diff -r 4020ba76cc07 -r 0d491b5654f9 slides/slides05.tex --- a/slides/slides05.tex Tue Oct 21 09:33:13 2014 +0100 +++ b/slides/slides05.tex Tue Oct 21 10:39:45 2014 +0100 @@ -314,6 +314,27 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] +\frametitle{Trusted Third Party} + +Simple protocol for establishing a secure connection via a mutually +trusted 3rd party (server): + +\begin{center} +\begin{tabular}{r@ {\hspace{1mm}}l} +\bl{$A \rightarrow S :$} & \bl{$A, B$}\\ +\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}\}_{K_{AS}}$} and \bl{$\{\{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\ +\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\ +\bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\ +\end{tabular} +\end{center} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] \frametitle{Protocol Attacks} \begin{itemize} @@ -339,7 +360,8 @@ \begin{itemize} \item the idea is to have a certificate authority (CA) \item you go to the CA to identify yourself -\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip +\item CA: ``I, the CA, have verified that public key + \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip \item CA must be trusted by everybody \item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign explicitly limits liability to \$100.) @@ -430,6 +452,21 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Person-in-the-Middle} + +\begin{itemize} +\item Border Gateway Protocol (BGP) --- routers believe + their neighbours +\item it is possible to advertise bad routes +\item can be done over continents\bigskip +\end{itemize} + +\hfill\footnotesize\url{http://www.renesys.com/2013/11/mitm-internet-hijacking/} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] \frametitle{Best Practices} @@ -496,6 +533,22 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Mid-Term} + +\begin{itemize} +\item homework, handouts, programs\ldots +\end{itemize}\bigskip\bigskip\bigskip + +\begin{center} +{\huge\bf\alert{Any Questions?}} +\end{center} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + \end{document} %%% Local Variables: