# HG changeset patch # User cu # Date 1508084731 -3600 # Node ID ac3e4ea3362796bb721cbdf12e2b2aae789b4cd6 # Parent eae9a2e6ff282587ad11c909425f7f8e2289e2c8 updated diff -r eae9a2e6ff28 -r ac3e4ea33627 slides/slides04.pdf Binary file slides/slides04.pdf has changed diff -r eae9a2e6ff28 -r ac3e4ea33627 slides/slides04.tex --- a/slides/slides04.tex Mon Oct 09 10:07:35 2017 +0100 +++ b/slides/slides04.tex Sun Oct 15 17:25:31 2017 +0100 @@ -1,4 +1,5 @@ \documentclass[dvipsnames,14pt,t]{beamer} +\usepackage{../style} \usepackage{../slides} \usepackage{../graphics} \usepackage{../langs} @@ -45,10 +46,9 @@ \end{center} \begin{itemize} -%\item no ``cheating'' needed for format string attacks -\item required some cheating on modern OS -\item the main point: no cheating in practice\pause -\item one class of attacks not mentioned last week +\item this required some cheating on a modern OS +\item but the main point: no cheating needed in practice + (remember the quote about toasters) \end{itemize} \end{frame} @@ -56,22 +56,6 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Format String Vulnerability} - -\small -\texttt{string} is nowhere used:\bigskip - -{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip - -this vulnerability can be used to read out the stack and even -modify it - -\end{frame} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] \frametitle{Case-In-Point: Android} \begin{itemize} @@ -125,8 +109,12 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Survey} - +\frametitle{Survey at KEATS} + +\begin{center} +\alert{\bf\LARGE Thanks!} +\end{center} + \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -264,10 +252,10 @@ \item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but have \texttt{runas} (asks for a - password).\pause + password).%\pause -\item OS-provided access control can \alert{\bf add} to your security. - (defence in depth) +%\item OS-provided access control can \alert{\bf add} to your security. +% (defence in depth) \end{itemize} \end{frame} @@ -334,7 +322,7 @@ \begin{textblock}{11}(2,5) \begin{bubble}[8cm] \normalsize To prevent this kind of attack, you need additional -policies (don't do such operations as root). +policies (for example don't do such operations as root). \end{bubble} \end{textblock}} @@ -342,33 +330,33 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm] -in Unix\end{tabular}} +%\begin{frame}[c] +%\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm] +%in Unix\end{tabular}} -\begin{itemize} -\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause -\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause -\item \texttt{mkdir foo} is owned by root\medskip -\begin{center} -\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir} -\end{center}\medskip -it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)} -\end{itemize} +%\begin{itemize} +%\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause +%\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause +%\item \texttt{mkdir foo} is owned by root\medskip +%\begin{center} +%\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir} +%\end{center}\medskip +%it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)} +%\end{itemize} -\only<4->{ -\begin{textblock}{1}(3,7) -\begin{tikzpicture} -\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] -{\begin{minipage}{8cm} -Only failure makes us experts.\\ -\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH) -\end{minipage}}; -\end{tikzpicture} -\end{textblock}} +%\only<4->{ +%\begin{textblock}{1}(3,7) +%\begin{tikzpicture} +%\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] +%{\begin{minipage}{8cm} +%Only failure makes us experts.\\ +%\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH) +%\end{minipage}}; +%\end{tikzpicture} +%\end{textblock}} -\end{frame} +%\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -439,29 +427,29 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}[c] -\small - -\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst} - - -\begin{center} -\begin{tabular}{@{\hspace{-24mm}}ll} -members of group staff: & ping, bob, emma\\ -members of group students: & emma\\ -\end{tabular} -\end{center} - -\begin{center} -\begin{tabular}{@{\hspace{-7mm}}r|c|c|c|c|c@{}} - & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline -ping & & & & &\\\hline -bob & & & & &\\\hline -emma & & & & &\\ -\end{tabular} -\end{center} - -\end{frame} +%\begin{frame}[c] +%\small +% +%\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst} +% +% +%\begin{center} +%\begin{tabular}{@{\hspace{-24mm}}ll} +%members of group staff: & ping, bob, emma\\ +%members of group students: & emma\\ +%\end{tabular} +%\end{center} +% +%\begin{center} +%\begin{tabular}{@{\hspace{-7mm}}r|c|c|c|c|c@{}} +% & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline +%ping & & & & &\\\hline +%bob & & & & &\\\hline +%emma & & & & &\\ +%\end{tabular} +%\end{center} +% +%\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -703,6 +691,33 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{Problems with Key Fobs} + +\begin{columns} +\begin{column}[T]{4cm} +\includegraphics[scale=0.4]{../pics/car-standard.jpg} +\end{column} + +\begin{column}[T]{6cm}\small +Circumventing the ignition protection: + +\begin{itemize} +\item either dismantling Megamos crypto, +\item or use the diagnostic port to program + blank keys +\end{itemize} + +\hspace{14mm} +\includegraphics[scale=0.16]{../pics/Dismantling_Megamos_Crypto.png} +\end{column} +\end{columns} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{HTTPS / GSM} \begin{center} @@ -725,6 +740,33 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{G20 Summit in 2009} + +\begin{center} +\includegraphics[scale=0.1]{../pics/snowden.jpg} +\end{center} + +\small +\begin{itemize} +\item Snowden documents reveal ``that during the G20 + meetings\dots{}GCHQ used + `ground-breaking intelligence capabilities' to intercept + the communications of visiting delegations. This + included setting up internet cafes where they used an + email interception program and key-logging software to + spy on delegates' use of computers\ldots'' + +\item ``The G20 spying appears to have been organised for the + more mundane purpose of securing an advantage in + meetings.'' +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{Handshakes} \begin{itemize} @@ -883,51 +925,51 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}<1->[t] -\frametitle{Another Example} +% \begin{frame}<1->[t] +% \frametitle{Another Example} -In an email from Ross Anderson\bigskip\small +% In an email from Ross Anderson\bigskip\small -\begin{tabular}{l} -From: Ross Anderson \\ -Sender: cl-security-research-bounces@lists.cam.ac.uk\\ -To: cl-security-research@lists.cam.ac.uk\\ -Subject: Birmingham case\\ -Date: Tue, 13 Aug 2013 15:13:17 +0100\\ -\end{tabular} +% \begin{tabular}{l} +% From: Ross Anderson \\ +% Sender: cl-security-research-bounces@lists.cam.ac.uk\\ +% To: cl-security-research@lists.cam.ac.uk\\ +% Subject: Birmingham case\\ +% Date: Tue, 13 Aug 2013 15:13:17 +0100\\ +% \end{tabular} -\only<2>{ -\begin{textblock}{12}(0.5,0.8) -\begin{bubble}[11cm] -\footnotesize -As you may know, Volkswagen got an injunction against the University of -Birmingham suppressing the publication of the design of a weak cipher -used in the remote key entry systems in its recent-model cars. The paper -is being given today at Usenix, minus the cipher design.\medskip +% \only<2>{ +% \begin{textblock}{12}(0.5,0.8) +% \begin{bubble}[11cm] +% \footnotesize +% As you may know, Volkswagen got an injunction against the University of +% Birmingham suppressing the publication of the design of a weak cipher +% used in the remote key entry systems in its recent-model cars. The paper +% is being given today at Usenix, minus the cipher design.\medskip -I've been contacted by Birmingham University's lawyers who seek to prove -that the cipher can be easily obtained anyway. They are looking for a -student who will download the firmware from any newish VW, disassemble -it and look for the cipher. They'd prefer this to be done by a student -rather than by a professor to emphasise how easy it is.\medskip +% I've been contacted by Birmingham University's lawyers who seek to prove +% that the cipher can be easily obtained anyway. They are looking for a +% student who will download the firmware from any newish VW, disassemble +% it and look for the cipher. They'd prefer this to be done by a student +% rather than by a professor to emphasise how easy it is.\medskip -Volkswagen's argument was that the Birmingham people had reversed a -locksmithing tool produced by a company in Vietnam, and since their key -fob chip is claimed to be tamper-resistant, this must have involved a -corrupt insider at VW or at its supplier Thales. Birmingham's argument -is that this is nonsense as the cipher is easy to get hold of. Their -lawyers feel this argument would come better from an independent -outsider.\medskip +% Volkswagen's argument was that the Birmingham people had reversed a +% locksmithing tool produced by a company in Vietnam, and since their key +% fob chip is claimed to be tamper-resistant, this must have involved a +% corrupt insider at VW or at its supplier Thales. Birmingham's argument +% is that this is nonsense as the cipher is easy to get hold of. Their +% lawyers feel this argument would come better from an independent +% outsider.\medskip -Let me know if you're interested in having a go, and I'll put you in -touch +% Let me know if you're interested in having a go, and I'll put you in +% touch -Ross -\end{bubble} -\end{textblock}} +% Ross +% \end{bubble} +% \end{textblock}} -\end{frame} +% \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -1162,6 +1204,83 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] +\frametitle{Splitting Messages} + +\begin{center} +$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\bl{\{A,m\}_{K^{pub}_B}}}$ +\end{center} + +\begin{center} +$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{\bl{H_1}}$\quad +$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{\bl{H_2}}$ +\end{center} + +\begin{itemize} +\item you can also use the even and odd bytes +\item the point is you cannot decrypt the halves, even if you + have the key +\end{itemize} + + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] + +\begin{center} +\begin{tabular}{l@{\hspace{9mm}}l} +\begin{tabular}[t]{@{}l@{}} +\bl{$A \to C : K^{pub}_A$}\\ +\bl{$C \to B : K^{pub}_C$}\\ +\bl{$B \to C : K^{pub}_B$}\\ +\bl{$C \to A : K^{pub}_C$}\medskip\\ +\bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\ +\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\ +\bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\ +\bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$} +\end{tabular} & +\begin{tabular}[t]{@{}l@{}} +\bl{$A \to C : H_1$}\\ +\bl{$C \to B : C_1$}\\ +\bl{$B \to C : \{C_1, M_1\}_{K^{pub}_C}$}\\ +\bl{$C \to A : \{H_1, D_1\}_{K^{pub}_A}$}\\ +\bl{$A \to C : \{H_2, D_1\}_{K^{pub}_C}$}\\ +\bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\ +\bl{$B \to C : M_2$}\\ +\bl{$C \to A : D_2$} +\end{tabular} +\end{tabular} +\end{center}\pause + +\footnotesize +\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the +weather today in London? + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] + +\begin{itemize} +\item you have to ask something that cannot be imitated + (requires \bl{$A$} and \bl{$B$} know each other) +\item what happens if \bl{$m$} and \bl{$m'$} are voice + messages?\bigskip\pause + +\item So \bl{$C$} can either leave the communication unchanged, + or invent a complete new conversation + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] \frametitle{Car Transponder (HiTag2)} \begin{enumerate} @@ -1183,6 +1302,7 @@ \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] @@ -1206,14 +1326,254 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] -\frametitle{Problems with EMV} + +\begin{itemize} +\item the moral: establishing a secure connection from + ``zero'' is almost impossible---you need to rely on some + established trust\medskip + +\item that is why PKI relies on certificates, which however are + badly, badly realised + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Trusted Third Parties} + +Simple protocol for establishing a secure connection via a +mutually trusted 3rd party (server): + +\begin{center} +\begin{tabular}{r@ {\hspace{1mm}}l} +\bl{$A \rightarrow S :$} & \bl{$A, B$}\\ +\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\ +\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\ +\bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\ +\end{tabular} +\end{center} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{PKI: The Main Idea} + +\begin{itemize} +\item the idea is to have a certificate authority (CA) +\item you go to the CA to identify yourself +\item CA: ``I, the CA, have verified that public key + \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip +\item CA must be trusted by everybody\medskip +\item certificates are time limited, and can be revoked + +\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign +explicitly limits liability to \$100.) +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{PKI: Chains of Trust} + +\begin{center} + \begin{tikzpicture}[scale=1, + node/.style={ + rectangle,rounded corners=3mm, + very thick,draw=black!50,minimum height=18mm, minimum width=23mm, + top color=white,bottom color=black!20}] + + \node (A) at (0,0) [node] {}; + \node [below right] at (A.north west) + {\small\begin{tabular}{@{}l}CA\\Root Cert.\end{tabular}}; + + \node (B) at (4,0) [node] {}; + \node [below right=1mm] at (B.north west) + {\mbox{}\hspace{-1mm}\small + \begin{tabular}{@{}l}Subordinate\\ CA\end{tabular}}; + + \node (C) at (8,0) [node] {}; + \node [below right] at (C.north west) + {\small\begin{tabular}{@{}l}Server\\ Bank.com\end{tabular}}; + + \draw [->,line width=4mm] (A) -- (B); + \draw [->,line width=4mm] (B) -- (C); + + \node (D) at (6,-3) [node] {}; + \node [below right] at (D.north west) + {\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}}; + + \node (E) at (2,-3) [node] {}; + \node [below right] at (E.north west) + {\small\begin{tabular}{@{}l}Browser\\ Vendor\end{tabular}}; + + \draw [->,line width=4mm] (E) -- (D); + \end{tikzpicture} +\end{center} + +\begin{itemize} +\item CAs make almost no money anymore, because of stiff + competition +\item browser companies are not really interested in security; + only in market share +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{PKI: Weaknesses} + +CAs just cannot win (make any profit):\medskip \begin{itemize} -\item it is a wrapper for many protocols -\item specification by consensus (resulted unmanageable complexity) -\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some -further parts are secret -\item other attacks have been found +\item there are hundreds of CAs, which issue millions of + certificates and the error rate is small + +\item users (servers) do not want to pay or pay as little as + possible\bigskip + +\item a CA can issue a certificate for any domain not needing + any permission (CAs are meant to undergo audits, + but\ldots DigiNotar) + +\item if a CA has issued many certificates, it ``becomes too + big to fail'' + +\item Can we be sure CAs are not just frontends of some + government organisation? + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{PKI: Weaknesses} + +\begin{itemize} + +\item many certificates are issued via Whois, whether you own + the domain\ldots if you hijacked a domain, it is easy to + obtain certificates\medskip + +\item the revocation mechanism does not work (Chrome has given + up on general revocation lists)\medskip + +\item lax approach to validation of certificates + (Have you ever bypassed certification warnings?)\medskip + +\item sometimes you want to actually install invalid + certificates (self-signed) + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{PKI: Attacks} + +\begin{itemize} + +\item Go directly after root certificates + \begin{itemize} + \item governments can demand private keys\smallskip + \item 10 years ago it was estimated that breaking a 1024 bit + key takes one year and costs 10 - 30 Mio \$; this is now + reduced to 1 Mio \$ + \end{itemize} + +\item Go after buggy implementations of certificate + validation\smallskip + +\item Social Engineering + \begin{itemize} + \item in 2001 somebody pretended to be + from Microsoft and asked for two code-signing + certificates + \end{itemize}\bigskip +\end{itemize} + +\small The eco-system is completely broken (it relies on +thousands of entities to do the right thing). Maybe DNSSEC +where keys can be attached to domain names is a way out. + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Real Attacks} + +\begin{itemize} + +\item In 2011, DigiNotar (Dutch company) was the first CA that + got compromised comprehensively, and where many + fraudulent certificates were issued to the wild. It + included approximately 300,000 IP addresses, mostly + located in Iran. The attackers (in Iran?) were likely + interested ``only'' in collecting gmail passwords.\medskip + +\item The Flame malware piggy-bagged on this attack by + advertising malicious Windows updates to some targeted + systems (mostly in Iran, Israel, Sudan). + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{PKI is Broken} + +\begin{itemize} + +\item PKI and certificates are meant to protect you against + MITM attacks, but if the attack occurs your are + presented with a warning and you need to decide whether + you are under attack.\medskip + +\item Webcontent gets often loaded from 3rd-party servers, + which might not be secured\medskip + +\item Misaligned incentives: browser vendors are not + interested in breaking webpages with invalid + certificates + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] + +Why are there so many invalid certificates?\bigskip + +\begin{itemize} + +\item insufficient name coverage (www.example.com should +include example.com) + +\item IoT: many appliances have web-based admin interfaces; + the manufacturer cannot know under which IP and domain name + the appliances are run (so cannot install a valid certificate) + +\item expired certificates, or incomplete chains of trust + (servers are supposed to supply them) + \end{itemize} \end{frame} diff -r eae9a2e6ff28 -r ac3e4ea33627 slides/slides05.pdf Binary file slides/slides05.pdf has changed