handouts/ho01.tex
author cu
Mon, 23 Oct 2017 01:09:09 +0100 (2017-10-23)
changeset 556 e6e87d5839c0
parent 539 48e0c8b03ae5
child 565 d58f8e3e78a5
permissions -rw-r--r--
updated
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
     1
\documentclass{article}
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     2
\usepackage{../style}
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
     3
\usepackage{../langs}
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     4
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
     5
\lstset{language=JavaScript}
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     6
366
34a8f73b2c94 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 365
diff changeset
     7
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
     8
\begin{document}
446
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
     9
\fnote{\copyright{} Christian Urban, 
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
    10
King's College London, 2014, 2015, 2016}
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    11
518
e1fcfba63a31 updated
Christian Urban <urbanc@in.tum.de>
parents: 514
diff changeset
    12
% passwords at dropbox
e1fcfba63a31 updated
Christian Urban <urbanc@in.tum.de>
parents: 514
diff changeset
    13
%%https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
e1fcfba63a31 updated
Christian Urban <urbanc@in.tum.de>
parents: 514
diff changeset
    14
e1fcfba63a31 updated
Christian Urban <urbanc@in.tum.de>
parents: 514
diff changeset
    15
431
4b53f83c070c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 383
diff changeset
    16
%Ross anderson
4b53f83c070c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 383
diff changeset
    17
%https://youtu.be/FY2YKxBxOkg
453
5921eebd9add updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 450
diff changeset
    18
%http://www.scmagazineuk.com/amazon-launches-open-source-tls-implementation-s2n/article/424360/
431
4b53f83c070c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 383
diff changeset
    19
457
38ef1ef6082d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 455
diff changeset
    20
%Singapurs Behörden gehen offline
38ef1ef6082d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 455
diff changeset
    21
462
33dcbafb27ce updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 459
diff changeset
    22
% how to store passwords
33dcbafb27ce updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 459
diff changeset
    23
%https://nakedsecurity.sophos.com/2013/11/20/serious-security-how-to-store-your-users-passwords-safely/
457
38ef1ef6082d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 455
diff changeset
    24
508
c7b690b17b1d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 463
diff changeset
    25
%hashes
c7b690b17b1d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 463
diff changeset
    26
%http://web.archive.org/web/20071226014140/http://www.cits.rub.de/MD5Collisions/
c7b690b17b1d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 463
diff changeset
    27
%https://blog.codinghorror.com/speed-hashing/
c7b690b17b1d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 463
diff changeset
    28
%https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
c7b690b17b1d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 463
diff changeset
    29
509
aa2a09b9823c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 508
diff changeset
    30
% Hello Kitty database stolen
aa2a09b9823c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 508
diff changeset
    31
% https://nakedsecurity.sophos.com/2017/01/10/stolen-details-of-3-3m-hello-kitty-fans-including-kids-published-online/
aa2a09b9823c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 508
diff changeset
    32
%
aa2a09b9823c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 508
diff changeset
    33
aa2a09b9823c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 508
diff changeset
    34
% IoT
aa2a09b9823c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 508
diff changeset
    35
% https://nakedsecurity.sophos.com/2015/10/26/the-internet-of-things-stop-the-things-i-want-to-get-off/
aa2a09b9823c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 508
diff changeset
    36
514
a118052cf1d4 updated
Christian Urban <urbanc@in.tum.de>
parents: 509
diff changeset
    37
% cloning creditc cards and passports
a118052cf1d4 updated
Christian Urban <urbanc@in.tum.de>
parents: 509
diff changeset
    38
%https://www.youtube.com/watch?v=-4_on9zj-zs
a118052cf1d4 updated
Christian Urban <urbanc@in.tum.de>
parents: 509
diff changeset
    39
a118052cf1d4 updated
Christian Urban <urbanc@in.tum.de>
parents: 509
diff changeset
    40
167
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 160
diff changeset
    41
\section*{Handout 1 (Security Engineering)}
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    42
366
34a8f73b2c94 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 365
diff changeset
    43
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    44
Much of the material and inspiration in this module is taken
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    45
from the works of Bruce Schneier, Ross Anderson and Alex
159
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    46
Halderman. I think they are the world experts in the area of
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    47
security engineering. I especially like that they argue that a
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    48
security engineer requires a certain \emph{security mindset}.
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    49
Bruce Schneier for example writes:
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    50
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    51
\begin{quote} 
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    52
\it ``Security engineers --- at least the good ones --- see
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    53
the world differently. They can't walk into a store without
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    54
noticing how they might shoplift. They can't use a computer
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    55
without wondering about the security vulnerabilities. They
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    56
can't vote without trying to figure out how to vote twice.
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    57
They just can't help it.''
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    58
\end{quote}
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    59
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    60
\noindent
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    61
and
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    62
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    63
\begin{quote}
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    64
\it ``Security engineering\ldots requires you to think
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    65
differently. You need to figure out not how something works,
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    66
but how something can be made to not work. You have to imagine
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    67
an intelligent and malicious adversary inside your system
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    68
\ldots, constantly trying new ways to
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    69
subvert it. You have to consider all the ways your system can
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    70
fail, most of them having nothing to do with the design
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    71
itself. You have to look at everything backwards, upside down,
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    72
and sideways. You have to think like an alien.''
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    73
\end{quote}
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    74
159
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    75
\noindent In this module I like to teach you this security
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
    76
mindset. This might be a mindset that you think is very
446
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
    77
foreign to you---after all we are all good citizens and do not
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    78
hack into things. However, I beg to differ: You have this
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    79
mindset already when in school you were thinking, at least
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
    80
hypothetically, about ways in which you can cheat in an exam
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
    81
(whether it is by hiding notes or by looking over the
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
    82
shoulders of your fellow pupils). Right? To defend a system,
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    83
you need to have this kind of mindset and be able to think
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    84
like an attacker. This will include understanding techniques
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    85
that can be used to compromise security and privacy in
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    86
systems. This will many times result in insights where
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
    87
well-intended security mechanisms made a system actually less
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
    88
secure.\medskip
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
    89
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
    90
\noindent 
159
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    91
{\Large\bf Warning!} However, don’t be evil! Using those
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    92
techniques in the real world may violate the law or King’s
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    93
rules, and it may be unethical. Under some circumstances, even
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    94
probing for weaknesses of a system may result in severe
160
4cbd6ca025e6 updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 159
diff changeset
    95
penalties, up to and including expulsion, fines and
159
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    96
jail time. Acting lawfully and ethically is your
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    97
responsibility. Ethics requires you to refrain from doing
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    98
harm. Always respect privacy and rights of others. Do not
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
    99
tamper with any of King's systems. If you try out a technique,
77cf0362b87a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 158
diff changeset
   100
always make doubly sure you are working in a safe environment
160
4cbd6ca025e6 updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 159
diff changeset
   101
so that you cannot cause any harm, not even accidentally.
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   102
Don't be evil. Be an ethical hacker.\medskip
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   103
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   104
\noindent In this lecture I want to make you familiar with the
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   105
security mindset and dispel the myth that encryption is the
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   106
answer to all security problems (it is certainly often a part
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   107
of an answer, but almost always never a sufficient one). This
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   108
is actually an important thread going through the whole
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   109
course: We will assume that encryption works perfectly, but
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   110
still attack ``things''. By ``works perfectly'' we mean that
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   111
we will assume encryption is a black box and, for example,
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   112
will not look at the underlying mathematics and break the
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   113
algorithms.\footnote{Though fascinating this might be.}
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   114
 
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   115
For a secure system, it seems, four requirements need to come
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   116
together: First a security policy (what is supposed to be
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   117
achieved?); second a mechanism (cipher, access controls,
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   118
tamper resistance etc); third the assurance we obtain from the
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   119
mechanism (the amount of reliance we can put on the mechanism)
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   120
and finally the incentives (the motive that the people
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   121
guarding and maintaining the system have to do their job
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   122
properly, and also the motive that the attackers have to try
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   123
to defeat your policy). The last point is often overlooked,
529
9b01bb695b22 updated
Christian Urban <urbanc@in.tum.de>
parents: 518
diff changeset
   124
but plays an important role. To illustrate this let's look at
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   125
an example. 
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   126
446
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   127
\subsubsection*{Chip-and-PIN is Surely More Secure, No?}
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   128
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   129
The questions is whether the Chip-and-PIN system used with
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   130
modern credit cards is more secure than the older method of
463
39d66100d7a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 462
diff changeset
   131
signing receipts at the till? On first glance the answer seems
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   132
obvious: Chip-and-PIN must be more secure and indeed improved
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   133
security was the central plank in the ``marketing speak'' of
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   134
the banks behind Chip-and-PIN. The earlier system was based on
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   135
a magnetic stripe or a mechanical imprint on the cards and
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   136
required customers to sign receipts at the till whenever they
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   137
bought something. This signature authorised the transactions.
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   138
Although in use for a long time, this system had some crucial
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   139
security flaws, including making clones of credit cards and
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   140
forging signatures. 
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   141
177
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   142
Chip-and-PIN, as the name suggests, relies on data being
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   143
stored on a chip on the card and a PIN number for
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   144
authorisation. Even though the banks involved trumpeted their
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   145
system as being absolutely secure and indeed fraud rates
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   146
initially went down, security researchers were not convinced
450
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   147
(especially not the group around Ross
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   148
Anderson).\footnote{Actually, historical data about fraud
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   149
showed that first fraud rates went up (while early problems to
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   150
do with the introduction of Chip-and-PIN we exploited), then
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   151
down, but recently up again (because criminals getting more
539
Christian Urban <urbanc@in.tum.de>
parents: 529
diff changeset
   152
familiar with the technology and how it can be exploited).} To begin with, the
450
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   153
Chip-and-PIN system introduced a ``new player'' into the
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   154
system that needed to be trusted: the PIN terminals and their
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   155
manufacturers. It was claimed that these terminals were
177
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   156
tamper-resistant, but needless to say this was a weak link in
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   157
the system, which criminals successfully attacked. Some
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   158
terminals were even so skilfully manipulated that they
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   159
transmitted skimmed PIN numbers via built-in mobile phone
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   160
connections. To mitigate this flaw in the security of
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   161
Chip-and-PIN, you need to be able to vet quite closely the
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   162
supply chain of such terminals. This is something that is
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   163
mostly beyond the control of customers who need to use these
446
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   164
terminals. 
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   165
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   166
To make matters worse for Chip-and-PIN, around 2009 Ross
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   167
Anderson and his group were able to perform man-in-the-middle
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   168
attacks against Chip-and-PIN. Essentially they made the
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   169
terminal think the correct PIN was entered and the card think
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   170
that a signature was used. This is a kind of \emph{protocol
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   171
failure}. After discovery, the flaw was mitigated by requiring
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   172
that a link between the card and the bank is established at
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   173
every time the card is used. Even later this group found
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   174
another problem with Chip-and-PIN and ATMs which did not
383
3e1a2c8ed980 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 381
diff changeset
   175
generate random enough numbers (cryptographic nonces) on which
3e1a2c8ed980 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 381
diff changeset
   176
the security of the underlying protocols relies. 
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   177
381
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   178
The overarching problem with all this is that the banks who
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   179
introduced Chip-and-PIN managed with the new system to shift
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   180
the liability for any fraud and the burden of proof onto the
177
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   181
customer. In the old system, the banks had to prove that the
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   182
customer used the card, which they often did not bother with.
381
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   183
In effect, if fraud occurred the customers were either
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   184
refunded fully or lost only a small amount of money. This
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   185
taking-responsibility-of-potential-fraud was part of the
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   186
``business plan'' of the banks and did not reduce their
177
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   187
profits too much. 
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   188
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   189
Since banks managed to successfully claim that their
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   190
Chip-and-PIN system is secure, they were under the new system
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   191
able to point the finger at the customer when fraud occurred:
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   192
customers must have been negligent losing their PIN and
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   193
customers had almost no way of defending themselves in such
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   194
situations. That is why the work of \emph{ethical} hackers
446
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   195
like Ross Anderson's group is so important, because they and
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   196
others established that the banks' claim that their system is
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   197
secure and it must have been the customer's fault, was bogus.
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   198
In 2009 the law changed and the burden of proof went back to
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   199
the banks. They need to prove whether it was really the
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   200
customer who used a card or not. The current state of affairs,
446
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   201
however, is that standing up for your right requires you to be
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   202
knowledgeable, potentially having to go to court\ldots{}if
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   203
not, the banks are happy to take advantage of you.
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   204
177
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   205
This is a classic example where a security design principle
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   206
was violated: Namely, the one who is in the position to
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   207
improve security, also needs to bear the financial losses if
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   208
things go wrong. Otherwise, you end up with an insecure
46e581d66f3a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 176
diff changeset
   209
system. In case of the Chip-and-PIN system, no good security
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   210
engineer would dare to claim that it is secure beyond
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   211
reproach: the specification of the EMV protocol (underlying
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   212
Chip-and-PIN) is some 700 pages long, but still leaves out
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   213
many things (like how to implement a good random number
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   214
generator). No human being is able to scrutinise such a
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   215
specification and ensure it contains no flaws. Moreover, banks
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   216
can add their own sub-protocols to EMV. With all the
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   217
experience we already have, it is as clear as day that
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   218
criminals were bound to eventually be able to poke holes into
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   219
it and measures need to be taken to address them. However,
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   220
with how the system was set up, the banks had no real
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   221
incentive to come up with a system that is really secure.
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   222
Getting the incentives right in favour of security is often a
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   223
tricky business. From a customer point of view, the
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   224
Chip-and-PIN system was much less secure than the old
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   225
signature-based method. The customer could now lose
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   226
significant amounts of money.
173
9126c13a7d93 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 169
diff changeset
   227
445
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   228
If you want to watch an entertaining talk about attacking
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   229
Chip-and-PIN cards, then this talk from the 2014 Chaos
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   230
Computer Club conference is for you:
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   231
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   232
\begin{center}
529
9b01bb695b22 updated
Christian Urban <urbanc@in.tum.de>
parents: 518
diff changeset
   233
\url{https://goo.gl/zuwVHb}
445
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   234
\end{center}
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   235
446
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   236
\noindent They claim that they are able to clone Chip-and-PINs
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   237
cards such that they get all data that was on the Magstripe,
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   238
except for three digits (the CVV number). Remember,
64c20ed7941a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 445
diff changeset
   239
Chip-and-PIN cards were introduced exactly for preventing
450
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   240
this. Ross Anderson also talked about his research at the
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   241
BlackHat Conference in 2014:
445
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   242
450
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   243
\begin{center}
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   244
\url{https://www.youtube.com/watch?v=ET0MFkRorbo}
f3d5e57ca00a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 446
diff changeset
   245
\end{center}
445
9ad6445a0354 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 443
diff changeset
   246
455
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   247
\noindent An article about reverse-engineering a PIN-number skimmer
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   248
is at 
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   249
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   250
\begin{center}\small
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   251
\url{https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/}
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   252
\end{center}
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   253
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   254
\noindent
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   255
including a scary video of how a PIN-pad overlay is
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   256
installed by some crooks.
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   257
2d9e005100f4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 453
diff changeset
   258
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   259
\subsection*{Of Cookies and Salts}
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   260
355
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   261
Let us look at another example which will help with understanding how
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   262
passwords should be verified and stored.  Imagine you need to develop
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   263
a web-application that has the feature of recording how many times a
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   264
customer visits a page.  For example in order to give a discount
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   265
whenever the customer has visited a webpage some $x$ number of times
381
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   266
(say $x$ equals $5$). There is one more constraint: we want to store
355
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   267
the information about the number of visits as a cookie on the
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   268
browser. I think, for a number of years the webpage of the New York
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   269
Times operated in this way: it allowed you to read ten articles per
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   270
month for free; if you wanted to read more, you had to pay. My best
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   271
guess is that it used cookies for recording how many times their pages
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   272
was visited, because if I switched browsers I could easily circumvent
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   273
the restriction about ten articles.\footnote{Another online media that
619073c37649 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 336
diff changeset
   274
  works in this way is the Times Higher Education
381
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   275
  \url{http://www.timeshighereducation.co.uk}. It also seems to 
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   276
  use cookies to restrict the number of free articles to five.}
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   277
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   278
To implement our web-application it is good to look under the
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   279
hood what happens when a webpage is displayed in a browser. A
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   280
typical web-application works as follows: The browser sends a
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   281
GET request for a particular page to a server. The server
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   282
answers this request with a webpage in HTML (for our purposes
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   283
we can ignore the details about HTML). A simple JavaScript
325
48c6751f2173 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 312
diff changeset
   284
program that realises a server answering with a ``Hello
48c6751f2173 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 312
diff changeset
   285
World'' webpage is as follows:
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   286
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   287
\begin{center}
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   288
\lstinputlisting{../progs/ap0.js}
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   289
\end{center}
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   290
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   291
\noindent The interesting lines are 4 to 7 where the answer to
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   292
the GET request is generated\ldots in this case it is just a
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   293
simple string. This program is run on the server and will be
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   294
executed whenever a browser initiates such a GET request. You
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   295
can run this program on your computer and then direct a
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   296
browser to the address \pcode{localhost:8000} in order to
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   297
simulate a request over the internet. You are encouraged
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   298
to try this out\ldots{}theory is always good, but practice is 
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   299
better.
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   300
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   301
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   302
For our web-application of interest is the feature that the
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   303
server when answering the request can store some information
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   304
on the client's side. This information is called a
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   305
\emph{cookie}. The next time the browser makes another GET
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   306
request to the same webpage, this cookie can be read again by
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   307
the server. We can use cookies in order to store a counter
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   308
that records the number of times our webpage has been visited.
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   309
This can be realised with the following small program
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   310
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   311
\begin{center}
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   312
\lstinputlisting{../progs/ap2.js}
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   313
\end{center}
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   314
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   315
\noindent The overall structure of this program is the same as
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   316
the earlier one: Lines 7 to 17 generate the answer to a
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   317
GET-request. The new part is in Line 8 where we read the
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   318
cookie called \pcode{counter}. If present, this cookie will be
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   319
send together with the GET-request from the client. The value
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   320
of this counter will come in form of a string, therefore we
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   321
use the function \pcode{parseInt} in order to transform it
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   322
into an integer. In case the cookie is not present, we default
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   323
the counter to zero. The odd looking construction \code{...||
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   324
0} is realising this defaulting in JavaScript. In Line 9 we
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   325
increase the counter by one and store it back to the client
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   326
(under the name \pcode{counter}, since potentially more than
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   327
one value could be stored). In Lines 10 to 15 we test whether
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   328
this counter is greater or equal than 5 and send accordingly a
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   329
specially grafted message back to the client.
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   330
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   331
Let us step back and analyse this program from a security
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   332
point of view. We store a counter in plain text on the
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   333
client's browser (which is not under our control). Depending
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   334
on this value we want to unlock a resource (like a discount)
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   335
when it reaches a threshold. If the client deletes the cookie,
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   336
then the counter will just be reset to zero. This does not
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   337
bother us, because the purported discount will just not be
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   338
granted. In this way we do not lose any (hypothetical) money.
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   339
What we need to be concerned about is, however, when a client
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   340
artificially increases this counter without having visited our
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   341
web-page. This is actually a trivial task for a knowledgeable
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   342
person, since there are convenient tools that allow one to set
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   343
a cookie to an arbitrary value, for example above our
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   344
threshold for the discount. 
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   345
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   346
There seems to be no simple way to prevent this kind of
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   347
tampering with cookies, because the whole purpose of cookies
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   348
is that they are stored on the client's side, which from the
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   349
the server's perspective is a potentially hostile environment.
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   350
What we need to ensure is the integrity of this counter in
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   351
this hostile environment. We could think of encrypting the
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   352
counter. But this has two drawbacks to do with the keys for
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   353
encryption. If you use a single, global key for all the
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   354
clients that visit our site, then we risk that our whole
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   355
``business'' might collapse in the event this key gets known
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   356
to the outside world. Then all cookies we might have set in
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   357
the past, can now be decrypted and manipulated. If, on the
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   358
other hand, we use many ``private'' keys for the clients, then
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   359
we have to solve the problem of having to securely store this
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   360
key on our server side (obviously we cannot store the key with
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   361
the client because then the client again has all data to
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   362
tamper with the counter; and obviously we also cannot encrypt
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   363
the key, lest we can solve an impossible chicken-and-egg
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   364
problem). So encryption seems to not solve the problem we face
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   365
with the integrity of our counter.
169
2866fae8c1cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 168
diff changeset
   366
336
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   367
Fortunately, \emph{cryptographic hash functions} seem to be
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   368
more suitable for our purpose. Like encryption, hash functions
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   369
scramble data in such a way that it is easy to calculate the
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   370
output of a hash function from the input. But it is hard
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   371
(i.e.~practically impossible) to calculate the input from
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   372
knowing the output. This is often called \emph{preimage
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   373
resistance}. Cryptographic hash functions also ensure that
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   374
given a message and a hash, it is computationally infeasible to
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   375
find another message with the same hash. This is called
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   376
\emph{collusion resistance}. Because of these properties, hash
383
3e1a2c8ed980 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 381
diff changeset
   377
functions are often called \emph{one-way functions}: you
336
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   378
cannot go back from the output to the input (without some
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   379
tricks, see below). 
3cb200fa6d6a updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 325
diff changeset
   380
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   381
There are several such hashing function. For example SHA-1
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   382
would hash the string \pcode{"hello world"} to produce the
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   383
hash-value
175
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   384
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   385
\begin{center}
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   386
\pcode{2aae6c35c94fcfb415dbe95f408b9ce91ee846ed}
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   387
\end{center}
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   388
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   389
\noindent Another handy feature of hash functions is that if
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   390
the input changes only a little, the output changes
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   391
drastically. For example \pcode{"iello world"} produces under
175
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   392
SHA-1 the output
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   393
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   394
\begin{center}
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   395
\pcode{d2b1402d84e8bcef5ae18f828e43e7065b841ff1}
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   396
\end{center}
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   397
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   398
\noindent That means it is not predictable what the output
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   399
will be from just looking at input that is ``close by''. 
175
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   400
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   401
We can use hashes in our web-application and store in the
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   402
cookie the value of the counter in plain text but together
180
a95782c2f046 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 179
diff changeset
   403
with its hash. We need to store both pieces of data in such a
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   404
way that we can extract them again later on. In the code below
383
3e1a2c8ed980 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 381
diff changeset
   405
I will just separate them using a \pcode{"-"}. For the
3e1a2c8ed980 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 381
diff changeset
   406
counter \pcode{1} for example
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   407
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   408
\begin{center}
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   409
\pcode{1-356a192b7913b04c54574d18c28d46e6395428ab}
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   410
\end{center}
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   411
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   412
\noindent If we now read back the cookie when the client
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   413
visits our webpage, we can extract the counter, hash it again
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   414
and compare the result to the stored hash value inside the
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   415
cookie. If these hashes disagree, then we can deduce that the
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   416
cookie has been tampered with. Unfortunately, if they agree,
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   417
we can still not be entirely sure that not a clever hacker has
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   418
tampered with the cookie. The reason is that the hacker can
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   419
see the clear text part of the cookie, say \pcode{3}, and also
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   420
its hash. It does not take much trial and error to find out
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   421
that we used the SHA-1 hashing function and then the hacker
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   422
can graft a cookie accordingly. This is eased by the fact that
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   423
for SHA-1 many strings and corresponding hash-values are
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   424
precalculated. Type, for example, into Google the hash value
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   425
for \pcode{"hello world"} and you will actually pretty quickly
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   426
find that it was generated by input string \pcode{"hello
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   427
world"}. Similarly for the hash-value for \pcode{1}. This
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   428
defeats the purpose of a hashing function and thus would not
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   429
help us with our web-applications and later also not with how
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   430
to store passwords properly. 
175
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   431
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   432
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   433
There is one ingredient missing, which happens to be called
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   434
\emph{salts}. Salts are random keys, which are added to the
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   435
counter before the hash is calculated. In our case we must
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   436
keep the salt secret. As can be see in Figure~\ref{hashsalt},
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   437
we need to extract from the cookie the counter value and its
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   438
hash (Lines 19 and 20). But before hashing the counter again
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   439
(Line 22) we need to add the secret salt. Similarly, when we
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   440
set the new increased counter, we will need to add the salt
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   441
before hashing (this is done in Line 15). Our web-application
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   442
will now store cookies like 
175
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   443
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   444
\begin{figure}[p]
178
13c6bd6e3477 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 177
diff changeset
   445
\lstinputlisting{../progs/App4.js}
365
942205605c30 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 358
diff changeset
   446
\caption{A Node.js web-app that sets a cookie in the client's
942205605c30 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 358
diff changeset
   447
browser for counting the number of visits to a page.\label{hashsalt}}
175
4ebc97e6fdf0 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 174
diff changeset
   448
\end{figure}
169
2866fae8c1cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 168
diff changeset
   449
179
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   450
\begin{center}\tt
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   451
\begin{tabular}{l}
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   452
1 + salt - 8189effef4d4f7411f4153b13ff72546dd682c69\\
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   453
2 + salt - 1528375d5ceb7d71597053e6877cc570067a738f\\
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   454
3 + salt - d646e213d4f87e3971d9dd6d9f435840eb6a1c06\\
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   455
4 + salt - 5b9e85269e4461de0238a6bf463ed3f25778cbba\\
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   456
...\\
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   457
\end{tabular}
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   458
\end{center}
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   459
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   460
\noindent These hashes allow us to read and set the value of
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   461
the counter, and also give us confidence that the counter has
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   462
not been tampered with. This of course depends on being able
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   463
to keep the salt secret. Once the salt is public, we better
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   464
ignore all cookies and start setting them again with a new
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   465
salt.
179
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   466
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   467
There is an interesting and very subtle point to note with
383
3e1a2c8ed980 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 381
diff changeset
   468
respect to the 'New York Times' way of checking the number
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   469
visits. Essentially they have their `resource' unlocked at the
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   470
beginning and lock it only when the data in the cookie states
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   471
that the allowed free number of visits are up. As said before,
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   472
this can be easily circumvented by just deleting the cookie or
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   473
by switching the browser. This would mean the New York Times
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   474
will lose revenue whenever this kind of tampering occurs. The
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   475
`quick fix' to require that a cookie must always be present
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   476
does not work, because then this newspaper will cut off any
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   477
new readers, or anyone who gets a new computer. In contrast,
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   478
our web-application has the resource (discount) locked at the
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   479
beginning and only unlocks it if the cookie data says so. If
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   480
the cookie is deleted, well then the resource just does not
383
3e1a2c8ed980 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 381
diff changeset
   481
get unlocked. No major harm will result to us. You can see:
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   482
the same security mechanism behaves rather differently
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   483
depending on whether the ``resource'' needs to be locked or
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   484
unlocked. Apart from thinking about the difference very
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   485
carefully, I do not know of any good ``theory'' that could
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   486
help with solving such security intricacies in any other way.  
179
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   487
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   488
\subsection*{How to Store Passwords Properly?}
179
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   489
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   490
While admittedly quite silly, the simple web-application in
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   491
the previous section should help with the more important
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   492
question of how passwords should be verified and stored. It is
179
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   493
unbelievable that nowadays systems still do this with
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   494
passwords in plain text. The idea behind such plain-text
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   495
passwords is of course that if the user typed in
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   496
\pcode{foobar} as password, we need to verify whether it
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   497
matches with the password that is already stored for this user
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   498
in the system. Why not doing this with plain-text passwords?
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   499
Unfortunately doing this verification in plain text is really
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   500
a bad idea. Alas, evidence suggests it is still a
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   501
widespread practice. I leave you to think about why verifying
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   502
passwords in plain text is a bad idea.
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   503
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   504
Using hash functions, like in our web-application, we can do
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   505
better. They allow us to not having to store passwords in
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   506
plain text for verification whether a password matches or not.
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   507
We can just hash the password and store the hash-value. And
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   508
whenever the user types in a new password, well then we hash
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   509
it again and check whether the hash-values agree. Just like
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   510
in the web-application before.
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   511
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   512
Lets analyse what happens when a hacker gets hold of such a
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   513
hashed password database. That is the scenario we want to
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   514
defend against.\footnote{If we could assume our servers can
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   515
never be broken into, then storing passwords in plain text
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   516
would be no problem. The point, however, is that servers are
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   517
never absolutely secure.} The hacker has then a list of user names and
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   518
associated hash-values, like 
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   519
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   520
\begin{center}
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   521
\pcode{urbanc:2aae6c35c94fcfb415dbe95f408b9ce91ee846ed}
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   522
\end{center}
179
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   523
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   524
\noindent For a beginner-level hacker this information is of
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   525
no use. It would not work to type in the hash value instead of
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   526
the password, because it will go through the hashing function
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   527
again and then the resulting two hash-values will not match.
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   528
One attack a hacker can try, however, is called a \emph{brute
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   529
force attack}. Essentially this means trying out exhaustively
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   530
all strings
181
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   531
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   532
\begin{center}
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   533
\pcode{a},
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   534
\pcode{aa},
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   535
\pcode{...},
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   536
\pcode{ba},
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   537
\pcode{...},
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   538
\pcode{zzz},
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   539
\pcode{...}
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   540
\end{center}   
a736a0c324a3 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 180
diff changeset
   541
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   542
\noindent and so on, hash them and check whether they match
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   543
with the hash-values in the database. Such brute force attacks
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   544
are surprisingly effective. With modern technology (usually
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   545
GPU graphic cards), passwords of moderate length only need
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   546
seconds or hours to be cracked. Well, the only defence we have
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   547
against such brute force attacks is to make passwords longer
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   548
and force users to use the whole spectrum of letters and keys
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   549
for passwords. The hope is that this makes the search space
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   550
too big for an effective brute force attack.
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   551
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   552
Unfortunately, clever hackers have another ace up their
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   553
sleeves. These are called \emph{dictionary attacks}. The idea
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   554
behind dictionary attack is the observation that only few
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   555
people are competent enough to use sufficiently strong
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   556
passwords. Most users (at least too many) use passwords like
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   557
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   558
\begin{center}
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   559
\pcode{123456},
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   560
\pcode{password},
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   561
\pcode{qwerty},
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   562
\pcode{letmein},
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   563
\pcode{...}
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   564
\end{center}
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   565
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   566
\noindent So an attacker just needs to compile a list as large
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   567
as possible of such likely candidates of passwords and also
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   568
compute their hash-values. The difference between a brute
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   569
force attack, where maybe $2^{80}$ many strings need to be
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   570
considered, is that a dictionary attack might get away with
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   571
checking only 10 Million words (remember the language English
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   572
``only'' contains 600,000 words). This is a drastic
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   573
simplification for attackers. Now, if the attacker knows the
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   574
hash-value of a password is
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   575
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   576
\begin{center}
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   577
\pcode{5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8}
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   578
\end{center}
179
1cacbe5c67cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 178
diff changeset
   579
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   580
\noindent then just a lookup in the dictionary will reveal
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   581
that the plain-text password was \pcode{password}. What is
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   582
good about this attack is that the dictionary can be
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   583
precompiled in the ``comfort of the hacker's home'' before an
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   584
actual attack is launched. It just needs sufficient storage
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   585
space, which nowadays is pretty cheap. A hacker might in this
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   586
way not be able to crack all passwords in our database, but
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   587
even being able to crack 50\% can be serious damage for a
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   588
large company (because then you have to think about how to
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   589
make users to change their old passwords---a major hassle).
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   590
And hackers are very industrious in compiling these
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   591
dictionaries: for example they definitely include variations
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   592
like \pcode{passw0rd} and also include rules that cover cases
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   593
like \pcode{passwordpassword} or \pcode{drowssap} (password
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   594
reversed).\footnote{Some entertaining rules for creating
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   595
effective dictionaries are described in the book ``Applied
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   596
Cryptography'' by Bruce Schneier (in case you can find it in
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   597
the library), and also in the original research literature
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   598
which can be accessed for free from
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   599
\url{http://www.klein.com/dvk/publications/passwd.pdf}.}
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   600
Historically, compiling a list for a dictionary attack is not
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   601
as simple as it might seem. At the beginning only ``real''
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   602
dictionaries were available (like the Oxford English
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   603
Dictionary), but such dictionaries are not optimised for the
381
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   604
purpose of cracking passwords. The first real hard data about
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   605
actually used passwords was obtained when a company called
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   606
RockYou ``lost'' at the end of 2009 32 Million plain-text
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   607
passwords. With this data of real-life passwords, dictionary
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   608
attacks took off. Compiling such dictionaries is nowadays very
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   609
easy with the help of off-the-shelf tools.
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   610
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   611
These dictionary attacks can be prevented by using salts.
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   612
Remember a hacker needs to use the most likely candidates 
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   613
of passwords and calculate their hash-value. If we add before
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   614
hashing a password a random salt, like \pcode{mPX2aq},
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   615
then the string \pcode{passwordmPX2aq} will almost certainly 
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   616
not be in the dictionary. Like in the web-application in the
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   617
previous section, a salt does not prevent us from verifying a 
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   618
password. We just need to add the salt whenever the password 
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   619
is typed in again. 
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   620
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   621
There is a question whether we should use a single random salt
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   622
for every password in our database. A single salt would
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   623
already make dictionary attacks considerably more difficult.
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   624
It turns out, however, that in case of password databases
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   625
every password should get their own salt. This salt is
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   626
generated at the time when the password is first set. 
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   627
If you look at a Unix password file you will find entries like
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   628
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   629
\begin{center}
288
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   630
\pcode{urbanc:$6$3WWbKfr1$4vblknvGr6FcDeF92R5xFn3mskfdnEn...$...}
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   631
\end{center}
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   632
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   633
\noindent where the first part is the login-name, followed by
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   634
a field \pcode{$6$} which specifies which hash-function is
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   635
used. After that follows the salt \pcode{3WWbKfr1} and after
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   636
that the hash-value that is stored for the password (which
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   637
includes the salt). I leave it to you to figure out how the
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   638
password verification would need to work based on this data.
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   639
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   640
There is a non-obvious benefit of using a separate salt for
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   641
each password. Recall that \pcode{123456} is a popular
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   642
password that is most likely used by several of your users
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   643
(especially if the database contains millions of entries). If
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   644
we use no salt or one global salt, all hash-values will be the
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   645
same for this password. So if a hacker is in the business of
186
f7aa15984301 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 185
diff changeset
   646
cracking as many passwords as possible, then it is a good idea
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   647
to concentrate on those very popular passwords. This is not
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   648
possible if each password gets its own salt: since we assume
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   649
the salt is generated randomly, each version of \pcode{123456}
184
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   650
will be associated with a different hash-value. This will
55968b3205cc updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 183
diff changeset
   651
make the life harder for an attacker.
182
681e35f6b0e4 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 181
diff changeset
   652
227
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   653
Note another interesting point. The web-application from the
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   654
previous section was only secure when the salt was secret. In
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   655
the password case, this is not needed. The salt can be public
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   656
as shown above in the Unix password file where it is actually
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   657
stored as part of the password entry. Knowing the salt does
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   658
not give the attacker any advantage, but prevents that
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   659
dictionaries can be precompiled. While salts do not solve
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   660
every problem, they help with protecting against dictionary
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   661
attacks on password files. It protects people who have the
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   662
same passwords on multiple machines. But it does not protect
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   663
against a focused attack against a single password and also
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   664
does not make poorly chosen passwords any better. Still the
7807863c4196 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 186
diff changeset
   665
moral is that you should never store passwords in plain text.
262
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   666
Never ever.
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   667
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   668
\subsubsection*{Further Reading}
174
e2180cead443 updated handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 173
diff changeset
   669
379
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   670
A readable article by Bruce Schneier on ``How Security Companies Sucker Us with 
312
c913fe9bfd59 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 291
diff changeset
   671
Lemons''
c913fe9bfd59 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 291
diff changeset
   672
c913fe9bfd59 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 291
diff changeset
   673
\begin{center}
c913fe9bfd59 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 291
diff changeset
   674
\url{http://archive.wired.com/politics/security/commentary/securitymatters/2007/04/securitymatters_0419}
c913fe9bfd59 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 291
diff changeset
   675
\end{center}
c913fe9bfd59 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 291
diff changeset
   676
c913fe9bfd59 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 291
diff changeset
   677
\noindent
443
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   678
A recent research paper about surveillance using cookies is
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   679
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   680
\begin{center}
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   681
\url{http://randomwalker.info/publications/cookie-surveillance-v2.pdf}
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   682
\end{center}
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   683
67d7d239c617 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 431
diff changeset
   684
\noindent
291
18b726d2b67c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 288
diff changeset
   685
A slightly different point of view about the economies of 
18b726d2b67c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 288
diff changeset
   686
password cracking:
288
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   687
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   688
\begin{center}
325
48c6751f2173 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 312
diff changeset
   689
\url{http://xkcd.com/538/}
288
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   690
\end{center}
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   691
365
942205605c30 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 358
diff changeset
   692
\noindent If you want to know more about passwords, the book
942205605c30 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 358
diff changeset
   693
by Bruce Schneier about Applied Cryptography is recommendable,
942205605c30 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 358
diff changeset
   694
though quite expensive. There is also another expensive book
942205605c30 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 358
diff changeset
   695
about penetration testing, but the readable chapter about
942205605c30 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 358
diff changeset
   696
password attacks (Chapter 9) is free:
262
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   697
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   698
\begin{center}
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   699
\url{http://www.nostarch.com/pentesting}
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   700
\end{center}
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   701
379
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   702
\noindent Even the government recently handed out some 
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   703
advice about passwords
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   704
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   705
\begin{center}
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   706
\url{http://goo.gl/dIzqMg}
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   707
\end{center}
11f5f86bf956 updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 370
diff changeset
   708
381
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   709
\noindent Here is an interesting blog-post about how a group
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   710
``cracked'' efficiently millions of bcrypt passwords from the
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   711
Ashley Madison leak.
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   712
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   713
\begin{center}
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   714
\url{http://goo.gl/83Ho0N}
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   715
\end{center}
036a762b02cf updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 379
diff changeset
   716
459
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   717
\noindent Or the passwords from eHarmony
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   718
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   719
\begin{center}
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   720
\url{https://goo.gl/W63Xhw}
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   721
\end{center}
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   722
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   723
\noindent The attack used dictionaries with up to 15 Billion
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   724
entries.\footnote{Compare this with the full brute-force space
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   725
of $62^8$} If eHarmony had properly salted their passwords,
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   726
the attack would have taken 31 years.
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   727
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   728
514485146641 updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 457
diff changeset
   729
Clearly, passwords are a technology that comes to
262
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   730
the end of its usefulness, because brute force attacks become
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   731
more and more powerful and it is unlikely that humans get any
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   732
better in remembering (securely) longer and longer passwords.
57269d9931da updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 227
diff changeset
   733
The big question is which technology can replace
288
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   734
passwords\ldots 
358
8787c16bc26e updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 355
diff changeset
   735
\medskip
8787c16bc26e updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 355
diff changeset
   736
288
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   737
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   738
\end{document}
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   739
370
ddac52c0014c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 366
diff changeset
   740
%%% fingerprints  vs. passwords (what is better)
ddac52c0014c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 366
diff changeset
   741
https://www.youtube.com/watch?v=VVxL9ymiyAU&feature=youtu.be
ddac52c0014c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 366
diff changeset
   742
ddac52c0014c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 366
diff changeset
   743
%%% cookies
ddac52c0014c updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 366
diff changeset
   744
http://randomwalker.info/publications/cookie-surveillance-v2.pdf
288
fd4bf1a2d38d updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents: 263
diff changeset
   745
158
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   746
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   747
%%% Local Variables: 
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   748
%%% mode: latex
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   749
%%% TeX-master: t
702fea7754eb added handouts
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff changeset
   750
%%% End: