# HG changeset patch # User Christian Urban # Date 1414630191 0 # Node ID 03321ef4349a33d28b5676d55a82c08460455a7b # Parent 4f4612d5f6702d470695d49f1fef166e1bb1b99e updated diff -r 4f4612d5f670 -r 03321ef4349a handouts/ho05.pdf Binary file handouts/ho05.pdf has changed diff -r 4f4612d5f670 -r 03321ef4349a handouts/ho05.tex --- a/handouts/ho05.tex Thu Oct 30 00:39:01 2014 +0000 +++ b/handouts/ho05.tex Thu Oct 30 00:49:51 2014 +0000 @@ -771,15 +771,37 @@ \end{enumerate} \noindent The assumption is that the key $K$ is only known to -the car and the transponder. Again, I leave it to you to find +the car and the transponder. The claim is that $C$ and $T$ can +authenticate to each other. Again, I leave it to you to find out the magic why this protocol is immune from person-in-the-middle attacks. \subsubsection*{Further Reading} -{\small +If you want to know more about how cars can be hijacked, +the paper + +\begin{center} \url{http://www.cs.ru.nl/~rverdult/Gone_in_360_Seconds_Hijacking_with_Hitag2-USENIX_2012.pdf}} +\end{center} + +\noindent is quite amusing to read. Obviously an even more +amusing paper would be ``Dismantling Megamos Crypto: +Wirelessly Lockpicking a Vehicle Immobilizer'' but because +of the court injuction by VW we are denied this entertainment. + +Person-in-the-middle-attacks in the ``wild'' are described +with real data in the blog post + +\begin{center} +\url{http://www.renesys.com/2013/11/mitm-internet-hijacking} +\end{center} + +\noindent The conclusion in this post is that person-in-the-middle-attacks +can be launched from any place on Earth---it is not required +to sit in the ``middle'' of the communication of two people. +You just have to route their traffic through a node you own. \end{document}