| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Fri, 27 Nov 2015 12:10:21 +0000 | |
| changeset 439 | ebdd5d2ccea7 |
| parent 420 | c527a5142f2f |
| child 483 | 337a8f5cb1ad |
| permissions | -rw-r--r-- |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
1 |
\PassOptionsToPackage{bookmarks=false}{hyperref}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
2 |
\documentclass[dvipsnames,14pt,t,hyperref={bookmarks=false}]{beamer}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
3 |
\usepackage{../style}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
4 |
\usepackage{../slides}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
5 |
\usepackage{../graphics}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
6 |
\usepackage{../langs}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
7 |
\usepackage{../data}
|
| 52 | 8 |
\usetikzlibrary{arrows}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
9 |
\usetikzlibrary{shapes}
|
| 52 | 10 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
11 |
\setmonofont[Scale=.88]{Consolas}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
12 |
\newfontfamily{\consolas}{Consolas}
|
| 52 | 13 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
14 |
\hfuzz=220pt |
| 52 | 15 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
16 |
% beamer stuff |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
17 |
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
18 |
\renewcommand{\slidecaption}{SEN 05, King's College London}
|
|
124
382aad582d8b
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
123
diff
changeset
|
19 |
|
| 52 | 20 |
|
21 |
\begin{document}
|
|
22 |
||
23 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
24 |
\begin{frame}[t]
|
| 52 | 25 |
\frametitle{%
|
26 |
\begin{tabular}{@ {}c@ {}}
|
|
27 |
\\ |
|
|
381
036a762b02cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
339
diff
changeset
|
28 |
\LARGE Security Engineering (5)\\[-3mm] |
| 52 | 29 |
\end{tabular}}\bigskip\bigskip\bigskip
|
30 |
||
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
31 |
\normalsize |
| 52 | 32 |
\begin{center}
|
33 |
\begin{tabular}{ll}
|
|
34 |
Email: & christian.urban at kcl.ac.uk\\ |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
35 |
Office: & S1.27 (1st floor Strand Building)\\ |
| 52 | 36 |
Slides: & KEATS (also homework is there)\\ |
37 |
\end{tabular}
|
|
38 |
\end{center}
|
|
39 |
||
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
40 |
\end{frame}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
41 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 42 |
|
43 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
44 |
\begin{frame}[c]
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
45 |
\frametitle{Problems with Key Fobs}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
46 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
47 |
\begin{columns}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
48 |
\begin{column}[T]{4cm}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
49 |
\includegraphics[scale=0.4]{../pics/car-standard.jpg}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
50 |
\end{column}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
51 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
52 |
\begin{column}[T]{6cm}\small
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
53 |
Circumventing the ignition protection: |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
54 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
55 |
\begin{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
56 |
\item either dismantling Megamos crypto, |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
57 |
\item or use the diagnostic port to program |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
58 |
blank keys |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
59 |
\end{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
60 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
61 |
\hspace{14mm}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
62 |
\includegraphics[scale=0.16]{../pics/Dismantling_Megamos_Crypto.png}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
63 |
\end{column}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
64 |
\end{columns}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
65 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
66 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
67 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
68 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
69 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
70 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
71 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
72 |
\begin{frame}[c]
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
73 |
\frametitle{Nonces}
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
74 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
75 |
\begin{enumerate}
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
76 |
\item I generate a nonce (random number) and send it to you encrypted with a key we share |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
77 |
\item you increase it by one, encrypt it under a key I know and send |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
78 |
it back to me |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
79 |
\end{enumerate}
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
80 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
81 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
82 |
I can infer: |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
83 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
84 |
\begin{itemize}
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
85 |
\item you must have received my message |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
86 |
\item you could only have generated your answer after I have |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
87 |
sent you my initial message |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
88 |
\item if only you and me know the key, the message must have come from you |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
89 |
\end{itemize}
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
90 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
91 |
\end{frame}
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
92 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
93 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
94 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
95 |
\begin{frame}[c]
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
96 |
\frametitle{Protocols}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
97 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
98 |
\begin{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
99 |
\includegraphics[scale=0.11]{../pics/keyfob.jpg}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
100 |
\quad |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
101 |
\includegraphics[scale=0.232]{../pics/starbucks.jpg}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
102 |
\end{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
103 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
104 |
\begin{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
105 |
\item The point is that we have no control over the network |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
106 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
107 |
\item We want to avoid that a message exchange (a protocol) can |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
108 |
be attacked without detection |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
109 |
\end{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
110 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
111 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
112 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
113 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
114 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
115 |
\begin{frame}[c]
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
116 |
\frametitle{G20 Summit in 2009}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
117 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
118 |
\begin{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
119 |
\includegraphics[scale=0.1]{../pics/snowden.jpg}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
120 |
\end{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
121 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
122 |
\small |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
123 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
124 |
\item Snowden documents reveal ``that during the G20 |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
125 |
meetings\dots{}GCHQ used
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
126 |
`ground-breaking intelligence capabilities' to intercept |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
127 |
the communications of visiting delegations. This |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
128 |
included setting up internet cafes where they used an |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
129 |
email interception program and key-logging software to |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
130 |
spy on delegates' use of computers\ldots'' |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
131 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
132 |
\item ``The G20 spying appears to have been organised for the |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
133 |
more mundane purpose of securing an advantage in |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
134 |
meetings.'' |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
135 |
\end{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
136 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
137 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
138 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
139 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
140 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
141 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
142 |
\frametitle{A Simple PK Protocol}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
143 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
144 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
145 |
\begin{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
146 |
\begin{tabular}{ll@{\hspace{2mm}}l}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
147 |
1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
148 |
2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
149 |
3. & \bl{$A \to B :$} & \bl{$\{A,m\}_{K^{pub}_B}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
150 |
4. & \bl{$B \to A :$} & \bl{$\{B,m'\}_{K^{pub}_A}$}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
151 |
\end{tabular}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
152 |
\end{center}\pause\bigskip
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
153 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
154 |
unfortunately there is a simple man-in-the- middle-attack |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
155 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
156 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
157 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
158 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
159 |
\begin{frame}[c]
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
160 |
\frametitle{A MITM Attack}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
161 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
162 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
163 |
\begin{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
164 |
\begin{tabular}{ll@{\hspace{2mm}}l}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
165 |
1. & \bl{$A \to E :$} & \bl{$K^{pub}_A$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
166 |
2. & \bl{$E \to B :$} & \bl{$K^{pub}_E$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
167 |
3. & \bl{$B \to E :$} & \bl{$K^{pub}_B$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
168 |
4. & \bl{$E \to A :$} & \bl{$K^{pub}_E$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
169 |
5. & \bl{$A \to E :$} & \bl{$\{A,m\}_{K^{pub}_E}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
170 |
6. & \bl{$E \to B :$} & \bl{$\{E,m\}_{K^{pub}_B}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
171 |
7. & \bl{$B \to E :$} & \bl{$\{B,m'\}_{K^{pub}_E}$}\smallskip\\
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
172 |
8. & \bl{$E \to A :$} & \bl{$\{E,m'\}_{K^{pub}_A}$}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
173 |
\end{tabular}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
174 |
\end{center}\pause\medskip
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
175 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
176 |
and \bl{$A$} and \bl{$B$} have no chance to detect it
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
177 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
178 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
179 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
180 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
181 |
\begin{frame}[c]
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
182 |
\frametitle{Interlock Protocol}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
183 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
184 |
The interlock protocol (``best bet'' against MITM): |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
185 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
186 |
\begin{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
187 |
\begin{tabular}{ll@{\hspace{2mm}}l}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
188 |
1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
189 |
2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
190 |
3. & & \bl{$\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
191 |
& & \bl{$\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
192 |
4. & \bl{$A \to B :$} & \bl{$H_1$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
193 |
5. & \bl{$B \to A :$} & \bl{$\{H_1, M_1\}_{K^{pub}_A}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
194 |
6. & \bl{$A \to B :$} & \bl{$\{H_2, M_1\}_{K^{pub}_B}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
195 |
7. & \bl{$B \to A :$} & \bl{$M_2$}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
196 |
\end{tabular}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
197 |
\end{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
198 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
199 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
200 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
201 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
202 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
203 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
204 |
\frametitle{Splitting Messages}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
205 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
206 |
\begin{center}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
207 |
$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\bl{\{A,m\}_{K^{pub}_B}}}$
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
208 |
\end{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
209 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
210 |
\begin{center}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
211 |
$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{\bl{H_1}}$\quad
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
212 |
$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{\bl{H_2}}$
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
213 |
\end{center}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
214 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
215 |
\begin{itemize}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
216 |
\item you can also use the even and odd bytes |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
217 |
\item the point is you cannot decrypt the halves, even if you |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
218 |
have the key |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
219 |
\end{itemize}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
220 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
221 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
222 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
223 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
224 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
225 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
226 |
\begin{frame}[c]
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
227 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
228 |
\begin{center}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
229 |
\begin{tabular}{l@{\hspace{9mm}}l}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
230 |
\begin{tabular}[t]{@{}l@{}}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
231 |
\bl{$A \to C : K^{pub}_A$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
232 |
\bl{$C \to B : K^{pub}_C$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
233 |
\bl{$B \to C : K^{pub}_B$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
234 |
\bl{$C \to A : K^{pub}_C$}\medskip\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
235 |
\bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
236 |
\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
237 |
\bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
238 |
\bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
239 |
\end{tabular} &
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
240 |
\begin{tabular}[t]{@{}l@{}}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
241 |
\bl{$A \to C : H_1$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
242 |
\bl{$C \to B : C_1$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
243 |
\bl{$B \to C : \{C_1, M_1\}_{K^{pub}_C}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
244 |
\bl{$C \to A : \{H_1, D_1\}_{K^{pub}_A}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
245 |
\bl{$A \to C : \{H_2, D_1\}_{K^{pub}_C}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
246 |
\bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
247 |
\bl{$B \to C : M_2$}\\
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
248 |
\bl{$C \to A : D_2$}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
249 |
\end{tabular}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
250 |
\end{tabular}
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
251 |
\end{center}\pause
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
252 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
253 |
\footnotesize |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
254 |
\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
255 |
weather today in London? |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
256 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
257 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
258 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
259 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
260 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
261 |
\begin{frame}[c]
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
262 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
263 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
264 |
\item you have to ask something that cannot be imitated |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
265 |
(requires \bl{$A$} and \bl{$B$} know each other)
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
266 |
\item what happens if \bl{$m$} and \bl{$m'$} are voice
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
267 |
messages?\bigskip\pause |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
268 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
269 |
\item So \bl{$C$} can either leave the communication unchanged
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
270 |
(Hellman-Diffie), or invent a complete new conversation |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
271 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
272 |
\end{itemize}
|
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
273 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
274 |
\end{frame}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
275 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
276 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
277 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
278 |
\begin{frame}[c]
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
279 |
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
280 |
\begin{itemize}
|
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
281 |
\item the moral: establishing a secure connection from |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
282 |
``zero'' is almost impossible---you need to rely on some |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
283 |
established trust\medskip |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
284 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
285 |
\item that is why PKI relies on certificates, which however are |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
286 |
badly, badly realised |
|
415
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
287 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
288 |
\end{itemize}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
289 |
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
290 |
\end{frame}
|
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
291 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
56bc53ba7c5b
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
381
diff
changeset
|
292 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
293 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
294 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
295 |
\frametitle{Trusted Third Parties}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
296 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
297 |
Simple protocol for establishing a secure connection via a |
|
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
298 |
mutually trusted 3rd party (server): |
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
299 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
300 |
\begin{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
301 |
\begin{tabular}{r@ {\hspace{1mm}}l}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
302 |
\bl{$A \rightarrow S :$} & \bl{$A, B$}\\
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
303 |
\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
|
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
304 |
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
305 |
\bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
306 |
\end{tabular}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
307 |
\end{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
308 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
309 |
\end{frame}
|
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
310 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
311 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
312 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
313 |
\begin{frame}[c]
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
314 |
\frametitle{PKI: The Main Idea}
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
315 |
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
316 |
\begin{itemize}
|
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
317 |
\item the idea is to have a certificate authority (CA) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
318 |
\item you go to the CA to identify yourself |
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
319 |
\item CA: ``I, the CA, have verified that public key |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
320 |
\bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
321 |
\item CA must be trusted by everybody\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
322 |
\item certificates are time limited, and can be revoked |
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
323 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
324 |
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
325 |
explicitly limits liability to \$100.) |
|
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
326 |
\end{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
327 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
328 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
329 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
330 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
331 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
332 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
333 |
\frametitle{PKI: Chains of Trust}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
334 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
335 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
336 |
\begin{tikzpicture}[scale=1,
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
337 |
node/.style={
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
338 |
rectangle,rounded corners=3mm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
339 |
very thick,draw=black!50,minimum height=18mm, minimum width=23mm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
340 |
top color=white,bottom color=black!20}] |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
341 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
342 |
\node (A) at (0,0) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
343 |
\node [below right] at (A.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
344 |
{\small\begin{tabular}{@{}l}CA\\Root Cert.\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
345 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
346 |
\node (B) at (4,0) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
347 |
\node [below right=1mm] at (B.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
348 |
{\mbox{}\hspace{-1mm}\small
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
349 |
\begin{tabular}{@{}l}Subordinate\\ CA\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
350 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
351 |
\node (C) at (8,0) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
352 |
\node [below right] at (C.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
353 |
{\small\begin{tabular}{@{}l}Server\\ Bank.com\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
354 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
355 |
\draw [->,line width=4mm] (A) -- (B); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
356 |
\draw [->,line width=4mm] (B) -- (C); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
357 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
358 |
\node (D) at (6,-3) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
359 |
\node [below right] at (D.north west) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
360 |
{\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
361 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
362 |
\node (E) at (2,-3) [node] {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
363 |
\node [below right] at (E.north west) |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
364 |
{\small\begin{tabular}{@{}l}Browser\\ Vendor\end{tabular}};
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
365 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
366 |
\draw [->,line width=4mm] (E) -- (D); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
367 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
368 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
369 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
370 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
371 |
\item CAs make almost no money anymore, because of stiff |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
372 |
competition |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
373 |
\item browser companies are not really interested in security; |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
374 |
only in market share |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
375 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
376 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
377 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
378 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
255
9cf486aea756
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
254
diff
changeset
|
379 |
|
|
9cf486aea756
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
254
diff
changeset
|
380 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
9cf486aea756
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
254
diff
changeset
|
381 |
\begin{frame}[c]
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
382 |
\frametitle{PKI: Weaknesses}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
383 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
384 |
CAs just cannot win (make any profit):\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
385 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
386 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
387 |
\item there are hundreds of CAs, which issue millions of |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
388 |
certificates and the error rate is small |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
389 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
390 |
\item users (servers) do not want to pay or pay as little as |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
391 |
possible\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
392 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
393 |
\item a CA can issue a certificate for any domain not needing |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
394 |
any permission (CAs are meant to undergo audits, |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
395 |
but\ldots DigiNotar) |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
396 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
397 |
\item if a CA has issued many certificates, it ``becomes too |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
398 |
big to fail'' |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
399 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
400 |
\item Can we be sure CAs are not just frontends of some |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
401 |
government organisation? |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
402 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
403 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
404 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
405 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
406 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
407 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
408 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
409 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
410 |
\frametitle{PKI: Weaknesses}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
411 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
412 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
413 |
|
|
420
c527a5142f2f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
419
diff
changeset
|
414 |
\item many certificates are issued via Whois, whether you own |
|
c527a5142f2f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
419
diff
changeset
|
415 |
the domain\ldots if you hijacked a domain, it is easy to |
|
c527a5142f2f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
419
diff
changeset
|
416 |
obtain certificates\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
417 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
418 |
\item the revocation mechanism does not work (Chrome has given |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
419 |
up on general revocation lists)\medskip |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
420 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
421 |
\item lax approach to validation of certificates |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
422 |
(Have you ever bypassed certification warnings?)\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
423 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
424 |
\item sometimes you want to actually install invalid |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
425 |
certificates (self-signed) |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
426 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
427 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
428 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
429 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
430 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
431 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
432 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
433 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
434 |
\frametitle{PKI: Attacks}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
435 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
436 |
\begin{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
437 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
438 |
\item Go directly after root certificates |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
439 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
440 |
\item governments can demand private keys\smallskip |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
441 |
\item 10 years ago it was estimated that breaking a 1024 bit |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
442 |
key takes one year and costs 10 - 30 Mio \$; this is now |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
443 |
reduced to 1 Mio \$ |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
444 |
\end{itemize}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
445 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
446 |
\item Go after buggy implementations of certificate |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
447 |
validation\smallskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
448 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
449 |
\item Social Engineering |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
450 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
451 |
\item in 2001 somebody pretended to be |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
452 |
from Microsoft and asked for two code-signing |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
453 |
certificates |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
454 |
\end{itemize}\bigskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
455 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
456 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
457 |
\small The eco-system is completely broken (it relies on |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
458 |
thousands of entities to do the right thing). Maybe DNSSEC |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
459 |
where keys can be attached to domain names is a way out. |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
460 |
|
|
256
e272713e34ff
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
255
diff
changeset
|
461 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
462 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
463 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
464 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
465 |
\begin{frame}[c]
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
466 |
\frametitle{Real Attacks}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
467 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
468 |
\begin{itemize}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
469 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
470 |
\item In 2011, DigiNotar (Dutch company) was the first CA that |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
471 |
got compromised comprehensively, and where many |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
472 |
fraudulent certificates were issued to the wild. It |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
473 |
included approximately 300,000 IP addresses, mostly |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
474 |
located in Iran. The attackers (in Iran?) were likely |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
475 |
interested ``only'' in collecting gmail passwords.\medskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
476 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
477 |
\item The Flame malware piggy-bagged on this attack by |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
478 |
advertising malicious Windows updates to some targeted |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
479 |
systems (mostly in Iran, Israel, Sudan). |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
480 |
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
481 |
\end{itemize}
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
482 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
483 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
484 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
485 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
486 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
487 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
488 |
\frametitle{PKI is Broken}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
489 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
490 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
491 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
492 |
\item PKI and certificates are meant to protect you against |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
493 |
MITM attacks, but if the attack occurs your are |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
494 |
presented with a warning and you need to decide whether |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
495 |
you are under attack.\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
496 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
497 |
\item Webcontent gets often loaded from 3rd-party servers, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
498 |
which might not be secured\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
499 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
500 |
\item Misaligned incentives: browser vendors are not |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
501 |
interested in breaking webpages with invalid |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
502 |
certificates |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
503 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
504 |
\end{itemize}
|
| 52 | 505 |
|
|
416
708b80c825af
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
415
diff
changeset
|
506 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
507 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
508 |
|
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
509 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
510 |
\begin{frame}[c]
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
511 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
512 |
Why are there so many invalid certificates?\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
513 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
514 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
515 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
516 |
\item insufficient name coverage (www.example.com should |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
517 |
include example.com) |
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
518 |
|
|
419
667a39dda86e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
418
diff
changeset
|
519 |
\item IoT: many appliances have web-based admin interfaces; |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
520 |
the manufacturer cannot know under which IP and domain name |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
521 |
the appliances are run (so cannot install a valid certificate) |
| 52 | 522 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
523 |
\item expired certificates, or incomplete chains of trust |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
524 |
(servers are supposed to supply them) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
525 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
526 |
\end{itemize}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
527 |
|
|
252
fa151c0a3cf4
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
243
diff
changeset
|
528 |
\end{frame}
|
|
123
2185acdb43bb
added slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
90
diff
changeset
|
529 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
| 52 | 530 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
531 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
532 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
533 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
534 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
535 |
%\frametitle{Best Practices}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
536 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
537 |
%{\bf Principle 1:} Every message should say what it means: the
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
538 |
%interpretation of a message should not depend on the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
539 |
%context.\bigskip\pause |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
540 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
541 |
%{\bf Principle 2:} If the identity of a principal is essential
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
542 |
%to the meaning of a message, it is prudent to mention the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
543 |
%principal’s name explicitly in the message (though |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
544 |
%difficult).\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
545 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
546 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
547 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
548 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
549 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
550 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
551 |
%\frametitle{Best Practices}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
552 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
553 |
%{\bf Principle 3:} Be clear about why encryption is being
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
554 |
%done. Encryption is not wholly cheap, and not asking precisely |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
555 |
%why it is being done can lead to redundancy. Encryption is not |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
556 |
%synonymous with security. % |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
557 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
558 |
%\small |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
559 |
%\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
560 |
%Possible Uses of Encryption % |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
561 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
562 |
%\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
563 |
%\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
%\item Guarantee authenticity: The partner is indeed some particular principal.
%\item Guarantee confidentiality and authenticity: binds two parts of a message ---
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
564 |
%\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
565 |
%\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
566 |
%\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
567 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
568 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
569 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
570 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
571 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
572 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
573 |
%\frametitle{Best Practices}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
574 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
575 |
%{\bf Principle 4:} The protocol designers should know which
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
576 |
%trust relations their protocol depends on, and why the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
577 |
%dependence is necessary. The reasons for particular trust |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
578 |
%relations being acceptable should be explicit though they will |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
579 |
%be founded on judgment and policy rather than on |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
580 |
%logic.\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
581 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
582 |
% %Example Certification Authorities: CAs are trusted to certify |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
583 |
%a key only after proper steps have been taken to identify the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
584 |
%principal that owns it. |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
585 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
586 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
587 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
588 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
589 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
590 |
%\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
591 |
%\frametitle{Formal Methods}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
592 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
593 |
%Ross Anderson about the use of Logic:\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
594 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
595 |
%\begin{quote}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
596 |
%Formal methods can be an excellent way of finding |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
597 |
%bugs in security protocol designs as they force the designer |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
598 |
%to make everything explicit and thus confront difficult design |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
599 |
%choices that might otherwise be fudged. |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
600 |
%\end{quote}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
601 |
% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
602 |
%\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
603 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
604 |
% |
|
254
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
605 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
606 |
\begin{frame}[c]
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
607 |
\frametitle{Mid-Term}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
608 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
609 |
\begin{itemize}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
610 |
\item homework, handouts, programs\ldots |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
611 |
\end{itemize}\bigskip\bigskip\bigskip
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
612 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
613 |
\begin{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
614 |
{\huge\bf\alert{Any Questions?}}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
615 |
\end{center}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
616 |
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
617 |
\end{frame}
|
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
618 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
0d491b5654f9
updated slides
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
253
diff
changeset
|
619 |
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
620 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
621 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
622 |
\frametitle{Security Engineering}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
623 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
624 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
625 |
\begin{tabular}{cc}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
626 |
\raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} &
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
627 |
\includegraphics[scale=0.31]{../pics/airbus.jpg}\\
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
628 |
\small Wright brothers, 1901 & \small Airbus, 2005 \\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
629 |
\end{tabular}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
630 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
631 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
632 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
633 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
634 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
635 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
636 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
637 |
\frametitle{1st Lecture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
638 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
639 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
640 |
\item chip-and-pin, banks vs.~customers |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
641 |
\begin{quote}\small\rm
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
642 |
the one who can improve security should also be |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
643 |
liable for the losses |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
644 |
\end{quote}\pause\bigskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
645 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
646 |
\item hashes and salts to guarantee data integrity\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
647 |
\item storing passwords (you should know the difference between |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
648 |
brute force attacks and dictionary attacks; how do salts help?) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
649 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
650 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
651 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
652 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
653 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
654 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
655 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
656 |
\frametitle{1st Lecture: Cookies}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
657 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
658 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
659 |
\item good uses of cookies?\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
660 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
661 |
\item bad uses of cookies: snooping, tracking, profiling\ldots |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
662 |
the ``disadvantage'' is that the user is in |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
663 |
\alert{control}, because you can delete them
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
664 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
665 |
\begin{center} ``Please track me using cookies.''
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
666 |
\end{center}\bigskip\pause
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
667 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
668 |
\item fingerprinting beyond browser cookies |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
669 |
\begin{quote}\small\rm
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
670 |
Pixel Perfect: Fingerprinting Canvas in HTML5\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
671 |
(a research paper from 2012)\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
672 |
\footnotesize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
673 |
\url{http://cseweb.ucsd.edu/~hovav/papers/ms12.html}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
674 |
\end{quote}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
675 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
676 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
677 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
678 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
679 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
680 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
681 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
682 |
\frametitle{1st Lecture: Cookies}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
683 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
684 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
685 |
\item a bit of JavaScript and HTML5 + canvas\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
686 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
687 |
\begin{tabular}{cc}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
688 |
Firefox & Safari\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
689 |
\includegraphics[scale=0.31]{../pics/firefox1.png} &
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
690 |
\includegraphics[scale=0.31]{../pics/safari1.png} \\
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
691 |
\tiny |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
692 |
\pcode{55b2257ad0f20ecbf927fb66a15c61981f7ed8fc} &
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
693 |
\tiny |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
694 |
\pcode{17bc79f8111e345f572a4f87d6cd780b445625d3}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
695 |
\end{tabular}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
696 |
\end{center}\bigskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
697 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
698 |
\item\small no actual drawing needed\pause |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
699 |
\item\small in May 2014 a crawl of 100,000 popular |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
700 |
webpages revealed 5.5\% already use canvas |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
701 |
fingerprinting\smallskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
702 |
\begin{center}\scriptsize
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
703 |
\url{https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
704 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
705 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
706 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
707 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
708 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
709 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
710 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
711 |
\begin{frame}[c]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
712 |
\frametitle{1st Lecture: Cookies}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
713 |
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
714 |
Remember the small web-app I showed you where a cookie |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
715 |
protected a counter?\bigskip |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
716 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
717 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
718 |
\item NYT, the cookie looks the ``resource'' - harm\medskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
719 |
\item imaginary discount unlocked by cookie - no harm |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
720 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
721 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
722 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
723 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
724 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
725 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
726 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
727 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
728 |
\frametitle{2nd Lecture: E-Voting}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
729 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
730 |
Where are paper ballots better than voice voting?\bigskip |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
731 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
732 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
733 |
\item Integrity |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
734 |
\item \alert{Ballot Secrecy}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
735 |
\item Voter Authentication |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
736 |
\item Enfranchisement |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
737 |
\item Availability |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
738 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
739 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
740 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
741 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
742 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
743 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
744 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
745 |
\frametitle{2nd Lecture: E-Voting}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
746 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
747 |
\begin{itemize}
|
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
748 |
\item recently an Australian parliamentary committee |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
749 |
found: e-voting is highly vulnerable to hacking and Australia |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
750 |
will not use it any time soon\bigskip\pause |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
751 |
\item Alex Halderman, Washington D.C.~hack |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
752 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
753 |
\scriptsize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
754 |
\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
755 |
\end{center}\medskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
756 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
757 |
\item PDF-ballot tampering at the wireless router (the modification |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
758 |
is nearly undetectable and leaves no traces; MITM attack with firmware |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
759 |
updating) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
760 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
761 |
\scriptsize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
762 |
\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
763 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
764 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
765 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
766 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
767 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
768 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
769 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
770 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
771 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
772 |
\tikzset{alt/.code args={<#1>#2#3#4}{%
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
773 |
\alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
774 |
}} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
775 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
776 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
777 |
\frametitle{\begin{tabular}{c}3rd Lecture:\\ Buffer Overflow Attacks\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
778 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
779 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
780 |
\item the problem arises from the way C/C++ organises its function calls\\[-8mm]\mbox{}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
781 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
782 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
783 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
784 |
\begin{tikzpicture}[scale=1]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
785 |
%\draw[black!10,step=2mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
786 |
%\draw[black!10,thick,step=10mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
787 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
788 |
\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
789 |
\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
790 |
\draw[line width=0mm, white, alt=<9->{fill=red}{fill=blue}] (0,0.2) rectangle (1,0.5);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
791 |
\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
792 |
\draw[line width=1mm, alt=<6->{fill=red}{fill=blue}] (0,1.0) rectangle (1,2.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
793 |
\draw[line width=1mm, alt=<7->{fill=yellow}{fill=blue}] (0,0.5) rectangle (1,1.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
794 |
\draw[line width=1mm] (0,0) -- (0,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
795 |
\draw[line width=1mm] (1,0) -- (1,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
796 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
797 |
\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
798 |
\draw[line width=1mm, alt=<{4-5,8}>{fill=red}{fill=blue}] (3,1.0) rectangle (4,3.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
799 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
800 |
\onslide<3-4>{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
801 |
\onslide<5>{\draw[<-, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {res=24} (3,1);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
802 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
803 |
\onslide<7-8>{\draw[->, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {n=3} (3,3);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
804 |
\onslide<9>{\draw[<-, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {res=6} (3,1);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
805 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
806 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
807 |
\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
808 |
\draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
809 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
810 |
\onslide<3,4,7,8>{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
811 |
\node at (7.75, 1.4) {ret};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
812 |
\draw[line width=1mm] (7,1.1) -- (8.5,1.1); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
813 |
\node at (7.75, 2.0) {sp};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
814 |
\draw[line width=1mm] (7,2.3) -- (8.5,2.3); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
815 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
816 |
\onslide<3,4>{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
817 |
\node at (7.75, 0.8) {4};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
818 |
\draw[line width=1mm] (7,1.7) -- (8.5,1.7); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
819 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
820 |
\onslide<7,8>{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
821 |
\node at (7.75, 0.8) {3};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
822 |
\draw[line width=1mm] (7,1.7) -- (8.5,1.7); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
823 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
824 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
825 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
826 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
827 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
828 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
829 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
830 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
831 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
832 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
833 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
834 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
835 |
\begin{tikzpicture}[scale=1]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
836 |
%\draw[black!10,step=2mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
837 |
%\draw[black!10,thick,step=10mm] (0,0) grid (9,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
838 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
839 |
\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
840 |
\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
841 |
\draw[line width=1mm, white, fill=blue] (0,1.0) rectangle (1,2.0); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
842 |
\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
843 |
\draw[line width=1mm] (0,0) -- (0,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
844 |
\draw[line width=1mm] (1,0) -- (1,4); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
845 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
846 |
\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
847 |
\draw[line width=0mm, alt=<{4-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,3.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
848 |
\draw[line width=0mm, alt=<{5-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,2.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
849 |
\draw[line width=0mm, alt=<{7-}>{red, fill=red}{blue, fill=blue}] (3,2.0) rectangle (4,1.0);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
850 |
\draw[line width=1mm] (3,1.0) rectangle (4,3.0); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
851 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
852 |
\onslide<3->{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
853 |
\onslide<5->{\draw[<-, line width=2mm,red] (4,2) to node [above,sloped,midway]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
854 |
{\begin{tabular}{l}user\\[-1mm] input\end{tabular}} (6,2);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
855 |
\onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
856 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
857 |
\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
858 |
\draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
859 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
860 |
\onslide<3->{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
861 |
\node at (7.75, 0.2) {4};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
862 |
\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
863 |
\node at (7.75, 0.8) {\alt<6->{@a\#}{ret}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
864 |
\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7);
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
865 |
\node at (7.75, 1.4) {\alt<6->{!?w;}sp};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
866 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
867 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
868 |
\onslide<4->{
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
869 |
\draw[line width=1mm,fill=red] (7,1.7) rectangle (8.5,3.0); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
870 |
\node[white] at (7.75, 2.4) {buffer};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
871 |
} |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
872 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
873 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
874 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
875 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
876 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
877 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
878 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
879 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
880 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
881 |
\frametitle{\begin{tabular}{c}3rd Lecture:\\[-3mm]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
882 |
Buffer Overflow Attacks\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
883 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
884 |
US National Vulnerability Database\\ |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
885 |
\small(636 out of 6675 in 2014) |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
886 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
887 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
888 |
\begin{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
889 |
\begin{axis}[
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
890 |
xlabel={year},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
891 |
ylabel={\% of total attacks},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
892 |
ylabel style={yshift=0em},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
893 |
enlargelimits=false, |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
894 |
xtick={1997,1999,...,2015},
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
895 |
xmin=1996.5, |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
896 |
xmax=2016, |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
897 |
ymax=21, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
898 |
ytick={0,5,...,20},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
899 |
scaled ticks=false, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
900 |
axis lines=left, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
901 |
width=11cm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
902 |
height=5cm, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
903 |
ybar, |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
904 |
nodes near coords= |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
905 |
{\footnotesize
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
906 |
$\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$},
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
907 |
x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
908 |
\addplot |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
909 |
table [x=Year,y=Percentage] {../handouts/bufferoverflows.data};
|
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
910 |
\end{axis}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
911 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
912 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
913 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
914 |
\scriptsize |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
915 |
\url{http://web.nvd.nist.gov/view/vuln/statistics}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
916 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
917 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
918 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
919 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
920 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
921 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
922 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
923 |
\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
924 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
925 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
926 |
\item privileges are specified by file access permissions (``everything is a file'') |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
927 |
\end{itemize}\medskip
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
928 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
929 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
930 |
\begin{tikzpicture}[scale=1]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
931 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
932 |
\draw[line width=1mm] (-.3, 0) rectangle (1.5,2); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
933 |
\draw (4.7,1) node {Internet};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
934 |
\draw (-2.7,1.7) node {\footnotesize Application};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
935 |
\draw (0.6,1.7) node {\footnotesize Interface};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
936 |
\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
937 |
\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
938 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
939 |
\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
940 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
941 |
\draw[white] (1.7,1) node (X) {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
942 |
\draw[white] (3.7,1) node (Y) {};
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
943 |
\draw[red, <->, line width = 2mm] (X) -- (Y); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
944 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
945 |
\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
946 |
\end{tikzpicture}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
947 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
948 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
949 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
950 |
\item the idea is to make the attack surface smaller and |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
951 |
mitigate the consequences of an attack |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
952 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
953 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
954 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
955 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
956 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
957 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
958 |
\begin{frame}[fragile,t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
959 |
\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
960 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
961 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
962 |
\item when a file with setuid is executed, the resulting process will assume the |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
963 |
UID given to the owner of the file |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
964 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
965 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
966 |
\footnotesize\tt |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
967 |
\begin{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
968 |
\begin{verbatim}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
969 |
$ ls -ld . * */* |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
970 |
drwxr-xr-x 1 ping staff 32768 Apr 2 2010 . |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
971 |
-rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
972 |
-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
973 |
-rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
974 |
dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
975 |
-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
976 |
-r--rw---- 1 emma students 959 Jan 23 2012 src/code.h |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
977 |
\end{verbatim}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
978 |
\end{center}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
979 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
980 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
981 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
982 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
983 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
984 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
985 |
\begin{frame}[t]
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
986 |
\frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
987 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
988 |
\begin{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
989 |
\item Alice wants to have her files readable, |
|
418
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
990 |
\alert{except} for her office mates.\bigskip
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
991 |
|
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
992 |
\item make sure you understand the setuid and setgid bits; |
|
ac2d2cb7dd82
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
417
diff
changeset
|
993 |
why are they necessary for login and passwd |
|
417
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
994 |
\end{itemize}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
995 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
996 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
997 |
\end{frame}
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
998 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
999 |
|
|
ca9295851eb6
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
416
diff
changeset
|
1000 |
|
| 52 | 1001 |
\end{document}
|
1002 |
||
1003 |
%%% Local Variables: |
|
1004 |
%%% mode: latex |
|
1005 |
%%% TeX-master: t |
|
1006 |
%%% End: |
|
1007 |