equal
deleted
inserted
replaced
68 \end{frame} |
68 \end{frame} |
69 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
69 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
70 |
70 |
71 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
71 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
72 \begin{frame}[c] |
72 \begin{frame}[c] |
|
73 \frametitle{Nonces} |
|
74 |
|
75 \begin{enumerate} |
|
76 \item I generate a nonce (random number) and send it to you encrypted with a key we share |
|
77 \item you increase it by one, encrypt it under a key I know and send |
|
78 it back to me |
|
79 \end{enumerate} |
|
80 |
|
81 |
|
82 I can infer: |
|
83 |
|
84 \begin{itemize} |
|
85 \item you must have received my message |
|
86 \item you could only have generated your answer after I have |
|
87 sent you my initial message |
|
88 \item if only you and me know the key, the message must have come from you |
|
89 \end{itemize} |
|
90 |
|
91 \end{frame} |
|
92 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
93 |
|
94 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
|
95 \begin{frame}[c] |
73 \frametitle{Protocols} |
96 \frametitle{Protocols} |
74 |
97 |
75 \begin{center} |
98 \begin{center} |
76 \includegraphics[scale=0.11]{../pics/keyfob.jpg} |
99 \includegraphics[scale=0.11]{../pics/keyfob.jpg} |
77 \quad |
100 \quad |
96 \includegraphics[scale=0.1]{../pics/snowden.jpg} |
119 \includegraphics[scale=0.1]{../pics/snowden.jpg} |
97 \end{center} |
120 \end{center} |
98 |
121 |
99 \small |
122 \small |
100 \begin{itemize} |
123 \begin{itemize} |
101 \item Snowden documents reveal ``that during G20 |
124 \item Snowden documents reveal ``that during the G20 |
102 meetings\dots{}GCHQ used |
125 meetings\dots{}GCHQ used |
103 `ground-breaking intelligence capabilities' to intercept |
126 `ground-breaking intelligence capabilities' to intercept |
104 the communications of visiting delegations. This |
127 the communications of visiting delegations. This |
105 included setting up internet cafes where they used an |
128 included setting up internet cafes where they used an |
106 email interception program and key-logging software to |
129 email interception program and key-logging software to |
179 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
202 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
180 \begin{frame}[c] |
203 \begin{frame}[c] |
181 \frametitle{Splitting Messages} |
204 \frametitle{Splitting Messages} |
182 |
205 |
183 \begin{center} |
206 \begin{center} |
184 $\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\{A,m\}_{K^{pub}_B}}$ |
207 $\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\bl{\{A,m\}_{K^{pub}_B}}}$ |
185 \end{center} |
208 \end{center} |
186 |
209 |
187 \begin{center} |
210 \begin{center} |
188 $\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{H_1}$\quad |
211 $\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{\bl{H_1}}$\quad |
189 $\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{H_2}$ |
212 $\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{\bl{H_2}}$ |
190 \end{center} |
213 \end{center} |
191 |
214 |
192 \begin{itemize} |
215 \begin{itemize} |
193 \item you can also use the even and odd bytes |
216 \item you can also use the even and odd bytes |
194 \item the point is you cannot decrypt the halves |
217 \item the point is you cannot decrypt the halves, even if you |
|
218 have the key |
195 \end{itemize} |
219 \end{itemize} |
196 |
220 |
197 |
221 |
198 \end{frame} |
222 \end{frame} |
199 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
223 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
235 |
259 |
236 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
260 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
237 \begin{frame}[c] |
261 \begin{frame}[c] |
238 |
262 |
239 \begin{itemize} |
263 \begin{itemize} |
240 \item you have to ask something that cannot imitated |
264 \item you have to ask something that cannot be imitated |
241 (requires \bl{$A$} and \bl{$B$} know each other) |
265 (requires \bl{$A$} and \bl{$B$} know each other) |
242 \item what happens if \bl{$m$} and \bl{$m'$} are voice |
266 \item what happens if \bl{$m$} and \bl{$m'$} are voice |
243 messages?\bigskip\pause |
267 messages?\bigskip\pause |
244 |
268 |
245 \item So \bl{$C$} can either leave the communication unchanged |
269 \item So \bl{$C$} can either leave the communication unchanged |
246 (Hellamn-Diffie), or invent a complete new conversation |
270 (Hellman-Diffie), or invent a complete new conversation |
247 |
271 |
248 \end{itemize} |
272 \end{itemize} |
249 |
273 |
250 \end{frame} |
274 \end{frame} |
251 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
275 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
256 \begin{itemize} |
280 \begin{itemize} |
257 \item the moral: establishing a secure connection from |
281 \item the moral: establishing a secure connection from |
258 ``zero'' is almost impossible---you need to rely on some |
282 ``zero'' is almost impossible---you need to rely on some |
259 established trust\medskip |
283 established trust\medskip |
260 |
284 |
261 \item that is why we rely on certificates, which however are |
285 \item that is why PKI relies on certificates, which however are |
262 badly, badly realised |
286 badly, badly realised |
263 |
287 |
264 \end{itemize} |
288 \end{itemize} |
265 |
289 |
266 \end{frame} |
290 \end{frame} |
335 \node [below right] at (D.north west) |
359 \node [below right] at (D.north west) |
336 {\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}}; |
360 {\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}}; |
337 |
361 |
338 \node (E) at (2,-3) [node] {}; |
362 \node (E) at (2,-3) [node] {}; |
339 \node [below right] at (E.north west) |
363 \node [below right] at (E.north west) |
340 {\small\begin{tabular}{@{}l}Browser\\ Company\end{tabular}}; |
364 {\small\begin{tabular}{@{}l}Browser\\ Vendor\end{tabular}}; |
341 |
365 |
342 \draw [->,line width=4mm] (E) -- (D); |
366 \draw [->,line width=4mm] (E) -- (D); |
343 \end{tikzpicture} |
367 \end{tikzpicture} |
344 \end{center} |
368 \end{center} |
345 |
369 |
346 \begin{itemize} |
370 \begin{itemize} |
347 \item CAs make almost no money anymore, because of competition |
371 \item CAs make almost no money anymore, because of stiff |
348 \item browser companies are not really interested in security, |
372 competition |
349 rather than market share |
373 \item browser companies are not really interested in security; |
|
374 only in market share |
350 \end{itemize} |
375 \end{itemize} |
351 |
376 |
352 \end{frame} |
377 \end{frame} |
353 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
378 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
354 |
379 |
357 \frametitle{PKI: Weaknesses} |
382 \frametitle{PKI: Weaknesses} |
358 |
383 |
359 CAs just cannot win (make any profit):\medskip |
384 CAs just cannot win (make any profit):\medskip |
360 |
385 |
361 \begin{itemize} |
386 \begin{itemize} |
362 \item there are hundreds of CAs, which issue million of |
387 \item there are hundreds of CAs, which issue millions of |
363 certificates and the error rate is small |
388 certificates and the error rate is small |
364 |
389 |
365 \item users (servers) do not want to pay or pay as little as |
390 \item users (servers) do not want to pay or pay as little as |
366 possible\bigskip |
391 possible\bigskip |
367 |
392 |
368 \item a CA can issue a certificate for any domain not needing |
393 \item a CA can issue a certificate for any domain not needing |
369 any permission (CAs are meant to be undergo audits, |
394 any permission (CAs are meant to undergo audits, |
370 but\ldots DigiNotar); if they have issued many |
395 but\ldots DigiNotar) |
371 certificates, they ``become too big to fail'' |
396 |
|
397 \item if a CA has issued many certificates, it ``becomes too |
|
398 big to fail'' |
372 |
399 |
373 \item Can we be sure CAs are not just front-ends of some |
400 \item Can we be sure CAs are not just frontends of some |
374 government organisation? |
401 government organisation? |
375 |
402 |
376 \end{itemize} |
403 \end{itemize} |
377 |
404 |
378 \end{frame} |
405 \end{frame} |
382 \begin{frame}[c] |
409 \begin{frame}[c] |
383 \frametitle{PKI: Weaknesses} |
410 \frametitle{PKI: Weaknesses} |
384 |
411 |
385 \begin{itemize} |
412 \begin{itemize} |
386 |
413 |
387 \item many certificates are issued via whois\ldots if you |
414 \item many certificates are issued via Whois\ldots if you |
388 hijacked a domain, it is easy to obtain |
415 hijacked a domain, it is easy to obtain |
389 certificates\medskip |
416 certificates\medskip |
390 |
417 |
391 \item revocation does not work (Chrome has given up on |
418 \item the revocation mechanism does not work (Chrome has given |
392 revocation lists)\medskip |
419 up on general revocation lists)\medskip |
393 |
420 |
394 \item lax approach to validation of certificates |
421 \item lax approach to validation of certificates |
395 (Have you bypassed certification warnings?)\medskip |
422 (Have you ever bypassed certification warnings?)\medskip |
396 |
423 |
397 \item sometimes you want to install invalid certificates |
424 \item sometimes you want to actually install invalid |
398 (self-signed) |
425 certificates (self-signed) |
399 |
426 |
400 \end{itemize} |
427 \end{itemize} |
401 |
428 |
402 \end{frame} |
429 \end{frame} |
403 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
430 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
409 \begin{itemize} |
436 \begin{itemize} |
410 |
437 |
411 \item Go directly after root certificates |
438 \item Go directly after root certificates |
412 \begin{itemize} |
439 \begin{itemize} |
413 \item governments can demand private keys\smallskip |
440 \item governments can demand private keys\smallskip |
414 \item 10 years ago it was estimated to break a 1024 bit key |
441 \item 10 years ago it was estimated that breaking a 1024 bit |
415 in one year using 10 -30 Mio \$; this is now reduced to 1 Mio \$ |
442 key takes one year and costs 10 - 30 Mio \$; this is now |
416 \end{itemize} |
443 reduced to 1 Mio \$ |
|
444 \end{itemize} |
417 |
445 |
418 \item Go after buggy implementations of certificate |
446 \item Go after buggy implementations of certificate |
419 validation\smallskip |
447 validation\smallskip |
420 |
448 |
421 \item Social Engineering |
449 \item Social Engineering |
425 certificates |
453 certificates |
426 \end{itemize}\bigskip |
454 \end{itemize}\bigskip |
427 \end{itemize} |
455 \end{itemize} |
428 |
456 |
429 \small The eco-system is completely broken (it relies on |
457 \small The eco-system is completely broken (it relies on |
430 thousands of entities doing the right thing). Maybe DNSSEC |
458 thousands of entities to do the right thing). Maybe DNSSEC |
431 where keys can be attached to domain names is a way out. |
459 where keys can be attached to domain names is a way out. |
432 |
460 |
433 \end{frame} |
461 \end{frame} |
434 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
462 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
435 |
463 |
437 \begin{frame}[c] |
465 \begin{frame}[c] |
438 \frametitle{Real Attacks} |
466 \frametitle{Real Attacks} |
439 |
467 |
440 \begin{itemize} |
468 \begin{itemize} |
441 |
469 |
442 \item In 2011, DigiNotar (Dutch) was the first CA which got |
470 \item In 2011, DigiNotar (Dutch company) was the first CA that |
443 compromised completely, and where many fraudulent |
471 got compromised comprehensively, and where many |
444 certificates were issued. It included approximately |
472 fraudulent certificates were issued to the wild. It |
445 300,000 IP addresses, mostly located in Iran. The |
473 included approximately 300,000 IP addresses, mostly |
446 attackers (in Iran?) were likely interested only in |
474 located in Iran. The attackers (in Iran?) were likely |
447 collecting gmail passwords.\medskip |
475 interested ``only'' in collecting gmail passwords.\medskip |
448 |
476 |
449 \item The Flame malware piggy-bagged on this attack by |
477 \item The Flame malware piggy-bagged on this attack by |
450 advertising malicious Windows updates to some targeted |
478 advertising malicious Windows updates to some targeted |
451 systems (mostly in Iran, Israel, Sudan). |
479 systems (mostly in Iran, Israel, Sudan). |
452 |
480 |
686 |
714 |
687 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
715 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
688 \begin{frame}[c] |
716 \begin{frame}[c] |
689 \frametitle{1st Lecture: Cookies} |
717 \frametitle{1st Lecture: Cookies} |
690 |
718 |
691 Remember the small web-app I showed where a cookie |
719 Remember the small web-app I showed you where a cookie |
692 protected a counter\bigskip |
720 protected a counter?\bigskip |
693 |
721 |
694 \begin{itemize} |
722 \begin{itemize} |
695 \item NYT, the cookie looks the ``resource'' - harm\medskip |
723 \item NYT, the cookie looks the ``resource'' - harm\medskip |
696 \item imaginary discount unlocked by cookie - no harm |
724 \item imaginary discount unlocked by cookie - no harm |
697 \end{itemize} |
725 \end{itemize} |
720 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
748 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
721 \begin{frame}[t] |
749 \begin{frame}[t] |
722 \frametitle{2nd Lecture: E-Voting} |
750 \frametitle{2nd Lecture: E-Voting} |
723 |
751 |
724 \begin{itemize} |
752 \begin{itemize} |
725 \item (two weeks ago) an Australian parliamentary committee |
753 \item recently an Australian parliamentary committee |
726 found: e-voting is highly vulnerable to hacking and Australia |
754 found: e-voting is highly vulnerable to hacking and Australia |
727 will not use it any time soon\bigskip\pause |
755 will not use it any time soon\bigskip\pause |
728 \item Alex Halderman, Washington D.C.~hack |
756 \item Alex Halderman, Washington D.C.~hack |
729 \begin{center} |
757 \begin{center} |
730 \scriptsize |
758 \scriptsize |
866 \begin{axis}[ |
894 \begin{axis}[ |
867 xlabel={year}, |
895 xlabel={year}, |
868 ylabel={\% of total attacks}, |
896 ylabel={\% of total attacks}, |
869 ylabel style={yshift=0em}, |
897 ylabel style={yshift=0em}, |
870 enlargelimits=false, |
898 enlargelimits=false, |
871 xtick={1997,1998,2000,...,2014}, |
899 xtick={1997,1999,...,2015}, |
872 xmin=1996.5, |
900 xmin=1996.5, |
873 xmax=2015, |
901 xmax=2016, |
874 ymax=21, |
902 ymax=21, |
875 ytick={0,5,...,20}, |
903 ytick={0,5,...,20}, |
876 scaled ticks=false, |
904 scaled ticks=false, |
877 axis lines=left, |
905 axis lines=left, |
878 width=11cm, |
906 width=11cm, |
881 nodes near coords= |
909 nodes near coords= |
882 {\footnotesize |
910 {\footnotesize |
883 $\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$}, |
911 $\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$}, |
884 x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}] |
912 x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}] |
885 \addplot |
913 \addplot |
886 table [x=Year,y=Percentage] {bufferoverflows.data}; |
914 table [x=Year,y=Percentage] {../handouts/bufferoverflows.data}; |
887 \end{axis} |
915 \end{axis} |
888 \end{tikzpicture} |
916 \end{tikzpicture} |
889 \end{center} |
917 \end{center} |
890 |
918 |
891 \scriptsize |
919 \scriptsize |
962 \begin{frame}[t] |
990 \begin{frame}[t] |
963 \frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}} |
991 \frametitle{\begin{tabular}{c}4th Lecture:\\ Unix Access Control\end{tabular}} |
964 |
992 |
965 \begin{itemize} |
993 \begin{itemize} |
966 \item Alice wants to have her files readable, |
994 \item Alice wants to have her files readable, |
967 \alert{except} for her office mates. |
995 \alert{except} for her office mates.\bigskip |
|
996 |
|
997 \item make sure you understand the setuid and setgid bits; |
|
998 why are they necessary for login and passwd |
968 \end{itemize} |
999 \end{itemize} |
969 |
1000 |
970 |
1001 |
971 \end{frame} |
1002 \end{frame} |
972 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
1003 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |