diff -r be35ff24cccc -r d1d07f05325a slides08.tex --- a/slides08.tex Sun Dec 09 13:00:33 2012 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,747 +0,0 @@ -\documentclass[dvipsnames,14pt,t]{beamer} -\usepackage{proof} -\usepackage{beamerthemeplainculight} -\usepackage[T1]{fontenc} -\usepackage[latin1]{inputenc} -\usepackage{mathpartir} -\usepackage{isabelle} -\usepackage{isabellesym} -\usepackage[absolute,overlay]{textpos} -\usepackage{ifthen} -\usepackage{tikz} -\usepackage{courier} -\usepackage{listings} -\usetikzlibrary{arrows} -\usetikzlibrary{positioning} -\usetikzlibrary{calc} -\usepackage{graphicx} -\usetikzlibrary{shapes} -\usetikzlibrary{shadows} -\usetikzlibrary{plotmarks} - - -\isabellestyle{rm} -\renewcommand{\isastyle}{\rm}% -\renewcommand{\isastyleminor}{\rm}% -\renewcommand{\isastylescript}{\footnotesize\rm\slshape}% -\renewcommand{\isatagproof}{} -\renewcommand{\endisatagproof}{} -\renewcommand{\isamarkupcmt}[1]{#1} - -% Isabelle characters -\renewcommand{\isacharunderscore}{\_} -\renewcommand{\isacharbar}{\isamath{\mid}} -\renewcommand{\isasymiota}{} -\renewcommand{\isacharbraceleft}{\{} -\renewcommand{\isacharbraceright}{\}} -\renewcommand{\isacharless}{$\langle$} -\renewcommand{\isachargreater}{$\rangle$} -\renewcommand{\isasymsharp}{\isamath{\#}} -\renewcommand{\isasymdots}{\isamath{...}} -\renewcommand{\isasymbullet}{\act} - - - -\definecolor{javared}{rgb}{0.6,0,0} % for strings -\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments -\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords -\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc - -\lstset{language=Java, - basicstyle=\ttfamily, - keywordstyle=\color{javapurple}\bfseries, - stringstyle=\color{javagreen}, - commentstyle=\color{javagreen}, - morecomment=[s][\color{javadocblue}]{/**}{*/}, - numbers=left, - numberstyle=\tiny\color{black}, - stepnumber=1, - numbersep=10pt, - tabsize=2, - showspaces=false, - showstringspaces=false} - -\lstdefinelanguage{scala}{ - morekeywords={abstract,case,catch,class,def,% - do,else,extends,false,final,finally,% - for,if,implicit,import,match,mixin,% - new,null,object,override,package,% - private,protected,requires,return,sealed,% - super,this,throw,trait,true,try,% - type,val,var,while,with,yield}, - otherkeywords={=>,<-,<\%,<:,>:,\#,@}, - sensitive=true, - morecomment=[l]{//}, - morecomment=[n]{/*}{*/}, - morestring=[b]", - morestring=[b]', - morestring=[b]""" -} - -\lstset{language=Scala, - basicstyle=\ttfamily, - keywordstyle=\color{javapurple}\bfseries, - stringstyle=\color{javagreen}, - commentstyle=\color{javagreen}, - morecomment=[s][\color{javadocblue}]{/**}{*/}, - numbers=left, - numberstyle=\tiny\color{black}, - stepnumber=1, - numbersep=10pt, - tabsize=2, - showspaces=false, - showstringspaces=false} - -% beamer stuff -\renewcommand{\slidecaption}{APP 08, King's College London, 20 November 2012} -\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% for definitions -\newcommand{\bl}[1]{\textcolor{blue}{#1}} - -\begin{document} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}<1>[t] -\frametitle{% - \begin{tabular}{@ {}c@ {}} - \\ - \LARGE Access Control and \\[-3mm] - \LARGE Privacy Policies (8)\\[-6mm] - \end{tabular}}\bigskip\bigskip\bigskip - - %\begin{center} - %\includegraphics[scale=1.3]{pics/barrier.jpg} - %\end{center} - -\normalsize - \begin{center} - \begin{tabular}{ll} - Email: & christian.urban at kcl.ac.uk\\ - Of$\!$fice: & S1.27 (1st floor Strand Building)\\ - Slides: & KEATS (also homework is there)\\ - \end{tabular} - \end{center} - - -\end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[c] - \frametitle{Last Week} - -Andrew Secure RPC Protocol: -\bl{$A$} and \bl{$B$} share a key private \bl{$K_{AB}$} and want to identify -each other\bigskip - - \begin{itemize} - \item \bl{$A \,\text{sends}\, B : A, N_A$} - \item \bl{$B\,\text{sends}\, A : \{N_A, K'_{AB}\}_{K_{AB}}$} - \item \bl{$A \,\text{sends}\, B : \{N_A\}_{K'_{AB}}$} - \end{itemize} - - \end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[t] - \frametitle{Protocols} - -\mbox{} - -\begin{tabular}{l} -{\Large \bl{$A\;\text{sends}\; B : \ldots$}}\\ -\onslide<2->{\Large \bl{$B\;\text{sends}\; A : \ldots$}}\\ -\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip -\end{tabular} - - \begin{itemize} - \item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\ - but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip -\item<2-> indicates one ``protocol run'', or session, which specifies some -order in the communication -\item<2-> there can be several sessions in parallel (think of wifi routers) -\end{itemize} - - \end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[c] - \frametitle{Last Week} - - -\bl{$A$} and \bl{$B$} share the key \bl{$K_{AB}$} and want to identify -each other\bigskip - - \begin{itemize} - \item \bl{$A \,\text{sends}\, B : A, N_A$} - \item \bl{$B\,\text{sends}\, A : \{N_A, K'_{AB}\}_{K_{AB}}$} - \item \bl{$A \,\text{sends}\, B : \{N_A\}_{K'_{AB}}$} - \end{itemize} - \end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[c] - \frametitle{Defeating Challenge-Response} - -\noindent -A \alert{reflection attack}: an intruder \bl{$I$} impersonates \bl{$B$}. - -\begin{center} -\begin{tabular}{@{\hspace{-7mm}}c@{\hspace{1mm}}c@{}} -\begin{tabular}{@{}l@{}} -\onslide<1->{\bl{$A \,\text{sends}\, I : A, N_A$}}\\ -\onslide<4->{\bl{$I \,\text{sends}\, A : \{N_A,\!K'_{\!AB}\}_{K_{\!AB}}$}}\\ -\onslide<5->{\bl{$A \,\text{sends}\, I : \{N_A\}_{K'_{AB}}$}}\\ -\end{tabular} -& -\begin{tabular}{@{}l@{}} -\onslide<2->{\bl{$I \,\text{sends}\, A : B, N_A$}}\\ -\onslide<3->{\bl{$A \,\text{sends}\, I : \{N_A,\!K'_{\!AB}\}_{K_{\!AB}}$}}\\ -\onslide<6->{\bl{$I \,\text{sends}\, A : \{N_A\}_{K'_{AB}}$}}\\ -\end{tabular} -\end{tabular} -\end{center}\bigskip - -\onslide<7->{Sounds stupid: ``\ldots answering a question with a counter question''\medskip\\ -was originally developed at CMU for terminals to connect to -workstations (e.g., file servers)} - - \end{frame}} - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Identify Friend or Foe} - -\begin{center} -\onslide<3->{\mbox{}\hspace{3.4cm}\includegraphics[scale=0.55]{pics/MigInMiddle.jpg}} -\end{center} - -\begin{textblock}{6}(0.3,2) -\onslide<2->{ -198?: war between Angola (supported by Cuba) -and Namibia (supported by SA)} -\end{textblock} - -\begin{textblock}{3}(12.5,4.6) - \onslide<3->{ - \begin{tikzpicture} - \node at (0,0) [single arrow, fill=red,text=white, rotate=-50, shape border rotate=180]{``bystander''}; - \end{tikzpicture}} - \end{textblock} - -\begin{textblock}{3}(10.9,10) - \onslide<3->{ - \begin{tikzpicture} - \node at (0,0) [single arrow, fill=red,text=white, rotate=-40, shape border rotate=180]{attacker}; - \end{tikzpicture}} - \end{textblock} - -\only<4->{ -\begin{textblock}{6}(0.3,9) -being outsmarted by Angola/Cuba -ended SA involvement (?) -\end{textblock}} -\only<5->{ -\begin{textblock}{6}(0.3,13) -IFF opened up a nice side-channel attack -\end{textblock}} -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[c] - \frametitle{Encryption to the Rescue?} - - - \begin{itemize} - \item \bl{$A \,\text{sends}\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip - \item \bl{$B\,\text{sends}\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip - \item \bl{$A \,\text{sends}\, B : \{N_A\}_{K'_{AB}}$}\bigskip - \end{itemize}\pause - -means you need to send separate ``Hello'' signals (bad), or worse -share a single key between many entities -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Protocol Attacks} - -\begin{itemize} -\item replay attacks -\item reflection attacks -\item man-in-the-middle attacks -\item timing attacks -\item parallel session attacks -\item binding attacks (public key protocols) -\item changing environment / changing assumptions\bigskip - -\item (social engineering attacks) -\end{itemize} -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Replay Attacks} - -Schroeder-Needham protocol: exchange of a symmetric key with a trusted 3rd-party \bl{$S$}: - -\begin{center} -\begin{tabular}{r@ {\hspace{1mm}}l} -\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\ -\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\ -\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\ -\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\ -\end{tabular} -\end{center}\bigskip\pause - -at the end of the protocol both \bl{$A$} and \bl{$B$} should be in the possession of the secret key -\bl{$K_{AB}$} and know that the other principal has the key - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Nonces} - -\begin{enumerate} -\item I generate a nonce (random number) and send it to you encrypted with a key we share -\item you increase it by one, encrypt it under a key I know and send -it back to me -\end{enumerate} - - -I can infer: - -\begin{itemize} -\item you must have received my message -\item you could only have generated your answer after I send you my initial -message -\item if only you and me know the key, the message must have come from you -\end{itemize} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] - -\begin{center} -\begin{tabular}{l} -\bl{$A \rightarrow S :$} \bl{$A, B, N_A$}\\ -\bl{$S \rightarrow A :$} \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\ -\bl{$A \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\ -\bl{$B \rightarrow A :$} \bl{$\{N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow B :$} \bl{$\{N_B-1\}_{K_{AB}}$}\pause\\ -\hspace{5cm}compromise \bl{$K_{AB}$}\pause\\ -\bl{$A \rightarrow S :$} \bl{$A, B, N'_A$}\\ -\bl{$S \rightarrow A :$} \bl{$\{N'_A, B, K'_{AB},\{K'_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\pause\\ -\bl{$I(A) \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\hspace{0.5cm} replay of older run\pause\\ -\bl{$B \rightarrow I(A) :$} \bl{$\{N'_B\}_{K_{AB}}$}\\ -\bl{$I(A) \rightarrow B :$} \bl{$\{N'_B-1\}_{K_{AB}}$}\ -\end{tabular} -\end{center}\pause - -\bl{$B$} believes it is following the correct protocol, -intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and -talks to \bl{$B$} masquerading as \bl{$A$} -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] - -\begin{center} -\includegraphics[scale=0.5]{pics/dogs.jpg} -\end{center} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Replay Attacks} - -Andrew Secure RPC protocol: exchanging a new key -between \bl{$A$} and \bl{$B$} - -\begin{center} -\begin{tabular}{l} -\bl{$A \rightarrow B :$} \bl{$A, \{N_A\}_{K_{AB}}$}\\ -\bl{$B \rightarrow A :$} \bl{$\{N_A+1, N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow B :$} \bl{$\{N_B+1\}_{K_{AB}}$}\\ -\bl{$B \rightarrow A :$} \bl{$\{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$}\\ -\end{tabular} -\end{center}\bigskip\pause - -Assume nonces are represented as bit-sequences of the same length as keys -\begin{center} -\begin{tabular}{@{}l@{}} -\bl{$A \rightarrow B :$} \bl{$A, \{N_A\}_{K_{AB}}$}\\ -\bl{$B \rightarrow A :$} \bl{$\{N_A+1, N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow I(B) :$} \bl{$\{N_B+1\}_{K_{AB}}$}\hspace{0.5mm}intercepts\\ -\bl{$I(B) \rightarrow A :$} \bl{$\{N_A+1, N_B\}_{K_{AB}}$}\hspace{0.5mm}resend 2nd msg\\ -\end{tabular} -\end{center} -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Time-Stamps} - -The Schroeder-Needham protocol can be fixed by including a time-stamp (e.g., in Kerberos): - -\begin{center} -\begin{tabular}{r@ {\hspace{1mm}}l} -\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\ -\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\ -\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\ -\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\ -\end{tabular} -\end{center}\bigskip\pause - -but nothing is for free: then you need to synchronise time and possibly become a victim to -timing attacks - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] - -It can also be fixed by including another nonce: - -\begin{center} -\begin{tabular}{r@ {\hspace{1mm}}l} -\bl{$A \rightarrow B :$} & \bl{$A$}\\ -\bl{$B \rightarrow A :$} & \bl{$\{A, N_B\}_{K_{BS}}$}\\ -\bl{$A \rightarrow S :$} & \bl{$A, B, N_A, \{A, N_B\}_{K_{BS}}$}\\ -\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A, N_B\}_{K_{BS}} \}_{K_{AS}}$}\\ -\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, N_B\}_{K_{BS}} $}\\ -\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\ -\end{tabular} -\end{center}\bigskip\pause - -but nothing is for free: then you need to synchronise time and possibly become victim to -timing attacks - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Binding Attacks} - -with public-private keys it is important that the public key is \alert{bound} -to the right owner (verified by a certification authority \bl{$CA$}) - -\begin{center} -\begin{tabular}{l} -\bl{$A \rightarrow CA :$} \bl{$A, B, N_A$}\\ -\bl{$CA \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{B}\}_{K^{pub}_{A}}$}\\ -\end{tabular} -\end{center}\bigskip - -\bl{$A$} knows \bl{$K^{priv}_A$} and can verify the message came from \bl{$CA$} -in response to \bl{$A$}'s message and trusts \bl{$K^{pub}_{B}$} is \bl{$B$}'s public key - - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Binding Attacks} - -\begin{center} -\begin{tabular}{l} -\bl{$A \rightarrow I(CA) :$} \bl{$A, B, N_A$}\\ -\bl{$I(A) \rightarrow CA :$} \bl{$A, I, N_A$}\\ -\bl{$CA \rightarrow I(A) :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\ -\bl{$I(CA) \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\ -\end{tabular} -\end{center}\pause - -\bl{$A$} now encrypts messages for \bl{$B$} with the public key of \bl{$I$} -(which happily decrypts them with its private key) - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] - -There are plenty of other protocols and attacks. This could go on ``forever''.\pause\bigskip - -We look here on one more kind of attacks that are because of a changing environment. - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[t] -\frametitle{Changing Environment Attacks} - -\begin{itemize} -\item all protocols rely on some assumptions about the environment -(e.g., cryptographic keys cannot be broken)\bigskip\pause -\end{itemize} - -\only<2>{ -\begin{itemize} -\item in the ``good olden days'' (1960/70) rail transport was cheap, so fraud was not -worthwhile -\end{itemize}} - -\only<3>{ -\begin{itemize} -\item when it got expensive, some people bought cheaper monthly tickets for a suburban -station and a nearby one, and one for the destination and a nearby one -\item a large investment later all barriers were automatic and tickets could record state -\end{itemize}} - -\only<4>{ -\begin{itemize} -\item but suddenly the environment changed: rail transport got privatised creating many -competing companies -potentially cheating each other -\item revenue from monthly tickets was distributed according to a formula involving where the ticket was bought\ldots -\end{itemize}} - -\only<5>{ -\begin{itemize} -\item apart from bad outsiders (passengers), you also had bad insiders (rail companies) -\item chaos and litigation ensued -\end{itemize}} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] - -A Man-in-the-middle attack in real life: - -\begin{itemize} -\item the card only says yes or no to the terminal if the PIN is correct -\item trick the card in thinking transaction is verified by signature -\item trick the terminal in thinking the transaction was verified by PIN -\end{itemize} - -\begin{minipage}{1.1\textwidth} -\begin{center} -\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{pics/chip-attack.png} -\includegraphics[scale=0.3]{pics/chipnpinflaw.png} -\end{center} -\end{minipage} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Problems with EMV} - -\begin{itemize} -\item it is a wrapper for many protocols -\item specification by consensus (resulted unmanageable complexity) -\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some -further parts are secret -\item other attacks have been found - -\item one solution might be to require always online verification of the PIN with the bank -\end{itemize} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Problems with WEP (Wifi)} - -\begin{itemize} -\item a standard ratified in 1999 -\item the protocol was designed by a committee not including cryptographers -\item it used the RC4 encryption algorithm which is a stream cipher requiring a unique nonce -\item WEP did not allocate enough bits for the nonce -\item for authenticating packets it used CRC checksum which can be easily broken -\item the network password was used to directly encrypt packages (instead of a key negotiation protocol)\bigskip -\item encryption was turned of by default -\end{itemize} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Protocols are Difficult} - -\begin{itemize} -\item even the systems designed by experts regularly fail\medskip -\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip -\item the one who can fix a system should also be liable for the losses\medskip -\item cryptography is often not {\bf the} answer\bigskip\bigskip -\end{itemize} - -logic is one way protocols are studied in academia -(you can use computers to search for attacks) - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Public-Key Infrastructure} - -\begin{itemize} -\item the idea is to have a certificate authority (CA) -\item you go to the CA to identify yourself -\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip -\item CA must be trusted by everybody -\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign -explicitly limits liability to \$100.) -\end{itemize} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Privacy, Anonymity et al} - -Some terminology: - -\begin{itemize} -\item \alert{secrecy} is the mechanism used to limit the number of -principals with access to information (eg, cryptography or access controls) - -\item \alert{confidentiality} is the obligation to protect the secrets of other people -or organizations (secrecy for the benefit of an organisation) - -\item \alert{anonymity} is the ability to leave no evidence of an activity (eg, sharing a secret) - -\item \alert{privacy} is the ability or right to protect your personal secrets -(secrecy for the benefit of an individual) - -\end{itemize} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[t] -\frametitle{Privacy vs Anonymity} - -\begin{itemize} -\item everybody agrees that anonymity has its uses (e.g., voting, whistleblowers, peer-review) -\end{itemize}\bigskip\bigskip\pause - - -But privacy?\bigskip\bigskip - -``You have zero privacy anyway. Get over it.''\\ -\hfill{}Scott Mcnealy (CEO of Sun)\bigskip\\ - - -If you have nothing to hide, you have nothing to fear. - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[t] -\frametitle{Privacy} - -private data can be often used against me - -\begin{itemize} -\item if my location data becomes public, thieves will switch off their phones and help themselves in my home -\item if supermarkets can build a profile of what I buy, they can use it to their advantage (banks - mortgages) -\item my employer might not like my opinions\bigskip\pause - -\item one the other hand, Freedom-of-Information Act -\item medical data should be private, but medical research needs data -\end{itemize} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[t] -\frametitle{Privacy Problems} - -\begin{itemize} -\item Apple takes note of every dictation (send over the Internet to Apple) -\item markets often only work, if data is restricted (to build trust) -\item Social network can reveal data about you -\item have you tried the collusion extension for FireFox? -\item I do use Dropbox, store cards\bigskip -\item next week: anonymising data -\end{itemize} - -\begin{textblock}{5}(12,8.9) -\includegraphics[scale=0.3]{pics/gattaca.jpg}\\ -\small Gattaca (1997) -\end{textblock} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -\end{document} - -%%% Local Variables: -%%% mode: latex -%%% TeX-master: t -%%% End: -