diff -r 4603e6bb80c8 -r 8bf6704fc991 slides/slides11.tex --- a/slides/slides11.tex Thu Nov 26 09:10:47 2015 +0000 +++ b/slides/slides11.tex Thu Nov 26 11:59:38 2015 +0000 @@ -16,8 +16,7 @@ \frametitle{% \begin{tabular}{@ {}c@ {}} \\ - \LARGE Access Control and \\[-3mm] - \LARGE Privacy Policies (11)\\[-6mm] + \LARGE Security Engineering \end{tabular}}\bigskip\bigskip\bigskip \normalsize @@ -35,13 +34,15 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\begin{bubble}[10cm] +Imagine you have a completely innocent email message, like +birthday wishes to your grandmother? Why should you still +encrypt this message and your grandmother take the effort to +decrypt it? +\end{bubble} + \begin{itemize} -\item Imagine you have an completely innocent email message, - like birthday wishes to your grandmother? Why should you - still encrypt this message and your grandmother take the - effort to decrypt it?\bigskip - - \small +\item \small (Hint: The answer has nothing to do with preserving the privacy of your grandmother and nothing to do with keeping her birthday wishes super-secret. Also nothing to @@ -56,7 +57,8 @@ \begin{frame}[c] \begin{center} -\includegraphics[scale=0.6]{../pics/escher.jpg} +\includegraphics[scale=0.6]{../pics/escher.jpg}\\ +\footnotesize\mbox{M.C.Escher, Amazing World (from Gödel, Escher, Bach by D.Hofstadter)} \end{center} \end{frame} @@ -66,7 +68,7 @@ \begin{frame}[c] \frametitle{Interlock Protocol} -Protocol between a car \bl{$C$} and a key transponder \bl{$T$}:\bigskip +\mbox{A Protocol between a car \bl{$C$} and a key transponder \bl{$T$}:}\bigskip \begin{enumerate} \item \bl{$C$} generates a random number \bl{$N$} @@ -85,9 +87,9 @@ \begin{frame}[c] \frametitle{Zero-Knowledge Proofs} -Essentially every NP-problem can be used for ZKPs\bigskip +\begin{itemize} +\item Essentially every NP-problem can be used for ZKPs\bigskip -\begin{itemize} \item modular logarithms: Alice chooses public \bl{$A$}, \bl{$B$}, \bl{$p$}; and private \bl{$x$} \begin{center} @@ -117,7 +119,7 @@ \begin{frame}[c] \frametitle{Modular Logarithm} -Ordinary, non-modular logarithms: +Ordinary, \emph{non}-modular logarithms: \begin{center}\large \begin{tabular}{ll} @@ -128,7 +130,7 @@ \end{center} Conclusion: \bl{$1.2304489$} is very close to the \emph{true} -solution +solution, slightly low \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -140,18 +142,17 @@ In contrast, modular logarithms behave much differently: \begin{center}\large -\bl{$2^? \equiv 88319671\;\; mod\;\; 97330327$}\bigskip\\\pause +\bl{$2^? \equiv 88319671\;\; mod\;\; 97330327$}\bigskip \end{center}\pause -Lets say I found \bl{$28305819$}\ldots I try +Lets say I `found' \bl{$28305819$} and I try \begin{center}\large -\bl{$2^{28305819} \equiv 88032151\;\; mod\;\; 97330327$}\bigskip\\\pause +\bl{$2^{28305819} \equiv 88032151\;\; mod\;\; 97330327$}\bigskip \end{center}\pause -I could be tempted to try \bl{$28305820$}\ldots\pause -but the real\\ -\mbox{}\hfill answer is \bl{12314}. +Slightly lower. I might be tempted to try \bl{$28305820$}\ldots\pause +but the real answer is \bl{12314}. \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -265,6 +266,103 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{How can Alice cheat?} + +\begin{itemize} +\item Alice needs to coordinate what she sends as \bl{$h_i$} + (in step 2), \bl{$s_i$} (in step 4) and + \bl{$s_{z+1}$} (in step 6).\pause\bigskip + +\item for \bl{$s_{z+1}$} she solves the easy +\begin{center} +\bl{$A^{s_{z+1}} \equiv B * y \;mod\;p$} +\end{center} + +for \bl{$y$}.\pause +\item if she can guess \bl{$j$} (first \bl{$1$}) then + she sends \bl{$y$} as \bl{$h_j$} +and \bl{$0$} as \bl{$s_j$}.\pause + +\item however she does not know \bl{$r_j$} because she would +need to solve +\begin{center} +\bl{$A^{r_j} \equiv y \;mod\;p$} +\end{center} +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{How can Alice cheat?} + +\begin{itemize} +\item Alice still needs to decide on the other \bl{$h_i$} and +\bl{$s_i$}. They have to satisfy the test: + +\[\bl{A^{\alert{s_i}} \stackrel{?}{\equiv} \alert{h_i} * h_j^{-1} \;mod\; p}\] +\pause + +\item Lets say she choses the \bl{$s_i$} at random, then she +needs to solve + +\[\bl{A^{s_i} \equiv z * h_j^{-1} \;mod\; p}\] + +for \bl{$z$}.\pause{} It still does not allow us to find out +the \bl{$r_i$}. Let us call an \bl{$h_i$} calculated in this +way as \alert{bogus}. + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{How can Alice cheat?} + +\begin{itemize} +\item Alice has to produce bogus \bl{$h_i$} for all bits that +are going to be \bl{$1$} in advance.\bigskip\pause + +\item Lets say \bl{$b_i = 1$} where Alice guessed \bl{$0$}: +She already has sent \bl{$h_i$} and \bl{$h_j$} and now must find a +correct \bl{$s_i$} (which she chose at random at first) + +\[\bl{A^{s_i} \equiv h_i * h_j^{-1} \;mod\; p}\] + +If she knew \bl{$r_i$} and \bl{$r_j$}, then easy: +\bl{$s_i = r_i - r_j$}. But she does not. So she will be found +out. +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{How can Alice cheat?} + +\begin{itemize} +\item Alice has to produce bogus \bl{$h_i$} for all bits that +are going to be \bl{$1$} in advance.\bigskip + +\item Lets say \bl{$b_i = 0$} where Alice guessed \bl{$1$}: +She has to send an \bl{$s_i$} so that + +\[\bl{A^{s_i} \equiv h_i\;mod\;p}\] + +She does not know \bl{$r_i$}. So this is too hard and +she will be found out. +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \tikzset{alt/.code args={<#1>#2#3#4}{% \alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path }} @@ -374,24 +472,47 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] - -\begin{itemize} -\item Imagine you have an completely innocent email message, - like birthday wishes to your grandmother? Why should you - still encrypt this message and your grandmother take the - effort to decrypt it?\bigskip +\frametitle{Coming Back To\ldots} - \small - (Hint: The answer has nothing to do with preserving the - privacy of your grandmother and nothing to do with - keeping her birthday wishes super-secret. Also nothing to - do with you and grandmother testing the latest - encryption technology, nor just for the sake of it.) +\begin{bubble}[10cm] +Imagine you have an completely innocent email message, like +birthday wishes to your grandmother? Why should you still +encrypt this message and your grandmother take the effort to +decrypt it? +\end{bubble}\pause + +\begin{itemize} +\item \small + Bruce Schneier\\ + NSA Surveillance and What To Do About It\\ + \url{https://www.youtube.com/watch?v=QXtS6UcdOMs} \end{itemize} \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\small +\begin{bubble}[10cm] +Terrorists use encrypted mobile-messaging apps. The spy +agencies argue that although they can follow the conversations +on Twitter, they ``go dark'' on the encrypted message apps. To +counter this ``going-dark problem'', the spy agencies push for +the implementation of back-doors in iMessage and Facebook and +Skype and everything else UK or US-made, which they can use +eavesdrop on conversations without the conversants' knowledge +or consent. + +\end{bubble} + +\begin{itemize} +\item What is the fallacy in the spy agencies going-dark + argument? +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document}