| author | Christian Urban <urbanc@in.tum.de> |
| Sun, 24 Sep 2017 17:51:31 +0100 | |
| changeset 528 | c9f28c80bb08 |
| parent 527 | 968ff3fb17c6 |
| child 541 | 5cd1865d45bd |
| permissions | -rw-r--r-- |
|
93
82ac034dcc9d
brought order into the repository
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
1 |
\documentclass[dvipsnames,14pt,t, xelatex]{beamer}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
2 |
\usepackage{../slides}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
3 |
\usepackage{../graphics}
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
4 |
\usepackage{../langs}
|
| 0 | 5 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
6 |
\setmonofont[Scale=.88]{Consolas}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
7 |
\newfontfamily{\consolas}{Consolas}
|
| 0 | 8 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
9 |
\hfuzz=220pt |
| 0 | 10 |
|
11 |
% beamer stuff |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
12 |
\renewcommand{\slidecaption}{SEN 01, King's College London}
|
| 0 | 13 |
|
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
14 |
\lstset{language=JavaScript,
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
15 |
style=mystyle, |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
16 |
numbersep=0pt, |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
17 |
numbers=none, |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
18 |
xleftmargin=0mm} |
| 0 | 19 |
|
20 |
\begin{document}
|
|
21 |
||
| 9 | 22 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
23 |
\begin{frame}
|
| 0 | 24 |
\frametitle{%
|
| 1 | 25 |
\begin{tabular}{@ {}c@ {}}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
26 |
\LARGE Security Engineering (1)\\[-3mm] |
| 1 | 27 |
\end{tabular}}
|
28 |
||
29 |
\begin{center}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
30 |
\includegraphics[scale=0.3]{../pics/barrier.jpg}
|
| 1 | 31 |
\end{center}
|
32 |
||
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
33 |
\normalsize |
| 1 | 34 |
\begin{center}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
35 |
\begin{tabular}{ll}
|
| 1 | 36 |
Email: & christian.urban at kcl.ac.uk\\ |
| 518 | 37 |
Office: & N7.07 (North Wing, Bush House)\\ |
|
159
77cf0362b87a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
157
diff
changeset
|
38 |
Slides: & KEATS |
| 1 | 39 |
\end{tabular}
|
40 |
\end{center}
|
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
41 |
\end{frame}
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
42 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 0 | 43 |
|
| 8 | 44 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
45 |
\begin{frame}
|
|
46 |
||
47 |
\begin{center}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
48 |
\includegraphics[scale=0.5]{../pics/barrier.jpg}
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
49 |
\end{center}
|
|
96
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
50 |
|
|
157
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
51 |
\end{frame}
|
|
3a8fff66d62b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
105
diff
changeset
|
52 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
96
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
53 |
|
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
54 |
|
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
55 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
56 |
\begin{frame}
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
57 |
\frametitle{This is a Misconception!}
|
|
96
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
58 |
|
|
e1e314c1bb61
new
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
95
diff
changeset
|
59 |
\begin{center}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
60 |
\includegraphics[scale=0.55]{../pics/cryptographic-small.png}
|
|
95
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
61 |
\end{center}
|
|
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
62 |
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
63 |
\centering |
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
64 |
\begin{bubble}[10cm]
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
65 |
\small |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
66 |
There is some consensus that the NSA can probably not |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
67 |
brute-force magically better than the ``public''. |
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
68 |
\end{bubble}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
69 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
70 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
71 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
72 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
73 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
74 |
\begin{frame}[c]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
75 |
The content of this course is very much inspired by the work of |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
76 |
three people:\bigskip |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
77 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
78 |
\small |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
79 |
\begin{center}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
80 |
\begin{tabular}{ccc}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
81 |
\includegraphics[scale=1.4]{../pics/schneier.png} &
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
82 |
\includegraphics[scale=0.103]{../pics/ross.jpg} &
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
83 |
\includegraphics[scale=0.2]{../pics/halderman.jpg} \\
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
84 |
Bruce Schneier & Ross Anderson & Alex Halderman\\ |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
85 |
\tiny\url{en.wikipedia.org/wiki/Bruce_Schneier} &
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
86 |
\tiny\url{www.cl.cam.ac.uk/~rja14} &
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
87 |
\tiny\url{jhalderm.com}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
88 |
\end{tabular}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
89 |
\end{center}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
90 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
91 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
92 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
95
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
93 |
|
|
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
94 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 1 | 95 |
\begin{frame}[c]
|
96 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
97 |
\alert{\bf Security engineers} require a particular \alert{\bf mindset}:
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
98 |
\bigskip\medskip |
| 1 | 99 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
100 |
\begin{overlayarea}{\textwidth}{5cm}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
101 |
\small |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
102 |
\only<1>{\begin{bubble}[10cm]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
103 |
``Security engineers --- at least the good ones --- see |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
104 |
the world differently. They can't walk into a store without |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
105 |
noticing how they might shoplift. They can't use a computer |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
106 |
without wondering about the security vulnerabilities. They |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
107 |
can't vote without trying to figure out how to vote twice. |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
108 |
They just can't help it.''\\ |
|
95
e24f6c12839e
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
94
diff
changeset
|
109 |
\hfill{}---Bruce Schneier
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
110 |
\end{bubble}}%
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
111 |
\only<2>{\begin{bubble}[10.5cm]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
112 |
``Security engineering\ldots requires you to think |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
113 |
differently. You need to figure out not how something works, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
114 |
but how something can be made to not work. You have to imagine |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
115 |
an intelligent and malicious adversary inside your system |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
116 |
\ldots, constantly trying new ways to |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
117 |
subvert it. You have to consider all the ways your system can |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
118 |
fail, most of them having nothing to do with the design |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
119 |
itself. You have to look at everything backwards, upside down, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
120 |
and sideways. You have to think like an alien.''\hfill{}---Bruce Schneier
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
121 |
\end{bubble}}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
122 |
\end{overlayarea}
|
| 1 | 123 |
|
124 |
\begin{flushright}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
125 |
\includegraphics[scale=0.0087]{../pics/schneierbook1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
126 |
\includegraphics[scale=0.0087]{../pics/schneierbook2.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
127 |
\includegraphics[scale=0.23]{../pics/schneierbook3.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
128 |
\includegraphics[scale=0.85]{../pics/schneier.png}
|
| 1 | 129 |
\end{flushright}
|
130 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
131 |
\end{frame}
|
| 1 | 132 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
133 |
||
| 4 | 134 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
135 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
136 |
\frametitle{Breaking Things}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
137 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
138 |
For example: |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
139 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
140 |
\begin{center}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
141 |
\begin{bubble}[10cm]\small
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
142 |
Prof.~V.~Nasty gives the following final exam question (closed books, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
143 |
closed notes):\bigskip |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
144 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
145 |
\noindent |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
146 |
\begin{tabular}{@ {}l}
|
|
102
8f2c3329c9b8
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
101
diff
changeset
|
147 |
Write the first 100 digits of $\pi$:\\ |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
148 |
3.\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_ |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
149 |
\end{tabular}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
150 |
\end{bubble}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
151 |
\end{center}
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
152 |
|
|
102
8f2c3329c9b8
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
101
diff
changeset
|
153 |
How can you cheat in this exam and how can you defend against such cheating? |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
154 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
155 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
156 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
157 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
158 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
159 |
\begin{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
160 |
\frametitle{\textcolor{red}{Warning}}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
161 |
\small |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
162 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
163 |
\begin{itemize}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
164 |
\item<1-> I will be teaching techniques that can be used to |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
165 |
compromise security and privacy. |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
166 |
\end{itemize}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
167 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
168 |
\onslide<2->{
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
169 |
\begin{itemize}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
170 |
\item Don’t be evil! |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
171 |
\only<3>{\item Using those techniques in the real world may
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
172 |
violate the law or King’s rules, and it may be unethical.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
173 |
\only<3>{\item Under some circumstances, even probing for weaknesses of a
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
174 |
system may result in severe penalties, up to and including |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
175 |
expulsion, fines and jail time.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
176 |
\only<3>{\item Acting lawfully and ethically is \underline{your} responsibility.}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
177 |
\only<4>{\item Ethics requires you to
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
178 |
refrain from doing harm.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
179 |
\only<4>{\item \underline{Always} respect privacy and rights of
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
180 |
others.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
181 |
\only<4>{\item Do not tamper with any of King's systems.}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
182 |
\only<5>{\item If you try
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
183 |
out a technique, always make doubly sure you are working in a |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
184 |
safe environment so that you cannot cause any harm, not even |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
185 |
accidentally.} |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
186 |
\only<5>{\item Don't be evil. Be an \underline{ethical} hacker.}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
187 |
\end{itemize}}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
188 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
189 |
\end{frame}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
190 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
191 |
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
192 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
193 |
\begin{frame}[c]
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
194 |
\frametitle{Secure Systems}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
195 |
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
196 |
For a secure system, four requirements need to come |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
197 |
together: |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
198 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
199 |
\begin{itemize}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
200 |
\item {\bf Policy}\\
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
201 |
{\small What is supposed to be achieved?}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
202 |
\item {\bf Mechanism}\\
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
203 |
{\small Cipher, access controls, tamper resistance, \ldots}
|
|
162
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
204 |
\item {\bf Assurance}\\
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
205 |
{\small The amount of reliance you can put on the mechanism.}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
206 |
\item {\bf Incentive}\\
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
207 |
{\small The motive that the people guarding and maintaining the
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
208 |
system have to do their job properly, and also the motive |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
209 |
that the attackers have to try to defeat your policy.} |
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
210 |
\end{itemize}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
211 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
212 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
213 |
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
214 |
\end{frame}
|
|
5031e7778fdb
new version
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
160
diff
changeset
|
215 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
216 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
217 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
218 |
\begin{frame}[c]
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
219 |
\frametitle{Chip-and-PIN}
|
| 4 | 220 |
|
221 |
\begin{center}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
222 |
\includegraphics[scale=0.3]{../pics/creditcard1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
223 |
\includegraphics[scale=0.3]{../pics/creditcard2.jpg}
|
| 4 | 224 |
\end{center}
|
225 |
||
226 |
\begin{itemize}
|
|
227 |
\item Chip-and-PIN was introduced in the UK in 2004 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
228 |
\item before that customers had to sign a receipt\bigskip |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
229 |
\item \bf Is Chip-and-PIN a more secure system? |
| 4 | 230 |
\end{itemize}
|
231 |
||
232 |
\begin{flushright}
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
233 |
\small\textcolor{gray}{(some other countries still use the old method)}
|
| 4 | 234 |
\end{flushright}
|
235 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
236 |
\end{frame}
|
| 4 | 237 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
238 |
||
| 0 | 239 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
240 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
241 |
\frametitle{Yes \ldots}
|
| 1 | 242 |
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
243 |
\ldots if you believe the banks:\bigskip |
|
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
244 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
245 |
\begin{bubble}[10cm]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
246 |
\small ``Chip-and-PIN is so effective in this country [UK] |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
247 |
that fraudsters are starting to move their activities |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
248 |
overseas,''\smallskip\\ |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
249 |
\hfill{}said some spokesman for Lloyds TSB\\
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
250 |
\hfill(in The Guardian, 2006) |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
251 |
\end{bubble}\bigskip
|
| 1 | 252 |
|
| 0 | 253 |
|
| 1 | 254 |
\begin{itemize}
|
255 |
\item mag-stripe cards cannot be cloned anymore |
|
256 |
\item stolen or cloned cards need to be used abroad |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
257 |
\item fraud on lost, stolen and counterfeit credit |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
258 |
cards was down \pounds{60m} (24\%) on 2004's figure
|
| 1 | 259 |
\end{itemize}
|
260 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
261 |
\end{frame}
|
| 1 | 262 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
263 |
||
264 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
265 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
266 |
\frametitle{But let's see}
|
| 1 | 267 |
|
268 |
||
269 |
\begin{textblock}{1}(3,4)
|
|
270 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
271 |
\includegraphics[scale=0.3]{../pics/bank.png}\\[-2mm]
|
| 1 | 272 |
\small Bank |
| 0 | 273 |
\end{tabular}
|
274 |
\end{textblock}
|
|
| 1 | 275 |
|
276 |
\begin{textblock}{1}(7,4.5)
|
|
277 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
278 |
\includegraphics[scale=3]{../pics/store.png}\\[-2mm]
|
| 1 | 279 |
\end{tabular}
|
280 |
\end{textblock}
|
|
281 |
||
282 |
\begin{textblock}{1}(4.5,9.9)
|
|
283 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
284 |
\includegraphics[scale=0.16]{../pics/rman.png}\\[-1mm]
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
285 |
\small customer / you |
| 1 | 286 |
\end{tabular}
|
287 |
\end{textblock}
|
|
| 8 | 288 |
|
289 |
\only<2->{
|
|
290 |
\begin{textblock}{1}(4.5,7.5)
|
|
291 |
\begin{tikzpicture}[scale=1.3]
|
|
292 |
\draw[white] (0,0) node (X) {};
|
|
293 |
\draw[white] (1,-1) node (Y) {};
|
|
294 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
295 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
296 |
\end{tikzpicture}
|
|
297 |
\end{textblock}}
|
|
298 |
||
299 |
\only<3->{
|
|
300 |
\begin{textblock}{1}(6.8,7.5)
|
|
301 |
\begin{tikzpicture}[scale=1.3]
|
|
302 |
\draw[white] (0,0) node (X) {};
|
|
303 |
\draw[white] (1,1) node (Y) {};
|
|
304 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
305 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
306 |
\end{tikzpicture}
|
|
307 |
\end{textblock}
|
|
308 |
||
309 |
\begin{textblock}{1}(4.8,5.9)
|
|
310 |
\begin{tikzpicture}[scale=1.3]
|
|
311 |
\draw[white] (0,0) node (X) {};
|
|
312 |
\draw[white] (1.4,0) node (Y) {};
|
|
313 |
\draw[red, <->, line width = 2mm] (X) -- (Y); |
|
314 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
315 |
\end{tikzpicture}
|
|
316 |
\end{textblock}}
|
|
317 |
||
318 |
\only<4->{
|
|
319 |
\begin{textblock}{1}(12,6.5)
|
|
320 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
321 |
\includegraphics[scale=0.8]{../pics/factory.png}\\[-1mm]
|
| 8 | 322 |
\small card\\[-2mm]\small terminal\\[-2mm] \small producer |
323 |
\end{tabular}
|
|
324 |
\end{textblock}
|
|
325 |
||
326 |
\begin{textblock}{1}(10,7)
|
|
327 |
\begin{tikzpicture}[scale=1.6]
|
|
328 |
\draw[white] (0,0) node (X) {};
|
|
329 |
\draw[white] (-1,0.6) node (Y) {};
|
|
330 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
331 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
332 |
\end{tikzpicture}
|
|
333 |
\end{textblock}}
|
|
| 0 | 334 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
335 |
\end{frame}
|
| 0 | 336 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
337 |
||
338 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
339 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
340 |
\frametitle{Chip-and-PIN}
|
| 0 | 341 |
|
| 1 | 342 |
\begin{itemize}
|
| 5 | 343 |
\item A ``tamperesitant'' terminal playing Tetris on |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
344 |
\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}.\smallskip\\
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
345 |
\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})
|
| 1 | 346 |
\end{itemize}
|
347 |
||
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
348 |
\includegraphics[scale=0.2]{../pics/tetris.jpg}
|
| 1 | 349 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
350 |
\end{frame}
|
| 1 | 351 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 0 | 352 |
|
353 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
354 |
\begin{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
355 |
\frametitle{Chip-and-PIN}
|
| 0 | 356 |
|
357 |
\begin{itemize}
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
358 |
\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
359 |
\pounds{1M} had been stolen from customer accounts\smallskip
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
360 |
\item in 2008, hundreds of card readers for use in Britain, Ireland, |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
361 |
the Netherlands, Denmark, and Belgium had been expertly tampered with |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
362 |
shortly after manufacture so that details and PINs of credit cards |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
363 |
were sent during the 9 months before over mobile phone networks |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
364 |
to criminals in Lahore, Pakistan |
| 0 | 365 |
\end{itemize}
|
366 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
367 |
\end{frame}
|
| 0 | 368 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
369 |
||
370 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
371 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
372 |
\frametitle{Chip-and-PIN is Broken}
|
| 0 | 373 |
|
| 1 | 374 |
\begin{flushright}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
375 |
\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
376 |
\includegraphics[scale=1.5]{../pics/anderson.jpg}
|
| 1 | 377 |
\end{flushright}
|
| 0 | 378 |
|
379 |
\begin{itemize}
|
|
| 5 | 380 |
\item man-in-the-middle attacks by the group around Ross Anderson\medskip |
| 0 | 381 |
\end{itemize}
|
382 |
||
| 1 | 383 |
\begin{center}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
384 |
\mbox{}\hspace{-20mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
|
| 1 | 385 |
\end{center}
|
| 5 | 386 |
|
387 |
\begin{textblock}{1}(11.5,13.7)
|
|
388 |
\begin{tabular}{l}
|
|
389 |
\footnotesize on BBC Newsnight\\[-2mm] |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
390 |
\footnotesize in 2010 or |
| 527 | 391 |
\href{https://www.youtube.com/watch?v=Ks0SOn8hjG8}{youtube}
|
| 5 | 392 |
\end{tabular}
|
393 |
\end{textblock}
|
|
| 0 | 394 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
395 |
\end{frame}
|
| 0 | 396 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
397 |
||
398 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
399 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
400 |
\frametitle{\Large Chip-and-PIN is Really Broken}
|
| 0 | 401 |
|
| 1 | 402 |
\begin{flushright}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
403 |
\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;
|
|
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
404 |
\includegraphics[scale=1.5]{../pics/anderson.jpg}
|
| 1 | 405 |
\end{flushright}
|
| 0 | 406 |
|
407 |
\begin{itemize}
|
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
408 |
\item same group successfully attacked in 2012 card readers and ATM machines |
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
409 |
\item the problem was: several types of ATMs generate poor random numbers, |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
410 |
which are used as nonces |
| 0 | 411 |
\end{itemize}
|
| 1 | 412 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
413 |
\end{frame}
|
| 0 | 414 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
415 |
||
416 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
417 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
418 |
\frametitle{The Real Problem \ldots}
|
| 0 | 419 |
|
| 1 | 420 |
\begin{textblock}{1}(3,4)
|
421 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
422 |
\includegraphics[scale=0.3]{../pics/bank.png}\\[-2mm]
|
| 1 | 423 |
\small Bank |
424 |
\end{tabular}
|
|
425 |
\end{textblock}
|
|
426 |
||
427 |
\begin{textblock}{1}(7,4.5)
|
|
428 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
429 |
\includegraphics[scale=3]{../pics/store.png}\\[-2mm]
|
| 1 | 430 |
\end{tabular}
|
431 |
\end{textblock}
|
|
| 0 | 432 |
|
| 1 | 433 |
\begin{textblock}{1}(12,6.5)
|
434 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
435 |
\includegraphics[scale=0.8]{../pics/factory.png}\\[-1mm]
|
| 1 | 436 |
\small terminal\\[-2mm] \small producer |
437 |
\end{tabular}
|
|
| 0 | 438 |
\end{textblock}
|
| 1 | 439 |
|
440 |
\begin{textblock}{1}(4.5,9.9)
|
|
441 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
442 |
\includegraphics[scale=0.13]{../pics/rman.png}\\[-1mm]
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
443 |
\small customer / you |
| 1 | 444 |
\end{tabular}
|
445 |
\end{textblock}
|
|
| 0 | 446 |
|
| 8 | 447 |
\begin{textblock}{1}(4.5,7.5)
|
448 |
\begin{tikzpicture}[scale=1.3]
|
|
449 |
\draw[white] (0,0) node (X) {};
|
|
450 |
\draw[white] (1,-1) node (Y) {};
|
|
451 |
\draw[gray, ->, line width = 2mm] (X) -- (Y); |
|
452 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
453 |
\end{tikzpicture}
|
|
454 |
\end{textblock}
|
|
455 |
||
456 |
\begin{textblock}{1}(6.8,7.5)
|
|
457 |
\begin{tikzpicture}[scale=1.3]
|
|
458 |
\draw[white] (0,0) node (X) {};
|
|
459 |
\draw[white] (1,1) node (Y) {};
|
|
460 |
\draw[gray, ->, line width = 2mm] (X) -- (Y); |
|
461 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
462 |
\end{tikzpicture}
|
|
463 |
\end{textblock}
|
|
464 |
||
465 |
\begin{textblock}{1}(4.8,5.9)
|
|
466 |
\begin{tikzpicture}[scale=1.3]
|
|
467 |
\draw[white] (0,0) node (X) {};
|
|
468 |
\draw[white] (1.4,0) node (Y) {};
|
|
469 |
\draw[gray, <->, line width = 2mm] (X) -- (Y); |
|
470 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
471 |
\end{tikzpicture}
|
|
472 |
\end{textblock}
|
|
473 |
||
474 |
\begin{textblock}{1}(10,7)
|
|
475 |
\begin{tikzpicture}[scale=1.6]
|
|
476 |
\draw[white] (0,0) node (X) {};
|
|
477 |
\draw[white] (-1,0.6) node (Y) {};
|
|
478 |
\draw[gray, ->, line width = 2mm] (X) -- (Y); |
|
479 |
\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
|
|
480 |
\end{tikzpicture}
|
|
481 |
\end{textblock}
|
|
482 |
||
| 1 | 483 |
\begin{textblock}{14}(1,13.5)
|
484 |
\begin{itemize}
|
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
485 |
\item the burden of proof for fraud and financial liability was shifted to the costumer (until approx.~2009/10) |
| 1 | 486 |
\end {itemize}
|
| 0 | 487 |
\end{textblock}
|
488 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
489 |
\end{frame}
|
| 0 | 490 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
491 |
||
492 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
493 |
\begin{frame}[c]
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
494 |
\frametitle{The Bad Guy Again}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
495 |
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
168
diff
changeset
|
496 |
\begin{bubble}[10.5cm]
|
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
497 |
\small |
|
463
39d66100d7a3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
443
diff
changeset
|
498 |
Some anonymous hacker from earlier:\medskip\\ |
|
39d66100d7a3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
443
diff
changeset
|
499 |
``Try to use |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
500 |
`Verified-By-Visa' and `Mastercard-Securecode' as rarely as |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
501 |
possible. If only your CVV2 code is getting sniffed, you are |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
502 |
not liable for any damage, because the code is physically |
|
463
39d66100d7a3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
443
diff
changeset
|
503 |
printed and could have been stolen while you paid with your |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
504 |
card at a store. Same applies if someone cloned your CC |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
505 |
reading the magnetic stripe or sniffing RFID. Only losing your |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
506 |
VBV or MCSC password can cause serious trouble.''\\ |
| 527 | 507 |
\hfill{}\url{https://news.ycombinator.com/item?id=3960034}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
508 |
\end{bubble}
|
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
509 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
510 |
\end{frame}
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
511 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
512 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
513 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
514 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
515 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 0 | 516 |
\begin{frame}[c]
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
517 |
\frametitle{Being Screwed Again}
|
| 0 | 518 |
|
| 1 | 519 |
\begin{flushright}
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
520 |
\includegraphics[scale=0.3]{../pics/rbssecure.jpg}
|
| 1 | 521 |
\end{flushright}
|
522 |
||
| 0 | 523 |
\begin{itemize}
|
| 1 | 524 |
\item {\bf Responsibility}\\
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
525 |
``You understand that you are financially responsible for all uses |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
526 |
of RBS Secure.''\medskip\\ |
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
527 |
\footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp}
|
| 0 | 528 |
\end{itemize}
|
529 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
530 |
\end{frame}
|
| 0 | 531 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
532 |
||
| 526 | 533 |
|
534 |
||
| 2 | 535 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
536 |
\begin{frame}[c]
|
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
537 |
\frametitle{Web Applications}
|
| 2 | 538 |
|
539 |
\begin{textblock}{1}(2,5)
|
|
540 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
541 |
\includegraphics[scale=0.15]{../pics/servers.png}\\[-2mm]
|
| 2 | 542 |
\small Servers from\\[-2mm] |
543 |
\small Dot.com Inc. |
|
544 |
\end{tabular}
|
|
545 |
\end{textblock}
|
|
546 |
||
| 6 | 547 |
\begin{textblock}{1}(5.6,6)
|
548 |
\begin{tikzpicture}[scale=2.5]
|
|
549 |
\draw[white] (0,0) node (X) {};
|
|
550 |
\draw[white] (1,0) node (Y) {};
|
|
| 8 | 551 |
\only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
|
| 6 | 552 |
\node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
|
| 8 | 553 |
\only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
|
| 6 | 554 |
\node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
|
| 8 | 555 |
\only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
|
| 6 | 556 |
\node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
|
557 |
\end{tikzpicture}
|
|
558 |
\end{textblock}
|
|
559 |
||
560 |
||
| 2 | 561 |
\begin{textblock}{1}(9,5.5)
|
562 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
563 |
\includegraphics[scale=0.15]{../pics/laptop.png}\\[-2mm]
|
| 8 | 564 |
\small Client(s) |
| 2 | 565 |
\end{tabular}
|
566 |
\end{textblock}
|
|
567 |
||
568 |
\begin{textblock}{13}(1,13)
|
|
569 |
\begin{itemize}
|
|
570 |
\item What are pitfalls and best practices? |
|
571 |
\end{itemize}
|
|
572 |
\end{textblock}
|
|
573 |
||
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
574 |
\end{frame}
|
| 2 | 575 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
576 |
||
| 5 | 577 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
578 |
\begin{frame}[c]
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
579 |
\frametitle{JavaScript + Node.js}
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
580 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
581 |
A simple response from the server: |
| 5 | 582 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
583 |
\small |
| 527 | 584 |
\lstinputlisting[xleftmargin=0.5cm]{../progs/ap0.js}
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
585 |
\medskip\pause |
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
586 |
|
|
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
587 |
\small |
| 527 | 588 |
an alternative response:\smallskip\\ |
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
589 |
|
| 6 | 590 |
|
| 527 | 591 |
\hspace{5mm}\lstinline{response.write('<H1>Hello World</H1>');}
|
| 5 | 592 |
|
|
160
4cbd6ca025e6
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
159
diff
changeset
|
593 |
\end{frame}
|
| 5 | 594 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
595 |
||
|
98
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
596 |
|
|
3d585e603927
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
597 |
|
| 5 | 598 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
599 |
\begin{frame}[c]
|
|
600 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
601 |
\footnotesize |
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
602 |
\lstinputlisting{../progs/ap1.js}
|
| 5 | 603 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
604 |
\end{frame}
|
| 5 | 605 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
606 |
||
| 6 | 607 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
608 |
\begin{frame}[c]
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
609 |
\frametitle{Cookies}
|
| 6 | 610 |
|
611 |
\begin{textblock}{1}(1.5,5)
|
|
612 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
613 |
\includegraphics[scale=0.15]{../pics/servers.png}\\[-2mm]
|
| 6 | 614 |
\small Servers from\\[-2mm] |
615 |
\small Dot.com Inc. |
|
616 |
\end{tabular}
|
|
617 |
\end{textblock}
|
|
618 |
||
619 |
\begin{textblock}{1}(5.6,5.6)
|
|
620 |
\begin{tikzpicture}[scale=2.5]
|
|
621 |
\draw[white] (0,0) node (X) {};
|
|
622 |
\draw[white] (1,0) node (Y) {};
|
|
623 |
\draw[white] (0.05,-0.3) node (X1) {};
|
|
624 |
\draw[white] (0.95,-0.3) node (Y1) {};
|
|
625 |
\only<1-2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
|
|
626 |
\node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
|
|
| 8 | 627 |
\only<1>{\draw[white, <-, line width = 1mm] (X1) -- (Y1);
|
628 |
\node [inner sep=2pt,label=below:\textcolor{white}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
|
|
| 6 | 629 |
\only<2>{\draw[red, <-, line width = 1mm] (X1) -- (Y1);
|
630 |
\node [inner sep=2pt,label=below:\textcolor{black}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
|
|
631 |
\only<3->{\draw[red, ->, line width = 2mm] (X) -- (Y);
|
|
632 |
\node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
|
|
633 |
\only<3->{\draw[red, ->, line width = 1mm] (X1) -- (Y1);
|
|
634 |
\node [inner sep=2pt,label=below:\textcolor{black}{write a cookie}] at ($ (X1)!.5!(Y1) $) {};}
|
|
635 |
\end{tikzpicture}
|
|
636 |
\end{textblock}
|
|
637 |
||
638 |
||
639 |
\begin{textblock}{1}(9.5,5.5)
|
|
640 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
641 |
\includegraphics[scale=0.15]{../pics/laptop.png}\\[-2mm]
|
| 6 | 642 |
\small Client |
643 |
\end{tabular}
|
|
644 |
\end{textblock}
|
|
645 |
||
646 |
\only<4->{
|
|
647 |
\begin{textblock}{13}(1,11)
|
|
648 |
\small\begin{itemize}
|
|
649 |
\item cookies: max 4KB data\\[-2mm] |
|
650 |
\item cookie theft, cross-site scripting attacks\\[-2mm] |
|
651 |
\item session cookies, persistent cookies, HttpOnly cookies, third-party cookies, zombie cookies |
|
652 |
\end{itemize}
|
|
653 |
\end{textblock}}
|
|
654 |
||
655 |
\only<5>{
|
|
656 |
\begin{textblock}{11}(1,3)
|
|
| 527 | 657 |
\begin{bubble}[10.2cm]\small
|
|
463
39d66100d7a3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
443
diff
changeset
|
658 |
{\bf Cookie Law:}\smallskip\\ ``In May 2011, a
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
659 |
European Union law was passed stating that websites that leave |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
660 |
non-essential cookies on visitors' devices have to alert the visitor |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
661 |
and get acceptance from them. This law applies to both individuals and |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
662 |
businesses based in the EU regardless of the nationality of their |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
663 |
website's visitors or the location of their web host. It is not enough |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
664 |
to simply update a website's terms and conditions or privacy |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
665 |
policy. The deadline to comply with the new EU cookie law was 26th May |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
666 |
2012 and failure to do so could mean a fine of up to |
| 527 | 667 |
\pounds{500,000}.''\\ \mbox{}\hfill\small\textcolor{gray}{$\rightarrow$BBC
|
668 |
News}, \url{http://www.goo.gl/RI4qhh}
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
669 |
\end{bubble}
|
| 6 | 670 |
\end{textblock}}
|
671 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
672 |
\end{frame}
|
| 6 | 673 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
674 |
||
| 9 | 675 |
|
676 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
| 6 | 677 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
678 |
\frametitle{My First Real Webapp}
|
| 6 | 679 |
|
680 |
{\bf GET request:}\smallskip
|
|
681 |
\begin{enumerate}
|
|
| 8 | 682 |
\item read the cookie from client |
|
463
39d66100d7a3
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
443
diff
changeset
|
683 |
\item if none is present, set \texttt{counter} to \textcolor{blue}{0}
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
684 |
\item if cookie is present, extract \texttt{counter}
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
168
diff
changeset
|
685 |
\item if \texttt{counter} is greater or equal than \textcolor{blue}{$5$}, \\
|
| 8 | 686 |
print a valued customer message\\ |
687 |
otherwise just a normal message |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
688 |
\item increase \texttt{counter} by \textcolor{blue}{$1$} and store new cookie with client
|
| 6 | 689 |
\end{enumerate}
|
690 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
691 |
\end{frame}
|
| 6 | 692 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
693 |
||
694 |
||
695 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
696 |
\begin{frame}[c]
|
|
697 |
\mbox{}\\[-9mm]
|
|
698 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
699 |
\footnotesize |
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
700 |
\lstinputlisting{../progs/ap2.js}
|
| 6 | 701 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
702 |
\end{frame}
|
| 7 | 703 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
704 |
||
705 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
706 |
\begin{frame}[c]
|
|
707 |
||
| 8 | 708 |
\begin{center}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
709 |
\includegraphics[scale=0.5]{../pics/barrier.jpg}
|
| 8 | 710 |
\end{center}
|
711 |
||
712 |
\begin{itemize}
|
|
713 |
\item data integrity needs to be ensured |
|
714 |
\end{itemize}
|
|
| 7 | 715 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
716 |
\end{frame}
|
| 8 | 717 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 718 |
|
719 |
||
720 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
721 |
\begin{frame}[c]
|
|
| 8 | 722 |
\mbox{}\\[-7mm]
|
| 7 | 723 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
724 |
\footnotesize |
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
725 |
\lstinputlisting{../progs/ap3.js}
|
| 7 | 726 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
727 |
\end{frame}
|
| 6 | 728 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
729 |
||
| 9 | 730 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 731 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
732 |
\frametitle{SHA-1}
|
| 7 | 733 |
|
734 |
\begin{itemize}
|
|
| 8 | 735 |
\item SHA-1 is a cryptographic hash function\\ |
736 |
(MD5, SHA-256, SHA-512, \ldots) |
|
737 |
\item message $\rightarrow$ digest |
|
| 526 | 738 |
\item attacks exist: $2^{80} \rightarrow 2^{61}$ (should not be used
|
739 |
anymore and browsers stopped accepting SHA-1 certificates)\bigskip\pause |
|
|
102
8f2c3329c9b8
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
101
diff
changeset
|
740 |
\item but dictionary attacks are much more effective for extracting passwords (later) |
| 7 | 741 |
\end{itemize}
|
742 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
743 |
\end{frame}
|
| 9 | 744 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
745 |
||
| 7 | 746 |
|
747 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
748 |
\begin{frame}[c]
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
749 |
\mbox{}\\[-2mm]
|
| 7 | 750 |
|
|
170
1c8ad2848d3b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
751 |
{\footnotesize\lstinputlisting{../progs/ap4.js}}
|
| 7 | 752 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
753 |
\begin{textblock}{1}(9,0)
|
| 8 | 754 |
\begin{tikzpicture}[scale=1.3]
|
755 |
\draw[white] (0,0) node (X) {};
|
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
756 |
\draw[white] (3.5,0) node (Y) {};
|
| 8 | 757 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
758 |
\node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
|
|
759 |
\end{tikzpicture}
|
|
760 |
\end{textblock}
|
|
761 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
762 |
\begin{textblock}{1}(12.6,6.5)
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
763 |
\begin{tikzpicture}[scale=1.3]
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
764 |
\draw[white] (0,0) node (X) {};
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
765 |
\draw[white] (-1,-1) node (Y) {};
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
766 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
767 |
\node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
768 |
\end{tikzpicture}
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
769 |
\end{textblock}
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
770 |
|
|
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
771 |
\begin{textblock}{1}(9.9,11.5)
|
| 8 | 772 |
\begin{tikzpicture}[scale=1.3]
|
773 |
\draw[white] (0,0) node (X) {};
|
|
774 |
\draw[white] (1,-1) node (Y) {};
|
|
775 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
776 |
\node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
|
|
777 |
\end{tikzpicture}
|
|
778 |
\end{textblock}
|
|
779 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
780 |
\end{frame}
|
| 7 | 781 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
782 |
||
| 6 | 783 |
|
| 9 | 784 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 785 |
\mode<presentation>{
|
786 |
\begin{frame}[c]
|
|
787 |
\frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}
|
|
| 6 | 788 |
|
| 8 | 789 |
\begin{itemize}
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
790 |
\item passwords must \alert{\bf not} be stored in clear text
|
| 9 | 791 |
\item instead \texttt{/etc/shadow} contains
|
| 8 | 792 |
\end{itemize}
|
| 9 | 793 |
|
794 |
{\small
|
|
795 |
\texttt{name:\$1\$QIGCa\$/ruJs8AvmrknzKTzM2TYE.:other\_info}
|
|
796 |
} |
|
797 |
||
798 |
\begin{itemize}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
799 |
\item \texttt{\$} is the separator
|
| 9 | 800 |
\item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
801 |
\item \texttt{QIGCa} is the salt
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
802 |
\item \texttt{ruJs8AvmrknzKTzM2TYE.} $\rightarrow$ password + salt
|
| 9 | 803 |
\end{itemize}
|
804 |
||
805 |
\textcolor{gray}{\small
|
|
806 |
(\texttt{openssl passwd -1 -salt QIGCa pippo})
|
|
807 |
} |
|
| 7 | 808 |
% Unix password |
809 |
% http://ubuntuforums.org/showthread.php?p=5318038 |
|
810 |
||
811 |
\end{frame}}
|
|
| 9 | 812 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 813 |
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
814 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
815 |
\mode<presentation>{
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
816 |
\begin{frame}[c]
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
817 |
\frametitle{\begin{tabular}{@ {}c@ {}}Plain-Text Passwords\end{tabular}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
818 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
819 |
\pause |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
820 |
\small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
821 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
822 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
823 |
\begin{itemize}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
824 |
\item IEEE is a standards organisation (not-for-profit) |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
825 |
\item many standards in CS are by IEEE\medskip |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
826 |
\item 100k plain-text passwords were recorded in logs |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
827 |
\item the logs were openly accessible on their FTP server |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
828 |
\end{itemize}\bigskip
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
829 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
830 |
\begin{flushright}\small
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
831 |
\textcolor{gray}{\url{http://ieeelog.com}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
832 |
\end{flushright}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
833 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
834 |
\only<3->{
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
835 |
\begin{textblock}{11}(3,2)
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
836 |
\begin{tikzpicture}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
837 |
\draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm] |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
838 |
{\normalsize\color{darkgray}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
839 |
\begin{minipage}{7.5cm}\raggedright\small
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
840 |
\includegraphics[scale=0.6]{../pics/IEEElog.jpg}
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
841 |
\end{minipage}};
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
842 |
\end{tikzpicture}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
843 |
\end{textblock}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
844 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
845 |
\end{frame}}
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
846 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
847 |
|
|
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
848 |
|
| 9 | 849 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 850 |
\mode<presentation>{
|
851 |
\begin{frame}[c]
|
|
|
99
77125c0496e6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
98
diff
changeset
|
852 |
\frametitle{\begin{tabular}{c}Other Password Blunders\end{tabular}}
|
| 6 | 853 |
|
| 9 | 854 |
|
855 |
\begin{itemize}
|
|
856 |
\item in late 2009, when an SQL injection attack against online games |
|
857 |
service RockYou.com exposed 32 million \alert{plaintext} passwords
|
|
| 8 | 858 |
|
| 9 | 859 |
\item 1.3 million Gawker credentials exposed in December 2010 containing |
860 |
unsalted(?) \alert{MD5} hashes
|
|
861 |
||
| 12 | 862 |
\item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn |
| 3 | 863 |
% linkedIn password |
864 |
% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
865 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
866 |
\item in July 2015, hackers leaked a password database from |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
867 |
Ashley Madison containing 31 million passwords, many of them |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
868 |
poorly hashed |
| 9 | 869 |
\end{itemize}\medskip
|
| 8 | 870 |
|
| 9 | 871 |
\small |
| 527 | 872 |
(users typically maintain 25 separate accounts but use just 6.5 passwords |
873 |
on average) |
|
| 8 | 874 |
|
| 7 | 875 |
\end{frame}}
|
| 9 | 876 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 7 | 877 |
|
| 8 | 878 |
%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits. |
879 |
||
880 |
||
| 3 | 881 |
% rainbow tables |
882 |
% http://en.wikipedia.org/wiki/Rainbow_table |
|
883 |
||
| 7 | 884 |
|
| 3 | 885 |
|
| 9 | 886 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 887 |
\begin{frame}[c]
|
888 |
\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}
|
|
889 |
||
890 |
\begin{itemize}
|
|
| 5 | 891 |
\item How fast can hackers crack SHA-1 passwords? \pause |
| 3 | 892 |
|
| 5 | 893 |
\item The answer is 2 billion attempts per second\\ |
894 |
using a Radeon HD 7970 |
|
| 3 | 895 |
\end{itemize}
|
896 |
||
897 |
\begin{center}
|
|
| 5 | 898 |
\begin{tabular}{@ {\hspace{-12mm}}rl}
|
| 3 | 899 |
password length & time\smallskip\\\hline |
900 |
5 letters & 5 secs\\ |
|
901 |
6 letters & 500 secs\\ |
|
902 |
7 letters & 13 hours\\ |
|
903 |
8 letters & 57 days\\ |
|
904 |
9 letters & 15 years\\ |
|
905 |
\end{tabular}
|
|
906 |
\end{center}
|
|
907 |
||
908 |
\small |
|
| 5 | 909 |
5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\ |
910 |
(1 letter - upper case, lower case, digits, symbols $\approx$ 100) |
|
911 |
||
912 |
\only<2->{
|
|
913 |
\begin{textblock}{1}(12,5)
|
|
914 |
\begin{tabular}{c}
|
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
915 |
\includegraphics[scale=0.3]{../pics/radeon.jpg}\\[-6mm]
|
| 5 | 916 |
\footnotesize graphics card\\[-1mm] |
917 |
\footnotesize ca.~\pounds{}300
|
|
918 |
\end{tabular}
|
|
919 |
\end{textblock}}
|
|
920 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
921 |
\end{frame}
|
| 9 | 922 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 923 |
|
| 9 | 924 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 4 | 925 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
926 |
\frametitle{Passwords}
|
| 4 | 927 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
928 |
How to recover from a break in?\pause\medskip |
| 9 | 929 |
|
| 4 | 930 |
\begin{itemize}
|
| 9 | 931 |
\item Do not send passwords in plain text. |
|
465
76f9457b8f51
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
463
diff
changeset
|
932 |
\item Security questions are tricky to get right (you cannot hash them). |
| 4 | 933 |
\end{itemize}
|
934 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
935 |
\end{frame}
|
| 9 | 936 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 4 | 937 |
|
| 9 | 938 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 939 |
\begin{frame}[c]
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
940 |
\frametitle{This Course}
|
| 3 | 941 |
|
942 |
\begin{itemize}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
943 |
\item electronic voting |
| 526 | 944 |
\item buffer overflows |
| 9 | 945 |
\item access control\\ (role based, data security / data integrity) |
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
946 |
\item protocols |
| 7 | 947 |
\item privacy |
948 |
\begin{quote}
|
|
949 |
Scott McNealy: \\``You have zero privacy anyway. Get over it.'' |
|
950 |
\end{quote}
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
951 |
\item trust, bitcoins |
| 3 | 952 |
\end{itemize}
|
953 |
||
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
954 |
\end{frame}
|
| 9 | 955 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 526 | 956 |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
957 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
958 |
\begin{frame}[c]
|
| 526 | 959 |
\frametitle{Books + Homework + Exam}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
960 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
961 |
\begin{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
962 |
\item There is no single book I am following, but |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
963 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
964 |
\begin{center}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
965 |
\includegraphics[scale=0.012]{../pics/andersonbook1.jpg}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
966 |
%%\includegraphics[scale=0.23]{../pics/accesscontrolbook.jpg}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
967 |
\end{center}\medskip\pause
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
968 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
969 |
\item The question ``\emph{Is this relevant for the exams?}''
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
970 |
is not appreciated!\medskip\\ |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
971 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
972 |
Whatever is in the homework (and is not marked optional) is |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
973 |
relevant for the exam. No code needs to be written. |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
974 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
975 |
\end{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
976 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
977 |
\end{frame}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
978 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
979 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
980 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
981 |
\begin{frame}[c]
|
| 526 | 982 |
\frametitle{There will be 1 Coursework}
|
983 |
||
984 |
\begin{itemize}
|
|
985 |
\item worth 10\% |
|
986 |
\item released on 23 October |
|
987 |
\item due on 1 December |
|
988 |
\end{itemize}
|
|
989 |
||
990 |
\end{frame}
|
|
991 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
992 |
||
993 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
994 |
\begin{frame}[c]
|
|
995 |
\frametitle{Lecture Capture}
|
|
996 |
||
997 |
\begin{itemize}
|
|
998 |
\item Hope it works\ldots\medskip\pause |
|
999 |
\item It is important to use lecture capture wisely: |
|
1000 |
\begin{itemize}
|
|
1001 |
\item Lecture recordings are a study and revision aid. |
|
1002 |
\item Statistically, there is a clear and direct link between attendance and |
|
1003 |
attainment: Students who do not attend lectures, do less well in exams. |
|
1004 |
\end{itemize}
|
|
1005 |
||
1006 |
\item Attending a lecture is more than watching it online -- if you do not |
|
1007 |
attend, you miss out! |
|
1008 |
||
1009 |
\end{itemize}
|
|
1010 |
||
1011 |
\end{frame}
|
|
1012 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1013 |
||
1014 |
||
1015 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
1016 |
\begin{frame}[c]
|
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1017 |
\frametitle{Further Information}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1018 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1019 |
For your personal interest: |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1020 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1021 |
\begin{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1022 |
\item RISKS mailing list |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1023 |
\item Schneier's Crypto newsletter |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1024 |
\item Google+ Ethical Hacker group |
|
443
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
1025 |
\item Chaos Computer Club Conferences\\ |
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
1026 |
(every year in December) |
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
1027 |
\begin{center}
|
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
1028 |
\url{https://media.ccc.de/c/camp2015}
|
|
67d7d239c617
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
1029 |
\end{center}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1030 |
\end{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1031 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1032 |
\end{frame}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1033 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1034 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1035 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1036 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1037 |
\begin{frame}[c]
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1038 |
\frametitle{Take-Home Points}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1039 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1040 |
\begin{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1041 |
\item Never store passwords in plain text.\medskip |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1042 |
\item Always salt your hashes!\medskip |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1043 |
\item Use an existing crypto algorithm; do not write your own!\medskip |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1044 |
\item Make the party responsible for losses that is in the position to improve |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1045 |
security. |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1046 |
\end{itemize}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1047 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1048 |
\end{frame}
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1049 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1050 |
|
|
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1051 |
|
| 3 | 1052 |
|
| 9 | 1053 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 3 | 1054 |
\begin{frame}[c]
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1055 |
\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1056 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1057 |
Can you track a user {\bf without}:
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1058 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1059 |
\begin{itemize}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1060 |
\item Cookies |
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
1061 |
\item JavaScript |
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1062 |
\item LocalStorage/SessionStorage/GlobalStorage |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1063 |
\item Flash, Java or other plugins |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1064 |
\item Your IP address or user agent string |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1065 |
\item Any methods employed by Panopticlick\\ |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1066 |
\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1067 |
\end{itemize}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1068 |
|
|
164
08a6e035223e
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
162
diff
changeset
|
1069 |
Even when you disabled cookies entirely, have JavaScript turned off and use a VPN service.\\\pause |
|
167
d8657ff8cca1
typos
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
164
diff
changeset
|
1070 |
(And numerous sites use it.) |
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1071 |
|
|
168
793ae8926a97
polished
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
167
diff
changeset
|
1072 |
\end{frame}
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1073 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1074 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1075 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1076 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1077 |
\begin{frame}[c]
|
|
168
793ae8926a97
polished
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
167
diff
changeset
|
1078 |
\frametitle{Web-Protocol}
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1079 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1080 |
\only<1->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1081 |
\begin{textblock}{1}(2,2)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1082 |
\begin{tikzpicture}[scale=1.3]
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
1083 |
\draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{../pics/firefox.jpg}};
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1084 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1085 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1086 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1087 |
\only<1->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1088 |
\begin{textblock}{1}(11,2)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1089 |
\begin{tikzpicture}[scale=1.3]
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
1090 |
\draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{../pics/servers.png}};
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1091 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1092 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1093 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1094 |
\only<1->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1095 |
\begin{textblock}{1}(5,2.5)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1096 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1097 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1098 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1099 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1100 |
\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1101 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1102 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1103 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1104 |
\only<2->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1105 |
\begin{textblock}{1}(5,6)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1106 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1107 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1108 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1109 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1110 |
\node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
|
|
199
20af800ce736
updated pics
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
174
diff
changeset
|
1111 |
\node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{../pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1112 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1113 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1114 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1115 |
\only<3->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1116 |
\begin{textblock}{1}(4.2,11)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1117 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1118 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1119 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1120 |
\draw[red, ->, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1121 |
\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1122 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1123 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1124 |
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1125 |
\only<4->{
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1126 |
\begin{textblock}{1}(4.2,13.9)
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1127 |
\begin{tikzpicture}[scale=1.3]
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1128 |
\draw[white] (0,0) node (X) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1129 |
\draw[white] (3,0) node (Y) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1130 |
\draw[red, <-, line width = 2mm] (X) -- (Y); |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1131 |
\node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1132 |
\end{tikzpicture}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1133 |
\end{textblock}}
|
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1134 |
|
|
168
793ae8926a97
polished
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
167
diff
changeset
|
1135 |
\end{frame}
|
|
100
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1136 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
62b66cb088f6
added
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
99
diff
changeset
|
1137 |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
199
diff
changeset
|
1138 |
\end{document}
|
| 8 | 1139 |
|
| 2 | 1140 |
|
| 0 | 1141 |
|
1142 |
%%% Local Variables: |
|
|
94
caf08b02fa32
added pictures
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
93
diff
changeset
|
1143 |
%%% mode: xelatex |
| 0 | 1144 |
%%% TeX-master: t |
1145 |
%%% End: |
|
1146 |