin{tabular}{@ {}c@ {}}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\\
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	24	\LARGE Security Engineering (4)\\[-3mm]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	25	\end{tabular}}\bigskip\bigskip\bigskip
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	26
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	27	\normalsize
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\begin{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\begin{tabular}{ll}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	Email: & christian.urban at kcl.ac.uk\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	31	Office: & S1.27 (1st floor Strand Building)\\
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	32	Slides: & KEATS (also home work is there)\\
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	33	\end{tabular}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	\end{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	35
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	36	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	37	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	38
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	39	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	\begin{frame}[c]
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	41
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	42	\begin{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	43	\includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	44	last week: buffer overflow attacks
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	45	\end{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	46
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	47	\begin{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	48	\item no ``cheating'' needed for format string attacks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	49	\item the main point: no cheating to start with
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	50	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	51
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	52	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	53	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	54
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	55	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	56	\begin{frame}[c]
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	57	\frametitle{Case-In-Point: Android}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	58
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	59	\begin{itemize}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	60	\item a list of common Android vulnerabilities
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	61	(5 BOAs out of 35 vulnerabilities)
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	62
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	63	\begin{center}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	64	\url{http://androidvulnerabilities.org/}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	65	\end{center}\bigskip
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	66
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	67	\item a paper that measures security of Android phones
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	68
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	69	\begin{quote}\small\rm ``We find that on average 87.7\% of Android
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	70	devices are exposed to at least one of 11 known critical
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	71	vulnerabilities\ldots''
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	72	\end{quote}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	73
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	74	\begin{center}\small
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	75	\url{https://www.cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	76	\end{center}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	77	\end{itemize}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	78
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	79	\end{frame}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	80	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	81
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	82
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	83	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	84	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	85
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	86	\begin{bubble}[10cm]\small How do we implement BOAs? On a
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	87	webpage login, for example Facebook, we can't do this. The
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	88	script will not let us enter hexadecimal numbers where email
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	89	or username is required and plus it will have a max length,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	90	like 32 characters only. In this case, what can we do, since
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	91	the method you showed us wouldn't work?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	92	\end{bubble}\bigskip\bigskip\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	93
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	94	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	95	\item Facebook no
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	96	\item printers, routers, cars, IoT etc likely
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	97	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	98
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	99
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	100	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	101	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	102
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	103	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	104	\begin{frame}[c]
407 272dd46ff9b2 added survey Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 406 diff changeset	105	\frametitle{Survey}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	106
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	107	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	108	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	109
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	110	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	111	\begin{frame}[c]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	112
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	113	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	114	\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	115	last week: buffer overflow attacks
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	116	\end{center}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	117
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	118	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	119	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	120
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	121	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	122	\begin{frame}[c]
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	123	\frametitle{\begin{tabular}{c}Two General Counter\\[-1mm]
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	124	Measures against BOAs etc\end{tabular}}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	125
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	126	Both try to reduce the attack surface:\bigskip
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	127
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	128	\begin{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	129	\item \alert{\bf unikernels} -- the idea is to not have
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	130	an operating system at all
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	131	\item all functionality of the server is implemented in a
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	132	single, stand-alone program
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	133	\item all functionality an operating system would normally
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	134	provide (network stack, file system) is available through
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	135	libraries
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	136	\item the best known unikernel is MirageOS using Ocaml
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	137	(\url{https://mirage.io})
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	138	\end{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	139
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	140	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	141	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	142
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	143
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	144	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	145	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	146	\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	147	Privilege Separation\end{tabular}}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	148
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	149
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	150	\begin{center}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	151	\begin{tikzpicture}[scale=1]
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	152
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	153	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	154	\draw (4.7,1) node {Internet};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	155	\draw (-2.7,1.7) node {\footnotesize Application};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	156	\draw (0.6,1.7) node {\footnotesize Interface};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	157	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	158	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	159
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	160	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	161
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	162	\draw[white] (1.7,1) node (X) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	163	\draw[white] (3.7,1) node (Y) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	164	\draw[red, <->, line width = 2mm] (X) -- (Y);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	165
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	166	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	167	\end{tikzpicture}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	168	\end{center}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	169
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	170	\begin{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	171	\item the idea is make the attack surface smaller and mitigate the
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	172	consequences of an attack
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	173	\end{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	174	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	175	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	176
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	177	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	178	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	179	\frametitle{Access Control in Unix}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	180
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	181	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	182	\item access control provided by the OS
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	183	\item authenticate principals
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	184	\item mediate access to files, ports, processes etc according to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	185	\alert{roles} (user ids)\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	186	\item roles get attached with privileges (some special roles: root)\bigskip\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	187
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	188	\hspace{8mm}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	189	\begin{bubble}[8cm]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	190	\alert{\bf principle of least privilege:}\\
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	191	users and programs should only have as much privilege as they need to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	192	accomplish a task
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	193	\end{bubble}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	194	\end{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	195
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	196	\end{frame}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	197	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	198
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	199	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	200	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	201	\frametitle{Access Control in Unix (2)}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	202
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	203
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	204	\begin{itemize}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	205	\item privileges are specified by file access permissions (``everything is a file'')\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	206	\item there are 9 (plus 2) bits that specify the permissions of a file
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	207	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	208
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	209	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	210	${\underbrace{\LARGE\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	211	\;{\underbrace{\LARGE\texttt{r{}-{}-}}_{\text{user}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	212	{\underbrace{\LARGE\texttt{r{}w{}-}}_{\text{group}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	213	{\underbrace{\LARGE\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	214	\LARGE\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	215	\end{center}
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	216
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	217	\end{frame}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	218	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	219
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	220
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	221	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	222	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	223	\frametitle{Unix-Style Access Control}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	224	\small
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	225
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	226	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	227	\item
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	228	Q: ``I am using Windows. Why should I care?'' \\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	229	A: In Windows you have similar AC:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	230
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	231	\begin{center}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	232	\begin{tabular}{l}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	233	administrators group\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	234	\hspace{5mm}(has complete control over the machine)\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	235	authenticated users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	236	server operators\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	237	power users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	238	network configuration operators
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	239	\end{tabular}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	240	\end{center}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	241
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	242	\item Modern versions of Windows have more fine-grained AC than Unix;
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	243	they do not have a setuid bit, but have \texttt{runas} (asks for a
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	244	password).\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	245
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	246	\item OS-provided access control can \alert{\bf add} to your security.
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	247	(defence in depth)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	248	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	249
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	250	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	251	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	252
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	253	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	254	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	255	\frametitle{Weaknesses of Unix AC}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	256
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	257	Not just restricted to Unix:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	258
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	259	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	260	\item if you have too many roles (i.e.~too finegrained AC), then
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	261	hierarchy is too complex\\ \textcolor{gray}{you invite situations
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	262	like\ldots let's be root}\bigskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	263
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	264	\item you can still abuse the system\ldots
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	265	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	266
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	267	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	268	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	269
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	270	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	271	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	272	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	273
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	274	The idea is to trick a privileged person to do something on your
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	275	behalf:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	276
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	277	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	278	\item root:\\\texttt{rm /tmp//}\bigskip\bigskip\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	279
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	280	\footnotesize
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	281	\begin{minipage}{1.1\textwidth}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	282	\textcolor{gray}{the shell behind the scenes:}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	283	\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	284
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	285	\textcolor{gray}{this takes time}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	286	\end{minipage}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	287	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	288
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	289	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	290	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	291
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	292	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	293	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	294	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	295
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	296	\begin{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	297	\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	298	\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	299	\item root \textcolor{gray}{(does the daily cleaning)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	300	\texttt{rm /tmp//}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	301	\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	302	\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	303
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	304	\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	305	the real passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	306	\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	307	\item root now deletes the real passwd file
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	308	\end{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	309
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	310	\only<2>{
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	311	\begin{textblock}{11}(2,5)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	312	\begin{bubble}[8cm]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	313	\normalsize To prevent this kind of attack, you need additional
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	314	policies (don't do such operations as root).
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	315	\end{bubble}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	316	\end{textblock}}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	317
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	318	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	319	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	320
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	321	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	322	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	323	\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	324	in Unix\end{tabular}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	325
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	326
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	327	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	328	\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	329	\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	330	\item \texttt{mkdir foo} is owned by root\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	331	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	332	\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	333	\end{center}\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	334	it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	335	\end{itemize}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	336
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	337	\only<4->{
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	338	\begin{textblock}{1}(3,7)
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	339	\begin{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	340	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	341	{\begin{minipage}{8cm}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	342	Only failure makes us experts.
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	343	-- Theo de Raadt (OpenBSD, OpenSSH)
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	344	\end{minipage}};
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	345	\end{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	346	\end{textblock}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	347
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	348	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	349	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	350
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	351	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	352	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	353	\frametitle{Subtleties}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	354
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	355
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	356	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	357	\item<1-> Can Bob write \pcode{file}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	358	\item<2-> What if Bob is member of \pcode{staff}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	359	\end{itemize}\bigskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	360
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	361	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	362	${\underbrace{\Large\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	363	\;{\underbrace{\Large\texttt{r{}-{}-}}_{\text{user}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	364	{\underbrace{\Large\texttt{r{}w{}-}}_{\text{group}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	365	{\underbrace{\Large\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	366	\Large\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	367	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	368
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	369	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	370	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	371
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	372	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	373	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	374	\frametitle{Login Processes}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	375
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	376
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	377	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	378	\item login processes run under UID $=$ \pcode{0}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	379	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	380	\texttt{ps -axl \| grep login}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	381	\end{center}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	382
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	383	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	384	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	385	\texttt{id cu}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	386	\end{center}\medskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	387
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	388	\item non-root users are not allowed to change the UID --- would break
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	389	access control
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	390	\item but needed for example for accessing \texttt{passwd}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	391	\end{itemize}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	392
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	393	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	394	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	395
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	396	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	397	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	398	\frametitle{Setuid and Setgid}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	399
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	400	The solution is that Unix file permissions are 9 + \underline{2 Bits}:
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	401	\alert{\bf Setuid} and \alert{\bf Setgid} bits
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	402
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	403	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	404	\item When a file with setuid is executed, the resulting process will
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	405	assume the UID given to the \underline{owner} of the file.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	406	\item This enables users to create processes as root (or another
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	407	user).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	408
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	409	\item Essential for changing passwords, for example.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	410	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	411
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	412	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	413	\texttt{chmod 4755 fobar\_file}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	414	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	415
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	416	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	417	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	418
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	419	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	420	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	421	\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	422
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	423	\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	424
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	425
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	426	\begin{center}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	427	\begin{tabular}{@{\hspace{-24mm}}ll}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	428	members of group staff: & ping, bob, emma\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	429	members of group students: & emma\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	430	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	431	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	432
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	433	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	434	\begin{tabular}{@{\hspace{-7mm}}r\|c\|c\|c\|c\|c@{}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	435	& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	436	ping & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	437	bob & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	438	emma & & & & &\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	439	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	440	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	441
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	442	\end{frame}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	443	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	444
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	445	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	446	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	447	\frametitle{\Large Discretionary Access Control}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	448
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	449	\small
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	450	\begin{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	451	\item Access to objects (files, directories, devices, etc.) is
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	452	permitted based on user identity. Each object is owned by a
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	453	user. Owners can specify freely (at their discretion) how they want to
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	454	share their objects with other users, by specifying which other users
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	455	can have which form of access to their objects.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	456
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	457	\item Discretionary access control is implemented on any modern multi-user
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	458	OS (Unix, Windows NT, etc.).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	459	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	460
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	461	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	462	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	463
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	464	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	465	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	466	\frametitle{\Large Mandatory Access Control}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	467
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	468	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	469	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	470	\item Access to objects is controlled by a system-wide policy, for
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	471	example to prevent certain flows of information. In some forms, the
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	472	system maintains security labels for both objects and subjects
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	473	(processes, users) based on which access is granted or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	474	denied. Labels can change as the result of an access. Security
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	475	policies are enforced without the cooperation of users or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	476	programs.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	477
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	478	\item This is implemented in banking or military operating system
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	479	versions (SELinux).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	480	\item A simple example: Air Gap Security. Uses a completely separate network
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	481	and computer hardware for different application classes (Bin Laden, Bruce Schneier had
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	482	airgaps).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	483	\item What do we want to protect: Secrecy or Integrity?
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	484	\end{itemize}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	485
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	486	\end{frame}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	487	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	488
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	489
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	490	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	491	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	492	\frametitle{The Bell-LaPadula Model}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	493	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	494
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	495	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	496	\item Formal policy model for mandatory access control in a military
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	497	multi-level security environment. All subjects (processes, users,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	498	terminals, files, windows, connections) are labeled
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	499	with a confidentiality level, e.g.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	500	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	501	unclassified < confidential < secret < top secret
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	502	\end{center}\medskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	503
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	504	\item The system policy automatically prevents the flow of information
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	505	from high-level objects to lower levels. A process that reads top
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	506	secret data becomes tagged as top secret by the operating system, as
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	507	will be all files into which it writes afterwards.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	508	%Each user has a maximum allowed confidentiality level specified and
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	509	%cannot receive data beyond that level. A selected set of trusted
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	510	%subjects is allowed to bypass the restrictions, in order to permit
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	511	%the declassification of information.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	512	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	513
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	514	\end{frame}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	515	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	516
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	517	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	518	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	519	\frametitle{Bell-LaPadula}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	520	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	521
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	522	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	523	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	524	\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	525	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	526	\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	527
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	528	%\item Meta-Rule: All principals in a system should have a sufficiently high security level
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	529	%in order to access an object.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	530	\end{itemize}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	531
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	532	This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	533
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	534	Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	535
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	536	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	537	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	538
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	539	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	540	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	541	\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	542
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	543	\begin{bubble}[10cm]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	544	A principal should have as few privileges as possible to access a resource.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	545	\end{bubble}\bigskip\bigskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	546	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	547
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	548	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	549	\item Bob ($T\!S$) and Alice ($S$) want to communicate
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	550	\item[] $\Rightarrow$ Bob should lower his security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	551	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	552
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	553	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	554	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	555
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	556	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	557	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	558	\frametitle{Biba Policy}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	559	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	560
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	561	Data Integrity (rather than data secrecy)
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	562
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	563	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	564	\item Biba: {\bf `no read down'} - {\bf `no write up'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	565	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	566	\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	567	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	568	\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	569	\end{itemize}\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	570
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	571	E.g.~Firewalls: you can read from inside the firewall, but not from outside\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	572	Phishing: you can look at an approved PDF, but not one from a random email\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	573
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	574	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	575	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	576
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	577	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	578	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	579	\frametitle{Security Levels (2)}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	580
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	581	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	582	\item Bell-La Padula preserves data secrecy, but not data
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	583	integrity\bigskip\pause
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	584
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	585	\item Biba model is for data integrity
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	586
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	587	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	588	\item read: your own level and above
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	589	\item write: your own level and below
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	590	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	591	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	592
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	593	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	594	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	595
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	596	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	597	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	598	\frametitle{Shared Access Control}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	599
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	600	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	601	\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	602	\end{center}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	603
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	604	\begin{textblock}{11}(10.5,10.5)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	605	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	606	To take an action you\\[-1mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	607	need at least either:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	608	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	609	\item 1 CEO\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	610	\item 2 MDs, or\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	611	\item 3 Ds
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	612	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	613	\end{textblock}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	614
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	615	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	616	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	617
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	618	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	619	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	620	\frametitle{\Large Lessons from Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	621
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	622	Not just restricted to Unix:
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	623
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	624	\begin{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	625	\item if you have too many roles (i.e.~too finegrained AC), then
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	626	hierarchy is too complex\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	627	\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	628
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	629	\item you can still abuse the system\ldots
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	630	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	631
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	632	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	633	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	634
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	635	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	636	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	637	\frametitle{Protocols}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	638
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	639	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	640	\includegraphics[scale=0.11]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	641	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	642	\includegraphics[scale=0.3025]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	643	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	644
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	645	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	646	\item Other examples: Wifi, Http-request, TCP-request,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	647	card readers, RFID (passports)\medskip\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	648
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	649	\item The point is that we cannot control the network: An attacker
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	650	can install a packet sniffer, inject packets, modify packets,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	651	replay messages\ldots{}fake pretty much everything.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	652	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	653
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	654	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	655	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	656
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	657	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	658	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	659	\frametitle{Keyless Car Transponders}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	660
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	661	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	662	\includegraphics[scale=0.1]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	663	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	664	\includegraphics[scale=0.27]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	665	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	666
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	667	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	668	\item There are two security mechanisms: one remote central
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	669	locking system and one passive RFID tag (engine immobiliser).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	670	\item How can I get in? How can thieves be kept out?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	671	How to avoid MITM attacks?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	672	\end{itemize}\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	673
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	674	\footnotesize
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	675	\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	676	\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	677	\hfill a Vehicle Immobilizer
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	678
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	679	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	680	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	681
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	682	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	683	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	684	\frametitle{HTTPS / GSM}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	685
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	686	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	687	\includegraphics[scale=0.25]{../pics/barclays.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	688	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	689	\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	690	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	691
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	692	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	693	\item I am sitting at Starbuck. How can I be sure I am really
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	694	visiting Barclays? I have no control of the access
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	695	point.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	696	\item How can I achieve that a secret key is established in
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	697	order to encrypt my mobile conversation? I have no
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	698	control over the access points.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	699	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	700
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	701	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	702	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	703	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	704	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	705	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	706
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	707	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	708	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	709	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	710	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	711
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	712	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	713	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	714	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	715	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	716	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	717	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	718	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	719	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	720	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	721	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	722	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	723	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	724	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	725	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	726	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	727	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	728
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	729	\only<2>{
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	730	\begin{textblock}{3}(11,5)
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	731	\begin{bubble}[3.2cm]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	732	SYNflood attacks:\medskip\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	733	\includegraphics[scale=0.4]{../pics/synflood.png}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	734	\end{bubble}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	735	\end{textblock}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	736
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	737	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	738	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	739
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	740	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	741	\begin{frame}[t]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	742	\frametitle{Protocols}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	743
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	744	\mbox{}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	745
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	746	\begin{tabular}{l}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	747	{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	748	\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	749	\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	750	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	751
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	752	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	753	\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	754	but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	755	\item<2-> indicates one ``protocol run'', or session, which specifies some
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	756	order in the communication
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	757	\item<2-> there can be several sessions in parallel (think of wifi routers)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	758	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	759
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	760	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	761	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	762
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	763	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	764	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	765	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	766
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	767	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	768	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	769	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	770	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	771
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	772	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	773	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	774	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	775	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	776	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	777	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	778	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	779	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	780	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	781	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	782	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	783	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	784	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	785	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	786	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	787	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	788
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	789	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	790	\begin{tabular}{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	791	\bl{$A \rightarrow S$}: & \bl{SYN}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	792	\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	793	\bl{$A \rightarrow S$}: & \bl{ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	794	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	795	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	796
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	797	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	798	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	799
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	800	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	801	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	802	\frametitle{\Large Cryptographic Protocol Failures}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	803
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	804	Ross Anderson and Roger Needham wrote:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	805
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	806	\begin{quote}\rm
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	807	A lot of the recorded frauds were the result of this kind of
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	808	blunder, or from management negligence pure and simple.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	809	\alert{However,
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	810	there have been a significant number of cases where the designers
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	811	protected the right things, used cryptographic algorithms which were
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	812	not broken, and yet found that their systems were still successfully
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	813	attacked.}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	814	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	815
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	816	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	817	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	818
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	819	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	820	\begin{frame}<1-3>[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	821	\frametitle{Oyster Cards}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	822
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	823	\includegraphics[scale=0.4]{../pics/oysterc.jpg}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	824
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	825	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	826	\item good example of a bad protocol\\ (security by obscurity)\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	827	\item<3-> ``Breaching security on Oyster cards should not
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	828	allow unauthorised use for more than a day, as TfL promises to turn
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	829	off any cloned cards within 24 hours\ldots''
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	830	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	831
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	832	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	833	\begin{textblock}{12}(0.5,0.5)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	834	\begin{bubble}[11cm]\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	835	{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	836
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	837	The Mifare Classic is the most widely used contactless smartcard on the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	838	market. The stream cipher CRYPTO1 used by the Classic has recently been
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	839	reverse engineered and serious attacks have been proposed. The most serious
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	840	of them retrieves a secret key in under a second. In order to clone a card,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	841	previously proposed attacks require that the adversary either has access to
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	842	an eavesdropped communication session or executes a message-by-message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	843	man-in-the-middle attack between the victim and a legitimate
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	844	reader. Although this is already disastrous from a cryptographic point of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	845	view, system integrators maintain that these attacks cannot be performed
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	846	undetected.\smallskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	847
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	848	This paper proposes four attacks that can be executed by an adversary having
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	849	only wireless access to just a card (and not to a legitimate reader). The
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	850	most serious of them recovers a secret key in less than a second on ordinary
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	851	hardware. Besides the cryptographic weaknesses, we exploit other weaknesses
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	852	in the protocol stack. A vulnerability in the computation of parity bits
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	853	allows an adversary to establish a side channel. Another vulnerability
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	854	regarding nested authentications provides enough plaintext for a speedy
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	855	known-plaintext attack.\hfill{}(a paper from 2009)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	856	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	857	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	858
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	859	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	860	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	861
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	862	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	863	\begin{frame}<1->[t]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	864	\frametitle{Another Example}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	865
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	866	In an email from Ross Anderson\bigskip\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	867
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	868	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	869	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	870	Sender: cl-security-research-bounces@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	871	To: cl-security-research@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	872	Subject: Birmingham case\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	873	Date: Tue, 13 Aug 2013 15:13:17 +0100\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	874	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	875
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	876
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	877	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	878	\begin{textblock}{12}(0.5,0.8)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	879	\begin{bubble}[11cm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	880	\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	881	As you may know, Volkswagen got an injunction against the University of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	882	Birmingham suppressing the publication of the design of a weak cipher
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	883	used in the remote key entry systems in its recent-model cars. The paper
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	884	is being given today at Usenix, minus the cipher design.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	885
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	886	I've been contacted by Birmingham University's lawyers who seek to prove
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	887	that the cipher can be easily obtained anyway. They are looking for a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	888	student who will download the firmware from any newish VW, disassemble
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	889	it and look for the cipher. They'd prefer this to be done by a student
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	890	rather than by a professor to emphasise how easy it is.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	891
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	892	Volkswagen's argument was that the Birmingham people had reversed a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	893	locksmithing tool produced by a company in Vietnam, and since their key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	894	fob chip is claimed to be tamper-resistant, this must have involved a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	895	corrupt insider at VW or at its supplier Thales. Birmingham's argument
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	896	is that this is nonsense as the cipher is easy to get hold of. Their
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	897	lawyers feel this argument would come better from an independent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	898	outsider.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	899
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	900	Let me know if you're interested in having a go, and I'll put you in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	901	touch
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	902
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	903	Ross
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	904	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	905	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	906
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	907	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	908	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	909
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	910	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	911	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	912	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	913
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	914
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	915	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	916
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	917	Passwords:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	918
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	919	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	920	\bl{$B \rightarrow A: K_{AB}$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	921	\end{center}\pause\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	922
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	923	Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	924	identity of \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	925
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	926	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	927	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	928
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	929	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	930	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	931	\frametitle{Authentication?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	932
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	933	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	934	\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	935	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	936
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	937	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	938	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	939
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	940	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	941	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	942	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	943
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	944	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	945
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	946	Simple Challenge Response:
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	947
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	948	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	949	\begin{tabular}{ll}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	950	\bl{$A \rightarrow B:$} & \bl{$N$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	951	\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	952	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	953	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	954
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	955
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	956	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	957	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	958
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	959	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	960	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	961	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	962
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	963	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	964
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	965	Mutual Challenge Response:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	966
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	967	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	968	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	969	\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	970	\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	971	\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	972	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	973	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	974
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	975	%\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	976	%An attacker \bl{$E$} can launch an impersonation attack by
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	977	%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	978	%own challenges.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	979
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	980	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	981	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	982
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	983	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	984	\begin{frame}[c]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	985	\frametitle{Nonces}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	986
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	987	\begin{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	988	\item I generate a nonce (random number) and send it to you encrypted with a key we share
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	989	\item you increase it by one, encrypt it under a key I know and send
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	990	it back to me
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	991	\end{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	992
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	993
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	994	I can infer:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	995
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	996	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	997	\item you must have received my message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	998	\item you could only have generated your answer after I send you my initial
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	999	message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1000	\item if only you and me know the key, the message must have come from you
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1001	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1002
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1003	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1004	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1005
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1006	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1007	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1008
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1009	\begin{center}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1010	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1011	\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1012	\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1013	\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1014	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1015	\end{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1016
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1017	The attack (let $A$ decrypt her own messages):
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1018
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1019	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1020	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1021	\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1022	\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1023	\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1024	\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1025	\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1026	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1027	\end{center}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1028
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1029	\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1030	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1031	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1032
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1033	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1034	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1035	\frametitle{Encryption to the Rescue?}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1036
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1037
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1038	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1039	\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1040	\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1041	\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1042	\end{itemize}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1043
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1044	means you need to send separate ``Hello'' signals (bad), or worse
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1045	share a single key between many entities
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1046	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1047	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1048
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1049	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1050	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1051	\frametitle{Protocol Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1052
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1053	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1054	\item replay attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1055	\item reflection attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1056	\item man-in-the-middle attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1057	\item timing attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1058	\item parallel session attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1059	\item binding attacks (public key protocols)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1060	\item changing environment / changing assumptions\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1061
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1062	\item (social engineering attacks)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1063	\end{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1064	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1065	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1066
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1067	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1068	\begin{frame}[c]
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1069	\frametitle{Public-Key Infrastructure}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1070
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1071	\begin{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1072	\item the idea is to have a certificate authority (CA)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1073	\item you go to the CA to identify yourself
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1074	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1075	\item CA must be trusted by everybody
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1076	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1077	explicitly limits liability to \$100.)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1078	\end{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1079
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1080	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1081	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1082
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1083	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1084	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1085	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1086
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1087	``Normal'' protocol run:\bigskip
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1088
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1089	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1090	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1091	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1092	\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1093	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1094	\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1095	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1096	\end{itemize}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1097
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1098	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1099	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1100
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1101	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1102	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1103	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1104
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1105	Attack:
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1106
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1107	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1108	\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1109	\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1110	\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1111	with its private key, re-encrypts with \bl{$B$}'s public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1112	\item similar for other direction
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1113	\end{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1114
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1115	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1116	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1117
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1118	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1119	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1120	\frametitle{Man-in-the-Middle}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1121
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1122	Potential Prevention?
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1123
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1124	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1125	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1126	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1127	\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1128	\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1129	\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1130	\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1131	\end{itemize}\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1132
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1133	%\bl{$C$} would have to invent a totally new message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1134	\alert{Under which circumstances does this protocol prevent
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1135	MiM-attacks, or does it?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1136
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1137	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1138	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1139
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1140	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1141	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1142	\frametitle{Car Transponder (HiTag2)}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1143
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1144	\begin{enumerate}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1145	\item \bl{$C$} generates a random number \bl{$N$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1146	\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1147	\item \bl{$C \to T$}: \bl{$N, F$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1148	\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1149	\item \bl{$T$} checks that \bl{$F = F'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1150	\item \bl{$T \to C$}: \bl{$N, G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1151	\item \bl{$C$} checks that \bl{$G = G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1152	\end{enumerate}\pause
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1153
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1154	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1155	This process means that the transponder believes the car knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1156	the key \bl{$K$}, and the car believes the transponder knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1157	the key \bl{$K$}. They have authenticated themselves
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1158	to each other, or have they?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1159
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1160	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1161	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1162
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1163	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1164	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1165
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1166	A Man-in-the-middle attack in real life:
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1167
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1168	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1169	\item the card only says yes to the terminal if the PIN is correct
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1170	\item trick the card in thinking transaction is verified by signature
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1171	\item trick the terminal in thinking the transaction was verified by PIN
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1172	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1173
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1174	\begin{minipage}{1.1\textwidth}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1175	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1176	\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1177	\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1178	\end{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1179	\end{minipage}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1180
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1181	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1182	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1183
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1184	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1185	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1186	\frametitle{Problems with EMV}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1187
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1188	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1189	\item it is a wrapper for many protocols
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1190	\item specification by consensus (resulted unmanageable complexity)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1191	\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1192	further parts are secret
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1193	\item other attacks have been found
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1194	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1195
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1196	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1197	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1198
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1199
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1200	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1201	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1202	\frametitle{Protocols are Difficult}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1203
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1204	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1205	\item even the systems designed by experts regularly fail\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1206	\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1207	\item the one who can fix a system should also be liable for the losses\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1208	\item cryptography is often not {\bf the} answer\bigskip\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1209	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1210
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1211	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1212	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1213
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1214	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1215	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1216	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1217
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1218	{\bf Principle 1:} Every message should say what it means: the interpretation of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1219	a message should not depend on the context.\bigskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1220
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1221	{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1222	to mention the principal’s name explicitly in the message (though difficult).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1223
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1224	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1225	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1226
43 de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1227	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1228	\begin{frame}[c]
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1229
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1230	{\bf Principle 3:} Be clear about why encryption is being
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1231	done. Encryption is not cheap, and not asking precisely why it is
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1232	being done can lead to redundancy. Encryption is not synonymous with
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1233	security.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1234
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1235	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1236	Possible Uses of Encryption
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1237
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1238	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1239	\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1240	\item Guarantee authenticity: The partner is indeed some particular principal.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1241	\item Guarantee confidentiality and authenticity: binds two parts of a message ---
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1242	\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1243	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1244	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1245
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1246	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1247	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1248
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1249	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1250	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1251	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1252
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1253	{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1254
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1255
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1256	Example Certification Authorities: CAs are trusted to certify a key only after proper steps
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1257	have been taken to identify the principal that owns it.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1258
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1259	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1260	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1261
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1262	\end{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1263
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1264	%%% Local Variables:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1265	%%% mode: latex
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1266	%%% TeX-master: t
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1267	%%% End:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1268

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 15 Oct 2015 02:29:18 +0100
changeset 408	9332d1e54360
parent 407	272dd46ff9b2
child 409	0c04ec017892
permissions	-rw-r--r--