Binary file slides08.pdf has changed
--- a/slides08.tex Tue Nov 20 11:58:23 2012 +0000
+++ b/slides08.tex Tue Nov 20 14:06:09 2012 +0000
@@ -286,7 +286,9 @@
\item timing attacks
\item parallel session attacks
\item binding attacks (public key protocols)
-\item changing environment / changing assumptions
+\item changing environment / changing assumptions\bigskip
+
+\item (social engineering attacks)
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -395,7 +397,7 @@
\end{tabular}
\end{center}\bigskip\pause
-Assume nonces are represented as bit-sequences of the same length
+Assume nonces are represented as bit-sequences of the same length as keys
\begin{center}
\begin{tabular}{@{}l@{}}
\bl{$A \rightarrow B :$} \bl{$A, \{N_A\}_{K_{AB}}$}\\
@@ -424,7 +426,7 @@
\end{tabular}
\end{center}\bigskip\pause
-but nothing is for free: then you need to synchronise time and possibly become victim to
+but nothing is for free: then you need to synchronise time and possibly become a victim to
timing attacks
\end{frame}}
@@ -470,7 +472,7 @@
\end{tabular}
\end{center}\bigskip
-\bl{$A$} knows \bl{$K^{prig}_A$} and can verify the message came from \bl{$CA$}
+\bl{$A$} knows \bl{$K^{priv}_A$} and can verify the message came from \bl{$CA$}
in response to \bl{$A$}'s message and trusts \bl{$K^{pub}_{B}$} is \bl{$B$}'s public key
@@ -506,7 +508,7 @@
There are plenty of other protocols and attacks. This could go on ``forever''.\pause\bigskip
-attacks because of changing environment
+We look here on one more kind of attacks that are because of a changing environment.
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -536,14 +538,15 @@
\only<4>{
\begin{itemize}
-\item But suddenly the environment changed: rail transport got privatised creating many companies
-cheating each other
-\item revenue from monthly tickets was distributed according to a formula where the ticket was bought
+\item but suddenly the environment changed: rail transport got privatised creating many
+competing companies
+potentially cheating each other
+\item revenue from monthly tickets was distributed according to a formula involving where the ticket was bought\ldots
\end{itemize}}
\only<5>{
\begin{itemize}
-\item apart from bad outsiders (passengers) you also had bad insiders (rail companies)
+\item apart from bad outsiders (passengers), you also had bad insiders (rail companies)
\item chaos and litigation ensued
\end{itemize}}
@@ -590,19 +593,43 @@
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{Good Practices}
+\frametitle{Problems with WEP (Wifi)}
\begin{itemize}
-\item explicit principles (you authenticate all data you might rely on)
-\item the one who can fix a system should also be liable for the losses
+\item a standard ratified in 1999
+\item the protocol was designed by a committee not including cryptographers
+\item it used the RC4 encryption algorithm which is a stream cipher requiring a unique nonce
+\item WEP did not allocate enough bits for the nonce
+\item for authenticating packets it used CRC checksum which can be easily broken
+\item the network password was used to directly encrypt packages (instead of a key negotiation protocol)\bigskip
+\item encryption was turned of by default
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Protocols are Difficult}
+
+\begin{itemize}
+\item even the systems designed by experts regularly fail\medskip
+\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
+\item the one who can fix a system should also be liable for the losses\medskip
+\item cryptography is not {\bf the} answer\bigskip\bigskip
+\end{itemize}
+
+Logic is one way protocols are studied in academia
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]