| author | cu |
| Wed, 18 Oct 2017 14:38:25 +0100 | |
| changeset 552 | c1e9a435e16f |
| parent 548 | ac3e4ea33627 |
| permissions | -rw-r--r-- |
| 41 | 1 |
\documentclass[dvipsnames,14pt,t]{beamer}
|
| 548 | 2 |
\usepackage{../style}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
3 |
\usepackage{../slides}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
4 |
\usepackage{../graphics}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
5 |
\usepackage{../langs}
|
| 41 | 6 |
\usetikzlibrary{arrows}
|
7 |
\usetikzlibrary{shapes}
|
|
8 |
||
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
9 |
\setmonofont[Scale=.88]{Consolas}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
10 |
\newfontfamily{\consolas}{Consolas}
|
| 41 | 11 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
12 |
\hfuzz=220pt |
| 41 | 13 |
|
14 |
% beamer stuff |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
252
diff
changeset
|
15 |
\renewcommand{\slidecaption}{SEN 04, King's College London}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
16 |
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
|
| 41 | 17 |
|
18 |
\begin{document}
|
|
19 |
||
20 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
21 |
\begin{frame}[t]
|
| 41 | 22 |
\frametitle{%
|
23 |
\begin{tabular}{@ {}c@ {}}
|
|
24 |
\\ |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
252
diff
changeset
|
25 |
\LARGE Security Engineering (4)\\[-3mm] |
| 41 | 26 |
\end{tabular}}\bigskip\bigskip\bigskip
|
27 |
||
28 |
\normalsize |
|
29 |
\begin{center}
|
|
30 |
\begin{tabular}{ll}
|
|
31 |
Email: & christian.urban at kcl.ac.uk\\ |
|
| 518 | 32 |
Office: & N7.07 (North Wing, Bush House)\\ |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
33 |
Slides: & KEATS (also home work is there)\\ |
| 41 | 34 |
\end{tabular}
|
35 |
\end{center}
|
|
36 |
||
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
37 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
38 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 41 | 39 |
|
40 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
41 |
\begin{frame}[c]
|
|
|
404
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
42 |
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
43 |
\begin{center}
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
44 |
\includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
45 |
last week: buffer overflow attacks |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
46 |
\end{center}
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
47 |
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
48 |
\begin{itemize}
|
| 548 | 49 |
\item this required some cheating on a modern OS |
50 |
\item but the main point: no cheating needed in practice |
|
51 |
(remember the quote about toasters) |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
52 |
\end{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
53 |
|
|
404
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
54 |
\end{frame}
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
55 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
56 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
57 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
58 |
\begin{frame}[c]
|
|
408
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
59 |
\frametitle{Case-In-Point: Android}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
60 |
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
61 |
\begin{itemize}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
62 |
\item a list of common Android vulnerabilities |
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
63 |
(5 BOAs out of 35 vulnerabilities; all from 2013 and later): |
|
408
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
64 |
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
65 |
\begin{center}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
66 |
\url{http://androidvulnerabilities.org/}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
67 |
\end{center}\bigskip
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
68 |
|
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
69 |
\item a paper that attempts to measure the security of Android phones: |
|
408
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
70 |
|
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
71 |
\begin{quote}\small\it ``We find that on average 87.7\% of Android
|
|
408
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
72 |
devices are exposed to at least one of 11 known critical |
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
73 |
vulnerabilities\ldots'' |
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
74 |
\end{quote}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
75 |
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
76 |
\begin{center}\small
|
|
411
542116a239cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
409
diff
changeset
|
77 |
\makebox[0mm] |
|
542116a239cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
409
diff
changeset
|
78 |
{\url{https://www.cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf}}
|
|
408
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
79 |
\end{center}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
80 |
\end{itemize}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
81 |
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
82 |
\end{frame}
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
83 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
84 |
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
85 |
|
|
9332d1e54360
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
407
diff
changeset
|
86 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
87 |
%\begin{frame}[c]
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
88 |
% |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
89 |
%A student asked: |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
90 |
% |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
91 |
%\begin{bubble}[10cm]\small How do we implement BOAs? On a
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
92 |
%webpage login, for example Facebook, we can't do this. |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
93 |
%I am sure the script will stop us even before we reach the |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
94 |
%server. The |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
95 |
%script will not let us enter hexadecimal numbers where email |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
96 |
%or username is required and plus it will have a max length, |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
97 |
%like 32 characters only. In this case, what can we do, since |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
98 |
%the method you showed us wouldn't work? |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
99 |
%\end{bubble}\bigskip\bigskip\pause
|
|
411
542116a239cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
409
diff
changeset
|
100 |
|
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
101 |
%\begin{itemize}
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
102 |
%\item Facebook no |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
103 |
%\item printers, routers, cars, IoT etc likely\pause |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
104 |
%\item I do not want to teach you hacking, rather defending |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
105 |
%\end{itemize}
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
106 |
% |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
107 |
%\end{frame}
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
108 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
404
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
109 |
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
110 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
111 |
\begin{frame}[c]
|
| 548 | 112 |
\frametitle{Survey at KEATS}
|
113 |
||
114 |
\begin{center}
|
|
115 |
\alert{\bf\LARGE Thanks!}
|
|
116 |
\end{center}
|
|
117 |
||
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
118 |
\end{frame}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
119 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
120 |
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
121 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
122 |
%\begin{frame}[c]
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
123 |
% |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
124 |
%\begin{center}
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
125 |
%\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
126 |
%last week: buffer overflow attacks |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
127 |
%\end{center}
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
128 |
% |
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
129 |
%\end{frame}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
130 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
131 |
|
|
404
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
132 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
133 |
\begin{frame}[c]
|
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
134 |
\frametitle{\begin{tabular}{c}\LARGE Two General Counter\\[-1mm]
|
|
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
135 |
\LARGE Measures against BOAs etc\end{tabular}}
|
|
404
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
136 |
|
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
137 |
Both try to reduce the attack surface (trusted computing base):\bigskip |
|
404
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
138 |
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
139 |
\begin{itemize}
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
140 |
\item \alert{\bf unikernels} -- the idea is to not have
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
141 |
an operating system at all |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
142 |
\item all functionality of the server is implemented in a |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
143 |
single, stand-alone program |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
144 |
\item all functionality an operating system would normally |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
145 |
provide (network stack, file system) is available through |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
146 |
libraries |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
147 |
\item the best known unikernel is MirageOS using Ocaml |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
148 |
(\url{https://mirage.io})
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
149 |
\end{itemize}
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
150 |
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
151 |
\end{frame}
|
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
152 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4e3bc09748f7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
391
diff
changeset
|
153 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
154 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
155 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
156 |
\begin{frame}[c]
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
157 |
\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm]
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
158 |
Privilege Separation\end{tabular}}
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
159 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
160 |
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
161 |
\begin{center}
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
162 |
\begin{tikzpicture}[scale=1]
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
163 |
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
164 |
\draw[line width=1mm] (-.3, 0) rectangle (1.5,2); |
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
165 |
\draw (4.7,1) node {Internet};
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
166 |
\draw (-2.7,1.7) node {\footnotesize Application};
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
167 |
\draw (0.6,1.7) node {\footnotesize Interface};
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
168 |
\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
169 |
\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
170 |
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
171 |
\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
172 |
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
173 |
\draw[white] (1.7,1) node (X) {};
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
174 |
\draw[white] (3.7,1) node (Y) {};
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
175 |
\draw[red, <->, line width = 2mm] (X) -- (Y); |
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
176 |
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
177 |
\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); |
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
178 |
\end{tikzpicture}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
179 |
\end{center}
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
180 |
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
181 |
\begin{itemize}
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
182 |
\item the idea is make the attack surface smaller and mitigate the |
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
183 |
consequences of an attack |
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
184 |
\end{itemize}
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
185 |
\end{frame}
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
186 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
187 |
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
188 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
189 |
\begin{frame}[c]
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
190 |
\frametitle{Access Control in Unix}
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
191 |
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
192 |
\begin{itemize}
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
193 |
\item access control provided by the OS |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
194 |
\item authenticate principals |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
195 |
\item mediate access to files, ports, processes etc according to |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
196 |
\alert{roles} (user ids)\\
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
197 |
\item roles get attached with privileges (some special roles: root)\bigskip\\ |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
198 |
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
199 |
\hspace{8mm}
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
200 |
\begin{bubble}[8cm]
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
201 |
\alert{\bf principle of least privilege:}\\
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
202 |
users and programs should only have as much privilege as they need to |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
203 |
accomplish a task |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
204 |
\end{bubble}
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
205 |
\end{itemize}
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
206 |
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
207 |
\end{frame}
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
208 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
209 |
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
210 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
211 |
\begin{frame}[c]
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
212 |
\frametitle{Access Control in Unix (2)}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
213 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
214 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
215 |
\begin{itemize}
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
216 |
\item privileges are specified by file access permissions (``everything is a file'')\medskip |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
217 |
\item there are 9 (plus 2) bits that specify the permissions of a file |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
218 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
219 |
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
220 |
\begin{center}
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
221 |
${\underbrace{\LARGE\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
222 |
\;{\underbrace{\LARGE\texttt{r{}-{}-}}_{\text{user}}}\,
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
223 |
{\underbrace{\LARGE\texttt{r{}w{}-}}_{\text{group}}}\,
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
224 |
{\underbrace{\LARGE\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
225 |
\LARGE\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
|
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
226 |
\end{center}
|
|
388
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
227 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
228 |
\end{frame}
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
229 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
230 |
|
|
388
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
231 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
232 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
233 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
234 |
\frametitle{Unix-Style Access Control}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
235 |
\small |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
236 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
237 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
238 |
\item |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
239 |
Q: ``I am using Windows. Why should I care?'' \\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
240 |
A: In Windows you have similar AC: |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
241 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
242 |
\begin{center}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
243 |
\begin{tabular}{l}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
244 |
administrators group\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
245 |
\hspace{5mm}(has complete control over the machine)\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
246 |
authenticated users\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
247 |
server operators\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
248 |
power users\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
249 |
network configuration operators |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
250 |
\end{tabular}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
251 |
\end{center}\medskip
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
252 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
253 |
\item Modern versions of Windows have more fine-grained AC than Unix; |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
254 |
they do not have a setuid bit, but have \texttt{runas} (asks for a
|
| 548 | 255 |
password).%\pause |
|
388
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
256 |
|
| 548 | 257 |
%\item OS-provided access control can \alert{\bf add} to your security.
|
258 |
% (defence in depth) |
|
|
388
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
259 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
260 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
261 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
262 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
263 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
264 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
265 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
266 |
\frametitle{Weaknesses of Unix AC}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
267 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
268 |
Not just restricted to Unix: |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
269 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
270 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
271 |
\item if you have too many roles (i.e.~too finegrained AC), then |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
272 |
hierarchy is too complex\\ \textcolor{gray}{you invite situations
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
273 |
like\ldots let's be root}\bigskip |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
274 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
275 |
\item you can still abuse the system\ldots |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
276 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
277 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
278 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
279 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
280 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
281 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
282 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
283 |
\frametitle{A ``Cron''-Attack}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
284 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
285 |
The idea is to trick a privileged person to do something on your |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
286 |
behalf: |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
287 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
288 |
\begin{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
289 |
\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
290 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
291 |
\footnotesize |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
292 |
\begin{minipage}{1.1\textwidth}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
293 |
\textcolor{gray}{the shell behind the scenes:}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
294 |
\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
295 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
296 |
\textcolor{gray}{this takes time}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
297 |
\end{minipage}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
298 |
\end{itemize}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
299 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
300 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
301 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
302 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
303 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
304 |
\begin{frame}[c]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
305 |
\frametitle{A ``Cron''-Attack}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
306 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
307 |
\begin{enumerate}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
308 |
\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
309 |
\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
310 |
\item root \textcolor{gray}{(does the daily cleaning)}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
311 |
\texttt{rm /tmp/*/*}\medskip\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
312 |
\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
313 |
\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
314 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
315 |
\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
316 |
the real passwd file)}\\ |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
317 |
\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
318 |
\item root now deletes the real passwd file |
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
319 |
\end{enumerate}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
320 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
321 |
\only<2>{
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
322 |
\begin{textblock}{11}(2,5)
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
323 |
\begin{bubble}[8cm]
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
324 |
\normalsize To prevent this kind of attack, you need additional |
| 548 | 325 |
policies (for example don't do such operations as root). |
|
388
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
326 |
\end{bubble}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
327 |
\end{textblock}}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
328 |
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
329 |
\end{frame}
|
|
770b58a7d754
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
330 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
331 |
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
332 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 548 | 333 |
%\begin{frame}[c]
|
334 |
%\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm]
|
|
335 |
%in Unix\end{tabular}}
|
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
336 |
|
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
337 |
|
| 548 | 338 |
%\begin{itemize}
|
339 |
%\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
|
|
340 |
%\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause |
|
341 |
%\item \texttt{mkdir foo} is owned by root\medskip
|
|
342 |
%\begin{center}
|
|
343 |
%\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
|
|
344 |
%\end{center}\medskip
|
|
345 |
%it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
|
|
346 |
%\end{itemize}
|
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
347 |
|
| 548 | 348 |
%\only<4->{
|
349 |
%\begin{textblock}{1}(3,7)
|
|
350 |
%\begin{tikzpicture}
|
|
351 |
%\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
|
352 |
%{\begin{minipage}{8cm}
|
|
353 |
%Only failure makes us experts.\\ |
|
354 |
%\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH) |
|
355 |
%\end{minipage}};
|
|
356 |
%\end{tikzpicture}
|
|
357 |
%\end{textblock}}
|
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
358 |
|
| 548 | 359 |
%\end{frame}
|
|
391
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
360 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a612dd3ddc81
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
388
diff
changeset
|
361 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
362 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
363 |
\begin{frame}[c]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
364 |
\frametitle{Subtleties}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
365 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
366 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
367 |
\item<1-> Can Bob write \pcode{file}?
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
368 |
\item<2-> What if Bob is member of \pcode{staff}?
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
369 |
\end{itemize}\bigskip
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
370 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
371 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
372 |
${\underbrace{\Large\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
373 |
\;{\underbrace{\Large\texttt{r{}-{}-}}_{\text{user}}}\,
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
374 |
{\underbrace{\Large\texttt{r{}w{}-}}_{\text{group}}}\,
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
375 |
{\underbrace{\Large\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
376 |
\Large\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
377 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
378 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
379 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
380 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
381 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
382 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
383 |
\begin{frame}[c]
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
384 |
\frametitle{Login Processes}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
385 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
386 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
387 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
388 |
\item login processes run under UID $=$ \pcode{0}\medskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
389 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
390 |
\texttt{ps -axl | grep login}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
391 |
\end{center}\medskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
392 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
393 |
\item after login, shells run under UID $=$ user (e.g.~501)\medskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
394 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
395 |
\texttt{id cu}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
396 |
\end{center}\medskip\pause
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
397 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
398 |
\item non-root users are not allowed to change the UID --- would break |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
399 |
access control |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
400 |
\item but needed for example for accessing \texttt{passwd}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
401 |
\end{itemize}
|
| 41 | 402 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
403 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
404 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
405 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
406 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
407 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
408 |
\frametitle{Setuid and Setgid}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
409 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
410 |
The solution is that Unix file permissions are 9 + \underline{2 Bits}:
|
|
405
6a54ee8b74c3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
404
diff
changeset
|
411 |
\alert{\bf Setuid} and \alert{\bf Setgid} bits
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
412 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
413 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
414 |
\item When a file with setuid is executed, the resulting process will |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
415 |
assume the UID given to the \underline{owner} of the file.
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
416 |
\item This enables users to create processes as root (or another |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
417 |
user).\bigskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
418 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
419 |
\item Essential for changing passwords, for example. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
420 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
421 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
422 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
423 |
\texttt{chmod 4755 fobar\_file}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
424 |
\end{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
425 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
426 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
427 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
428 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
429 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 548 | 430 |
%\begin{frame}[c]
|
431 |
%\small |
|
432 |
% |
|
433 |
%\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
|
|
434 |
% |
|
435 |
% |
|
436 |
%\begin{center}
|
|
437 |
%\begin{tabular}{@{\hspace{-24mm}}ll}
|
|
438 |
%members of group staff: & ping, bob, emma\\ |
|
439 |
%members of group students: & emma\\ |
|
440 |
%\end{tabular}
|
|
441 |
%\end{center}
|
|
442 |
% |
|
443 |
%\begin{center}
|
|
444 |
%\begin{tabular}{@{\hspace{-7mm}}r|c|c|c|c|c@{}}
|
|
445 |
% & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline |
|
446 |
%ping & & & & &\\\hline |
|
447 |
%bob & & & & &\\\hline |
|
448 |
%emma & & & & &\\ |
|
449 |
%\end{tabular}
|
|
450 |
%\end{center}
|
|
451 |
% |
|
452 |
%\end{frame}
|
|
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
453 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
454 |
|
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
455 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
456 |
\begin{frame}[c]
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
457 |
\frametitle{\Large Discretionary Access Control}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
458 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
459 |
\small |
| 41 | 460 |
\begin{itemize}
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
461 |
\item Access to objects (files, directories, devices, etc.) is |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
462 |
permitted based on user identity. Each object is owned by a |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
463 |
user. Owners can specify freely (at their discretion) how they want to |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
464 |
share their objects with other users, by specifying which other users |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
465 |
can have which form of access to their objects.\medskip |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
466 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
467 |
\item Discretionary access control is implemented on any modern multi-user |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
468 |
OS (Unix, Windows NT, etc.). |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
469 |
\end{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
470 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
471 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
472 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 41 | 473 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
474 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
475 |
\begin{frame}[c]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
476 |
\frametitle{\Large Mandatory Access Control}
|
| 41 | 477 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
478 |
\small |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
479 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
480 |
\item Access to objects is controlled by a system-wide policy, for |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
481 |
example to prevent certain flows of information. In some forms, the |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
482 |
system maintains security labels for both objects and subjects |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
483 |
(processes, users) based on which access is granted or |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
484 |
denied. Labels can change as the result of an access. Security |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
485 |
policies are enforced without the cooperation of users or |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
486 |
programs.\medskip |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
487 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
488 |
\item This is implemented in banking or military operating system |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
489 |
versions (SELinux).\pause |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
490 |
\item A simple example: Air Gap Security. Uses a completely separate network |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
491 |
and computer hardware for different application classes (Bin Laden, Bruce Schneier had |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
492 |
airgaps).\pause |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
493 |
\item What do we want to protect: Secrecy or Integrity? |
| 41 | 494 |
\end{itemize}
|
495 |
||
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
496 |
\end{frame}
|
| 41 | 497 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
498 |
||
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
499 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
500 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
501 |
\begin{frame}[c]
|
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
502 |
\frametitle{The Bell-LaPadula Model}
|
|
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
503 |
\small |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
504 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
505 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
506 |
\item Formal policy model for mandatory access control in a military |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
507 |
multi-level security environment. All subjects (processes, users, |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
508 |
terminals, files, windows, connections) are labeled |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
509 |
with a confidentiality level, e.g. |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
510 |
\begin{center}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
511 |
unclassified < confidential < secret < top secret |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
512 |
\end{center}\medskip
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
513 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
514 |
\item The system policy automatically prevents the flow of information |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
515 |
from high-level objects to lower levels. A process that reads top |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
516 |
secret data becomes tagged as top secret by the operating system, as |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
517 |
will be all files into which it writes afterwards. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
518 |
%Each user has a maximum allowed confidentiality level specified and |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
519 |
%cannot receive data beyond that level. A selected set of trusted |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
520 |
%subjects is allowed to bypass the restrictions, in order to permit |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
521 |
%the declassification of information. |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
522 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
523 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
524 |
\end{frame}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
525 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
526 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
527 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
528 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
529 |
\frametitle{Bell-LaPadula}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
530 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
531 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
532 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
533 |
\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
534 |
\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
535 |
\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
536 |
\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
537 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
538 |
%\item Meta-Rule: All principals in a system should have a sufficiently high security level |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
539 |
%in order to access an object. |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
540 |
\end{itemize}\bigskip
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
541 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
542 |
This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
543 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
544 |
Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
545 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
546 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
547 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
548 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
549 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
550 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
551 |
\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
552 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
553 |
\begin{bubble}[10cm]
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
554 |
A principal should have as few privileges as possible to access a resource. |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
555 |
\end{bubble}\bigskip\bigskip
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
556 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
557 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
558 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
559 |
\item Bob ($T\!S$) and Alice ($S$) want to communicate |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
560 |
\item[] $\Rightarrow$ Bob should lower his security level |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
561 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
562 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
563 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
564 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
565 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
566 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
567 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
568 |
\frametitle{Biba Policy}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
569 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
570 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
571 |
Data Integrity (rather than data secrecy) |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
572 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
573 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
574 |
\item Biba: {\bf `no read down'} - {\bf `no write up'}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
575 |
\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
576 |
\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
577 |
\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
578 |
\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
579 |
\end{itemize}\bigskip\bigskip\pause
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
580 |
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
581 |
E.g.~Firewalls: you can read from inside the firewall, but not from outside\\ |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
582 |
Phishing: you can look at an approved PDF, but not one from a random email\\ |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
583 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
584 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
585 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
586 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
587 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
588 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
589 |
\frametitle{Security Levels (2)}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
590 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
591 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
592 |
\item Bell-La Padula preserves data secrecy, but not data |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
593 |
integrity\bigskip\pause |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
594 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
595 |
\item Biba model is for data integrity |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
596 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
597 |
\begin{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
598 |
\item read: your own level and above |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
599 |
\item write: your own level and below |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
600 |
\end{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
601 |
\end{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
602 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
603 |
\end{frame}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
604 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
605 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
606 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
607 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
608 |
\frametitle{Shared Access Control}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
609 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
610 |
\begin{center}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
611 |
\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
612 |
\end{center}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
613 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
614 |
\begin{textblock}{11}(10.5,10.5)
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
615 |
\small |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
616 |
To take an action you\\[-1mm] |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
617 |
need at least either: |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
618 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
619 |
\item 1 CEO\\[-5mm] |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
620 |
\item 2 MDs, or\\[-5mm] |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
621 |
\item 3 Ds |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
622 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
623 |
\end{textblock}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
624 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
625 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
626 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
117
59d3bf386a6d
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
627 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
628 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
629 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
630 |
\frametitle{\Large Lessons from Access Control}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
631 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
632 |
Not just restricted to Unix: |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
633 |
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
634 |
\begin{itemize}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
635 |
\item if you have too many roles (i.e.~too finegrained AC), then |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
636 |
hierarchy is too complex\\ |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
637 |
\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
638 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
639 |
\item you can still abuse the system\ldots |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
640 |
\end{itemize}
|
|
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
641 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
642 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
643 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
644 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
645 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
646 |
\begin{frame}[c]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
647 |
\frametitle{Protocols}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
648 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
649 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
650 |
\includegraphics[scale=0.11]{../pics/keyfob.jpg}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
651 |
\quad |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
652 |
\includegraphics[scale=0.3025]{../pics/startstop.jpg}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
653 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
654 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
655 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
656 |
\item Other examples: Wifi, Http-request, TCP-request, |
|
409
0c04ec017892
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
408
diff
changeset
|
657 |
card readers, RFID (passports)\ldots\medskip\pause |
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
658 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
659 |
\item The point is that we cannot control the network: An attacker |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
660 |
can install a packet sniffer, inject packets, modify packets, |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
661 |
replay messages\ldots{}fake pretty much everything.
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
662 |
\end{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
663 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
664 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
665 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
666 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
667 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
668 |
\begin{frame}[c]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
669 |
\frametitle{Keyless Car Transponders}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
670 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
671 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
672 |
\includegraphics[scale=0.1]{../pics/keyfob.jpg}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
673 |
\quad |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
674 |
\includegraphics[scale=0.27]{../pics/startstop.jpg}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
675 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
676 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
677 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
678 |
\item There are two security mechanisms: one remote central |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
679 |
locking system and one passive RFID tag (engine immobiliser). |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
680 |
\item How can I get in? How can thieves be kept out? |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
681 |
How to avoid MITM attacks? |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
682 |
\end{itemize}\medskip
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
683 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
684 |
\footnotesize |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
685 |
\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\ |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
686 |
\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\ |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
687 |
\hfill a Vehicle Immobilizer |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
688 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
689 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
690 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
691 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
692 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
693 |
\begin{frame}[c]
|
| 548 | 694 |
\frametitle{Problems with Key Fobs}
|
695 |
||
696 |
\begin{columns}
|
|
697 |
\begin{column}[T]{4cm}
|
|
698 |
\includegraphics[scale=0.4]{../pics/car-standard.jpg}
|
|
699 |
\end{column}
|
|
700 |
||
701 |
\begin{column}[T]{6cm}\small
|
|
702 |
Circumventing the ignition protection: |
|
703 |
||
704 |
\begin{itemize}
|
|
705 |
\item either dismantling Megamos crypto, |
|
706 |
\item or use the diagnostic port to program |
|
707 |
blank keys |
|
708 |
\end{itemize}
|
|
709 |
||
710 |
\hspace{14mm}
|
|
711 |
\includegraphics[scale=0.16]{../pics/Dismantling_Megamos_Crypto.png}
|
|
712 |
\end{column}
|
|
713 |
\end{columns}
|
|
714 |
||
715 |
\end{frame}
|
|
716 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
717 |
||
718 |
||
719 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
720 |
\begin{frame}[c]
|
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
721 |
\frametitle{HTTPS / GSM}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
722 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
723 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
724 |
\includegraphics[scale=0.25]{../pics/barclays.jpg}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
725 |
\quad |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
726 |
\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
727 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
728 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
729 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
730 |
\item I am sitting at Starbuck. How can I be sure I am really |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
731 |
visiting Barclays? I have no control of the access |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
732 |
point. |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
733 |
\item How can I achieve that a secret key is established in |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
734 |
order to encrypt my mobile conversation? I have no |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
735 |
control over the access points. |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
736 |
\end{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
737 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
738 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
739 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
411
diff
changeset
|
740 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
741 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
742 |
\begin{frame}[c]
|
| 548 | 743 |
\frametitle{G20 Summit in 2009}
|
744 |
||
745 |
\begin{center}
|
|
746 |
\includegraphics[scale=0.1]{../pics/snowden.jpg}
|
|
747 |
\end{center}
|
|
748 |
||
749 |
\small |
|
750 |
\begin{itemize}
|
|
751 |
\item Snowden documents reveal ``that during the G20 |
|
752 |
meetings\dots{}GCHQ used
|
|
753 |
`ground-breaking intelligence capabilities' to intercept |
|
754 |
the communications of visiting delegations. This |
|
755 |
included setting up internet cafes where they used an |
|
756 |
email interception program and key-logging software to |
|
757 |
spy on delegates' use of computers\ldots'' |
|
758 |
||
759 |
\item ``The G20 spying appears to have been organised for the |
|
760 |
more mundane purpose of securing an advantage in |
|
761 |
meetings.'' |
|
762 |
\end{itemize}
|
|
763 |
||
764 |
\end{frame}
|
|
765 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
766 |
||
767 |
||
768 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
769 |
\begin{frame}[c]
|
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
770 |
\frametitle{Handshakes}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
771 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
772 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
773 |
\item starting a TCP connection between a client and a server |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
774 |
initiates the following three-way handshake protocol: |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
775 |
\end{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
776 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
777 |
\begin{columns}[t]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
778 |
\begin{column}{5cm}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
779 |
\begin{minipage}[t]{4cm}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
780 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
781 |
\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
782 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
783 |
\end{minipage}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
784 |
\end{column}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
785 |
\begin{column}{5cm}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
786 |
\begin{tabular}[t]{rl}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
787 |
Alice: & Hello server!\\ |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
788 |
Server: & I heard you\\ |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
789 |
Alice: & Thanks |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
790 |
\end{tabular}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
791 |
\end{column}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
792 |
\end{columns}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
793 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
794 |
\only<2>{
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
795 |
\begin{textblock}{3}(11,5)
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
796 |
\begin{bubble}[3.2cm]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
797 |
SYNflood attacks:\medskip\\ |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
798 |
\includegraphics[scale=0.4]{../pics/synflood.png}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
799 |
\end{bubble}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
800 |
\end{textblock}}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
801 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
802 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
803 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
804 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
805 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
806 |
\begin{frame}[t]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
807 |
\frametitle{Protocols}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
808 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
809 |
\mbox{}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
810 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
811 |
\begin{tabular}{l}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
812 |
{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
813 |
\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
814 |
\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
815 |
\end{tabular}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
816 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
817 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
818 |
\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
819 |
but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
820 |
\item<2-> indicates one ``protocol run'', or session, which specifies some |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
821 |
order in the communication |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
822 |
\item<2-> there can be several sessions in parallel (think of wifi routers) |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
823 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
824 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
825 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
826 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
827 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
828 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
829 |
\begin{frame}[c]
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
830 |
\frametitle{Handshakes}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
831 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
832 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
833 |
\item starting a TCP connection between a client and a server |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
834 |
initiates the following three-way handshake protocol: |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
835 |
\end{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
836 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
837 |
\begin{columns}[t]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
838 |
\begin{column}{5cm}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
839 |
\begin{minipage}[t]{4cm}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
840 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
841 |
\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
842 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
843 |
\end{minipage}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
844 |
\end{column}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
845 |
\begin{column}{5cm}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
846 |
\begin{tabular}[t]{rl}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
847 |
Alice: & Hello server!\\ |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
848 |
Server: & I heard you\\ |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
849 |
Alice: & Thanks |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
850 |
\end{tabular}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
851 |
\end{column}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
852 |
\end{columns}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
853 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
854 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
855 |
\begin{tabular}{rl}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
856 |
\bl{$A \rightarrow S$}: & \bl{SYN}\\
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
857 |
\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
858 |
\bl{$A \rightarrow S$}: & \bl{ACK}\\
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
859 |
\end{tabular}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
860 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
861 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
862 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
863 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
864 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
865 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
866 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
867 |
\frametitle{\Large Cryptographic Protocol Failures}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
868 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
869 |
Ross Anderson and Roger Needham wrote:\bigskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
870 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
871 |
\begin{quote}\rm
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
872 |
A lot of the recorded frauds were the result of this kind of |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
873 |
blunder, or from management negligence pure and simple. |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
874 |
\alert{However,
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
875 |
there have been a significant number of cases where the designers |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
876 |
protected the right things, used cryptographic algorithms which were |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
877 |
not broken, and yet found that their systems were still successfully |
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
878 |
attacked.} |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
879 |
\end{quote}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
880 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
881 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
882 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
883 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
884 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
885 |
\begin{frame}<1-3>[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
886 |
\frametitle{Oyster Cards}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
887 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
888 |
\includegraphics[scale=0.4]{../pics/oysterc.jpg}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
889 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
890 |
\begin{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
891 |
\item good example of a bad protocol\\ (security by obscurity)\bigskip |
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
892 |
\item<3-> {\it``Breaching security on Oyster cards should not
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
893 |
allow unauthorised use for more than a day, as TfL promises to turn |
|
481
a7a7d6b0150b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
894 |
off any cloned cards within 24 hours\ldots''} |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
895 |
\end{itemize}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
896 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
897 |
\only<2>{
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
898 |
\begin{textblock}{12}(0.5,0.5)
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
899 |
\begin{bubble}[11cm]\footnotesize
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
900 |
{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
901 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
902 |
The Mifare Classic is the most widely used contactless smartcard on the |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
903 |
market. The stream cipher CRYPTO1 used by the Classic has recently been |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
904 |
reverse engineered and serious attacks have been proposed. The most serious |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
905 |
of them retrieves a secret key in under a second. In order to clone a card, |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
906 |
previously proposed attacks require that the adversary either has access to |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
907 |
an eavesdropped communication session or executes a message-by-message |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
908 |
man-in-the-middle attack between the victim and a legitimate |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
909 |
reader. Although this is already disastrous from a cryptographic point of |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
910 |
view, system integrators maintain that these attacks cannot be performed |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
911 |
undetected.\smallskip |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
912 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
913 |
This paper proposes four attacks that can be executed by an adversary having |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
914 |
only wireless access to just a card (and not to a legitimate reader). The |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
915 |
most serious of them recovers a secret key in less than a second on ordinary |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
916 |
hardware. Besides the cryptographic weaknesses, we exploit other weaknesses |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
917 |
in the protocol stack. A vulnerability in the computation of parity bits |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
918 |
allows an adversary to establish a side channel. Another vulnerability |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
919 |
regarding nested authentications provides enough plaintext for a speedy |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
920 |
known-plaintext attack.\hfill{}(a paper from 2009)
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
921 |
\end{bubble}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
922 |
\end{textblock}}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
923 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
924 |
\end{frame}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
925 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
926 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
927 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 548 | 928 |
% \begin{frame}<1->[t]
|
929 |
% \frametitle{Another Example}
|
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
930 |
|
| 548 | 931 |
% In an email from Ross Anderson\bigskip\small |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
932 |
|
| 548 | 933 |
% \begin{tabular}{l}
|
934 |
% From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\ |
|
935 |
% Sender: cl-security-research-bounces@lists.cam.ac.uk\\ |
|
936 |
% To: cl-security-research@lists.cam.ac.uk\\ |
|
937 |
% Subject: Birmingham case\\ |
|
938 |
% Date: Tue, 13 Aug 2013 15:13:17 +0100\\ |
|
939 |
% \end{tabular}
|
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
940 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
941 |
|
| 548 | 942 |
% \only<2>{
|
943 |
% \begin{textblock}{12}(0.5,0.8)
|
|
944 |
% \begin{bubble}[11cm]
|
|
945 |
% \footnotesize |
|
946 |
% As you may know, Volkswagen got an injunction against the University of |
|
947 |
% Birmingham suppressing the publication of the design of a weak cipher |
|
948 |
% used in the remote key entry systems in its recent-model cars. The paper |
|
949 |
% is being given today at Usenix, minus the cipher design.\medskip |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
950 |
|
| 548 | 951 |
% I've been contacted by Birmingham University's lawyers who seek to prove |
952 |
% that the cipher can be easily obtained anyway. They are looking for a |
|
953 |
% student who will download the firmware from any newish VW, disassemble |
|
954 |
% it and look for the cipher. They'd prefer this to be done by a student |
|
955 |
% rather than by a professor to emphasise how easy it is.\medskip |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
956 |
|
| 548 | 957 |
% Volkswagen's argument was that the Birmingham people had reversed a |
958 |
% locksmithing tool produced by a company in Vietnam, and since their key |
|
959 |
% fob chip is claimed to be tamper-resistant, this must have involved a |
|
960 |
% corrupt insider at VW or at its supplier Thales. Birmingham's argument |
|
961 |
% is that this is nonsense as the cipher is easy to get hold of. Their |
|
962 |
% lawyers feel this argument would come better from an independent |
|
963 |
% outsider.\medskip |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
964 |
|
| 548 | 965 |
% Let me know if you're interested in having a go, and I'll put you in |
966 |
% touch |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
967 |
|
| 548 | 968 |
% Ross |
969 |
% \end{bubble}
|
|
970 |
% \end{textblock}}
|
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
971 |
|
| 548 | 972 |
% \end{frame}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
973 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
974 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
975 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
243
dd94cbf9eba7
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
241
diff
changeset
|
976 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
977 |
\frametitle{Authentication Protocols}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
978 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
979 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
980 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
981 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
982 |
Passwords: |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
983 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
984 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
985 |
\bl{$B \rightarrow A: K_{AB}$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
986 |
\end{center}\pause\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
987 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
988 |
Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
989 |
identity of \bl{$B$}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
990 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
991 |
\end{frame}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
992 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
993 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
994 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
995 |
\begin{frame}[c]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
996 |
\frametitle{Authentication?}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
997 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
998 |
\begin{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
999 |
\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1000 |
\end{center}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1001 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1002 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1003 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1004 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1005 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1006 |
\begin{frame}[c]
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1007 |
\frametitle{Authentication Protocols}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1008 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1009 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1010 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1011 |
Simple Challenge Response: |
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1012 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1013 |
\begin{center}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1014 |
\begin{tabular}{ll}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1015 |
\bl{$A \rightarrow B:$} & \bl{$N$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1016 |
\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1017 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1018 |
\end{center}
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1019 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1020 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1021 |
\end{frame}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1022 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1023 |
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1024 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1025 |
\begin{frame}[c]
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1026 |
\frametitle{Authentication Protocols}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1027 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1028 |
Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1029 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1030 |
Mutual Challenge Response: |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1031 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1032 |
\begin{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1033 |
\begin{tabular}{ll}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1034 |
\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1035 |
\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1036 |
\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1037 |
\end{tabular}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1038 |
\end{center}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1039 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1040 |
%\pause |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1041 |
%An attacker \bl{$E$} can launch an impersonation attack by
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1042 |
%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1043 |
%own challenges. |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1044 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1045 |
\end{frame}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1046 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1047 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1048 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1049 |
\begin{frame}[c]
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1050 |
\frametitle{Nonces}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1051 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1052 |
\begin{enumerate}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1053 |
\item I generate a nonce (random number) and send it to you encrypted with a key we share |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1054 |
\item you increase it by one, encrypt it under a key I know and send |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1055 |
it back to me |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1056 |
\end{enumerate}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1057 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1058 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1059 |
I can infer: |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1060 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1061 |
\begin{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1062 |
\item you must have received my message |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1063 |
\item you could only have generated your answer after I send you my initial |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1064 |
message |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1065 |
\item if only you and me know the key, the message must have come from you |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1066 |
\end{itemize}
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1067 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1068 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1069 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1070 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1071 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1072 |
\begin{frame}[c]
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1073 |
|
|
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1074 |
\begin{center}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1075 |
\begin{tabular}{ll}
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1076 |
\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1077 |
\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1078 |
\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1079 |
\end{tabular}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1080 |
\end{center}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1081 |
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1082 |
The attack (let $A$ decrypt her own messages): |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1083 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1084 |
\begin{center}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1085 |
\begin{tabular}{ll}
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1086 |
\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1087 |
\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1088 |
\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1089 |
\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
|
|
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1090 |
\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1091 |
\end{tabular}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1092 |
\end{center}\pause
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1093 |
|
|
244
9fc6ec22ad82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
1094 |
\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1095 |
\end{frame}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1096 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1097 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1098 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1099 |
\begin{frame}[c]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1100 |
\frametitle{Encryption to the Rescue?}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1101 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1102 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1103 |
\begin{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1104 |
\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1105 |
\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1106 |
\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1107 |
\end{itemize}\pause
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1108 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1109 |
means you need to send separate ``Hello'' signals (bad), or worse |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1110 |
share a single key between many entities |
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1111 |
\end{frame}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1112 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1113 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1114 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1115 |
\begin{frame}[c]
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1116 |
\frametitle{Protocol Attacks}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1117 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1118 |
\begin{itemize}
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1119 |
\item replay attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1120 |
\item reflection attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1121 |
\item man-in-the-middle attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1122 |
\item timing attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1123 |
\item parallel session attacks |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1124 |
\item binding attacks (public key protocols) |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1125 |
\item changing environment / changing assumptions\bigskip |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1126 |
|
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1127 |
\item (social engineering attacks) |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1128 |
\end{itemize}
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1129 |
\end{frame}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1130 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1131 |
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1132 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1133 |
\begin{frame}[c]
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1134 |
\frametitle{Public-Key Infrastructure}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1135 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1136 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1137 |
\item the idea is to have a certificate authority (CA) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1138 |
\item you go to the CA to identify yourself |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1139 |
\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1140 |
\item CA must be trusted by everybody |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1141 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1142 |
explicitly limits liability to \$100.) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1143 |
\end{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
244
diff
changeset
|
1144 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1145 |
\end{frame}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1146 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1147 |
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1148 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1149 |
\begin{frame}[c]
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1150 |
\frametitle{Man-in-the-Middle}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1151 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1152 |
``Normal'' protocol run:\bigskip |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1153 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1154 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1155 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1156 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1157 |
\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1158 |
with its private key |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1159 |
\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1160 |
with its private key |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1161 |
\end{itemize}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1162 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1163 |
\end{frame}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1164 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1165 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1166 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1167 |
\begin{frame}[c]
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1168 |
\frametitle{Man-in-the-Middle}
|
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1169 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1170 |
Attack: |
|
119
0cea882f03c7
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
118
diff
changeset
|
1171 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1172 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1173 |
\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1174 |
\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1175 |
\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1176 |
with its private key, re-encrypts with \bl{$B$}'s public key
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1177 |
\item similar for other direction |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1178 |
\end{itemize}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1179 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1180 |
\end{frame}
|
|
118
a42bbdfe5dd9
more slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
117
diff
changeset
|
1181 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1182 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1183 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1184 |
\begin{frame}[c]
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1185 |
\frametitle{Man-in-the-Middle}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1186 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1187 |
Potential Prevention? |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1188 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1189 |
\begin{itemize}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1190 |
\item \bl{$A$} sends public key to \bl{$B$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1191 |
\item \bl{$B$} sends public key to \bl{$A$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1192 |
\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1193 |
\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1194 |
\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1195 |
\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1196 |
\end{itemize}\pause
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1197 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1198 |
%\bl{$C$} would have to invent a totally new message
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1199 |
\alert{Under which circumstances does this protocol prevent
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1200 |
MiM-attacks, or does it?} |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1201 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1202 |
\end{frame}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1203 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1204 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1205 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1206 |
\begin{frame}[c]
|
| 548 | 1207 |
\frametitle{Splitting Messages}
|
1208 |
||
1209 |
\begin{center}
|
|
1210 |
$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\bl{\{A,m\}_{K^{pub}_B}}}$
|
|
1211 |
\end{center}
|
|
1212 |
||
1213 |
\begin{center}
|
|
1214 |
$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{\bl{H_1}}$\quad
|
|
1215 |
$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{\bl{H_2}}$
|
|
1216 |
\end{center}
|
|
1217 |
||
1218 |
\begin{itemize}
|
|
1219 |
\item you can also use the even and odd bytes |
|
1220 |
\item the point is you cannot decrypt the halves, even if you |
|
1221 |
have the key |
|
1222 |
\end{itemize}
|
|
1223 |
||
1224 |
||
1225 |
\end{frame}
|
|
1226 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1227 |
||
1228 |
||
1229 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1230 |
\begin{frame}[c]
|
|
1231 |
||
1232 |
\begin{center}
|
|
1233 |
\begin{tabular}{l@{\hspace{9mm}}l}
|
|
1234 |
\begin{tabular}[t]{@{}l@{}}
|
|
1235 |
\bl{$A \to C : K^{pub}_A$}\\
|
|
1236 |
\bl{$C \to B : K^{pub}_C$}\\
|
|
1237 |
\bl{$B \to C : K^{pub}_B$}\\
|
|
1238 |
\bl{$C \to A : K^{pub}_C$}\medskip\\
|
|
1239 |
\bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\
|
|
1240 |
\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\
|
|
1241 |
\bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\
|
|
1242 |
\bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$}
|
|
1243 |
\end{tabular} &
|
|
1244 |
\begin{tabular}[t]{@{}l@{}}
|
|
1245 |
\bl{$A \to C : H_1$}\\
|
|
1246 |
\bl{$C \to B : C_1$}\\
|
|
1247 |
\bl{$B \to C : \{C_1, M_1\}_{K^{pub}_C}$}\\
|
|
1248 |
\bl{$C \to A : \{H_1, D_1\}_{K^{pub}_A}$}\\
|
|
1249 |
\bl{$A \to C : \{H_2, D_1\}_{K^{pub}_C}$}\\
|
|
1250 |
\bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\
|
|
1251 |
\bl{$B \to C : M_2$}\\
|
|
1252 |
\bl{$C \to A : D_2$}
|
|
1253 |
\end{tabular}
|
|
1254 |
\end{tabular}
|
|
1255 |
\end{center}\pause
|
|
1256 |
||
1257 |
\footnotesize |
|
1258 |
\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the
|
|
1259 |
weather today in London? |
|
1260 |
||
1261 |
\end{frame}
|
|
1262 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1263 |
||
1264 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1265 |
\begin{frame}[c]
|
|
1266 |
||
1267 |
\begin{itemize}
|
|
1268 |
\item you have to ask something that cannot be imitated |
|
1269 |
(requires \bl{$A$} and \bl{$B$} know each other)
|
|
1270 |
\item what happens if \bl{$m$} and \bl{$m'$} are voice
|
|
1271 |
messages?\bigskip\pause |
|
1272 |
||
1273 |
\item So \bl{$C$} can either leave the communication unchanged,
|
|
1274 |
or invent a complete new conversation |
|
1275 |
||
1276 |
\end{itemize}
|
|
1277 |
||
1278 |
\end{frame}
|
|
1279 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1280 |
||
1281 |
||
1282 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1283 |
\begin{frame}[c]
|
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1284 |
\frametitle{Car Transponder (HiTag2)}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1285 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1286 |
\begin{enumerate}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1287 |
\item \bl{$C$} generates a random number \bl{$N$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1288 |
\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1289 |
\item \bl{$C \to T$}: \bl{$N, F$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1290 |
\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1291 |
\item \bl{$T$} checks that \bl{$F = F'$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1292 |
\item \bl{$T \to C$}: \bl{$N, G'$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1293 |
\item \bl{$C$} checks that \bl{$G = G'$}
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1294 |
\end{enumerate}\pause
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1295 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1296 |
\small |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1297 |
This process means that the transponder believes the car knows |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1298 |
the key \bl{$K$}, and the car believes the transponder knows
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1299 |
the key \bl{$K$}. They have authenticated themselves
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1300 |
to each other, or have they? |
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1301 |
|
|
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1302 |
\end{frame}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1303 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1304 |
|
| 548 | 1305 |
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1306 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1307 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1308 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1309 |
A Man-in-the-middle attack in real life: |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1310 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1311 |
\begin{itemize}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1312 |
\item the card only says yes to the terminal if the PIN is correct |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1313 |
\item trick the card in thinking transaction is verified by signature |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1314 |
\item trick the terminal in thinking the transaction was verified by PIN |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1315 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1316 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1317 |
\begin{minipage}{1.1\textwidth}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1318 |
\begin{center}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1319 |
\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
|
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1320 |
\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1321 |
\end{center}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1322 |
\end{minipage}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1323 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1324 |
\end{frame}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1325 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1326 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1327 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1328 |
\begin{frame}[c]
|
| 548 | 1329 |
|
1330 |
\begin{itemize}
|
|
1331 |
\item the moral: establishing a secure connection from |
|
1332 |
``zero'' is almost impossible---you need to rely on some |
|
1333 |
established trust\medskip |
|
1334 |
||
1335 |
\item that is why PKI relies on certificates, which however are |
|
1336 |
badly, badly realised |
|
1337 |
||
1338 |
\end{itemize}
|
|
1339 |
||
1340 |
\end{frame}
|
|
1341 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1342 |
||
1343 |
||
1344 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1345 |
\begin{frame}[c]
|
|
1346 |
\frametitle{Trusted Third Parties}
|
|
1347 |
||
1348 |
Simple protocol for establishing a secure connection via a |
|
1349 |
mutually trusted 3rd party (server): |
|
1350 |
||
1351 |
\begin{center}
|
|
1352 |
\begin{tabular}{r@ {\hspace{1mm}}l}
|
|
1353 |
\bl{$A \rightarrow S :$} & \bl{$A, B$}\\
|
|
1354 |
\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
|
|
1355 |
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
|
|
1356 |
\bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
|
|
1357 |
\end{tabular}
|
|
1358 |
\end{center}
|
|
1359 |
||
1360 |
\end{frame}
|
|
1361 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1362 |
||
1363 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1364 |
\begin{frame}[c]
|
|
1365 |
\frametitle{PKI: The Main Idea}
|
|
1366 |
||
1367 |
\begin{itemize}
|
|
1368 |
\item the idea is to have a certificate authority (CA) |
|
1369 |
\item you go to the CA to identify yourself |
|
1370 |
\item CA: ``I, the CA, have verified that public key |
|
1371 |
\bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
1372 |
\item CA must be trusted by everybody\medskip |
|
1373 |
\item certificates are time limited, and can be revoked |
|
1374 |
||
1375 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
1376 |
explicitly limits liability to \$100.) |
|
1377 |
\end{itemize}
|
|
1378 |
||
1379 |
\end{frame}
|
|
1380 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1381 |
||
1382 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1383 |
\begin{frame}[c]
|
|
1384 |
\frametitle{PKI: Chains of Trust}
|
|
1385 |
||
1386 |
\begin{center}
|
|
1387 |
\begin{tikzpicture}[scale=1,
|
|
1388 |
node/.style={
|
|
1389 |
rectangle,rounded corners=3mm, |
|
1390 |
very thick,draw=black!50,minimum height=18mm, minimum width=23mm, |
|
1391 |
top color=white,bottom color=black!20}] |
|
1392 |
||
1393 |
\node (A) at (0,0) [node] {};
|
|
1394 |
\node [below right] at (A.north west) |
|
1395 |
{\small\begin{tabular}{@{}l}CA\\Root Cert.\end{tabular}};
|
|
1396 |
||
1397 |
\node (B) at (4,0) [node] {};
|
|
1398 |
\node [below right=1mm] at (B.north west) |
|
1399 |
{\mbox{}\hspace{-1mm}\small
|
|
1400 |
\begin{tabular}{@{}l}Subordinate\\ CA\end{tabular}};
|
|
1401 |
||
1402 |
\node (C) at (8,0) [node] {};
|
|
1403 |
\node [below right] at (C.north west) |
|
1404 |
{\small\begin{tabular}{@{}l}Server\\ Bank.com\end{tabular}};
|
|
1405 |
||
1406 |
\draw [->,line width=4mm] (A) -- (B); |
|
1407 |
\draw [->,line width=4mm] (B) -- (C); |
|
1408 |
||
1409 |
\node (D) at (6,-3) [node] {};
|
|
1410 |
\node [below right] at (D.north west) |
|
1411 |
{\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}};
|
|
1412 |
||
1413 |
\node (E) at (2,-3) [node] {};
|
|
1414 |
\node [below right] at (E.north west) |
|
1415 |
{\small\begin{tabular}{@{}l}Browser\\ Vendor\end{tabular}};
|
|
1416 |
||
1417 |
\draw [->,line width=4mm] (E) -- (D); |
|
1418 |
\end{tikzpicture}
|
|
1419 |
\end{center}
|
|
1420 |
||
1421 |
\begin{itemize}
|
|
1422 |
\item CAs make almost no money anymore, because of stiff |
|
1423 |
competition |
|
1424 |
\item browser companies are not really interested in security; |
|
1425 |
only in market share |
|
1426 |
\end{itemize}
|
|
1427 |
||
1428 |
\end{frame}
|
|
1429 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1430 |
||
1431 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1432 |
\begin{frame}[c]
|
|
1433 |
\frametitle{PKI: Weaknesses}
|
|
1434 |
||
1435 |
CAs just cannot win (make any profit):\medskip |
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1436 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1437 |
\begin{itemize}
|
| 548 | 1438 |
\item there are hundreds of CAs, which issue millions of |
1439 |
certificates and the error rate is small |
|
1440 |
||
1441 |
\item users (servers) do not want to pay or pay as little as |
|
1442 |
possible\bigskip |
|
1443 |
||
1444 |
\item a CA can issue a certificate for any domain not needing |
|
1445 |
any permission (CAs are meant to undergo audits, |
|
1446 |
but\ldots DigiNotar) |
|
1447 |
||
1448 |
\item if a CA has issued many certificates, it ``becomes too |
|
1449 |
big to fail'' |
|
1450 |
||
1451 |
\item Can we be sure CAs are not just frontends of some |
|
1452 |
government organisation? |
|
1453 |
||
1454 |
\end{itemize}
|
|
1455 |
||
1456 |
\end{frame}
|
|
1457 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1458 |
||
1459 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1460 |
\begin{frame}[c]
|
|
1461 |
\frametitle{PKI: Weaknesses}
|
|
1462 |
||
1463 |
\begin{itemize}
|
|
1464 |
||
1465 |
\item many certificates are issued via Whois, whether you own |
|
1466 |
the domain\ldots if you hijacked a domain, it is easy to |
|
1467 |
obtain certificates\medskip |
|
1468 |
||
1469 |
\item the revocation mechanism does not work (Chrome has given |
|
1470 |
up on general revocation lists)\medskip |
|
1471 |
||
1472 |
\item lax approach to validation of certificates |
|
1473 |
(Have you ever bypassed certification warnings?)\medskip |
|
1474 |
||
1475 |
\item sometimes you want to actually install invalid |
|
1476 |
certificates (self-signed) |
|
1477 |
||
1478 |
\end{itemize}
|
|
1479 |
||
1480 |
\end{frame}
|
|
1481 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1482 |
||
1483 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1484 |
\begin{frame}[c]
|
|
1485 |
\frametitle{PKI: Attacks}
|
|
1486 |
||
1487 |
\begin{itemize}
|
|
1488 |
||
1489 |
\item Go directly after root certificates |
|
1490 |
\begin{itemize}
|
|
1491 |
\item governments can demand private keys\smallskip |
|
1492 |
\item 10 years ago it was estimated that breaking a 1024 bit |
|
1493 |
key takes one year and costs 10 - 30 Mio \$; this is now |
|
1494 |
reduced to 1 Mio \$ |
|
1495 |
\end{itemize}
|
|
1496 |
||
1497 |
\item Go after buggy implementations of certificate |
|
1498 |
validation\smallskip |
|
1499 |
||
1500 |
\item Social Engineering |
|
1501 |
\begin{itemize}
|
|
1502 |
\item in 2001 somebody pretended to be |
|
1503 |
from Microsoft and asked for two code-signing |
|
1504 |
certificates |
|
1505 |
\end{itemize}\bigskip
|
|
1506 |
\end{itemize}
|
|
1507 |
||
1508 |
\small The eco-system is completely broken (it relies on |
|
1509 |
thousands of entities to do the right thing). Maybe DNSSEC |
|
1510 |
where keys can be attached to domain names is a way out. |
|
1511 |
||
1512 |
\end{frame}
|
|
1513 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1514 |
||
1515 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1516 |
\begin{frame}[c]
|
|
1517 |
\frametitle{Real Attacks}
|
|
1518 |
||
1519 |
\begin{itemize}
|
|
1520 |
||
1521 |
\item In 2011, DigiNotar (Dutch company) was the first CA that |
|
1522 |
got compromised comprehensively, and where many |
|
1523 |
fraudulent certificates were issued to the wild. It |
|
1524 |
included approximately 300,000 IP addresses, mostly |
|
1525 |
located in Iran. The attackers (in Iran?) were likely |
|
1526 |
interested ``only'' in collecting gmail passwords.\medskip |
|
1527 |
||
1528 |
\item The Flame malware piggy-bagged on this attack by |
|
1529 |
advertising malicious Windows updates to some targeted |
|
1530 |
systems (mostly in Iran, Israel, Sudan). |
|
1531 |
||
1532 |
\end{itemize}
|
|
1533 |
||
1534 |
\end{frame}
|
|
1535 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1536 |
||
1537 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1538 |
\begin{frame}[c]
|
|
1539 |
\frametitle{PKI is Broken}
|
|
1540 |
||
1541 |
\begin{itemize}
|
|
1542 |
||
1543 |
\item PKI and certificates are meant to protect you against |
|
1544 |
MITM attacks, but if the attack occurs your are |
|
1545 |
presented with a warning and you need to decide whether |
|
1546 |
you are under attack.\medskip |
|
1547 |
||
1548 |
\item Webcontent gets often loaded from 3rd-party servers, |
|
1549 |
which might not be secured\medskip |
|
1550 |
||
1551 |
\item Misaligned incentives: browser vendors are not |
|
1552 |
interested in breaking webpages with invalid |
|
1553 |
certificates |
|
1554 |
||
1555 |
\end{itemize}
|
|
1556 |
||
1557 |
\end{frame}
|
|
1558 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1559 |
||
1560 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1561 |
\begin{frame}[c]
|
|
1562 |
||
1563 |
Why are there so many invalid certificates?\bigskip |
|
1564 |
||
1565 |
\begin{itemize}
|
|
1566 |
||
1567 |
\item insufficient name coverage (www.example.com should |
|
1568 |
include example.com) |
|
1569 |
||
1570 |
\item IoT: many appliances have web-based admin interfaces; |
|
1571 |
the manufacturer cannot know under which IP and domain name |
|
1572 |
the appliances are run (so cannot install a valid certificate) |
|
1573 |
||
1574 |
\item expired certificates, or incomplete chains of trust |
|
1575 |
(servers are supposed to supply them) |
|
1576 |
||
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1577 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1578 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1579 |
\end{frame}
|
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1580 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1581 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1582 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1583 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1584 |
\begin{frame}[c]
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1585 |
\frametitle{Protocols are Difficult}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1586 |
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1587 |
\begin{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1588 |
\item even the systems designed by experts regularly fail\medskip |
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1589 |
\item the one who can fix a system should also be liable for the losses\medskip |
|
483
337a8f5cb1ad
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
481
diff
changeset
|
1590 |
\item cryptography is often not the problem\bigskip\bigskip |
|
120
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1591 |
\end{itemize}
|
|
99d408cfcfb3
added new slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
119
diff
changeset
|
1592 |
|
|
406
0516bffd3f5f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
405
diff
changeset
|
1593 |
\end{frame}
|
|
241
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1594 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
07e4d8f64ca8
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
121
diff
changeset
|
1595 |
|
|
105
40c51038c9e4
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1596 |
|
| 41 | 1597 |
\end{document}
|
1598 |
||
1599 |
%%% Local Variables: |
|
1600 |
%%% mode: latex |
|
1601 |
%%% TeX-master: t |
|
1602 |
%%% End: |
|
1603 |