497 \item if only you and me know the key, the message must have come from you |
518 \item if only you and me know the key, the message must have come from you |
498 \end{itemize} |
519 \end{itemize} |
499 |
520 |
500 \end{frame}} |
521 \end{frame}} |
501 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
522 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
523 |
|
524 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
525 \mode<presentation>{ |
|
526 \begin{frame}[c] |
|
527 |
|
528 \begin{center} |
|
529 \begin{tabular}{ll} |
|
530 \bl{$A \rightarrow B$:} & \bl{$N_a$}\\ |
|
531 \bl{$B \rightarrow A$:} & \bl{$\{N_a, N_b\}_{K_{ab}}$}\\ |
|
532 \bl{$A \rightarrow B$:} & \bl{$N_b$}\\ |
|
533 \end{tabular} |
|
534 \end{center} |
|
535 |
|
536 The attack: |
|
537 |
|
538 \begin{center} |
|
539 \begin{tabular}{ll} |
|
540 \bl{$A \rightarrow E$:} & \bl{$N_a$}\\ |
|
541 \textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_a$}\\ |
|
542 \textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_a, N_a\}_{K_{ab}}$}\\ |
|
543 \bl{$E \rightarrow A$:} & \bl{$\{N_a, N_a\}_{K_{ab}}$}\\ |
|
544 \bl{$A \rightarrow E$:} & \bl{$N_a \;\;(= N_b)$}\\ |
|
545 \end{tabular} |
|
546 \end{center}\pause |
|
547 |
|
548 \small Solutions: \bl{$K_{ab} \not= K_{ba}$} or include an id in the second message |
|
549 \end{frame}} |
|
550 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
551 |
|
552 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
553 \mode<presentation>{ |
|
554 \begin{frame}[c] |
|
555 \frametitle{Identify Friend or Foe} |
|
556 |
|
557 \begin{center} |
|
558 \onslide<3->{\mbox{}\hspace{3.4cm}\includegraphics[scale=0.55]{pics/MigInMiddle.jpg}} |
|
559 \end{center} |
|
560 |
|
561 \begin{textblock}{6}(0.3,2) |
|
562 \onslide<2->{ |
|
563 198?: war between Angola (supported by Cuba) |
|
564 and Namibia (supported by SA)} |
|
565 \end{textblock} |
|
566 |
|
567 \begin{textblock}{3}(12.5,4.6) |
|
568 \onslide<3->{ |
|
569 \begin{tikzpicture} |
|
570 \node at (0,0) [single arrow, fill=red,text=white, rotate=-50, shape border rotate=180]{``bystander''}; |
|
571 \end{tikzpicture}} |
|
572 \end{textblock} |
|
573 |
|
574 \begin{textblock}{3}(10.9,10) |
|
575 \onslide<3->{ |
|
576 \begin{tikzpicture} |
|
577 \node at (0,0) [single arrow, fill=red,text=white, rotate=-40, shape border rotate=180]{attacker}; |
|
578 \end{tikzpicture}} |
|
579 \end{textblock} |
|
580 |
|
581 \only<4->{ |
|
582 \begin{textblock}{6}(0.3,9) |
|
583 being outsmarted by Angola/Cuba |
|
584 ended SA involvement (?) |
|
585 \end{textblock}} |
|
586 \only<5->{ |
|
587 \begin{textblock}{6}(0.3,13) |
|
588 IFF opened up a nice side-channel attack |
|
589 \end{textblock}} |
|
590 \end{frame}} |
|
591 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
592 |
|
593 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
594 \mode<presentation>{ |
|
595 \begin{frame}[c] |
|
596 \frametitle{Encryption to the Rescue?} |
|
597 |
|
598 |
|
599 \begin{itemize} |
|
600 \item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip |
|
601 \item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip |
|
602 \item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip |
|
603 \end{itemize}\pause |
|
604 |
|
605 means you need to send separate ``Hello'' signals (bad), or worse |
|
606 share a single key between many entities |
|
607 \end{frame}} |
|
608 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
609 |
|
610 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
611 \mode<presentation>{ |
|
612 \begin{frame}[c] |
|
613 \frametitle{Protocol Attacks} |
|
614 |
|
615 \begin{itemize} |
|
616 \item replay attacks |
|
617 \item reflection attacks |
|
618 \item man-in-the-middle attacks |
|
619 \item timing attacks |
|
620 \item parallel session attacks |
|
621 \item binding attacks (public key protocols) |
|
622 \item changing environment / changing assumptions\bigskip |
|
623 |
|
624 \item (social engineering attacks) |
|
625 \end{itemize} |
|
626 \end{frame}} |
|
627 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
628 |
|
629 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
630 \mode<presentation>{ |
|
631 \begin{frame}[c] |
|
632 \frametitle{Replay Attacks} |
|
633 |
|
634 Schroeder-Needham protocol: exchange of a symmetric key with a trusted 3rd-party \bl{$S$}: |
|
635 |
|
636 \begin{center} |
|
637 \begin{tabular}{r@ {\hspace{1mm}}l} |
|
638 \bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\ |
|
639 \bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\ |
|
640 \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\ |
|
641 \bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\ |
|
642 \bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\ |
|
643 \end{tabular} |
|
644 \end{center}\bigskip\pause |
|
645 |
|
646 at the end of the protocol both \bl{$A$} and \bl{$B$} should be in the possession of the secret key |
|
647 \bl{$K_{AB}$} and know that the other principal has the key |
|
648 |
|
649 \end{frame}} |
|
650 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
651 |
502 |
652 |
503 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
653 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
504 \mode<presentation>{ |
654 \mode<presentation>{ |
505 \begin{frame}[c] |
655 \begin{frame}[c] |
506 |
656 |
523 \bl{$B$} believes it is following the correct protocol, |
673 \bl{$B$} believes it is following the correct protocol, |
524 intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and |
674 intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and |
525 talks to \bl{$B$} masquerading as \bl{$A$} |
675 talks to \bl{$B$} masquerading as \bl{$A$} |
526 \end{frame}} |
676 \end{frame}} |
527 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
677 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
528 |
|
529 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
530 \mode<presentation>{ |
|
531 \begin{frame}[c] |
|
532 \frametitle{\begin{tabular}{c}Privilege Separation in\\ OpenSSH\end{tabular}} |
|
533 |
|
534 \begin{center} |
|
535 \begin{tikzpicture}[scale=1] |
|
536 |
|
537 \draw[line width=1mm] (0, 1.1) rectangle (1.2,2); |
|
538 \draw (4.7,1) node {Internet}; |
|
539 \draw (0.6,1.7) node {\footnotesize Slave}; |
|
540 \draw[line width=1mm] (0, 0) rectangle (1.2,0.9); |
|
541 \draw (0.6,1.7) node {\footnotesize Slave}; |
|
542 \draw (0.6,0.6) node {\footnotesize Slave}; |
|
543 \draw (0.6,-0.5) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] processes\end{tabular}}; |
|
544 \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; |
|
545 |
|
546 \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); |
|
547 \draw (-2.9,1.7) node {\footnotesize Monitor}; |
|
548 |
|
549 \draw[white] (1.7,1) node (X) {}; |
|
550 \draw[white] (3.7,1) node (Y) {}; |
|
551 \draw[red, <->, line width = 2mm] (X) -- (Y); |
|
552 |
|
553 \draw[red, <->, line width = 1mm] (-0.4,1.4) -- (-1.4,1.1); |
|
554 \draw[red, <->, line width = 1mm] (-0.4,0.6) -- (-1.4,0.9); |
|
555 |
|
556 \end{tikzpicture} |
|
557 \end{center} |
|
558 |
|
559 \begin{itemize} |
|
560 \item pre-authorisation slave |
|
561 \item post-authorisation\bigskip |
|
562 \item 25\% codebase is privileged, 75\% is unprivileged |
|
563 \end{itemize} |
|
564 \end{frame}} |
|
565 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
566 |
|
567 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
568 \mode<presentation>{ |
|
569 \begin{frame}[c] |
|
570 \frametitle{Network Applications} |
|
571 |
|
572 ideally network application in Unix should be designed as follows: |
|
573 |
|
574 \begin{itemize} |
|
575 \item need two distinct processes |
|
576 \begin{itemize} |
|
577 \item one that listens to the network; has no privilege |
|
578 \item one that is privileged and listens to the latter only (but does not trust it) |
|
579 |
|
580 \end{itemize} |
|
581 |
|
582 \item to implement this you need a parent process, which forks a child process |
|
583 \item this child process drops privileges and listens to hostile data\medskip |
|
584 |
|
585 \item after authentication the parent forks again and the new child becomes the user |
|
586 \end{itemize} |
|
587 |
|
588 |
|
589 \end{frame}} |
|
590 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
591 |
|
592 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
593 \mode<presentation>{ |
|
594 \begin{frame}[c] |
|
595 \frametitle{\begin{tabular}{@ {}c@ {}}Security Levels\end{tabular}} |
|
596 |
|
597 Unix essentially can only distinguish between two security levels (root and non-root). |
|
598 |
|
599 \begin{itemize} |
|
600 \item In military applications you often have many security levels (top-secret, secret, confidential, unclassified)\bigskip\pause |
|
601 |
|
602 \item Information flow: Bell --- La Padula model |
|
603 |
|
604 \begin{itemize} |
|
605 \item read: your own level and below |
|
606 \item write: your own level and above |
|
607 \end{itemize} |
|
608 \end{itemize} |
|
609 |
|
610 \end{frame}} |
|
611 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
612 |
|
613 |
|
614 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
615 \mode<presentation>{ |
|
616 \begin{frame}[c] |
|
617 \frametitle{\begin{tabular}{@ {}c@ {}}Security Levels (2)\end{tabular}} |
|
618 |
|
619 \begin{itemize} |
|
620 \item Bell --- La Padula preserves data secrecy, but not data integrity\bigskip\pause |
|
621 |
|
622 \item Biba model is for data integrity |
|
623 |
|
624 \begin{itemize} |
|
625 \item read: your own level and above |
|
626 \item write: your own level and below |
|
627 \end{itemize} |
|
628 \end{itemize} |
|
629 |
|
630 \end{frame}} |
|
631 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
632 |
|
633 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
634 \mode<presentation>{ |
|
635 \begin{frame}[c] |
|
636 \frametitle{\begin{tabular}{@ {}c@ {}}Access Control in 2000\end{tabular}} |
|
637 |
|
638 According to Ross Anderson (1st edition of his book), some senior Microsoft people held the |
|
639 following view: |
|
640 |
|
641 \begin{center} |
|
642 \begin{tikzpicture} |
|
643 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
|
644 {\begin{minipage}{10.5cm} |
|
645 \small Access control does not matter. Computers are becoming single-purpose |
|
646 or single-user devices. Single-purpose devices, such as Web servers that deliver a single service, don't |
|
647 need much in the way of access control as there's nothing for operating system access controls |
|
648 to do; the job of separating users from each other is best left to application code. As for the PC |
|
649 on your desk, if all the software on it comes from a single source, then again there's no need |
|
650 for the operating system to provide separation. \hfill{}\textcolor{gray}{(in 2000)} |
|
651 \end{minipage}}; |
|
652 \end{tikzpicture} |
|
653 \end{center} |
|
654 |
|
655 \end{frame}} |
|
656 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
657 |
|
658 |
|
659 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
660 \mode<presentation>{ |
|
661 \begin{frame}[t] |
|
662 \frametitle{\begin{tabular}{@ {}c@ {}}Research Problems\end{tabular}} |
|
663 |
|
664 \begin{itemize} |
|
665 \item with access control we are back to 1970s\bigskip |
|
666 |
|
667 \only<1>{ |
|
668 \begin{tikzpicture} |
|
669 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] |
|
670 {\begin{minipage}{10cm} |
|
671 \small Going all the way back to early time-sharing systems we systems people regarded the users, and any code they wrote, as the mortal enemies of us and each other. We were like the police force in a violent slum.\\ |
|
672 \mbox{}\hfill--- Roger Needham |
|
673 \end{minipage}}; |
|
674 \end{tikzpicture}}\pause |
|
675 |
|
676 \item the largest research area in access control in 2000-07 has been ``Trusted Computing'', but thankfully it |
|
677 is dead now\bigskip |
|
678 \item a useful research area is to not just have robust access control, but also usable access control --- by programmers and users\\ |
|
679 (one possible answer is operating system virtualisation, e.g.~Xen, VMWare)\medskip\pause |
|
680 |
|
681 \item electronic voting |
|
682 \end{itemize} |
|
683 \end{frame}} |
|
684 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
685 |
|
686 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
687 \mode<presentation>{ |
|
688 \begin{frame}[t] |
|
689 \frametitle{\begin{tabular}{@ {}c@ {}}Mobile OS\end{tabular}} |
|
690 |
|
691 \begin{itemize} |
|
692 \item iOS and Android solve the defence-in-depth problem by \alert{sandboxing} applications\bigskip |
|
693 |
|
694 \item you as developer have to specify the resources an application needs |
|
695 \item the OS provides a sandbox where access is restricted to only these resources |
|
696 \end{itemize} |
|
697 \end{frame}} |
|
698 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
699 |
|
700 |
|
701 |
|
702 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
703 \mode<presentation>{ |
|
704 \begin{frame}[c] |
|
705 \frametitle{\begin{tabular}{@ {}c@ {}}Security Theatre\end{tabular}} |
|
706 |
|
707 |
|
708 Security theatre is the practice of investing in countermeasures intended to provide the |
|
709 \underline{feeling} of improved security while doing little or nothing to actually achieve it.\hfill{}\textcolor{gray}{Bruce Schneier} |
|
710 |
|
711 \end{frame}} |
|
712 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
713 |
|
714 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
715 \mode<presentation>{ |
|
716 \begin{frame}[c] |
|
717 \frametitle{\begin{tabular}{@ {}c@ {}}Security Theatre\end{tabular}} |
|
718 |
|
719 \begin{itemize} |
|
720 \item for example, usual locks and strap seals are security theatre |
|
721 \end{itemize} |
|
722 |
|
723 \begin{center} |
|
724 \includegraphics[scale=0.45]{pics/seal.jpg} |
|
725 \end{center} |
|
726 |
|
727 |
|
728 \end{frame}} |
|
729 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
730 |
|
731 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
732 \mode<presentation>{ |
|
733 \begin{frame}[c] |
|
734 |
|
735 \begin{minipage}{11cm} |
|
736 From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\ |
|
737 To: cl-security-research@lists.cam.ac.uk\\ |
|
738 Subject: Tip off\\ |
|
739 Date: Tue, 02 Oct 2012 13:12:50 +0100\\ |
|
740 |
|
741 I received the following tip off, and have removed the sender's |
|
742 coordinates. I suspect it is one of many security vendors who |
|
743 don't even get the basics right; if you ever go to the RSA |
|
744 conference, there are a thousand such firms in the hall, each |
|
745 with several eager but ignorant salesmen. A trying experience.\\ |
|
746 |
|
747 Ross |
|
748 \end{minipage} |
|
749 |
|
750 \end{frame}} |
|
751 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
752 |
|
753 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
754 \mode<presentation>{ |
|
755 \begin{frame}[c] |
|
756 |
|
757 \begin{minipage}{11cm} |
|
758 I'd like to anonymously tip you off about this\\ |
|
759 product:\\ |
|
760 |
|
761 {\small http://www.strongauth.com/products/key-appliance.html}\\ |
|
762 |
|
763 It sounds really clever, doesn't it?\\ |
|
764 \ldots\\ |
|
765 |
|
766 Anyway, it occurred to me that you and your colleagues might have a |
|
767 field day discovering weaknesses in the appliance and their |
|
768 implementation of security. However, whilst I'd be willing to help |
|
769 and/or comment privately, it'd have to be off the record ;-) |
|
770 \end{minipage} |
|
771 |
|
772 \end{frame}} |
|
773 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
774 |
|
775 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
678 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
776 \mode<presentation>{ |
679 \mode<presentation>{ |
777 \begin{frame}[c] |
680 \begin{frame}[c] |
778 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 1\end{tabular}} |
681 \frametitle{\begin{tabular}{@ {}c@ {}}Schneier: Step 1\end{tabular}} |
779 |
682 |