4 |
4 |
5 \lstset{language=JavaScript} |
5 \lstset{language=JavaScript} |
6 |
6 |
7 |
7 |
8 \begin{document} |
8 \begin{document} |
9 \fnote{\copyright{} Christian Urban, 2014, 2015} |
9 \fnote{\copyright{} Christian Urban, |
|
10 King's College London, 2014, 2015, 2016} |
10 |
11 |
11 %Ross anderson |
12 %Ross anderson |
12 %https://youtu.be/FY2YKxBxOkg |
13 %https://youtu.be/FY2YKxBxOkg |
13 |
14 |
14 \section*{Handout 1 (Security Engineering)} |
15 \section*{Handout 1 (Security Engineering)} |
45 and sideways. You have to think like an alien.'' |
46 and sideways. You have to think like an alien.'' |
46 \end{quote} |
47 \end{quote} |
47 |
48 |
48 \noindent In this module I like to teach you this security |
49 \noindent In this module I like to teach you this security |
49 mindset. This might be a mindset that you think is very |
50 mindset. This might be a mindset that you think is very |
50 foreign to you---after all we are all good citizens and not |
51 foreign to you---after all we are all good citizens and do not |
51 hack into things. However, I beg to differ: You have this |
52 hack into things. However, I beg to differ: You have this |
52 mindset already when in school you were thinking, at least |
53 mindset already when in school you were thinking, at least |
53 hypothetically, about ways in which you can cheat in an exam |
54 hypothetically, about ways in which you can cheat in an exam |
54 (whether it is by hiding notes or by looking over the |
55 (whether it is by hiding notes or by looking over the |
55 shoulders of your fellow pupils). Right? To defend a system, |
56 shoulders of your fellow pupils). Right? To defend a system, |
95 properly, and also the motive that the attackers have to try |
96 properly, and also the motive that the attackers have to try |
96 to defeat your policy). The last point is often overlooked, |
97 to defeat your policy). The last point is often overlooked, |
97 but plays an important role. To illustrate this lets look at |
98 but plays an important role. To illustrate this lets look at |
98 an example. |
99 an example. |
99 |
100 |
100 \subsubsection*{Chip-and-PIN is Surely More Secure?} |
101 \subsubsection*{Chip-and-PIN is Surely More Secure, No?} |
101 |
102 |
102 The questions is whether the Chip-and-PIN system used with |
103 The questions is whether the Chip-and-PIN system used with |
103 modern credit cards is more secure than the older method of |
104 modern credit cards is more secure than the older method of |
104 signing receipts at the till. On first glance the answer seems |
105 signing receipts at the till. On first glance the answer seems |
105 obvious: Chip-and-PIN must be more secure and indeed improved |
106 obvious: Chip-and-PIN must be more secure and indeed improved |
127 transmitted skimmed PIN numbers via built-in mobile phone |
128 transmitted skimmed PIN numbers via built-in mobile phone |
128 connections. To mitigate this flaw in the security of |
129 connections. To mitigate this flaw in the security of |
129 Chip-and-PIN, you need to be able to vet quite closely the |
130 Chip-and-PIN, you need to be able to vet quite closely the |
130 supply chain of such terminals. This is something that is |
131 supply chain of such terminals. This is something that is |
131 mostly beyond the control of customers who need to use these |
132 mostly beyond the control of customers who need to use these |
132 terminals. |
133 terminals. |
133 |
134 |
134 To make matters worse for Chip-and-PIN, around 2009 Ross |
135 To make matters worse for Chip-and-PIN, around 2009 Ross |
135 Anderson and his group were able to perform man-in-the-middle |
136 Anderson and his group were able to perform man-in-the-middle |
136 attacks against Chip-and-PIN. Essentially they made the |
137 attacks against Chip-and-PIN. Essentially they made the |
137 terminal think the correct PIN was entered and the card think |
138 terminal think the correct PIN was entered and the card think |
158 Chip-and-PIN system is secure, they were under the new system |
159 Chip-and-PIN system is secure, they were under the new system |
159 able to point the finger at the customer when fraud occurred: |
160 able to point the finger at the customer when fraud occurred: |
160 customers must have been negligent losing their PIN and |
161 customers must have been negligent losing their PIN and |
161 customers had almost no way of defending themselves in such |
162 customers had almost no way of defending themselves in such |
162 situations. That is why the work of \emph{ethical} hackers |
163 situations. That is why the work of \emph{ethical} hackers |
163 like Ross Anderson's group was so important, because they and |
164 like Ross Anderson's group is so important, because they and |
164 others established that the banks' claim that their system is |
165 others established that the banks' claim that their system is |
165 secure and it must have been the customer's fault, was bogus. |
166 secure and it must have been the customer's fault, was bogus. |
166 In 2009 the law changed and the burden of proof went back to |
167 In 2009 the law changed and the burden of proof went back to |
167 the banks. They need to prove whether it was really the |
168 the banks. They need to prove whether it was really the |
168 customer who used a card or not. The current state of affairs, |
169 customer who used a card or not. The current state of affairs, |
169 however, is that standing up for your right requires you |
170 however, is that standing up for your right requires you to be |
170 to be knowledgeable\ldots{}if not, the banks are happy to |
171 knowledgeable, potentially having to go to court\ldots{}if |
171 take advantage of you. |
172 not, the banks are happy to take advantage of you. |
172 |
173 |
173 This is a classic example where a security design principle |
174 This is a classic example where a security design principle |
174 was violated: Namely, the one who is in the position to |
175 was violated: Namely, the one who is in the position to |
175 improve security, also needs to bear the financial losses if |
176 improve security, also needs to bear the financial losses if |
176 things go wrong. Otherwise, you end up with an insecure |
177 things go wrong. Otherwise, you end up with an insecure |
199 |
200 |
200 \begin{center} |
201 \begin{center} |
201 \url{https://www.youtube.com/watch?v=XeZbVZQsKO8} |
202 \url{https://www.youtube.com/watch?v=XeZbVZQsKO8} |
202 \end{center} |
203 \end{center} |
203 |
204 |
204 \noindent They claim that they can actually clone with |
205 \noindent They claim that they are able to clone Chip-and-PINs |
205 Chip-and-PINs cards such that they get all data that was |
206 cards such that they get all data that was on the Magstripe, |
206 on the Magstripe, except for three digits (the CVV number). |
207 except for three digits (the CVV number). Remember, |
207 Remember Chip-and-PINs cards were introduced exactly for |
208 Chip-and-PIN cards were introduced exactly for preventing |
208 preventing this. |
209 this. |
209 |
210 |
210 |
211 |
211 \subsection*{Of Cookies and Salts} |
212 \subsection*{Of Cookies and Salts} |
212 |
213 |
213 Let us look at another example which will help with understanding how |
214 Let us look at another example which will help with understanding how |