diff -r cd4fde79587e -r 2eaca58f9bcc slides08.tex --- a/slides08.tex Tue Nov 20 06:45:37 2012 +0000 +++ b/slides08.tex Tue Nov 20 11:58:23 2012 +0000 @@ -132,7 +132,7 @@ \frametitle{Last Week} Andrew Secure RPC Protocol: -\bl{$A$} and \bl{$B$} share a key \bl{$K_{AB}$} and want to identify +\bl{$A$} and \bl{$B$} share a key private \bl{$K_{AB}$} and want to identify each other\bigskip \begin{itemize} @@ -211,7 +211,7 @@ \onslide<7->{Sounds stupid: ``\ldots answering a question with a counter question''\medskip\\ was originally developed at CMU for terminals to connect to -workstations (e.g.~file servers)} +workstations (e.g., file servers)} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -222,34 +222,35 @@ \frametitle{Identify Friend or Foe} \begin{center} -\onslide<2->{\mbox{}\hspace{3.4cm}\includegraphics[scale=0.55]{pics/MigInMiddle.jpg}} +\onslide<3->{\mbox{}\hspace{3.4cm}\includegraphics[scale=0.55]{pics/MigInMiddle.jpg}} \end{center} \begin{textblock}{6}(0.3,2) +\onslide<2->{ 198?: war between Angola (supported by Cuba) -and Namibia (supported by SA) +and Namibia (supported by SA)} \end{textblock} \begin{textblock}{3}(12.5,4.6) - \onslide<2->{ + \onslide<3->{ \begin{tikzpicture} \node at (0,0) [single arrow, fill=red,text=white, rotate=-50, shape border rotate=180]{``bystander''}; \end{tikzpicture}} \end{textblock} \begin{textblock}{3}(10.9,10) - \onslide<2->{ + \onslide<3->{ \begin{tikzpicture} \node at (0,0) [single arrow, fill=red,text=white, rotate=-40, shape border rotate=180]{attacker}; \end{tikzpicture}} \end{textblock} -\only<3->{ +\only<4->{ \begin{textblock}{6}(0.3,9) being outsmarted by Angola/Cuba ended SA involvement \end{textblock}} -\only<4->{ +\only<5->{ \begin{textblock}{6}(0.3,13) IFF opened up a nice side-channel attack \end{textblock}} @@ -268,7 +269,7 @@ \item \bl{$A \,\text{sends}\, B : \{N_A\}_{K'_{AB}}$}\bigskip \end{itemize}\pause -means you need to send a separate ``Hello'' signal (bad), or worse +means you need to send separate ``Hello'' signals (bad), or worse share a single key between many entities \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -307,12 +308,37 @@ \end{tabular} \end{center}\bigskip\pause -at the end both \bl{$A$} and \bl{$B$} should be in the possession of the secret key +at the end of the protocol both \bl{$A$} and \bl{$B$} should be in the possession of the secret key \bl{$K_{AB}$} and know that the other principal has the key \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] +\frametitle{Nonces} + +\begin{enumerate} +\item I generate a nonce (random number) and send it to you encrypted with a key we share +\item you increase it by one, encrypt it under a key I know and send +it back to me +\end{enumerate} + + +I can infer: + +\begin{itemize} +\item you must have received my message +\item you could only have generated your answer after I send you my initial +message +\item if only you and me know the key, the message must have come from you +\end{itemize} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] @@ -335,13 +361,26 @@ \bl{$B$} believes it is following the correct protocol, intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and -talk to \bl{$B$} masquerading as \bl{$A$} +talks to \bl{$B$} masquerading as \bl{$A$} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] + +\begin{center} +\includegraphics[scale=0.5]{pics/dogs.jpg} +\end{center} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] \frametitle{Replay Attacks} Andrew Secure RPC protocol: exchanging a new key @@ -588,6 +627,63 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[t] +\frametitle{Privacy vs Anonymity} + +\begin{itemize} +\item anonymity has its uses (e.g., voting, whistleblowers, peer-review) +\end{itemize}\bigskip\bigskip\pause + + +But privacy?\bigskip\bigskip + +``You have zero privacy anyway. Get over it.''\\ +\hfill{}Scott Mcnealy (CEO of Sun)\bigskip\\ + + +If you have nothing to hide, you have nothing to fear. + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[t] +\frametitle{Privacy} + +private data can be often used against me + +\begin{itemize} +\item if my location data becomes public, thieves will switch off their phones and help themselves in my home +\item if supermarkets can build a profile of what I buy, they can use it to their advantage (banks - mortgages) +\item my employer might not like my opinions\bigskip\pause + +\item one the other hand, Freedom-of-Information Act +\item medical data should be private, but medical research needs data +\end{itemize} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[t] +\frametitle{Privacy} + +\begin{itemize} +\item Apple takes note of +\item if supermarkets can build a profile of what I buy, they can use it to their advantage (banks - mortgages) +\item my employer might not like my opinions\bigskip\pause + +\item one the other hand, Freedom-of-Information Act +\item medical data should be private, but medical research needs data +\end{itemize} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + \end{document}