# HG changeset patch # User Christian Urban # Date 1445461666 -3600 # Node ID 708b80c825af36395918f429fbef5c54a7d06a8c # Parent 56bc53ba7c5b02af3fae3edf49e94da08832acf6 updated diff -r 56bc53ba7c5b -r 708b80c825af slides/slides05.pdf Binary file slides/slides05.pdf has changed diff -r 56bc53ba7c5b -r 708b80c825af slides/slides05.tex --- a/slides/slides05.tex Wed Oct 21 13:31:56 2015 +0100 +++ b/slides/slides05.tex Wed Oct 21 22:07:46 2015 +0100 @@ -1,7 +1,9 @@ -\documentclass[dvipsnames,14pt,t]{beamer} +\PassOptionsToPackage{bookmarks=false}{hyperref} +\documentclass[dvipsnames,14pt,t,hyperref={bookmarks=false}]{beamer} \usepackage{../slides} \usepackage{../graphics} \usepackage{../langs} +\usepackage{../style} \usetikzlibrary{arrows} \usetikzlibrary{shapes} @@ -113,6 +115,46 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{A Simple PK Protocol} + + +\begin{center} +\begin{tabular}{ll@{\hspace{2mm}}l} +1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\smallskip\\ +2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\smallskip\\ +3. & \bl{$A \to B :$} & \bl{$\{A,m\}_{K^{pub}_B}$}\smallskip\\ +4. & \bl{$B \to A :$} & \bl{$\{B,m'\}_{K^{pub}_A}$} +\end{tabular} +\end{center}\pause\bigskip + +unfortunately there is a simple man-in-the- middle-attack +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{A MITM Attack} + + +\begin{center} +\begin{tabular}{ll@{\hspace{2mm}}l} +1. & \bl{$A \to E :$} & \bl{$K^{pub}_A$}\smallskip\\ +2. & \bl{$E \to B :$} & \bl{$K^{pub}_E$}\smallskip\\ +3. & \bl{$B \to E :$} & \bl{$K^{pub}_B$}\smallskip\\ +4. & \bl{$E \to A :$} & \bl{$K^{pub}_E$}\smallskip\\ +5. & \bl{$A \to E :$} & \bl{$\{A,m\}_{K^{pub}_E}$}\smallskip\\ +6. & \bl{$E \to B :$} & \bl{$\{E,m\}_{K^{pub}_B}$}\smallskip\\ +7. & \bl{$B \to E :$} & \bl{$\{B,m'\}_{K^{pub}_E}$}\smallskip\\ +8. & \bl{$E \to A :$} & \bl{$\{E,m'\}_{K^{pub}_A}$} +\end{tabular} +\end{center}\pause\medskip + +and \bl{$A$} and \bl{$B$} have no chance to detect it +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{Interlock Protocol} The interlock protocol (``best bet'' against MITM): @@ -135,6 +177,28 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{Splitting Messages} + +\begin{center} +$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\{A,m\}_{K^{pub}_B}}$ +\end{center} + +\begin{center} +$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{H_1}$\quad +$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{H_2}$ +\end{center} + +\begin{itemize} +\item you can also use the even and odd bytes +\item the point is you cannot decrypt the halves +\end{itemize} + + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \begin{center} \begin{tabular}{l@{\hspace{9mm}}l} @@ -144,7 +208,7 @@ \bl{$B \to C : K^{pub}_B$}\\ \bl{$C \to A : K^{pub}_C$}\medskip\\ \bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\ -\bl{$\{B,n\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\ +\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\ \bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\ \bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$} \end{tabular} & @@ -159,7 +223,11 @@ \bl{$C \to A : D_2$} \end{tabular} \end{tabular} -\end{center} +\end{center}\pause + +\footnotesize +\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the +weather today in London? \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -170,459 +238,70 @@ \begin{itemize} \item you have to ask something that cannot imitated (requires \bl{$A$} and \bl{$B$} know each other) -\item what happens if \bl{$m$} and \bl{$n$} are voice - messages?\bigskip +\item what happens if \bl{$m$} and \bl{$m'$} are voice + messages?\bigskip\pause + +\item So \bl{$C$} can either leave the communication unchanged + (Hellamn-Diffie), or invent a complete new conversation + +\end{itemize} -\item the moral: establishing a secure connection from ``zero'' is -almost impossible---you need to rely on some established -trust\medskip +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] + +\begin{itemize} +\item the moral: establishing a secure connection from + ``zero'' is almost impossible---you need to rely on some + established trust\medskip \item that is why we rely on certificates, which however are -badly, badly realised (just today a POODLE attack against SSL) + badly, badly realised \end{itemize} \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Protocols} - -Some examples where ``over-the-air'' protocols are used: - -\begin{itemize} -\item wifi -\item card readers (you cannot trust the terminals) -\item RFID (passports) -\item car transponders -\end{itemize}\medskip\pause - -The point is that we cannot control the network: An attacker -can install a packet sniffer, inject packets, modify packets, -replay messages\ldots{}fake pretty much everything. - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Keyless Car Transponders} - -\begin{center} -\includegraphics[scale=0.1]{../pics/keyfob.jpg} -\quad -\includegraphics[scale=0.27]{../pics/startstop.jpg} -\end{center} - -\begin{itemize} -\item There are two security mechanisms: one remote central -locking system and one passive RFID tag (engine immobiliser). -\item How can I get in? How can thieves be kept out? -How to avoid MITM attacks? -\end{itemize}\medskip - -\footnotesize -\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\ -\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\ -\hfill a Vehicle Immobilizer - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{HTTPS / GSM} - -\begin{center} -\includegraphics[scale=0.25]{../pics/barclays.jpg} -\quad -\includegraphics[scale=0.25]{../pics/phone-signal.jpg} -\end{center} - -\begin{itemize} -\item I am sitting at Starbuck. How can I be sure I am really - visiting Barclays? I have no control of the access - point. -\item How can I achieve that a secret key is established in - order to encrypt my mobile conversation? I have no - control over the access points. -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Handshakes} - -\begin{itemize} -\item starting a TCP connection between a client and a server -initiates the following three-way handshake protocol: -\end{itemize} - -\begin{columns}[t] -\begin{column}{5cm} -\begin{minipage}[t]{4cm} -\begin{center} -\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}} -\end{center} -\end{minipage} -\end{column} -\begin{column}{5cm} -\begin{tabular}[t]{rl} -Alice: & Hello server!\\ -Server: & I heard you\\ -Alice: & Thanks -\end{tabular} -\end{column} -\end{columns} - -\onslide<2->{ -\begin{center} -\begin{tabular}{rl} -\bl{$A \rightarrow S$}: & \bl{SYN}\\ -\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\ -\bl{$A \rightarrow S$}: & \bl{ACK}\\ -\end{tabular} -\end{center}} - -\only<3>{ -\begin{textblock}{3}(11,5) -\begin{bubble}[3.2cm] -SYNflood attacks:\medskip\\ -\includegraphics[scale=0.4]{../pics/synflood.png} -\end{bubble} -\end{textblock}} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Authentication} - -\begin{columns} -\begin{column}{8cm} -\begin{minipage}[t]{7.5cm} -\begin{center} -\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}} -\end{center} -\end{minipage} -\end{column} -\begin{column}{5cm} -\begin{minipage}[t]{4.5cm} -\begin{tabular}{l} -Knock Knock!\\ -Who's there?\\ -Alice.\\ -Alice who? -\end{tabular} -\end{minipage} -\end{column} -\end{columns} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Authentication Protocols} - -Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key -\bl{$K_{AB}$}\bigskip - -Password transmission: - -\begin{center} -\bl{$A \rightarrow B: K_{AB}$} -\end{center}\pause\bigskip - -Problems: Eavesdropper can capture the secret and replay it; -\bl{$B$} cannot confirm the identity of \bl{$A$} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Authentication Protocols} - -Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key -\bl{$K_{AB}$}\bigskip - -Simple Challenge Response (solving the replay problem): - -\begin{center} -\begin{tabular}{lll} -\bl{$A \rightarrow B:$} & \bl{Hi I am A}\\ -\bl{$B \rightarrow A:$} & \bl{$N$} & (challenge)\\ -\bl{$A \rightarrow B:$} & \bl{$\{N\}_{K_{AB}}$}\\ -\end{tabular} -\end{center}\pause - -\begin{itemize} -\item cannot be replayed since next time will be another - challenge \bl{$N$} -\item \bl{$B$} authenticates \bl{$A$}, but \bl{$A$} does not - authenticate \bl{$B$} (Eve can intercept - messages from \bl{$A$}, send random challenge - and ignore last) -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Authentication Protocols} - -Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip - -Mutual Challenge Response: - -\begin{center} -\begin{tabular}{ll} -\bl{$A \rightarrow B:$} & \bl{$N_A$}\\ -\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow B:$} & \bl{$N_B$}\\ -\end{tabular} -\end{center}\pause - -But requires shared secret key. -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Nonces} +\frametitle{Trusted Third Parties} -\begin{enumerate} -\item I generate a nonce (random number) and send it to you encrypted with a key we share -\item you increase it by one, encrypt it under a key I know and send -it back to me -\end{enumerate} - - -I can infer: - -\begin{itemize} -\item you must have received my message -\item you could only have generated your answer after I send you my initial -message -\item if only you and me know the key, the message must have come from you -\end{itemize} - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] - -\begin{center} -\begin{tabular}{ll} -\bl{$A \rightarrow B$:} & \bl{$N_A$}\\ -\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\ -\bl{$A \rightarrow B$:} & \bl{$N_B$}\\ -\end{tabular} -\end{center} - -The attack (let $A$ decrypt her own messages): - -\begin{center} -\begin{tabular}{ll} -\bl{$A \rightarrow E$:} & \bl{$N_A$}\\ -\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\ -\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\ -\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\ -\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\ -\end{tabular} -\end{center}\pause - -\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - \mode{ - \begin{frame}[c] - \frametitle{Encryption to the Rescue?} - - - \begin{itemize} - \item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip - \item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip - \item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip - \end{itemize}\pause - -means you need to send separate ``Hello'' signals (bad), or worse -share a single key between many entities -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Trusted Third Party} - -Simple protocol for establishing a secure connection via a mutually -trusted 3rd party (server): +Simple protocol for establishing a secure connection via a +mutually trusted 3rd party (server): \begin{center} \begin{tabular}{r@ {\hspace{1mm}}l} \bl{$A \rightarrow S :$} & \bl{$A, B$}\\ -\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}\}_{K_{AS}}$} and \bl{$\{\{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\ +\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\ \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\ \bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\ \end{tabular} \end{center} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] -\frametitle{Public-Key Infrastructure} +\frametitle{PKI: The Main Idea} \begin{itemize} \item the idea is to have a certificate authority (CA) \item you go to the CA to identify yourself \item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip -\item CA must be trusted by everybody +\item CA must be trusted by everybody\medskip + \item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign explicitly limits liability to \$100.) \end{itemize} -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Person-in-the-Middle} - -``Normal'' protocol run:\bigskip - -\begin{itemize} -\item \bl{$A$} sends public key to \bl{$B$} -\item \bl{$B$} sends public key to \bl{$A$} -\item \bl{$A$} sends a message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it -with its private key -\item \bl{$B$} sends a message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it -with its private key -\end{itemize} - \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Person-in-the-Middle} - -Attack: - -\begin{itemize} -\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} - intercepts this message and send his own public key to - \bl{$B$} -\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} - intercepts this message and send his own public key - \bl{$A$} -\item \bl{$A$} sends a message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it -with its private key, re-encrypts with \bl{$B$}'s public key -\item similar the other way -\end{itemize} - -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Person-in-the-Middle} - -Prevention: - -\begin{itemize} -\item \bl{$A$} sends public key to \bl{$B$} -\item \bl{$B$} sends public key to \bl{$A$} -\item \bl{$A$} encrypts a message with \bl{$B$}'s public key, - sends {\bf half} of the message to \bl{$B$} -\item \bl{$B$} encrypts a message with \bl{$A$}'s public key, - sends {\bf half} of the message back to \bl{$A$} -\item \bl{$A$} sends other half, \bl{$B$} can now decrypt - entire message -\item \bl{$B$} sends other half, \bl{$A$} can now decrypt - entire message -\end{itemize}\pause - -\bl{$C$} would have to invent a totally new message - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Car Transponder (HiTag2)} - -\begin{enumerate} -\item \bl{$C$} generates a random number \bl{$N$} -\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$} -\item \bl{$C \to T$}: \bl{$N, F$} -\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$} -\item \bl{$T$} checks that \bl{$F = F'$} -\item \bl{$T \to C$}: \bl{$N, G'$} -\item \bl{$C$} checks that \bl{$G = G'$} -\end{enumerate}\pause - -\small -This process means that the transponder believes the car knows -the key \bl{$K$}, and the car believes the transponder knows -the key \bl{$K$}. They have authenticated themselves -to each other. - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{Person-in-the-Middle} - -\begin{itemize} -\item Border Gateway Protocol (BGP) --- routers believe - their neighbours -\item it is possible to advertise bad routes -\item can be done over continents\bigskip -\end{itemize} - -\hfill\footnotesize\url{http://www.renesys.com/2013/11/mitm-internet-hijacking/} -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}[c] -\frametitle{Protocol Attacks} - -\begin{itemize} -\item replay attacks -\item reflection attacks -\item man-in-the-middle attacks -\item timing attacks -\item parallel session attacks -\item binding attacks (public key protocols) -\item changing environment / changing assumptions\bigskip - -\item (social engineering attacks) -\end{itemize} -\end{frame}} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] @@ -641,7 +320,6 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] \frametitle{Best Practices} @@ -660,7 +338,7 @@ \end{itemize} \end{center} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -682,7 +360,6 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] \frametitle{Formal Methods} @@ -695,7 +372,7 @@ choices that might otherwise be fudged. \end{quote} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -713,14 +390,6 @@ \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] - - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - \end{document} %%% Local Variables: diff -r 56bc53ba7c5b -r 708b80c825af style.sty --- a/style.sty Wed Oct 21 13:31:56 2015 +0100 +++ b/style.sty Wed Oct 21 22:07:46 2015 +0100 @@ -5,10 +5,18 @@ \usepackage{amssymb} \usepackage{amsmath} \usepackage{menukeys} +\@ifpackageloaded{hyperref}{}{\usepackage{hyperref}} + \definecolor{darkblue}{rgb}{0,0,0.6} -\usepackage[colorlinks=true,urlcolor=darkblue,linkcolor=darkblue]{hyperref} +\hypersetup{colorlinks=true} +\hypersetup{linkcolor=darkblue} +\hypersetup{urlcolor=darkblue} + -\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% +\ifx\foobar\undefined \else + \newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% +\fi + \definecolor{codegray}{gray}{0.9} \newcommand\grid[1]{%