sen-material: slides/slides04.tex@a7a7d6b0150b (annotated)

41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	2	\usepackage{../slides}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	3	\usepackage{../graphics}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	4	\usepackage{../langs}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usetikzlibrary{arrows}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usetikzlibrary{shapes}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	8	\setmonofont[Scale=.88]{Consolas}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	9	\newfontfamily{\consolas}{Consolas}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	11	\hfuzz=220pt
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	12
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	% beamer stuff
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	14	\renewcommand{\slidecaption}{SEN 04, King's College London}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	15	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	16
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\begin{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	20	\begin{frame}[t]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\frametitle{%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	\begin{tabular}{@ {}c@ {}}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\\
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	24	\LARGE Security Engineering (4)\\[-3mm]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	25	\end{tabular}}\bigskip\bigskip\bigskip
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	26
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	27	\normalsize
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\begin{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\begin{tabular}{ll}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	Email: & christian.urban at kcl.ac.uk\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	31	Office: & S1.27 (1st floor Strand Building)\\
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	32	Slides: & KEATS (also home work is there)\\
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	33	\end{tabular}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	\end{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	35
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	36	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	37	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	38
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	39	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	\begin{frame}[c]
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	41
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	42	\begin{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	43	\includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	44	last week: buffer overflow attacks
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	45	\end{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	46
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	47	\begin{itemize}
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	48	%\item no ``cheating'' needed for format string attacks
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	49	\item required some cheating on modern OS
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	50	\item the main point: no cheating in practice\pause
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	51	\item one class of attacks not mentioned last week
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	52	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	53
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	54	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	55	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	56
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	57	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	58	\begin{frame}[c]
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	59	\frametitle{Format String Vulnerability}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	60
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	61	\small
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	62	\texttt{string} is nowhere used:\bigskip
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	63
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	64	{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	65
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	66	this vulnerability can be used to read out the stack and even
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	67	modify it
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	68
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	69	\end{frame}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	70	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	71
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	72
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	73	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	74	\begin{frame}[c]
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	75	\frametitle{Case-In-Point: Android}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	76
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	77	\begin{itemize}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	78	\item a list of common Android vulnerabilities
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	79	(5 BOAs out of 35 vulnerabilities; all from 2013 and later):
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	80
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	81	\begin{center}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	82	\url{http://androidvulnerabilities.org/}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	83	\end{center}\bigskip
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	84
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	85	\item a paper that attempts to measure the security of Android phones:
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	86
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	87	\begin{quote}\small\it ``We find that on average 87.7\% of Android
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	88	devices are exposed to at least one of 11 known critical
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	89	vulnerabilities\ldots''
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	90	\end{quote}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	91
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	92	\begin{center}\small
411 542116a239cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 409 diff changeset	93	\makebox[0mm]
542116a239cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 409 diff changeset	94	{\url{https://www.cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf}}
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	95	\end{center}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	96	\end{itemize}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	97
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	98	\end{frame}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	99	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	100
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	101
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	102	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	103	%\begin{frame}[c]
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	104	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	105	%A student asked:
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	106	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	107	%\begin{bubble}[10cm]\small How do we implement BOAs? On a
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	108	%webpage login, for example Facebook, we can't do this.
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	109	%I am sure the script will stop us even before we reach the
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	110	%server. The
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	111	%script will not let us enter hexadecimal numbers where email
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	112	%or username is required and plus it will have a max length,
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	113	%like 32 characters only. In this case, what can we do, since
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	114	%the method you showed us wouldn't work?
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	115	%\end{bubble}\bigskip\bigskip\pause
411 542116a239cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 409 diff changeset	116
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	117	%\begin{itemize}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	118	%\item Facebook no
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	119	%\item printers, routers, cars, IoT etc likely\pause
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	120	%\item I do not want to teach you hacking, rather defending
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	121	%\end{itemize}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	122	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	123	%\end{frame}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	124	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	125
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	126	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	127	\begin{frame}[c]
407 272dd46ff9b2 added survey Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 406 diff changeset	128	\frametitle{Survey}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	129
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	130	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	131	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	132
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	133	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	134	%\begin{frame}[c]
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	135	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	136	%\begin{center}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	137	%\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	138	%last week: buffer overflow attacks
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	139	%\end{center}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	140	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	141	%\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	142	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	143
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	144	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	145	\begin{frame}[c]
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	146	\frametitle{\begin{tabular}{c}\LARGE Two General Counter\\[-1mm]
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	147	\LARGE Measures against BOAs etc\end{tabular}}
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	148
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	149	Both try to reduce the attack surface (trusted computing base):\bigskip
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	150
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	151	\begin{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	152	\item \alert{\bf unikernels} -- the idea is to not have
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	153	an operating system at all
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	154	\item all functionality of the server is implemented in a
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	155	single, stand-alone program
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	156	\item all functionality an operating system would normally
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	157	provide (network stack, file system) is available through
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	158	libraries
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	159	\item the best known unikernel is MirageOS using Ocaml
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	160	(\url{https://mirage.io})
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	161	\end{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	162
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	163	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	164	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	165
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	166
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	167	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	168	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	169	\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	170	Privilege Separation\end{tabular}}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	171
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	172
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	173	\begin{center}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	174	\begin{tikzpicture}[scale=1]
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	175
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	176	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	177	\draw (4.7,1) node {Internet};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	178	\draw (-2.7,1.7) node {\footnotesize Application};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	179	\draw (0.6,1.7) node {\footnotesize Interface};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	180	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	181	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	182
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	183	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	184
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	185	\draw[white] (1.7,1) node (X) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	186	\draw[white] (3.7,1) node (Y) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	187	\draw[red, <->, line width = 2mm] (X) -- (Y);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	188
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	189	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	190	\end{tikzpicture}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	191	\end{center}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	192
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	193	\begin{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	194	\item the idea is make the attack surface smaller and mitigate the
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	195	consequences of an attack
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	196	\end{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	197	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	198	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	199
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	200	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	201	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	202	\frametitle{Access Control in Unix}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	203
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	204	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	205	\item access control provided by the OS
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	206	\item authenticate principals
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	207	\item mediate access to files, ports, processes etc according to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	208	\alert{roles} (user ids)\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	209	\item roles get attached with privileges (some special roles: root)\bigskip\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	210
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	211	\hspace{8mm}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	212	\begin{bubble}[8cm]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	213	\alert{\bf principle of least privilege:}\\
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	214	users and programs should only have as much privilege as they need to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	215	accomplish a task
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	216	\end{bubble}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	217	\end{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	218
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	219	\end{frame}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	220	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	221
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	222	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	223	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	224	\frametitle{Access Control in Unix (2)}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	225
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	226
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	227	\begin{itemize}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	228	\item privileges are specified by file access permissions (``everything is a file'')\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	229	\item there are 9 (plus 2) bits that specify the permissions of a file
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	230	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	231
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	232	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	233	${\underbrace{\LARGE\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	234	\;{\underbrace{\LARGE\texttt{r{}-{}-}}_{\text{user}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	235	{\underbrace{\LARGE\texttt{r{}w{}-}}_{\text{group}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	236	{\underbrace{\LARGE\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	237	\LARGE\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	238	\end{center}
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	239
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	240	\end{frame}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	241	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	242
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	243
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	244	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	245	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	246	\frametitle{Unix-Style Access Control}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	247	\small
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	248
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	249	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	250	\item
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	251	Q: ``I am using Windows. Why should I care?'' \\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	252	A: In Windows you have similar AC:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	253
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	254	\begin{center}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	255	\begin{tabular}{l}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	256	administrators group\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	257	\hspace{5mm}(has complete control over the machine)\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	258	authenticated users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	259	server operators\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	260	power users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	261	network configuration operators
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	262	\end{tabular}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	263	\end{center}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	264
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	265	\item Modern versions of Windows have more fine-grained AC than Unix;
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	266	they do not have a setuid bit, but have \texttt{runas} (asks for a
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	267	password).\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	268
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	269	\item OS-provided access control can \alert{\bf add} to your security.
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	270	(defence in depth)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	271	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	272
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	273	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	274	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	275
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	276	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	277	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	278	\frametitle{Weaknesses of Unix AC}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	279
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	280	Not just restricted to Unix:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	281
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	282	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	283	\item if you have too many roles (i.e.~too finegrained AC), then
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	284	hierarchy is too complex\\ \textcolor{gray}{you invite situations
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	285	like\ldots let's be root}\bigskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	286
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	287	\item you can still abuse the system\ldots
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	288	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	289
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	290	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	291	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	292
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	293	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	294	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	295	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	296
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	297	The idea is to trick a privileged person to do something on your
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	298	behalf:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	299
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	300	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	301	\item root:\\\texttt{rm /tmp//}\bigskip\bigskip\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	302
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	303	\footnotesize
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	304	\begin{minipage}{1.1\textwidth}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	305	\textcolor{gray}{the shell behind the scenes:}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	306	\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	307
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	308	\textcolor{gray}{this takes time}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	309	\end{minipage}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	310	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	311
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	312	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	313	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	314
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	315	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	316	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	317	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	318
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	319	\begin{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	320	\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	321	\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	322	\item root \textcolor{gray}{(does the daily cleaning)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	323	\texttt{rm /tmp//}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	324	\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	325	\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	326
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	327	\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	328	the real passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	329	\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	330	\item root now deletes the real passwd file
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	331	\end{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	332
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	333	\only<2>{
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	334	\begin{textblock}{11}(2,5)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	335	\begin{bubble}[8cm]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	336	\normalsize To prevent this kind of attack, you need additional
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	337	policies (don't do such operations as root).
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	338	\end{bubble}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	339	\end{textblock}}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	340
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	341	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	342	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	343
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	344	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	345	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	346	\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	347	in Unix\end{tabular}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	348
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	349
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	350	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	351	\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	352	\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	353	\item \texttt{mkdir foo} is owned by root\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	354	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	355	\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	356	\end{center}\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	357	it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	358	\end{itemize}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	359
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	360	\only<4->{
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	361	\begin{textblock}{1}(3,7)
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	362	\begin{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	363	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	364	{\begin{minipage}{8cm}
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	365	Only failure makes us experts.\\
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	366	\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH)
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	367	\end{minipage}};
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	368	\end{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	369	\end{textblock}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	370
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	371	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	372	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	373
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	374	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	375	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	376	\frametitle{Subtleties}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	377
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	378	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	379	\item<1-> Can Bob write \pcode{file}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	380	\item<2-> What if Bob is member of \pcode{staff}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	381	\end{itemize}\bigskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	382
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	383	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	384	${\underbrace{\Large\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	385	\;{\underbrace{\Large\texttt{r{}-{}-}}_{\text{user}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	386	{\underbrace{\Large\texttt{r{}w{}-}}_{\text{group}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	387	{\underbrace{\Large\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	388	\Large\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	389	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	390
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	391	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	392	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	393
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	394	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	395	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	396	\frametitle{Login Processes}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	397
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	398
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	399	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	400	\item login processes run under UID $=$ \pcode{0}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	401	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	402	\texttt{ps -axl \| grep login}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	403	\end{center}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	404
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	405	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	406	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	407	\texttt{id cu}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	408	\end{center}\medskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	409
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	410	\item non-root users are not allowed to change the UID --- would break
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	411	access control
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	412	\item but needed for example for accessing \texttt{passwd}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	413	\end{itemize}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	414
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	415	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	416	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	417
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	418	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	419	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	420	\frametitle{Setuid and Setgid}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	421
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	422	The solution is that Unix file permissions are 9 + \underline{2 Bits}:
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	423	\alert{\bf Setuid} and \alert{\bf Setgid} bits
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	424
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	425	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	426	\item When a file with setuid is executed, the resulting process will
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	427	assume the UID given to the \underline{owner} of the file.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	428	\item This enables users to create processes as root (or another
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	429	user).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	430
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	431	\item Essential for changing passwords, for example.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	432	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	433
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	434	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	435	\texttt{chmod 4755 fobar\_file}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	436	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	437
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	438	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	439	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	440
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	441	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	442	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	443	\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	444
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	445	\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	446
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	447
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	448	\begin{center}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	449	\begin{tabular}{@{\hspace{-24mm}}ll}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	450	members of group staff: & ping, bob, emma\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	451	members of group students: & emma\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	452	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	453	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	454
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	455	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	456	\begin{tabular}{@{\hspace{-7mm}}r\|c\|c\|c\|c\|c@{}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	457	& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	458	ping & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	459	bob & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	460	emma & & & & &\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	461	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	462	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	463
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	464	\end{frame}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	465	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	466
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	467	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	468	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	469	\frametitle{\Large Discretionary Access Control}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	470
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	471	\small
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	472	\begin{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	473	\item Access to objects (files, directories, devices, etc.) is
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	474	permitted based on user identity. Each object is owned by a
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	475	user. Owners can specify freely (at their discretion) how they want to
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	476	share their objects with other users, by specifying which other users
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	477	can have which form of access to their objects.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	478
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	479	\item Discretionary access control is implemented on any modern multi-user
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	480	OS (Unix, Windows NT, etc.).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	481	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	482
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	483	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	484	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	485
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	486	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	487	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	488	\frametitle{\Large Mandatory Access Control}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	489
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	490	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	491	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	492	\item Access to objects is controlled by a system-wide policy, for
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	493	example to prevent certain flows of information. In some forms, the
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	494	system maintains security labels for both objects and subjects
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	495	(processes, users) based on which access is granted or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	496	denied. Labels can change as the result of an access. Security
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	497	policies are enforced without the cooperation of users or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	498	programs.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	499
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	500	\item This is implemented in banking or military operating system
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	501	versions (SELinux).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	502	\item A simple example: Air Gap Security. Uses a completely separate network
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	503	and computer hardware for different application classes (Bin Laden, Bruce Schneier had
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	504	airgaps).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	505	\item What do we want to protect: Secrecy or Integrity?
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	506	\end{itemize}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	507
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	508	\end{frame}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	509	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	510
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	511
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	512	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	513	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	514	\frametitle{The Bell-LaPadula Model}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	515	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	516
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	517	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	518	\item Formal policy model for mandatory access control in a military
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	519	multi-level security environment. All subjects (processes, users,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	520	terminals, files, windows, connections) are labeled
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	521	with a confidentiality level, e.g.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	522	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	523	unclassified < confidential < secret < top secret
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	524	\end{center}\medskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	525
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	526	\item The system policy automatically prevents the flow of information
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	527	from high-level objects to lower levels. A process that reads top
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	528	secret data becomes tagged as top secret by the operating system, as
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	529	will be all files into which it writes afterwards.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	530	%Each user has a maximum allowed confidentiality level specified and
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	531	%cannot receive data beyond that level. A selected set of trusted
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	532	%subjects is allowed to bypass the restrictions, in order to permit
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	533	%the declassification of information.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	534	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	535
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	536	\end{frame}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	537	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	538
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	539	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	540	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	541	\frametitle{Bell-LaPadula}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	542	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	543
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	544	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	545	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	546	\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	547	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	548	\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	549
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	550	%\item Meta-Rule: All principals in a system should have a sufficiently high security level
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	551	%in order to access an object.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	552	\end{itemize}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	553
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	554	This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	555
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	556	Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	557
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	558	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	559	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	560
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	561	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	562	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	563	\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	564
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	565	\begin{bubble}[10cm]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	566	A principal should have as few privileges as possible to access a resource.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	567	\end{bubble}\bigskip\bigskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	568	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	569
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	570	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	571	\item Bob ($T\!S$) and Alice ($S$) want to communicate
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	572	\item[] $\Rightarrow$ Bob should lower his security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	573	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	574
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	575	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	576	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	577
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	578	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	579	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	580	\frametitle{Biba Policy}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	581	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	582
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	583	Data Integrity (rather than data secrecy)
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	584
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	585	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	586	\item Biba: {\bf `no read down'} - {\bf `no write up'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	587	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	588	\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	589	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	590	\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	591	\end{itemize}\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	592
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	593	E.g.~Firewalls: you can read from inside the firewall, but not from outside\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	594	Phishing: you can look at an approved PDF, but not one from a random email\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	595
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	596	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	597	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	598
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	599	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	600	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	601	\frametitle{Security Levels (2)}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	602
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	603	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	604	\item Bell-La Padula preserves data secrecy, but not data
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	605	integrity\bigskip\pause
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	606
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	607	\item Biba model is for data integrity
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	608
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	609	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	610	\item read: your own level and above
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	611	\item write: your own level and below
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	612	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	613	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	614
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	615	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	616	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	617
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	618	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	619	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	620	\frametitle{Shared Access Control}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	621
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	622	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	623	\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	624	\end{center}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	625
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	626	\begin{textblock}{11}(10.5,10.5)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	627	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	628	To take an action you\\[-1mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	629	need at least either:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	630	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	631	\item 1 CEO\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	632	\item 2 MDs, or\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	633	\item 3 Ds
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	634	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	635	\end{textblock}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	636
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	637	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	638	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	639
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	640	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	641	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	642	\frametitle{\Large Lessons from Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	643
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	644	Not just restricted to Unix:
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	645
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	646	\begin{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	647	\item if you have too many roles (i.e.~too finegrained AC), then
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	648	hierarchy is too complex\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	649	\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	650
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	651	\item you can still abuse the system\ldots
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	652	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	653
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	654	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	655	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	656
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	657	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	658	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	659	\frametitle{Protocols}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	660
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	661	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	662	\includegraphics[scale=0.11]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	663	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	664	\includegraphics[scale=0.3025]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	665	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	666
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	667	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	668	\item Other examples: Wifi, Http-request, TCP-request,
409 0c04ec017892 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 408 diff changeset	669	card readers, RFID (passports)\ldots\medskip\pause
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	670
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	671	\item The point is that we cannot control the network: An attacker
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	672	can install a packet sniffer, inject packets, modify packets,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	673	replay messages\ldots{}fake pretty much everything.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	674	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	675
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	676	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	677	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	678
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	679	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	680	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	681	\frametitle{Keyless Car Transponders}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	682
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	683	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	684	\includegraphics[scale=0.1]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	685	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	686	\includegraphics[scale=0.27]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	687	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	688
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	689	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	690	\item There are two security mechanisms: one remote central
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	691	locking system and one passive RFID tag (engine immobiliser).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	692	\item How can I get in? How can thieves be kept out?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	693	How to avoid MITM attacks?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	694	\end{itemize}\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	695
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	696	\footnotesize
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	697	\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	698	\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	699	\hfill a Vehicle Immobilizer
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	700
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	701	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	702	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	703
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	704	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	705	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	706	\frametitle{HTTPS / GSM}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	707
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	708	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	709	\includegraphics[scale=0.25]{../pics/barclays.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	710	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	711	\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	712	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	713
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	714	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	715	\item I am sitting at Starbuck. How can I be sure I am really
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	716	visiting Barclays? I have no control of the access
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	717	point.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	718	\item How can I achieve that a secret key is established in
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	719	order to encrypt my mobile conversation? I have no
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	720	control over the access points.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	721	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	722
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	723	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	724	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 411 diff changeset	725
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	726	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	727	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	728	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	729
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	730	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	731	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	732	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	733	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	734
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	735	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	736	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	737	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	738	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	739	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	740	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	741	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	742	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	743	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	744	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	745	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	746	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	747	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	748	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	749	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	750	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	751
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	752	\only<2>{
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	753	\begin{textblock}{3}(11,5)
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	754	\begin{bubble}[3.2cm]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	755	SYNflood attacks:\medskip\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	756	\includegraphics[scale=0.4]{../pics/synflood.png}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	757	\end{bubble}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	758	\end{textblock}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	759
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	760	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	761	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	762
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	763	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	764	\begin{frame}[t]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	765	\frametitle{Protocols}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	766
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	767	\mbox{}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	768
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	769	\begin{tabular}{l}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	770	{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	771	\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	772	\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	773	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	774
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	775	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	776	\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	777	but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	778	\item<2-> indicates one ``protocol run'', or session, which specifies some
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	779	order in the communication
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	780	\item<2-> there can be several sessions in parallel (think of wifi routers)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	781	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	782
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	783	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	784	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	785
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	786	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	787	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	788	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	789
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	790	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	791	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	792	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	793	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	794
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	795	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	796	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	797	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	798	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	799	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	800	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	801	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	802	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	803	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	804	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	805	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	806	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	807	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	808	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	809	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	810	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	811
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	812	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	813	\begin{tabular}{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	814	\bl{$A \rightarrow S$}: & \bl{SYN}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	815	\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	816	\bl{$A \rightarrow S$}: & \bl{ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	817	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	818	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	819
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	820	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	821	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	822
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	823	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	824	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	825	\frametitle{\Large Cryptographic Protocol Failures}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	826
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	827	Ross Anderson and Roger Needham wrote:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	828
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	829	\begin{quote}\rm
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	830	A lot of the recorded frauds were the result of this kind of
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	831	blunder, or from management negligence pure and simple.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	832	\alert{However,
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	833	there have been a significant number of cases where the designers
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	834	protected the right things, used cryptographic algorithms which were
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	835	not broken, and yet found that their systems were still successfully
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	836	attacked.}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	837	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	838
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	839	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	840	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	841
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	842	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	843	\begin{frame}<1-3>[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	844	\frametitle{Oyster Cards}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	845
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	846	\includegraphics[scale=0.4]{../pics/oysterc.jpg}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	847
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	848	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	849	\item good example of a bad protocol\\ (security by obscurity)\bigskip
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	850	\item<3-> {\it``Breaching security on Oyster cards should not
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	851	allow unauthorised use for more than a day, as TfL promises to turn
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	852	off any cloned cards within 24 hours\ldots''}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	853	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	854
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	855	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	856	\begin{textblock}{12}(0.5,0.5)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	857	\begin{bubble}[11cm]\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	858	{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	859
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	860	The Mifare Classic is the most widely used contactless smartcard on the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	861	market. The stream cipher CRYPTO1 used by the Classic has recently been
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	862	reverse engineered and serious attacks have been proposed. The most serious
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	863	of them retrieves a secret key in under a second. In order to clone a card,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	864	previously proposed attacks require that the adversary either has access to
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	865	an eavesdropped communication session or executes a message-by-message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	866	man-in-the-middle attack between the victim and a legitimate
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	867	reader. Although this is already disastrous from a cryptographic point of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	868	view, system integrators maintain that these attacks cannot be performed
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	869	undetected.\smallskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	870
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	871	This paper proposes four attacks that can be executed by an adversary having
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	872	only wireless access to just a card (and not to a legitimate reader). The
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	873	most serious of them recovers a secret key in less than a second on ordinary
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	874	hardware. Besides the cryptographic weaknesses, we exploit other weaknesses
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	875	in the protocol stack. A vulnerability in the computation of parity bits
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	876	allows an adversary to establish a side channel. Another vulnerability
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	877	regarding nested authentications provides enough plaintext for a speedy
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	878	known-plaintext attack.\hfill{}(a paper from 2009)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	879	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	880	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	881
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	882	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	883	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	884
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	885	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	886	\begin{frame}<1->[t]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	887	\frametitle{Another Example}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	888
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	889	In an email from Ross Anderson\bigskip\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	890
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	891	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	892	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	893	Sender: cl-security-research-bounces@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	894	To: cl-security-research@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	895	Subject: Birmingham case\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	896	Date: Tue, 13 Aug 2013 15:13:17 +0100\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	897	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	898
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	899
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	900	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	901	\begin{textblock}{12}(0.5,0.8)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	902	\begin{bubble}[11cm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	903	\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	904	As you may know, Volkswagen got an injunction against the University of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	905	Birmingham suppressing the publication of the design of a weak cipher
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	906	used in the remote key entry systems in its recent-model cars. The paper
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	907	is being given today at Usenix, minus the cipher design.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	908
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	909	I've been contacted by Birmingham University's lawyers who seek to prove
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	910	that the cipher can be easily obtained anyway. They are looking for a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	911	student who will download the firmware from any newish VW, disassemble
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	912	it and look for the cipher. They'd prefer this to be done by a student
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	913	rather than by a professor to emphasise how easy it is.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	914
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	915	Volkswagen's argument was that the Birmingham people had reversed a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	916	locksmithing tool produced by a company in Vietnam, and since their key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	917	fob chip is claimed to be tamper-resistant, this must have involved a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	918	corrupt insider at VW or at its supplier Thales. Birmingham's argument
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	919	is that this is nonsense as the cipher is easy to get hold of. Their
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	920	lawyers feel this argument would come better from an independent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	921	outsider.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	922
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	923	Let me know if you're interested in having a go, and I'll put you in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	924	touch
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	925
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	926	Ross
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	927	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	928	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	929
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	930	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	931	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	932
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	933	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	934	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	935	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	936
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	937
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	938	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	939
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	940	Passwords:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	941
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	942	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	943	\bl{$B \rightarrow A: K_{AB}$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	944	\end{center}\pause\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	945
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	946	Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	947	identity of \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	948
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	949	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	950	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	951
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	952	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	953	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	954	\frametitle{Authentication?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	955
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	956	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	957	\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	958	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	959
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	960	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	961	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	962
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	963	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	964	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	965	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	966
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	967	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	968
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	969	Simple Challenge Response:
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	970
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	971	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	972	\begin{tabular}{ll}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	973	\bl{$A \rightarrow B:$} & \bl{$N$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	974	\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	975	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	976	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	977
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	978
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	979	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	980	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	981
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	982	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	983	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	984	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	985
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	986	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	987
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	988	Mutual Challenge Response:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	989
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	990	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	991	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	992	\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	993	\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	994	\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	995	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	996	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	997
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	998	%\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	999	%An attacker \bl{$E$} can launch an impersonation attack by
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1000	%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1001	%own challenges.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1002
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1003	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1004	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1005
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1006	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1007	\begin{frame}[c]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1008	\frametitle{Nonces}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1009
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1010	\begin{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1011	\item I generate a nonce (random number) and send it to you encrypted with a key we share
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1012	\item you increase it by one, encrypt it under a key I know and send
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1013	it back to me
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1014	\end{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1015
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1016
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1017	I can infer:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1018
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1019	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1020	\item you must have received my message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1021	\item you could only have generated your answer after I send you my initial
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1022	message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1023	\item if only you and me know the key, the message must have come from you
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1024	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1025
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1026	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1027	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1028
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1029	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1030	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1031
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1032	\begin{center}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1033	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1034	\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1035	\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1036	\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1037	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1038	\end{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1039
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1040	The attack (let $A$ decrypt her own messages):
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1041
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1042	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1043	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1044	\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1045	\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1046	\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1047	\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1048	\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1049	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1050	\end{center}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1051
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1052	\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1053	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1054	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1055
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1056	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1057	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1058	\frametitle{Encryption to the Rescue?}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1059
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1060
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1061	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1062	\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1063	\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1064	\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1065	\end{itemize}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1066
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1067	means you need to send separate ``Hello'' signals (bad), or worse
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1068	share a single key between many entities
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1069	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1070	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1071
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1072	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1073	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1074	\frametitle{Protocol Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1075
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1076	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1077	\item replay attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1078	\item reflection attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1079	\item man-in-the-middle attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1080	\item timing attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1081	\item parallel session attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1082	\item binding attacks (public key protocols)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1083	\item changing environment / changing assumptions\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1084
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1085	\item (social engineering attacks)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1086	\end{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1087	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1088	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1089
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1090	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1091	\begin{frame}[c]
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1092	\frametitle{Public-Key Infrastructure}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1093
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1094	\begin{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1095	\item the idea is to have a certificate authority (CA)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1096	\item you go to the CA to identify yourself
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1097	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1098	\item CA must be trusted by everybody
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1099	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1100	explicitly limits liability to \$100.)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1101	\end{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1102
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1103	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1104	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1105
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1106	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1107	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1108	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1109
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1110	``Normal'' protocol run:\bigskip
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1111
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1112	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1113	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1114	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1115	\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1116	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1117	\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1118	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1119	\end{itemize}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1120
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1121	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1122	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1123
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1124	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1125	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1126	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1127
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1128	Attack:
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1129
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1130	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1131	\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1132	\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1133	\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1134	with its private key, re-encrypts with \bl{$B$}'s public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1135	\item similar for other direction
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1136	\end{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1137
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1138	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1139	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1140
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1141	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1142	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1143	\frametitle{Man-in-the-Middle}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1144
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1145	Potential Prevention?
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1146
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1147	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1148	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1149	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1150	\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1151	\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1152	\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1153	\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1154	\end{itemize}\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1155
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1156	%\bl{$C$} would have to invent a totally new message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1157	\alert{Under which circumstances does this protocol prevent
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1158	MiM-attacks, or does it?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1159
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1160	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1161	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1162
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1163	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1164	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1165	\frametitle{Car Transponder (HiTag2)}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1166
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1167	\begin{enumerate}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1168	\item \bl{$C$} generates a random number \bl{$N$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1169	\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1170	\item \bl{$C \to T$}: \bl{$N, F$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1171	\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1172	\item \bl{$T$} checks that \bl{$F = F'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1173	\item \bl{$T \to C$}: \bl{$N, G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1174	\item \bl{$C$} checks that \bl{$G = G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1175	\end{enumerate}\pause
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1176
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1177	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1178	This process means that the transponder believes the car knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1179	the key \bl{$K$}, and the car believes the transponder knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1180	the key \bl{$K$}. They have authenticated themselves
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1181	to each other, or have they?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1182
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1183	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1184	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1185
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1186	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1187	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1188
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1189	A Man-in-the-middle attack in real life:
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1190
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1191	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1192	\item the card only says yes to the terminal if the PIN is correct
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1193	\item trick the card in thinking transaction is verified by signature
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1194	\item trick the terminal in thinking the transaction was verified by PIN
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1195	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1196
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1197	\begin{minipage}{1.1\textwidth}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1198	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1199	\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1200	\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1201	\end{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1202	\end{minipage}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1203
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1204	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1205	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1206
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1207	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1208	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1209	\frametitle{Problems with EMV}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1210
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1211	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1212	\item it is a wrapper for many protocols
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1213	\item specification by consensus (resulted unmanageable complexity)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1214	\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1215	further parts are secret
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1216	\item other attacks have been found
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1217	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1218
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1219	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1220	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1221
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1222
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1223	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1224	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1225	\frametitle{Protocols are Difficult}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1226
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1227	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1228	\item even the systems designed by experts regularly fail\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1229	\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1230	\item the one who can fix a system should also be liable for the losses\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1231	\item cryptography is often not {\bf the} answer\bigskip\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1232	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1233
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1234	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1235	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1236
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1237	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1238	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1239	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1240
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1241	{\bf Principle 1:} Every message should say what it means: the interpretation of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1242	a message should not depend on the context.\bigskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1243
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1244	{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1245	to mention the principal’s name explicitly in the message (though difficult).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1246
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1247	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1248	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1249
43 de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1250	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1251	\begin{frame}[c]
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1252
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1253	{\bf Principle 3:} Be clear about why encryption is being
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1254	done. Encryption is not cheap, and not asking precisely why it is
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1255	being done can lead to redundancy. Encryption is not synonymous with
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1256	security.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1257
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1258	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1259	Possible Uses of Encryption
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1260
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1261	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1262	\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1263	\item Guarantee authenticity: The partner is indeed some particular principal.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1264	\item Guarantee confidentiality and authenticity: binds two parts of a message ---
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1265	\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1266	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1267	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1268
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1269	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1270	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1271
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1272	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1273	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1274	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1275
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1276	{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1277
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1278
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1279	Example Certification Authorities: CAs are trusted to certify a key only after proper steps
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1280	have been taken to identify the principal that owns it.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1281
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1282	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1283	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1284
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1285	\end{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1286
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1287	%%% Local Variables:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1288	%%% mode: latex
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1289	%%% TeX-master: t
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1290	%%% End:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1291

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Wed, 19 Oct 2016 00:32:38 +0100
changeset 481	a7a7d6b0150b
parent 415	56bc53ba7c5b
child 483	337a8f5cb1ad
permissions	-rw-r--r--