Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Tue, 20 Nov 2012 06:17:25 +0000
changeset 77 56dbc339ec87
parent 76 dde58256fc35
child 78 cd4fde79587e
updated
slides08.pdf file | annotate | diff | comparison | revisions
slides08.tex file | annotate | diff | comparison | revisions 
Binary file slides08.pdf has changed
--- a/slides08.tex	Tue Nov 20 05:22:22 2012 +0000
+++ b/slides08.tex	Tue Nov 20 06:17:25 2012 +0000
@@ -245,10 +245,14 @@
   \end{textblock}
   
 \only<3->{
-\begin{textblock}{6}(0.3,12)
+\begin{textblock}{6}(0.3,9)
 being outsmarted by Angola/Cuba
 ended SA involvement
 \end{textblock}}
+\only<4->{
+\begin{textblock}{6}(0.3,13)
+IFF opened up a nice side-channel attack
+\end{textblock}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
@@ -386,6 +390,8 @@
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
+
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
@@ -406,32 +412,62 @@
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{``Real-World'' Attacks}
-
-EMV (Europay, MasterCard, Visa) is a standard for payments by credit cards\bigskip
-
-It consists of three phases:
 
-\begin{enumerate}
-\item card authentication phase (the terminal reads the information; signs it with a public key 
-and verifies the signed information)
-\item cardholder authentication (PIN; terminal sends PIN to card which verifies it; it can also verify it online
-with the bank)
-\item transaction authorisation (the terminal asks the card to provide an authentication code for the transaction;
-the code is sent to the bank for verification)
-\end{enumerate}
+There are plenty of other protocols and attacks. This could go on ``forever''.\pause\bigskip
+
+attacks because of changing environment
 
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
+\begin{frame}[t]
+\frametitle{Changing Environment Attacks}
+
+\begin{itemize}
+\item all protocols rely on some assumptions about the environment
+(e.g., cryptographic keys cannot be broken)\bigskip\pause
+\end{itemize}
+
+\only<2>{
+\begin{itemize}
+\item in the ``good olden days'' (1960/70) rail transport was cheap, so fraud was not
+worthwhile
+\end{itemize}}
+
+\only<3>{
+\begin{itemize}
+\item when it got expensive, some people bought cheaper monthly tickets for a suburban 
+station and a nearby one, and one for the destination and a nearby one
+\item a large investment later all barriers were automatic and tickets can record state
+\end{itemize}}
+
+\only<4>{
+\begin{itemize}
+\item But suddenly the environment changed: rail transport got privatised creating many companies
+cheating each other
+\item revenue from monthly tickets was distributed according to a formula where the ticket was bought
+\end{itemize}}
+
+\only<5>{
+\begin{itemize}
+\item apart from bad outsiders (passengers) you also had bad insiders (rail companies)
+\item chaos and litigation ensued
+\end{itemize}}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
 \begin{frame}[c]
 
-A Man-in-the-middle attack
+A Man-in-the-middle attack in real life:
 
 \begin{itemize}
 \item the card only says yes or no to the terminal if the PIN is correct
@@ -467,6 +503,44 @@
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Good Practices}
+
+\begin{itemize}
+\item explicit principles (you authenticate all data you might rely on)
+\item the one who can fix a system should also be liable for the losses  
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Privacy et al}
+
+Some terminology:
+
+\begin{itemize}
+\item \alert{secrecy} is the mechanism used to limit the number of 
+principals with access to information (eg, cryptography or access controls)
+
+\item \alert{confidentiality} is the obligation to protect the secrets of other people 
+or organizations (secrecy for the benefit of an organisation)
+
+\item \alert{anonymity} is the ability to leave no evidence of an activity (eg, sharing a secret)
+
+\item \alert{privacy} is the ability or right to protect your personal secrets 
+(secrecy for the benefit of an individual)
+
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+
 \end{document}
 
 %%% Local Variables:
sen-material