sen-material: comparison slides/slides05.tex

equal deleted inserted replaced

-:56bc53ba7c5b
+:708b80c825af
-\documentclass[dvipsnames,14pt,t]{beamer}
+\PassOptionsToPackage{bookmarks=false}{hyperref}
+\documentclass[dvipsnames,14pt,t,hyperref={bookmarks=false}]{beamer}
 \usepackage{../slides}
 \usepackage{../graphics}
 \usepackage{../langs}
+\usepackage{../style}
 \usetikzlibrary{arrows}
 \usetikzlibrary{shapes}
 \setmonofont[Scale=.88]{Consolas}
 \newfontfamily{\consolas}{Consolas}
 meetings.''
 \end{itemize}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{A Simple PK Protocol}
+\begin{center}
+\begin{tabular}{ll@{\hspace{2mm}}l}
+1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\smallskip\\
+2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\smallskip\\
+3. & \bl{$A \to B :$} & \bl{$\{A,m\}_{K^{pub}_B}$}\smallskip\\
+4. & \bl{$B \to A :$} & \bl{$\{B,m'\}_{K^{pub}_A}$}
+\end{tabular}
+\end{center}\pause\bigskip
+unfortunately there is a simple man-in-the- middle-attack
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{A MITM Attack}
+\begin{center}
+\begin{tabular}{ll@{\hspace{2mm}}l}
+1. & \bl{$A \to E :$} & \bl{$K^{pub}_A$}\smallskip\\
+2. & \bl{$E \to B :$} & \bl{$K^{pub}_E$}\smallskip\\
+3. & \bl{$B \to E :$} & \bl{$K^{pub}_B$}\smallskip\\
+4. & \bl{$E \to A :$} & \bl{$K^{pub}_E$}\smallskip\\
+5. & \bl{$A \to E :$} & \bl{$\{A,m\}_{K^{pub}_E}$}\smallskip\\
+6. & \bl{$E \to B :$} & \bl{$\{E,m\}_{K^{pub}_B}$}\smallskip\\
+7. & \bl{$B \to E :$} & \bl{$\{B,m'\}_{K^{pub}_E}$}\smallskip\\
+8. & \bl{$E \to A :$} & \bl{$\{E,m'\}_{K^{pub}_A}$}
+\end{tabular}
+\end{center}\pause\medskip
+and \bl{$A$} and \bl{$B$} have no chance to detect it
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{Interlock Protocol}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
+\frametitle{Splitting Messages}
+\begin{center}
+$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\{A,m\}_{K^{pub}_B}}$
+\end{center}
+\begin{center}
+$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{H_1}$\quad
+$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{H_2}$
+\end{center}
+\begin{itemize}
+\item you can also use the even and odd bytes
+\item the point is you cannot decrypt the halves
+\end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
 \begin{center}
 \begin{tabular}{l@{\hspace{9mm}}l}
 \begin{tabular}[t]{@{}l@{}}
 \bl{$A \to C : K^{pub}_A$}\\
 \bl{$C \to B : K^{pub}_C$}\\
 \bl{$B \to C : K^{pub}_B$}\\
 \bl{$C \to A : K^{pub}_C$}\medskip\\
 \bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\
-\bl{$\{B,n\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\
+\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\
 \bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\
 \bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$}
 \end{tabular} &
 \begin{tabular}[t]{@{}l@{}}
 \bl{$A \to C : H_1$}\\
 \bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\
 \bl{$B \to C : M_2$}\\
 \bl{$C \to A : D_2$}
 \end{tabular}
 \end{tabular}
-\end{center}
+\end{center}\pause
+\footnotesize
+\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the
+weather today in London?
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \begin{itemize}
 \item you have to ask something that cannot imitated
 (requires \bl{$A$} and \bl{$B$} know each other)
-\item what happens if \bl{$m$} and \bl{$n$} are voice
+\item what happens if \bl{$m$} and \bl{$m'$} are voice
-messages?\bigskip
+messages?\bigskip\pause
-\item the moral: establishing a secure connection from ``zero'' is
+\item So \bl{$C$} can either leave the communication unchanged
-almost impossible---you need to rely on some established
+(Hellamn-Diffie), or invent a complete new conversation
-trust\medskip
+\end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\begin{itemize}
+\item the moral: establishing a secure connection from
+``zero'' is almost impossible---you need to rely on some
+established trust\medskip
 \item that is why we rely on certificates, which however are
-badly, badly realised (just today a POODLE attack against SSL)
+badly, badly realised
 \end{itemize}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
-\begin{frame}[c]
+\frametitle{Trusted Third Parties}
-\frametitle{Protocols}
+Simple protocol for establishing a secure connection via a
-Some examples where ``over-the-air'' protocols are used:
+mutually trusted 3rd party (server):
-\begin{itemize}
-\item wifi
-\item card readers (you cannot trust the terminals)
-\item RFID (passports)
-\item car transponders
-\end{itemize}\medskip\pause
-The point is that we cannot control the network: An attacker
-can install a packet sniffer, inject packets, modify packets,
-replay messages\ldots{}fake pretty much everything.
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Keyless Car Transponders}
-\begin{center}
-\includegraphics[scale=0.1]{../pics/keyfob.jpg}
-\quad
-\includegraphics[scale=0.27]{../pics/startstop.jpg}
-\end{center}
-\begin{itemize}
-\item There are two security mechanisms: one remote central
-locking system and one passive RFID tag (engine immobiliser).
-\item How can I get in? How can thieves be kept out?
-How to avoid MITM attacks?
-\end{itemize}\medskip
-\footnotesize
-\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\
-\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\
-\hfill a Vehicle Immobilizer
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{HTTPS / GSM}
-\begin{center}
-\includegraphics[scale=0.25]{../pics/barclays.jpg}
-\quad
-\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
-\end{center}
-\begin{itemize}
-\item I am sitting at Starbuck. How can I be sure I am really
-visiting Barclays? I have no control of the access
-point.
-\item How can I achieve that a secret key is established in
-order to encrypt my mobile conversation? I have no
-control over the access points.
-\end{itemize}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Handshakes}
-\begin{itemize}
-\item starting a TCP connection between a client and a server
-initiates the following three-way handshake protocol:
-\end{itemize}
-\begin{columns}[t]
-\begin{column}{5cm}
-\begin{minipage}[t]{4cm}
-\begin{center}
-\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
-\end{center}
-\end{minipage}
-\end{column}
-\begin{column}{5cm}
-\begin{tabular}[t]{rl}
-Alice:  & Hello server!\\
-Server: & I heard you\\
-Alice:  & Thanks
-\end{tabular}
-\end{column}
-\end{columns}
-\onslide<2->{
-\begin{center}
-\begin{tabular}{rl}
-\bl{$A \rightarrow S$}: & \bl{SYN}\\
-\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
-\bl{$A \rightarrow S$}: & \bl{ACK}\\
-\end{tabular}
-\end{center}}
-\only<3>{
-\begin{textblock}{3}(11,5)
-\begin{bubble}[3.2cm]
-SYNflood attacks:\medskip\\
-\includegraphics[scale=0.4]{../pics/synflood.png}
-\end{bubble}
-\end{textblock}}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Authentication}
-\begin{columns}
-\begin{column}{8cm}
-\begin{minipage}[t]{7.5cm}
-\begin{center}
-\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
-\end{center}
-\end{minipage}
-\end{column}
-\begin{column}{5cm}
-\begin{minipage}[t]{4.5cm}
-\begin{tabular}{l}
-Knock Knock!\\
-Who's there?\\
-Alice.\\
-Alice who?
-\end{tabular}
-\end{minipage}
-\end{column}
-\end{columns}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Authentication Protocols}
-Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key
-\bl{$K_{AB}$}\bigskip
-Password transmission:
-\begin{center}
-\bl{$A \rightarrow B: K_{AB}$}
-\end{center}\pause\bigskip
-Problems: Eavesdropper can capture the secret and replay it;
-\bl{$B$} cannot confirm the identity of \bl{$A$}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Authentication Protocols}
-Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key
-\bl{$K_{AB}$}\bigskip
-Simple Challenge Response (solving the replay problem):
-\begin{center}
-\begin{tabular}{lll}
-\bl{$A \rightarrow B:$} & \bl{Hi I am A}\\
-\bl{$B \rightarrow A:$} & \bl{$N$} & (challenge)\\
-\bl{$A \rightarrow B:$} & \bl{$\{N\}_{K_{AB}}$}\\
-\end{tabular}
-\end{center}\pause
-\begin{itemize}
-\item cannot be replayed since next time will be another
-challenge \bl{$N$}
-\item \bl{$B$} authenticates \bl{$A$}, but \bl{$A$} does not
-authenticate \bl{$B$} (Eve can intercept
-messages from \bl{$A$}, send random challenge
-and ignore last)
-\end{itemize}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Authentication Protocols}
-Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
-Mutual Challenge Response:
-\begin{center}
-\begin{tabular}{ll}
-\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
-\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
-\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
-\end{tabular}
-\end{center}\pause
-But requires shared secret key.
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Nonces}
-\begin{enumerate}
-\item I generate a nonce (random number) and send it to you encrypted with a key we share
-\item you increase it by one, encrypt it under a key I know and send
-it back to me
-\end{enumerate}
-I can infer:
-\begin{itemize}
-\item you must have received my message
-\item you could only have generated your answer after I send you my initial
-message
-\item if only you and me know the key, the message must have come from you
-\end{itemize}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\begin{center}
-\begin{tabular}{ll}
-\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
-\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
-\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
-\end{tabular}
-\end{center}
-The attack (let $A$ decrypt her own messages):
-\begin{center}
-\begin{tabular}{ll}
-\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
-\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
-\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
-\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
-\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
-\end{tabular}
-\end{center}\pause
-\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Encryption to the Rescue?}
-\begin{itemize}
-\item \bl{$A \,\rightarrow\, B :  \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
-\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
-\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
-\end{itemize}\pause
-means you need to send separate ``Hello'' signals (bad), or worse
-share a single key between many entities
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Trusted Third Party}
-Simple protocol for establishing a secure connection via a mutually
-trusted 3rd party (server):
 \begin{center}
 \begin{tabular}{r@ {\hspace{1mm}}l}
 \bl{$A \rightarrow S :$} & \bl{$A, B$}\\
-\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}\}_{K_{AS}}$} and \bl{$\{\{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
+\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
 \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
 \bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
 \end{tabular}
 \end{center}
-\end{frame}}
+\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
+\begin{frame}[c]
-\begin{frame}[c]
+\frametitle{PKI: The Main Idea}
-\frametitle{Public-Key Infrastructure}
 \begin{itemize}
 \item the idea is to have a certificate authority (CA)
 \item you go to the CA to identify yourself
 \item CA: ``I, the CA, have verified that public key
 \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
-\item CA must be trusted by everybody
+\item CA must be trusted by everybody\medskip
 \item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
 explicitly limits liability to \$100.)
 \end{itemize}
-\end{frame}}
+\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Person-in-the-Middle}
-``Normal'' protocol run:\bigskip
-\begin{itemize}
-\item \bl{$A$} sends public key  to \bl{$B$}
-\item \bl{$B$} sends public key  to \bl{$A$}
-\item \bl{$A$} sends a message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
-with its private key
-\item \bl{$B$} sends a message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
-with its private key
-\end{itemize}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Person-in-the-Middle}
-Attack:
-\begin{itemize}
-\item \bl{$A$} sends public key  to \bl{$B$}  --- \bl{$C$}
-intercepts this message and send his own public key to
-\bl{$B$}
-\item \bl{$B$} sends public key  to \bl{$A$} --- \bl{$C$}
-intercepts this message and send his own public key
-\bl{$A$}
-\item \bl{$A$} sends a message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
-with its private key, re-encrypts with \bl{$B$}'s public key
-\item similar the other way
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Person-in-the-Middle}
-Prevention:
-\begin{itemize}
-\item \bl{$A$} sends public key  to \bl{$B$}
-\item \bl{$B$} sends public key  to \bl{$A$}
-\item \bl{$A$} encrypts a message with \bl{$B$}'s public key,
-sends {\bf half} of the message to \bl{$B$}
-\item \bl{$B$} encrypts a message with \bl{$A$}'s public key,
-sends {\bf half} of the message back to \bl{$A$}
-\item \bl{$A$} sends other half, \bl{$B$} can now decrypt
-entire message
-\item \bl{$B$} sends other half, \bl{$A$} can now decrypt
-entire message
-\end{itemize}\pause
-\bl{$C$} would have to invent a totally new message
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Car Transponder (HiTag2)}
-\begin{enumerate}
-\item \bl{$C$} generates a random number \bl{$N$}
-\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
-\item \bl{$C \to T$}: \bl{$N, F$}
-\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
-\item \bl{$T$} checks that \bl{$F = F'$}
-\item \bl{$T \to C$}: \bl{$N, G'$}
-\item \bl{$C$} checks that \bl{$G = G'$}
-\end{enumerate}\pause
-\small
-This process means that the transponder believes the car knows
-the key \bl{$K$}, and the car believes the transponder knows
-the key \bl{$K$}. They have authenticated themselves
-to each other.
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Person-in-the-Middle}
-\begin{itemize}
-\item Border Gateway Protocol (BGP) --- routers believe
-their neighbours
-\item it is possible to advertise bad routes
-\item can be done over continents\bigskip
-\end{itemize}
-\hfill\footnotesize\url{http://www.renesys.com/2013/11/mitm-internet-hijacking/}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Protocol Attacks}
-\begin{itemize}
-\item replay attacks
-\item reflection attacks
-\item man-in-the-middle attacks
-\item timing attacks
-\item parallel session attacks
-\item binding attacks (public key protocols)
-\item changing environment / changing assumptions\bigskip
-\item (social engineering attacks)
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{Best Practices}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
 \begin{frame}[c]
 \frametitle{Best Practices}
 {\bf Principle 3:} Be clear about why encryption is being
 done. Encryption is not wholly cheap, and not asking precisely
 \item Guarantee confidentiality and authenticity: binds two parts of a message ---
 \bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
 \end{itemize}
 \end{center}
-\end{frame}}
+\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{Best Practices}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
 \begin{frame}[c]
 \frametitle{Formal Methods}
 Ross Anderson about the use of Logic:\bigskip
 bugs in security protocol designs as they force the designer
 to make everything explicit and thus confront difficult design
 choices that might otherwise be fudged.
 \end{quote}
-\end{frame}}
+\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{Mid-Term}
 {\huge\bf\alert{Any Questions?}}
 \end{center}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \end{document}
 %%% Local Variables:
 %%% mode: latex

changeset 416	708b80c825af
parent 415	56bc53ba7c5b
child 417	ca9295851eb6