34 \end{tabular} |
34 \end{tabular} |
35 \end{center} |
35 \end{center} |
36 |
36 |
37 \end{frame} |
37 \end{frame} |
38 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
38 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
39 |
|
40 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
41 \begin{frame}[c] |
|
42 \frametitle{Problems with Key Fobs} |
|
43 |
|
44 \begin{columns} |
|
45 \begin{column}[T]{4cm} |
|
46 \includegraphics[scale=0.4]{../pics/car-standard.jpg} |
|
47 \end{column} |
|
48 |
|
49 \begin{column}[T]{6cm}\small |
|
50 Circumventing the ignition protection: |
|
51 |
|
52 \begin{itemize} |
|
53 \item either dismantling Megamos crypto, |
|
54 \item or use the diagnostic port to program |
|
55 blank keys |
|
56 \end{itemize} |
|
57 |
|
58 \hspace{14mm} |
|
59 \includegraphics[scale=0.16]{../pics/Dismantling_Megamos_Crypto.png} |
|
60 \end{column} |
|
61 \end{columns} |
|
62 |
|
63 |
|
64 |
|
65 \end{frame} |
|
66 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
67 |
|
68 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
69 \begin{frame}[c] |
|
70 \frametitle{Protocols} |
|
71 |
|
72 \begin{center} |
|
73 \includegraphics[scale=0.11]{../pics/keyfob.jpg} |
|
74 \quad |
|
75 \includegraphics[scale=0.232]{../pics/starbucks.jpg} |
|
76 \end{center} |
|
77 |
|
78 \begin{itemize} |
|
79 \item The point is that we have no control over the network |
|
80 |
|
81 \item We want to avoid that a message exchange (a protocol) can |
|
82 be attacked without detection |
|
83 \end{itemize} |
|
84 |
|
85 \end{frame} |
|
86 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
87 |
|
88 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
89 \begin{frame}[c] |
|
90 \frametitle{G20 Summit in 2009} |
|
91 |
|
92 \begin{center} |
|
93 \includegraphics[scale=0.1]{../pics/snowden.jpg} |
|
94 \end{center} |
|
95 |
|
96 \small |
|
97 \begin{itemize} |
|
98 \item Snowden documents reveal ``that during G20 |
|
99 meetings\dots{}GCHQ used |
|
100 `ground-breaking intelligence capabilities' to intercept |
|
101 the communications of visiting delegations. This |
|
102 included setting up internet cafes where they used an |
|
103 email interception program and key-logging software to |
|
104 spy on delegates' use of computers\ldots'' |
|
105 |
|
106 \item ``The G20 spying appears to have been organised for the |
|
107 more mundane purpose of securing an advantage in |
|
108 meetings.'' |
|
109 \end{itemize} |
|
110 |
|
111 \end{frame} |
|
112 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
113 |
|
114 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
115 \begin{frame}[c] |
|
116 \frametitle{Interlock Protocol} |
|
117 |
|
118 The interlock protocol (``best bet'' against MITM): |
|
119 |
|
120 \begin{center} |
|
121 \begin{tabular}{ll@{\hspace{2mm}}l} |
|
122 1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\\ |
|
123 2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\\ |
|
124 3. & & \bl{$\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$}\\ |
|
125 & & \bl{$\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$}\\ |
|
126 4. & \bl{$A \to B :$} & \bl{$H_1$}\\ |
|
127 5. & \bl{$B \to A :$} & \bl{$\{H_1, M_1\}_{K^{pub}_A}$}\\ |
|
128 6. & \bl{$A \to B :$} & \bl{$\{H_2, M_1\}_{K^{pub}_B}$}\\ |
|
129 7. & \bl{$B \to A :$} & \bl{$M_2$} |
|
130 \end{tabular} |
|
131 \end{center} |
|
132 |
|
133 \end{frame} |
|
134 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
135 |
|
136 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
137 \begin{frame}[c] |
|
138 |
|
139 \begin{center} |
|
140 \begin{tabular}{l@{\hspace{9mm}}l} |
|
141 \begin{tabular}[t]{@{}l@{}} |
|
142 \bl{$A \to C : K^{pub}_A$}\\ |
|
143 \bl{$C \to B : K^{pub}_C$}\\ |
|
144 \bl{$B \to C : K^{pub}_B$}\\ |
|
145 \bl{$C \to A : K^{pub}_C$}\medskip\\ |
|
146 \bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\ |
|
147 \bl{$\{B,n\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\ |
|
148 \bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\ |
|
149 \bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$} |
|
150 \end{tabular} & |
|
151 \begin{tabular}[t]{@{}l@{}} |
|
152 \bl{$A \to C : H_1$}\\ |
|
153 \bl{$C \to B : C_1$}\\ |
|
154 \bl{$B \to C : \{C_1, M_1\}_{K^{pub}_C}$}\\ |
|
155 \bl{$C \to A : \{H_1, D_1\}_{K^{pub}_A}$}\\ |
|
156 \bl{$A \to C : \{H_2, D_1\}_{K^{pub}_C}$}\\ |
|
157 \bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\ |
|
158 \bl{$B \to C : M_2$}\\ |
|
159 \bl{$C \to A : D_2$} |
|
160 \end{tabular} |
|
161 \end{tabular} |
|
162 \end{center} |
|
163 |
|
164 \end{frame} |
|
165 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
166 |
|
167 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
168 \begin{frame}[c] |
|
169 |
|
170 \begin{itemize} |
|
171 \item you have to ask something that cannot imitated |
|
172 (requires \bl{$A$} and \bl{$B$} know each other) |
|
173 \item what happens if \bl{$m$} and \bl{$n$} are voice |
|
174 messages?\bigskip |
|
175 |
|
176 \item the moral: establishing a secure connection from ``zero'' is |
|
177 almost impossible---you need to rely on some established |
|
178 trust\medskip |
|
179 |
|
180 \item that is why we rely on certificates, which however are |
|
181 badly, badly realised (just today a POODLE attack against SSL) |
|
182 |
|
183 \end{itemize} |
|
184 |
|
185 \end{frame} |
|
186 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
187 |
39 |
188 |
40 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
189 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
41 \begin{frame}[c] |
190 \begin{frame}[c] |
42 \frametitle{Protocols} |
191 \frametitle{Protocols} |
43 |
192 |