sen-material: slides/slides05.tex@ca9295851eb6 (annotated)

416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	1	\PassOptionsToPackage{bookmarks=false}{hyperref}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	2	\documentclass[dvipsnames,14pt,t,hyperref={bookmarks=false}]{beamer}
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	3	\usepackage{../style}
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	4	\usepackage{../slides}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	5	\usepackage{../graphics}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	6	\usepackage{../langs}
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	7	\usepackage{../data}
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	8	\usetikzlibrary{arrows}
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	9	\usetikzlibrary{shapes}
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	11	\setmonofont[Scale=.88]{Consolas}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	12	\newfontfamily{\consolas}{Consolas}
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	13
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	14	\hfuzz=220pt
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	15
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	16	% beamer stuff
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	17	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 339 diff changeset	18	\renewcommand{\slidecaption}{SEN 05, King's College London}
124 382aad582d8b added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 123 diff changeset	19
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	20
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\begin{document}
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	22
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	24	\begin{frame}[t]
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	25	\frametitle{%
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	26	\begin{tabular}{@ {}c@ {}}
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	27	\\
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 339 diff changeset	28	\LARGE Security Engineering (5)\\[-3mm]
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\end{tabular}}\bigskip\bigskip\bigskip
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	30
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	31	\normalsize
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	32	\begin{center}
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	33	\begin{tabular}{ll}
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	Email: & christian.urban at kcl.ac.uk\\
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	35	Office: & S1.27 (1st floor Strand Building)\\
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	36	Slides: & KEATS (also homework is there)\\
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	37	\end{tabular}
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	38	\end{center}
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	39
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	40	\end{frame}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	41	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	42
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	43	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	44	\begin{frame}[c]
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	45	\frametitle{Problems with Key Fobs}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	46
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	47	\begin{columns}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	48	\begin{column}[T]{4cm}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	49	\includegraphics[scale=0.4]{../pics/car-standard.jpg}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	50	\end{column}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	51
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	52	\begin{column}[T]{6cm}\small
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	53	Circumventing the ignition protection:
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	54
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	55	\begin{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	56	\item either dismantling Megamos crypto,
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	57	\item or use the diagnostic port to program
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	58	blank keys
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	59	\end{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	60
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	61	\hspace{14mm}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	62	\includegraphics[scale=0.16]{../pics/Dismantling_Megamos_Crypto.png}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	63	\end{column}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	64	\end{columns}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	65
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	66
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	67
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	68	\end{frame}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	69	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	70
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	71	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	72	\begin{frame}[c]
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	73	\frametitle{Protocols}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	74
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	75	\begin{center}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	76	\includegraphics[scale=0.11]{../pics/keyfob.jpg}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	77	\quad
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	78	\includegraphics[scale=0.232]{../pics/starbucks.jpg}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	79	\end{center}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	80
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	81	\begin{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	82	\item The point is that we have no control over the network
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	83
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	84	\item We want to avoid that a message exchange (a protocol) can
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	85	be attacked without detection
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	86	\end{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	87
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	88	\end{frame}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	89	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	90
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	91	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	92	\begin{frame}[c]
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	93	\frametitle{G20 Summit in 2009}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	94
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	95	\begin{center}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	96	\includegraphics[scale=0.1]{../pics/snowden.jpg}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	97	\end{center}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	98
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	99	\small
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	100	\begin{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	101	\item Snowden documents reveal ``that during G20
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	102	meetings\dots{}GCHQ used
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	103	`ground-breaking intelligence capabilities' to intercept
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	104	the communications of visiting delegations. This
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	105	included setting up internet cafes where they used an
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	106	email interception program and key-logging software to
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	107	spy on delegates' use of computers\ldots''
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	108
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	109	\item ``The G20 spying appears to have been organised for the
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	110	more mundane purpose of securing an advantage in
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	111	meetings.''
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	112	\end{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	113
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	114	\end{frame}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	115	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	116
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	117	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	118	\begin{frame}[c]
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	119	\frametitle{A Simple PK Protocol}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	120
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	121
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	122	\begin{center}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	123	\begin{tabular}{ll@{\hspace{2mm}}l}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	124	1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	125	2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	126	3. & \bl{$A \to B :$} & \bl{$\{A,m\}_{K^{pub}_B}$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	127	4. & \bl{$B \to A :$} & \bl{$\{B,m'\}_{K^{pub}_A}$}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	128	\end{tabular}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	129	\end{center}\pause\bigskip
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	130
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	131	unfortunately there is a simple man-in-the- middle-attack
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	132	\end{frame}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	133	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	134
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	135	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	136	\begin{frame}[c]
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	137	\frametitle{A MITM Attack}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	138
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	139
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	140	\begin{center}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	141	\begin{tabular}{ll@{\hspace{2mm}}l}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	142	1. & \bl{$A \to E :$} & \bl{$K^{pub}_A$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	143	2. & \bl{$E \to B :$} & \bl{$K^{pub}_E$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	144	3. & \bl{$B \to E :$} & \bl{$K^{pub}_B$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	145	4. & \bl{$E \to A :$} & \bl{$K^{pub}_E$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	146	5. & \bl{$A \to E :$} & \bl{$\{A,m\}_{K^{pub}_E}$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	147	6. & \bl{$E \to B :$} & \bl{$\{E,m\}_{K^{pub}_B}$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	148	7. & \bl{$B \to E :$} & \bl{$\{B,m'\}_{K^{pub}_E}$}\smallskip\\
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	149	8. & \bl{$E \to A :$} & \bl{$\{E,m'\}_{K^{pub}_A}$}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	150	\end{tabular}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	151	\end{center}\pause\medskip
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	152
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	153	and \bl{$A$} and \bl{$B$} have no chance to detect it
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	154	\end{frame}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	155	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	156
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	157	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	158	\begin{frame}[c]
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	159	\frametitle{Interlock Protocol}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	160
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	161	The interlock protocol (``best bet'' against MITM):
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	162
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	163	\begin{center}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	164	\begin{tabular}{ll@{\hspace{2mm}}l}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	165	1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	166	2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	167	3. & & \bl{$\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	168	& & \bl{$\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	169	4. & \bl{$A \to B :$} & \bl{$H_1$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	170	5. & \bl{$B \to A :$} & \bl{$\{H_1, M_1\}_{K^{pub}_A}$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	171	6. & \bl{$A \to B :$} & \bl{$\{H_2, M_1\}_{K^{pub}_B}$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	172	7. & \bl{$B \to A :$} & \bl{$M_2$}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	173	\end{tabular}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	174	\end{center}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	175
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	176	\end{frame}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	177	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	178
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	179	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	180	\begin{frame}[c]
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	181	\frametitle{Splitting Messages}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	182
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	183	\begin{center}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	184	$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\{A,m\}_{K^{pub}_B}}$
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	185	\end{center}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	186
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	187	\begin{center}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	188	$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{H_1}$\quad
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	189	$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{H_2}$
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	190	\end{center}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	191
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	192	\begin{itemize}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	193	\item you can also use the even and odd bytes
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	194	\item the point is you cannot decrypt the halves
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	195	\end{itemize}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	196
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	197
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	198	\end{frame}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	199	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	200
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	201	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	202	\begin{frame}[c]
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	203
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	204	\begin{center}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	205	\begin{tabular}{l@{\hspace{9mm}}l}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	206	\begin{tabular}[t]{@{}l@{}}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	207	\bl{$A \to C : K^{pub}_A$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	208	\bl{$C \to B : K^{pub}_C$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	209	\bl{$B \to C : K^{pub}_B$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	210	\bl{$C \to A : K^{pub}_C$}\medskip\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	211	\bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	212	\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	213	\bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	214	\bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	215	\end{tabular} &
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	216	\begin{tabular}[t]{@{}l@{}}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	217	\bl{$A \to C : H_1$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	218	\bl{$C \to B : C_1$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	219	\bl{$B \to C : \{C_1, M_1\}_{K^{pub}_C}$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	220	\bl{$C \to A : \{H_1, D_1\}_{K^{pub}_A}$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	221	\bl{$A \to C : \{H_2, D_1\}_{K^{pub}_C}$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	222	\bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	223	\bl{$B \to C : M_2$}\\
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	224	\bl{$C \to A : D_2$}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	225	\end{tabular}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	226	\end{tabular}
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	227	\end{center}\pause
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	228
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	229	\footnotesize
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	230	\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	231	weather today in London?
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	232
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	233	\end{frame}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	234	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	235
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	236	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	237	\begin{frame}[c]
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	238
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	239	\begin{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	240	\item you have to ask something that cannot imitated
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	241	(requires \bl{$A$} and \bl{$B$} know each other)
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	242	\item what happens if \bl{$m$} and \bl{$m'$} are voice
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	243	messages?\bigskip\pause
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	244
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	245	\item So \bl{$C$} can either leave the communication unchanged
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	246	(Hellamn-Diffie), or invent a complete new conversation
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	247
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	248	\end{itemize}
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	249
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	250	\end{frame}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	251	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	252
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	253	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	254	\begin{frame}[c]
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	255
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	256	\begin{itemize}
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	257	\item the moral: establishing a secure connection from
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	258	``zero'' is almost impossible---you need to rely on some
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	259	established trust\medskip
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	260
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	261	\item that is why we rely on certificates, which however are
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	262	badly, badly realised
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	263
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	264	\end{itemize}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	265
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	266	\end{frame}
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	267	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	268
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	269	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	270	\begin{frame}[c]
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	271	\frametitle{Trusted Third Parties}
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	272
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	273	Simple protocol for establishing a secure connection via a
708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	274	mutually trusted 3rd party (server):
254 0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	275
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	276	\begin{center}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	277	\begin{tabular}{r@ {\hspace{1mm}}l}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	278	\bl{$A \rightarrow S :$} & \bl{$A, B$}\\
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	279	\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
254 0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	280	\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	281	\bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	282	\end{tabular}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	283	\end{center}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	284
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	285	\end{frame}
254 0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	286	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	287
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	288	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	289	\begin{frame}[c]
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	290	\frametitle{PKI: The Main Idea}
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	291
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	292	\begin{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	293	\item the idea is to have a certificate authority (CA)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	294	\item you go to the CA to identify yourself
254 0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	295	\item CA: ``I, the CA, have verified that public key
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	296	\bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	297	\item CA must be trusted by everybody\medskip
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	298	\item certificates are time limited, and can be revoked
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	299
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	300	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	301	explicitly limits liability to \$100.)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	302	\end{itemize}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	303
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	304	\end{frame}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	305	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	306
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	307	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	308	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	309	\frametitle{PKI: Chains of Trust}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	310
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	311	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	312	\begin{tikzpicture}[scale=1,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	313	node/.style={
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	314	rectangle,rounded corners=3mm,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	315	very thick,draw=black!50,minimum height=18mm, minimum width=23mm,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	316	top color=white,bottom color=black!20}]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	317
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	318	\node (A) at (0,0) [node] {};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	319	\node [below right] at (A.north west)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	320	{\small\begin{tabular}{@{}l}CA\\Root Cert.\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	321
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	322	\node (B) at (4,0) [node] {};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	323	\node [below right=1mm] at (B.north west)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	324	{\mbox{}\hspace{-1mm}\small
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	325	\begin{tabular}{@{}l}Subordinate\\ CA\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	326
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	327	\node (C) at (8,0) [node] {};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	328	\node [below right] at (C.north west)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	329	{\small\begin{tabular}{@{}l}Server\\ Bank.com\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	330
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	331	\draw [->,line width=4mm] (A) -- (B);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	332	\draw [->,line width=4mm] (B) -- (C);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	333
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	334	\node (D) at (6,-3) [node] {};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	335	\node [below right] at (D.north west)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	336	{\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	337
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	338	\node (E) at (2,-3) [node] {};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	339	\node [below right] at (E.north west)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	340	{\small\begin{tabular}{@{}l}Browser\\ Company\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	341
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	342	\draw [->,line width=4mm] (E) -- (D);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	343	\end{tikzpicture}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	344	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	345
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	346	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	347	\item CAs make almost no money anymore, because of competition
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	348	\item browser companies are not really interested in security,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	349	rather than market share
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	350	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	351
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	352	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	353	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
255 9cf486aea756 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 254 diff changeset	354
9cf486aea756 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 254 diff changeset	355	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
9cf486aea756 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 254 diff changeset	356	\begin{frame}[c]
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	357	\frametitle{PKI: Weaknesses}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	358
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	359	CAs just cannot win (make any profit):\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	360
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	361	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	362	\item there are hundreds of CAs, which issue million of
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	363	certificates and the error rate is small
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	364
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	365	\item users (servers) do not want to pay or pay as little as
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	366	possible\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	367
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	368	\item a CA can issue a certificate for any domain not needing
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	369	any permission (CAs are meant to be undergo audits,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	370	but\ldots DigiNotar); if they have issued many
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	371	certificates, they ``become too big to fail''
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	372
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	373	\item Can we be sure CAs are not just front-ends of some
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	374	government organisation?
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	375
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	376	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	377
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	378	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	379	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	380
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	381	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	382	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	383	\frametitle{PKI: Weaknesses}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	384
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	385	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	386
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	387	\item many certificates are issued via whois\ldots if you
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	388	hijacked a domain, it is easy to obtain
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	389	certificates\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	390
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	391	\item revocation does not work (Chrome has given up on
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	392	revocation lists)\medskip
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	393
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	394	\item lax approach to validation of certificates
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	395	(Have you bypassed certification warnings?)\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	396
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	397	\item sometimes you want to install invalid certificates
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	398	(self-signed)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	399
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	400	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	401
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	402	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	403	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	404
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	405	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	406	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	407	\frametitle{PKI: Attacks}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	408
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	409	\begin{itemize}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	410
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	411	\item Go directly after root certificates
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	412	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	413	\item governments can demand private keys\smallskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	414	\item 10 years ago it was estimated to break a 1024 bit key
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	415	in one year using 10 -30 Mio \$; this is now reduced to 1 Mio \$
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	416	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	417
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	418	\item Go after buggy implementations of certificate
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	419	validation\smallskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	420
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	421	\item Social Engineering
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	422	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	423	\item in 2001 somebody pretended to be
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	424	from Microsoft and asked for two code-signing
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	425	certificates
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	426	\end{itemize}\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	427	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	428
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	429	\small The eco-system is completely broken (it relies on
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	430	thousands of entities doing the right thing). Maybe DNSSEC
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	431	where keys can be attached to domain names is a way out.
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	432
256 e272713e34ff updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 255 diff changeset	433	\end{frame}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	434	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	435
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	436	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	437	\begin{frame}[c]
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	438	\frametitle{Real Attacks}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	439
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	440	\begin{itemize}
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	441
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	442	\item In 2011, DigiNotar (Dutch) was the first CA which got
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	443	compromised completely, and where many fraudulent
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	444	certificates were issued. It included approximately
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	445	300,000 IP addresses, mostly located in Iran. The
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	446	attackers (in Iran?) were likely interested only in
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	447	collecting gmail passwords.\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	448
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	449	\item The Flame malware piggy-bagged on this attack by
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	450	advertising malicious Windows updates to some targeted
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	451	systems (mostly in Iran, Israel, Sudan).
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	452
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	453	\end{itemize}
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	454
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	455	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	456	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	457
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	458	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	459	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	460	\frametitle{PKI is Broken}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	461
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	462	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	463
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	464	\item PKI and certificates are meant to protect you against
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	465	MITM attacks, but if the attack occurs your are
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	466	presented with a warning and you need to decide whether
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	467	you are under attack.\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	468
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	469	\item Webcontent gets often loaded from 3rd-party servers,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	470	which might not be secured\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	471
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	472	\item Misaligned incentives: browser vendors are not
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	473	interested in breaking webpages with invalid
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	474	certificates
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	475
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	476	\end{itemize}
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	477
416 708b80c825af updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	478	\end{frame}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	479	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	480
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	481	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	482	\begin{frame}[c]
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	483
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	484	Why are there so many invalid certificates?\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	485
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	486	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	487
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	488	\item insufficient name coverage (www.example.com should
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	489	include example.com)
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	490
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	491	\item IoT: manny appliances have web-based admin interfaces;
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	492	the manufacturer cannot know under which IP and domain name
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	493	the appliances are run (so cannot install a valid certificate)
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	494
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	495	\item expired certificates, or incomplete chains of trust
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	496	(servers are supposed to supply them)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	497
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	498	\end{itemize}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	499
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	500	\end{frame}
123 2185acdb43bb added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	501	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	502
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	503	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	504	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	505	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	506	%\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	507	%\frametitle{Best Practices}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	508	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	509	%{\bf Principle 1:} Every message should say what it means: the
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	510	%interpretation of a message should not depend on the
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	511	%context.\bigskip\pause
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	512	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	513	%{\bf Principle 2:} If the identity of a principal is essential
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	514	%to the meaning of a message, it is prudent to mention the
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	515	%principal’s name explicitly in the message (though
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	516	%difficult).\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	517	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	518	%\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	519	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	520	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	521	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	522	%\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	523	%\frametitle{Best Practices}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	524	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	525	%{\bf Principle 3:} Be clear about why encryption is being
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	526	%done. Encryption is not wholly cheap, and not asking precisely
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	527	%why it is being done can lead to redundancy. Encryption is not
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	528	%synonymous with security. %
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	529	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	530	%\small
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	531	%\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	532	%Possible Uses of Encryption %
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	533	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	534	%\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	535	%\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}. %\item Guarantee authenticity: The partner is indeed some particular principal. %\item Guarantee confidentiality and authenticity: binds two parts of a message ---
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	536	%\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	537	%\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	538	%\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	539	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	540	%\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	541	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	542	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	543	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	544	%\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	545	%\frametitle{Best Practices}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	546	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	547	%{\bf Principle 4:} The protocol designers should know which
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	548	%trust relations their protocol depends on, and why the
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	549	%dependence is necessary. The reasons for particular trust
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	550	%relations being acceptable should be explicit though they will
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	551	%be founded on judgment and policy rather than on
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	552	%logic.\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	553	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	554	% %Example Certification Authorities: CAs are trusted to certify
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	555	%a key only after proper steps have been taken to identify the
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	556	%principal that owns it.
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	557	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	558	%\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	559	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	560	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	561	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	562	%\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	563	%\frametitle{Formal Methods}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	564	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	565	%Ross Anderson about the use of Logic:\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	566	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	567	%\begin{quote}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	568	%Formal methods can be an excellent way of finding
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	569	%bugs in security protocol designs as they force the designer
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	570	%to make everything explicit and thus confront difficult design
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	571	%choices that might otherwise be fudged.
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	572	%\end{quote}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	573	%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	574	%\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	575	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	576	%
254 0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	577	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	578	\begin{frame}[c]
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	579	\frametitle{Mid-Term}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	580
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	581	\begin{itemize}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	582	\item homework, handouts, programs\ldots
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	583	\end{itemize}\bigskip\bigskip\bigskip
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	584
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	585	\begin{center}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	586	{\huge\bf\alert{Any Questions?}}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	587	\end{center}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	588
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	589	\end{frame}
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	590	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0d491b5654f9 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 253 diff changeset	591
417 ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	592	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	593	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	594	\frametitle{Security Engineering}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	595
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	596	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	597	\begin{tabular}{cc}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	598	\raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} &
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	599	\includegraphics[scale=0.31]{../pics/airbus.jpg}\\
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	600	\small Wright brothers, 1901 & \small Airbus, 2005 \\
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	601	\end{tabular}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	602	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	603
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	604	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	605	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	606
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	607	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	608	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	609	\frametitle{1st Lecture}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	610
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	611	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	612	\item chip-and-pin, banks vs.~customers
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	613	\begin{quote}\small\rm
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	614	the one who can improve security should also be
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	615	liable for the losses
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	616	\end{quote}\pause\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	617
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	618	\item hashes and salts to guarantee data integrity\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	619	\item storing passwords (you should know the difference between
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	620	brute force attacks and dictionary attacks; how do salts help?)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	621	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	622
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	623	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	624	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	625
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	626	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	627	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	628	\frametitle{1st Lecture: Cookies}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	629
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	630	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	631	\item good uses of cookies?\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	632
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	633	\item bad uses of cookies: snooping, tracking, profiling\ldots
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	634	the ``disadvantage'' is that the user is in
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	635	\alert{control}, because you can delete them
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	636
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	637	\begin{center} ``Please track me using cookies.''
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	638	\end{center}\bigskip\pause
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	639
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	640	\item fingerprinting beyond browser cookies
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	641	\begin{quote}\small\rm
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	642	Pixel Perfect: Fingerprinting Canvas in HTML5\\
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	643	(a research paper from 2012)\\
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	644	\footnotesize
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	645	\url{http://cseweb.ucsd.edu/~hovav/papers/ms12.html}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	646	\end{quote}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	647	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	648
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	649	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	650	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	651
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	652	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	653	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	654	\frametitle{1st Lecture: Cookies}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	655
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	656	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	657	\item a bit of JavaScript and HTML5 + canvas\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	658	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	659	\begin{tabular}{cc}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	660	Firefox & Safari\\
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	661	\includegraphics[scale=0.31]{../pics/firefox1.png} &
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	662	\includegraphics[scale=0.31]{../pics/safari1.png} \\
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	663	\tiny
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	664	\pcode{55b2257ad0f20ecbf927fb66a15c61981f7ed8fc} &
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	665	\tiny
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	666	\pcode{17bc79f8111e345f572a4f87d6cd780b445625d3}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	667	\end{tabular}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	668	\end{center}\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	669
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	670	\item\small no actual drawing needed\pause
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	671	\item\small in May 2014 a crawl of 100,000 popular
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	672	webpages revealed 5.5\% already use canvas
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	673	fingerprinting\smallskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	674	\begin{center}\scriptsize
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	675	\url{https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	676	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	677	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	678
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	679	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	680	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	681
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	682	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	683	\begin{frame}[c]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	684	\frametitle{1st Lecture: Cookies}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	685
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	686	Remember the small web-app I showed where a cookie
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	687	protected a counter\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	688
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	689	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	690	\item NYT, the cookie looks the ``resource'' - harm\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	691	\item imaginary discount unlocked by cookie - no harm
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	692	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	693
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	694	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	695	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	696
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	697
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	698	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	699	\begin{frame}[t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	700	\frametitle{2nd Lecture: E-Voting}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	701
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	702	Where are paper ballots better than voice voting?\bigskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	703
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	704	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	705	\item Integrity
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	706	\item \alert{Ballot Secrecy}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	707	\item Voter Authentication
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	708	\item Enfranchisement
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	709	\item Availability
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	710	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	711
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	712	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	713	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	714
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	715	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	716	\begin{frame}[t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	717	\frametitle{2nd Lecture: E-Voting}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	718
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	719	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	720	\item (two weeks ago) an Australian parliamentary committee
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	721	found: e-voting is highly vulnerable to hacking and Australia
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	722	will not use it any time soon\bigskip\pause
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	723	\item Alex Halderman, Washington D.C.~hack
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	724	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	725	\scriptsize
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	726	\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	727	\end{center}\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	728
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	729	\item PDF-ballot tampering at the wireless router (the modification
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	730	is nearly undetectable and leaves no traces; MITM attack with firmware
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	731	updating)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	732	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	733	\scriptsize
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	734	\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	735	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	736
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	737	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	738
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	739	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	740	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	741
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	742
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	743	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	744	\tikzset{alt/.code args={<#1>#2#3#4}{%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	745	\alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	746	}}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	747
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	748	\begin{frame}[t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	749	\frametitle{\begin{tabular}{c}3rd Lecture:\\ Buffer Overflow Attacks\end{tabular}}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	750
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	751	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	752	\item the problem arises from the way C/C++ organises its function calls\\[-8mm]\mbox{}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	753	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	754
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	755	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	756	\begin{tikzpicture}[scale=1]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	757	%\draw[black!10,step=2mm] (0,0) grid (9,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	758	%\draw[black!10,thick,step=10mm] (0,0) grid (9,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	759
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	760	\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	761	\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	762	\draw[line width=0mm, white, alt=<9->{fill=red}{fill=blue}] (0,0.2) rectangle (1,0.5);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	763	\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	764	\draw[line width=1mm, alt=<6->{fill=red}{fill=blue}] (0,1.0) rectangle (1,2.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	765	\draw[line width=1mm, alt=<7->{fill=yellow}{fill=blue}] (0,0.5) rectangle (1,1.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	766	\draw[line width=1mm] (0,0) -- (0,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	767	\draw[line width=1mm] (1,0) -- (1,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	768
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	769	\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	770	\draw[line width=1mm, alt=<{4-5,8}>{fill=red}{fill=blue}] (3,1.0) rectangle (4,3.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	771
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	772	\onslide<3-4>{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	773	\onslide<5>{\draw[<-, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {res=24} (3,1);}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	774
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	775	\onslide<7-8>{\draw[->, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {n=3} (3,3);}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	776	\onslide<9>{\draw[<-, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {res=6} (3,1);}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	777
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	778
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	779	\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	780	\draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	781
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	782	\onslide<3,4,7,8>{
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	783	\node at (7.75, 1.4) {ret};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	784	\draw[line width=1mm] (7,1.1) -- (8.5,1.1);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	785	\node at (7.75, 2.0) {sp};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	786	\draw[line width=1mm] (7,2.3) -- (8.5,2.3);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	787	}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	788	\onslide<3,4>{
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	789	\node at (7.75, 0.8) {4};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	790	\draw[line width=1mm] (7,1.7) -- (8.5,1.7);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	791	}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	792	\onslide<7,8>{
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	793	\node at (7.75, 0.8) {3};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	794	\draw[line width=1mm] (7,1.7) -- (8.5,1.7);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	795	}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	796
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	797
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	798	\end{tikzpicture}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	799	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	800
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	801	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	802
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	803	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	804	\begin{frame}[t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	805
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	806	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	807	\begin{tikzpicture}[scale=1]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	808	%\draw[black!10,step=2mm] (0,0) grid (9,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	809	%\draw[black!10,thick,step=10mm] (0,0) grid (9,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	810
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	811	\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	812	\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	813	\draw[line width=1mm, white, fill=blue] (0,1.0) rectangle (1,2.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	814	\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	815	\draw[line width=1mm] (0,0) -- (0,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	816	\draw[line width=1mm] (1,0) -- (1,4);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	817
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	818	\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	819	\draw[line width=0mm, alt=<{4-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,3.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	820	\draw[line width=0mm, alt=<{5-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,2.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	821	\draw[line width=0mm, alt=<{7-}>{red, fill=red}{blue, fill=blue}] (3,2.0) rectangle (4,1.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	822	\draw[line width=1mm] (3,1.0) rectangle (4,3.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	823
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	824	\onslide<3->{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	825	\onslide<5->{\draw[<-, line width=2mm,red] (4,2) to node [above,sloped,midway]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	826	{\begin{tabular}{l}user\\[-1mm] input\end{tabular}} (6,2);}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	827	\onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	828
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	829	\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	830	\draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	831
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	832	\onslide<3->{
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	833	\node at (7.75, 0.2) {4};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	834	\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	835	\node at (7.75, 0.8) {\alt<6->{@a\#}{ret}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	836	\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	837	\node at (7.75, 1.4) {\alt<6->{!?w;}sp};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	838	}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	839
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	840	\onslide<4->{
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	841	\draw[line width=1mm,fill=red] (7,1.7) rectangle (8.5,3.0);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	842	\node[white] at (7.75, 2.4) {buffer};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	843	}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	844
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	845	\end{tikzpicture}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	846	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	847
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	848	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	849	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	850
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	851	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	852	\begin{frame}[t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	853	\frametitle{\begin{tabular}{c}3rd Lecture:\\[-3mm]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	854	Buffer Overflow Attacks\end{tabular}}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	855
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	856	US National Vulnerability Database\\
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	857	\small(636 out of 6675 in 2014)
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	858
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	859	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	860	\begin{tikzpicture}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	861	\begin{axis}[
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	862	xlabel={year},
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	863	ylabel={\% of total attacks},
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	864	ylabel style={yshift=0em},
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	865	enlargelimits=false,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	866	xtick={1997,1998,2000,...,2014},
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	867	xmin=1996.5,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	868	xmax=2015,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	869	ymax=21,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	870	ytick={0,5,...,20},
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	871	scaled ticks=false,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	872	axis lines=left,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	873	width=11cm,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	874	height=5cm,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	875	ybar,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	876	nodes near coords=
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	877	{\footnotesize
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	878	$\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$},
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	879	x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	880	\addplot
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	881	table [x=Year,y=Percentage] {bufferoverflows.data};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	882	\end{axis}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	883	\end{tikzpicture}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	884	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	885
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	886	\scriptsize
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	887	\url{http://web.nvd.nist.gov/view/vuln/statistics}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	888	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	889	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	890
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	891
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	892
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	893	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	894	\begin{frame}[t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	895	\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	896
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	897	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	898	\item privileges are specified by file access permissions (``everything is a file'')
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	899	\end{itemize}\medskip
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	900
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	901	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	902	\begin{tikzpicture}[scale=1]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	903
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	904	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	905	\draw (4.7,1) node {Internet};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	906	\draw (-2.7,1.7) node {\footnotesize Application};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	907	\draw (0.6,1.7) node {\footnotesize Interface};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	908	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	909	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	910
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	911	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	912
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	913	\draw[white] (1.7,1) node (X) {};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	914	\draw[white] (3.7,1) node (Y) {};
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	915	\draw[red, <->, line width = 2mm] (X) -- (Y);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	916
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	917	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	918	\end{tikzpicture}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	919	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	920
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	921	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	922	\item the idea is to make the attack surface smaller and
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	923	mitigate the consequences of an attack
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	924	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	925
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	926	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	927	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	928
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	929	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	930	\begin{frame}[fragile,t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	931	\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	932
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	933	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	934	\item when a file with setuid is executed, the resulting process will assume the
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	935	UID given to the owner of the file
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	936	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	937
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	938	\footnotesize\tt
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	939	\begin{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	940	\begin{verbatim}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	941	$ ls -ld . * /
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	942	drwxr-xr-x 1 ping staff 32768 Apr 2 2010 .
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	943	-rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	944	-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	945	-rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	946	dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	947	-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	948	-r--rw---- 1 emma students 959 Jan 23 2012 src/code.h
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	949	\end{verbatim}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	950	\end{center}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	951
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	952
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	953	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	954	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	955
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	956	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	957	\begin{frame}[t]
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	958	\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	959
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	960	\begin{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	961	\item Alice wants to have her files readable,
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	962	\alert{except} for her office mates.
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	963	\end{itemize}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	964
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	965
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	966	\end{frame}
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	967	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	968
ca9295851eb6 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 416 diff changeset	969
52 be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	970	\end{document}
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	971
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	972	%%% Local Variables:
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	973	%%% mode: latex
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	974	%%% TeX-master: t
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	975	%%% End:
be19f8a1fcf0 added slides 5 Christian Urban <urbanc@in.tum.de> parents: diff changeset	976

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 22 Oct 2015 02:11:23 +0100
changeset 417	ca9295851eb6
parent 416	708b80c825af
child 418	ac2d2cb7dd82
permissions	-rw-r--r--