Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
update
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Thu, 26 Nov 2015 11:59:38 +0000
changeset 436 8bf6704fc991
parent 435 4603e6bb80c8
child 437 08906f4325bb
update
handouts/ho06.tex file | annotate | diff | comparison | revisions
hws/hw07.pdf file | annotate | diff | comparison | revisions
hws/hw07.tex file | annotate | diff | comparison | revisions
slides/slides11.pdf file | annotate | diff | comparison | revisions
slides/slides11.tex file | annotate | diff | comparison | revisions 
--- a/handouts/ho06.tex	Thu Nov 26 09:10:47 2015 +0000
+++ b/handouts/ho06.tex	Thu Nov 26 11:59:38 2015 +0000
@@ -536,10 +536,7 @@
 calculates a solution for $y$ she does not know $r_j$. For this she
 would need to calculate the modular logarithm
 
-
-\[
-y \equiv A^{r_j}\;mod\;p
-\] 
+\[y \equiv A^{r_j}\;mod\;p\] 
 
 \noindent which is hard (see step 1 in the commitment stage).
 
Binary file hws/hw07.pdf has changed
--- a/hws/hw07.tex	Thu Nov 26 09:10:47 2015 +0000
+++ b/hws/hw07.tex	Thu Nov 26 11:59:38 2015 +0000
@@ -12,7 +12,7 @@
 
 \item What is a \emph{re-identification attack}?
 
-\item Imagine you have an completely `innocent' email message,
+\item Imagine you have a completely `innocent' email message,
       like birthday wishes to your grandmother? Why should you
       still encrypt this message and your grandmother take the
       effort to decrypt it? 
Binary file slides/slides11.pdf has changed
--- a/slides/slides11.tex	Thu Nov 26 09:10:47 2015 +0000
+++ b/slides/slides11.tex	Thu Nov 26 11:59:38 2015 +0000
@@ -16,8 +16,7 @@
 \frametitle{%
   \begin{tabular}{@ {}c@ {}}
   \\
-  \LARGE Access Control and \\[-3mm] 
-  \LARGE Privacy Policies (11)\\[-6mm] 
+  \LARGE Security Engineering 
   \end{tabular}}\bigskip\bigskip\bigskip
 
   \normalsize
@@ -35,13 +34,15 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 
+\begin{bubble}[10cm]
+Imagine you have a completely innocent email message, like
+birthday wishes to your grandmother? Why should you still
+encrypt this message and your grandmother take the effort to
+decrypt it?
+\end{bubble}
+
 \begin{itemize}
-\item Imagine you have an completely innocent email message,
-      like birthday wishes to your grandmother? Why should you
-      still encrypt this message and your grandmother take the
-      effort to decrypt it?\bigskip 
-
-      \small  
+\item \small  
       (Hint: The answer has nothing to do with preserving the
       privacy of your grandmother and nothing to do with
       keeping her birthday wishes super-secret. Also nothing to
@@ -56,7 +57,8 @@
 \begin{frame}[c]
 
 \begin{center}
-\includegraphics[scale=0.6]{../pics/escher.jpg}
+\includegraphics[scale=0.6]{../pics/escher.jpg}\\
+\footnotesize\mbox{M.C.Escher, Amazing World (from Gödel, Escher, Bach by D.Hofstadter)} 
 \end{center}
 
 \end{frame}
@@ -66,7 +68,7 @@
 \begin{frame}[c]
 \frametitle{Interlock Protocol}
 
-Protocol between a car \bl{$C$} and a key transponder \bl{$T$}:\bigskip 
+\mbox{A Protocol between a car \bl{$C$} and a key transponder \bl{$T$}:}\bigskip 
 
 \begin{enumerate}
 \item \bl{$C$} generates a random number \bl{$N$}
@@ -85,9 +87,9 @@
 \begin{frame}[c]
 \frametitle{Zero-Knowledge Proofs}
 
-Essentially every NP-problem can be used for ZKPs\bigskip
+\begin{itemize}
+\item Essentially every NP-problem can be used for ZKPs\bigskip
 
-\begin{itemize}
 \item modular logarithms: Alice chooses public \bl{$A$},  \bl{$B$}, \bl{$p$}; and private \bl{$x$}
 
 \begin{center}
@@ -117,7 +119,7 @@
 \begin{frame}[c]
 \frametitle{Modular Logarithm}
 
-Ordinary, non-modular logarithms: 
+Ordinary, \emph{non}-modular logarithms: 
 
 \begin{center}\large
 \begin{tabular}{ll}
@@ -128,7 +130,7 @@
 \end{center}
 
 Conclusion: \bl{$1.2304489$} is very close to the \emph{true}
-solution
+solution, slightly low
 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -140,18 +142,17 @@
 In contrast, modular logarithms behave much differently:
 
 \begin{center}\large
-\bl{$2^? \equiv 88319671\;\; mod\;\; 97330327$}\bigskip\\\pause
+\bl{$2^? \equiv 88319671\;\; mod\;\; 97330327$}\bigskip
 \end{center}\pause
 
-Lets say I found \bl{$28305819$}\ldots I try
+Lets say I `found' \bl{$28305819$} and I try
 
 \begin{center}\large
-\bl{$2^{28305819} \equiv 88032151\;\; mod\;\; 97330327$}\bigskip\\\pause
+\bl{$2^{28305819} \equiv 88032151\;\; mod\;\; 97330327$}\bigskip
 \end{center}\pause
 
-I could be tempted to try \bl{$28305820$}\ldots\pause
-but the real\\
-\mbox{}\hfill answer is \bl{12314}.
+Slightly lower. I might be tempted to try \bl{$28305820$}\ldots\pause
+but the real answer is \bl{12314}.
 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -265,6 +266,103 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{How can Alice cheat?}
+
+\begin{itemize}
+\item Alice needs to coordinate what she sends as \bl{$h_i$}
+      (in step 2), \bl{$s_i$} (in step 4) and
+      \bl{$s_{z+1}$} (in step 6).\pause\bigskip
+
+\item for \bl{$s_{z+1}$} she solves the easy
+\begin{center}
+\bl{$A^{s_{z+1}} \equiv B * y \;mod\;p$}
+\end{center}
+
+for \bl{$y$}.\pause
+\item if she can guess \bl{$j$} (first \bl{$1$}) then 
+  she sends \bl{$y$} as \bl{$h_j$}
+and \bl{$0$} as \bl{$s_j$}.\pause
+
+\item however she does not know \bl{$r_j$} because she would 
+need to solve
+\begin{center}
+\bl{$A^{r_j} \equiv y \;mod\;p$}
+\end{center}
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{How can Alice cheat?}
+
+\begin{itemize}
+\item Alice still needs to decide on the other \bl{$h_i$} and 
+\bl{$s_i$}. They have to satisfy the test:
+
+\[\bl{A^{\alert{s_i}} \stackrel{?}{\equiv} \alert{h_i} * h_j^{-1}  \;mod\; p}\]
+\pause
+
+\item Lets say she choses the \bl{$s_i$} at random, then she 
+needs to solve
+
+\[\bl{A^{s_i} \equiv z * h_j^{-1}  \;mod\; p}\] 
+
+for \bl{$z$}.\pause{} It still does not allow us to find out
+the \bl{$r_i$}. Let us call an \bl{$h_i$} calculated in this 
+way as \alert{bogus}.
+
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[t]
+\frametitle{How can Alice cheat?}
+
+\begin{itemize}
+\item Alice has to produce bogus \bl{$h_i$} for all bits that 
+are going to be \bl{$1$} in advance.\bigskip\pause
+
+\item Lets say \bl{$b_i = 1$} where Alice guessed \bl{$0$}: 
+She already has sent \bl{$h_i$} and \bl{$h_j$} and now must find a
+correct \bl{$s_i$} (which she chose at random at first)
+
+\[\bl{A^{s_i} \equiv h_i * h_j^{-1}  \;mod\; p}\]
+
+If she knew \bl{$r_i$} and \bl{$r_j$}, then easy: 
+\bl{$s_i = r_i - r_j$}. But she does not. So she will be found 
+out.
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[t]
+\frametitle{How can Alice cheat?}
+
+\begin{itemize}
+\item Alice has to produce bogus \bl{$h_i$} for all bits that 
+are going to be \bl{$1$} in advance.\bigskip
+
+\item Lets say \bl{$b_i = 0$} where Alice guessed \bl{$1$}: 
+She has to send an \bl{$s_i$} so that 
+
+\[\bl{A^{s_i} \equiv h_i\;mod\;p}\]
+
+She does not know \bl{$r_i$}. So this is too hard and 
+she will be found out.
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \tikzset{alt/.code args={<#1>#2#3#4}{%
   \alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path
 }}
@@ -374,24 +472,47 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
-
-\begin{itemize}
-\item Imagine you have an completely innocent email message,
-      like birthday wishes to your grandmother? Why should you
-      still encrypt this message and your grandmother take the
-      effort to decrypt it?\bigskip 
+\frametitle{Coming Back To\ldots}
 
-      \small  
-      (Hint: The answer has nothing to do with preserving the
-      privacy of your grandmother and nothing to do with
-      keeping her birthday wishes super-secret. Also nothing to
-      do with you and grandmother testing the latest
-      encryption technology, nor just for the sake of it.)
+\begin{bubble}[10cm]
+Imagine you have an completely innocent email message, like
+birthday wishes to your grandmother? Why should you still
+encrypt this message and your grandmother take the effort to
+decrypt it?
+\end{bubble}\pause
+      
+\begin{itemize}      
+\item \small
+      Bruce Schneier\\
+      NSA Surveillance and What To Do About It\\
+      \url{https://www.youtube.com/watch?v=QXtS6UcdOMs}
 \end{itemize}
 
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\small
+\begin{bubble}[10cm]
+Terrorists use encrypted mobile-messaging apps. The spy
+agencies argue that although they can follow the conversations
+on Twitter, they ``go dark'' on the encrypted message apps. To
+counter this ``going-dark problem'', the spy agencies push for
+the implementation of back-doors in iMessage and Facebook and
+Skype and everything else UK or US-made, which they can use
+eavesdrop on conversations without the conversants' knowledge
+or consent.
+
+\end{bubble}      
+
+\begin{itemize}
+\item What is the fallacy in the spy agencies going-dark
+      argument?
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
 
 \end{document}
sen-material