added slides

\slidecaption}{APP 01, King's College London, 24.~September 2013


  Access Control and Privacy Policies (1)
  \LARGE Access Control and \\[-3mm] 
  \LARGE Privacy Policies (1)\\[-6mm] 


  Email:  & christian.urban at\\
  Office: & S1.27 (1st floor Strand Building)\\
  Slides: & KEATS







Lavabit email service closed down on 8 August 2013.


Also Bad Guys

Annonymous Hacker operating a 10k bonnet using the ZeuS hacking tool wrote:
``FYI I do not cash out the bank accounts or credit cards, I just sell the information 
(I know, its just as bad, hur dur...), there isn't even a law against such in most countries, 
dealing with stolen information is most of the time a legaly greyzone (I was just as surprised 
when I looked it up), I'm not talking about 3rd world countries, but about European like Spain 
(The Mariposa botnet owner never got charged, because a botnet isn't illegal, only abusing 
CC information is, but that did other guys).''


This is a Misconception!


The NSA can probably not brute-force magically better than the ``public''.

Security Engineers

Security engineers require a particular mindset:

``Security engineers --- at least the good ones --- see the world differently. 
They can't walk into a store without noticing how they might shoplift. They can't 
use a computer without wondering about the security vulnerabilities. They can't 
vote without trying to figure out how to vote twice. They just can't help it.''
---Bruce Schneier
\hfill{}---Bruce Schneier



Breaking Things

For example:

Prof. V. Nasty gives the following final exam question (closed books, closed notes):

Write the first 100 digits of π:

How can you cheat in this exam and how can you defend against such cheating?


Chip-and-PIN


\item Chip-and-PIN was introduced in the UK in 2004
\item before that customers had to sign a receipt\medskip
\item Is Chip-and-PIN a more secure system?

(Some other countries still use the old method.)


Yes ...

``Chip-and-PIN is so effective in this country [UK] that fraudsters are starting to move their activities overseas,'' 
said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006).

\item mag-stripe cards cannot be cloned anymore
\item stolen or cloned cards need to be used abroad 
\item fraud on lost, stolen and counterfeit credit cards was down \pounds{}60m (24\%) on 2004's figure


But let's see ...

Bank


costumer / you

card terminal producer
A ``tamperesitant'' terminal playing Tetris on 


\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after \pounds{}1m had been stolen from customer accounts\smallskip 
\item in 2008, hundreds of card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been 
expertly tampered with shortly after manufacture so that details and PINs of credit cards were sent during the 9 months 
before over mobile phone networks to criminals in Lahore, Pakistan

Chip-and-PIN is Broken


man-in-the-middle attacks by the group around Ross Anderson


on BBC Newsnight in 2010 or youtube 
\footnotesize in 2010 or \textcolor{blue}{\href{}{youtube}}

Chip-and-PIN is Really Broken


\item same group successfully attacked in 2012 card readers and ATM machines
\item the problem: several types of ATMs generate poor random numbers, which are used as nonces


The Real Problem ...

Bank


terminal producer

costumer / you
the burden of proof for fraud and financial liability was shifted to the costumer (until approx. 2009/10)
\end {itemize} 

The Bad Guy Again

The Annonymous Hacker from earlier:
``Try to use `Verified-By-Visa' and `Mastercard-Securecode' as rarely as possible. If only your CVV2 code is getting sniffed, you are not liable for any damage, because the code is physically printed and could have been stolen while you payed with your card at a store. Same applies if someone cloned your CC reading the magnetic stripe or sniffing RFID. Only losing your VBV or MCSC password can cause serious trouble.''


Being Screwed Again


\item {\bf Responsibility}\\
``You understand that you are financially responsible for all uses of RBS Secure.''\\

Web Applications

Servers from Inc. 
\small Inc.

\small Client(s)
\item What are pitfalls and best practices?

Why Scala?

{\large\bf ...}
\footnotesize 2013: 1$\%$\\[-2mm]
\footnotesize 2014: 3$\%$\\[-2mm]
\footnotesize 2015: 9$\%$\\[-2mm]
\footnotesize 2016: 27$\%$\\[-2mm]
\footnotesize 2017: 81$\%$\\[-2mm]
\footnotesize 2018: 243$\%$ \raisebox{-1mm}{\includegraphics[scale=0.02]{pics/smiley.jpg}}
\footnotesize 5 yrs $\begin{cases}\mbox{}\\[1.4cm]\end{cases}$

\footnotesize {\bf in London today:} 1 Scala job for every 30 Java jobs;\\[-2mm]
Scala programmers seem to get up to 20\% better salary}

Scala is a functional and object-oriented programming language; compiles to the JVM; does not 
need null-pointer exceptions; a course on Coursera\\


Scala + Play

a simple response from the server:


alternative response:\\

\texttt{\lstinline{Ok("<H1>Hello world!</H1>").as(HTML)}}}





Servers from Inc. 
\small Inc.

\small Client
\item cookies: max 4KB data\\[-2mm]
\item cookie theft, cross-site scripting attacks\\[-2mm]
\item session cookies, persistent cookies, HttpOnly cookies, third-party cookies, zombie cookies 

{\bf EU Privacy Directive about Cookies:}\smallskip\\
``In May 2011, a European Union law was passed stating that websites that leave non-essential cookies on visitors' devices have to alert the visitor and get acceptance from them. This law applies to both individuals and businesses based in the EU regardless of the nationality of their website's visitors or the location of their web host. It is not enough to simply update a website's terms and conditions or privacy policy. The deadline to comply with the new EU cookie law was 26th May 2012 and failure to do so could mean a fine of up to \pounds{}500,000.''
\hfill\small\textcolor{gray}{$\rightarrow$BBC News}, \textcolor{blue}{\url{}}

While cookies are per web-page, this can be easily circumvented.

Pet Store 

Evil-Ad-No

you

My First Webapp

{\bf GET request:}\smallskip
\item read the cookie from client
\item if none is present, set \texttt{visits} to \textcolor{blue}{$0$}
\item if cookie is present, extract \texttt{visits} counter
\item if \texttt{visits} is greater or equal \textcolor{blue}{$10$}, \\
print a valued customer message\\
otherwise just a normal message
\item increase \texttt{visits} by \textcolor{blue}{$1$} and store new cookie with client




cookie value encoded as hash



data integrity needs to be ensured




the counter/hash pair is intended to prevent tampering

\item SHA-1 is a cryptographic hash function\\
(MD5, SHA-256, SHA-512, \ldots) 
\item message $\rightarrow$ digest
\item attacks exist: $2^{80} \rightarrow 2^{61}$ \bigskip\pause
\item but dictionary attacks are much more effective for extracting passwords (later)



Unix Passwords

passwords must not be stored in clear text
instead /etc/shadow contains
\item instead \texttt{/etc/shadow} contains


\item \texttt{\$} is separator
\item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
\item \texttt{QIGCa} is salt
\item \texttt{ruJs8AvmrknzKTzM2TYE} $\rightarrow$ password + salt

(\texttt{openssl passwd -1 -salt QIGCa pippo})
% Unix password


Plain-Text Passwords

On 25 September 2012, a report on a data breach at IEEE:

\item IEEE is a standards organisation (not-for-profit) 
\item many standards in CS are by IEEE\medskip
\item 100k plain-text passwords were recorded in logs
\item the logs were openly accessible on their FTP server


Other Password Blunders

\item in late 2009, when an SQL injection attack against online games 
service exposed 32 million \alert{plaintext} passwords

\item  1.3 million Gawker credentials exposed in December 2010 containing 
unsalted(?) \alert{MD5} hashes

\item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn
% linkedIn password

(web user maintains 25 separate accounts but uses just 6.5 passwords.)


Brute Forcing Passwords

\item How fast can hackers crack SHA-1 passwords? \pause

\item The answer is 2 billion attempts per second\\ 
using a Radeon HD 7970

password length & time\smallskip\\\hline
5 letters & 5 secs\\
6 letters & 500 secs\\
7 letters & 13 hours\\
8 letters & 57 days\\
9 letters & 15 years\\

5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\ 
(1 letter - upper case, lower case, digits, symbols $\approx$ 100)

\footnotesize graphics card\\[-1mm]
\footnotesize ca.~\pounds{}300



How to recover from a breakin?\pause\medskip

\item Do not send passwords in plain text.
\item Security questions are tricky to get right.
\item QQ (Chinese Skype) authenticates you via contacts.


This Course

\item break-ins (buffer overflows)
\item access control\\ (role based, data security / data integrity)
\item electronic voting
\item protocols (specification)
\item access control logic
\item privacy
Scott McNealy: \\``You have zero privacy anyway. Get over it.''
\item zero-knowledge proofs


User-Tracking Without Cookies

Can you track a user {\bf without}:

\item Cookies
\item Javascript
\item LocalStorage/SessionStorage/GlobalStorage
\item Flash, Java or other plugins
\item Your IP address or user agent string
\item Any methods employed by Panopticlick\\
\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{}}

Even when you disabled cookies entirely, have Javascript turned off and use a VPN service.\\\pause
And numerous sites already use it.



Books + Homework

\item There is no single book I am following

\item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\

Whatever is in the homework sheets (and is not marked optional) is relevant for the
exam. No code needs to be written.


\frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}}

\item Never store passwords in plain text.\medskip
\item Always salt your hashes!\medskip
\item Use an existing crypto algorithm; do not write your own!\medskip
\item Make the party responsible for losses, who is in the position to improve things.



