--- a/slides/slides04.tex Mon Oct 09 10:07:35 2017 +0100
+++ b/slides/slides04.tex Sun Oct 15 17:25:31 2017 +0100
@@ -1,4 +1,5 @@
\documentclass[dvipsnames,14pt,t]{beamer}
+\usepackage{../style}
\usepackage{../slides}
\usepackage{../graphics}
\usepackage{../langs}
@@ -45,10 +46,9 @@
\end{center}
\begin{itemize}
-%\item no ``cheating'' needed for format string attacks
-\item required some cheating on modern OS
-\item the main point: no cheating in practice\pause
-\item one class of attacks not mentioned last week
+\item this required some cheating on a modern OS
+\item but the main point: no cheating needed in practice
+ (remember the quote about toasters)
\end{itemize}
\end{frame}
@@ -56,22 +56,6 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
-\frametitle{Format String Vulnerability}
-
-\small
-\texttt{string} is nowhere used:\bigskip
-
-{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip
-
-this vulnerability can be used to read out the stack and even
-modify it
-
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
\frametitle{Case-In-Point: Android}
\begin{itemize}
@@ -125,8 +109,12 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
-\frametitle{Survey}
-
+\frametitle{Survey at KEATS}
+
+\begin{center}
+\alert{\bf\LARGE Thanks!}
+\end{center}
+
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -264,10 +252,10 @@
\item Modern versions of Windows have more fine-grained AC than Unix;
they do not have a setuid bit, but have \texttt{runas} (asks for a
- password).\pause
+ password).%\pause
-\item OS-provided access control can \alert{\bf add} to your security.
- (defence in depth)
+%\item OS-provided access control can \alert{\bf add} to your security.
+% (defence in depth)
\end{itemize}
\end{frame}
@@ -334,7 +322,7 @@
\begin{textblock}{11}(2,5)
\begin{bubble}[8cm]
\normalsize To prevent this kind of attack, you need additional
-policies (don't do such operations as root).
+policies (for example don't do such operations as root).
\end{bubble}
\end{textblock}}
@@ -342,33 +330,33 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm]
-in Unix\end{tabular}}
+%\begin{frame}[c]
+%\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm]
+%in Unix\end{tabular}}
-\begin{itemize}
-\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
-\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
-\item \texttt{mkdir foo} is owned by root\medskip
-\begin{center}
-\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
-\end{center}\medskip
-it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
-\end{itemize}
+%\begin{itemize}
+%\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
+%\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
+%\item \texttt{mkdir foo} is owned by root\medskip
+%\begin{center}
+%\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
+%\end{center}\medskip
+%it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
+%\end{itemize}
-\only<4->{
-\begin{textblock}{1}(3,7)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-{\begin{minipage}{8cm}
-Only failure makes us experts.\\
-\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH)
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
+%\only<4->{
+%\begin{textblock}{1}(3,7)
+%\begin{tikzpicture}
+%\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
+%{\begin{minipage}{8cm}
+%Only failure makes us experts.\\
+%\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH)
+%\end{minipage}};
+%\end{tikzpicture}
+%\end{textblock}}
-\end{frame}
+%\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -439,29 +427,29 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\small
-
-\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
-
-
-\begin{center}
-\begin{tabular}{@{\hspace{-24mm}}ll}
-members of group staff: & ping, bob, emma\\
-members of group students: & emma\\
-\end{tabular}
-\end{center}
-
-\begin{center}
-\begin{tabular}{@{\hspace{-7mm}}r|c|c|c|c|c@{}}
- & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
-ping & & & & &\\\hline
-bob & & & & &\\\hline
-emma & & & & &\\
-\end{tabular}
-\end{center}
-
-\end{frame}
+%\begin{frame}[c]
+%\small
+%
+%\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
+%
+%
+%\begin{center}
+%\begin{tabular}{@{\hspace{-24mm}}ll}
+%members of group staff: & ping, bob, emma\\
+%members of group students: & emma\\
+%\end{tabular}
+%\end{center}
+%
+%\begin{center}
+%\begin{tabular}{@{\hspace{-7mm}}r|c|c|c|c|c@{}}
+% & manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
+%ping & & & & &\\\hline
+%bob & & & & &\\\hline
+%emma & & & & &\\
+%\end{tabular}
+%\end{center}
+%
+%\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -703,6 +691,33 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
+\frametitle{Problems with Key Fobs}
+
+\begin{columns}
+\begin{column}[T]{4cm}
+\includegraphics[scale=0.4]{../pics/car-standard.jpg}
+\end{column}
+
+\begin{column}[T]{6cm}\small
+Circumventing the ignition protection:
+
+\begin{itemize}
+\item either dismantling Megamos crypto,
+\item or use the diagnostic port to program
+ blank keys
+\end{itemize}
+
+\hspace{14mm}
+\includegraphics[scale=0.16]{../pics/Dismantling_Megamos_Crypto.png}
+\end{column}
+\end{columns}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
\frametitle{HTTPS / GSM}
\begin{center}
@@ -725,6 +740,33 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
+\frametitle{G20 Summit in 2009}
+
+\begin{center}
+\includegraphics[scale=0.1]{../pics/snowden.jpg}
+\end{center}
+
+\small
+\begin{itemize}
+\item Snowden documents reveal ``that during the G20
+ meetings\dots{}GCHQ used
+ `ground-breaking intelligence capabilities' to intercept
+ the communications of visiting delegations. This
+ included setting up internet cafes where they used an
+ email interception program and key-logging software to
+ spy on delegates' use of computers\ldots''
+
+\item ``The G20 spying appears to have been organised for the
+ more mundane purpose of securing an advantage in
+ meetings.''
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
\frametitle{Handshakes}
\begin{itemize}
@@ -883,51 +925,51 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}<1->[t]
-\frametitle{Another Example}
+% \begin{frame}<1->[t]
+% \frametitle{Another Example}
-In an email from Ross Anderson\bigskip\small
+% In an email from Ross Anderson\bigskip\small
-\begin{tabular}{l}
-From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
-Sender: cl-security-research-bounces@lists.cam.ac.uk\\
-To: cl-security-research@lists.cam.ac.uk\\
-Subject: Birmingham case\\
-Date: Tue, 13 Aug 2013 15:13:17 +0100\\
-\end{tabular}
+% \begin{tabular}{l}
+% From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
+% Sender: cl-security-research-bounces@lists.cam.ac.uk\\
+% To: cl-security-research@lists.cam.ac.uk\\
+% Subject: Birmingham case\\
+% Date: Tue, 13 Aug 2013 15:13:17 +0100\\
+% \end{tabular}
-\only<2>{
-\begin{textblock}{12}(0.5,0.8)
-\begin{bubble}[11cm]
-\footnotesize
-As you may know, Volkswagen got an injunction against the University of
-Birmingham suppressing the publication of the design of a weak cipher
-used in the remote key entry systems in its recent-model cars. The paper
-is being given today at Usenix, minus the cipher design.\medskip
+% \only<2>{
+% \begin{textblock}{12}(0.5,0.8)
+% \begin{bubble}[11cm]
+% \footnotesize
+% As you may know, Volkswagen got an injunction against the University of
+% Birmingham suppressing the publication of the design of a weak cipher
+% used in the remote key entry systems in its recent-model cars. The paper
+% is being given today at Usenix, minus the cipher design.\medskip
-I've been contacted by Birmingham University's lawyers who seek to prove
-that the cipher can be easily obtained anyway. They are looking for a
-student who will download the firmware from any newish VW, disassemble
-it and look for the cipher. They'd prefer this to be done by a student
-rather than by a professor to emphasise how easy it is.\medskip
+% I've been contacted by Birmingham University's lawyers who seek to prove
+% that the cipher can be easily obtained anyway. They are looking for a
+% student who will download the firmware from any newish VW, disassemble
+% it and look for the cipher. They'd prefer this to be done by a student
+% rather than by a professor to emphasise how easy it is.\medskip
-Volkswagen's argument was that the Birmingham people had reversed a
-locksmithing tool produced by a company in Vietnam, and since their key
-fob chip is claimed to be tamper-resistant, this must have involved a
-corrupt insider at VW or at its supplier Thales. Birmingham's argument
-is that this is nonsense as the cipher is easy to get hold of. Their
-lawyers feel this argument would come better from an independent
-outsider.\medskip
+% Volkswagen's argument was that the Birmingham people had reversed a
+% locksmithing tool produced by a company in Vietnam, and since their key
+% fob chip is claimed to be tamper-resistant, this must have involved a
+% corrupt insider at VW or at its supplier Thales. Birmingham's argument
+% is that this is nonsense as the cipher is easy to get hold of. Their
+% lawyers feel this argument would come better from an independent
+% outsider.\medskip
-Let me know if you're interested in having a go, and I'll put you in
-touch
+% Let me know if you're interested in having a go, and I'll put you in
+% touch
-Ross
-\end{bubble}
-\end{textblock}}
+% Ross
+% \end{bubble}
+% \end{textblock}}
-\end{frame}
+% \end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -1162,6 +1204,83 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
+\frametitle{Splitting Messages}
+
+\begin{center}
+$\underbrace{\texttt{\Grid{0X1peUVTGJK+H70mMjAM8p}}}_{\bl{\{A,m\}_{K^{pub}_B}}}$
+\end{center}
+
+\begin{center}
+$\underbrace{\texttt{\Grid{0X1peUVTGJK}}}_{\bl{H_1}}$\quad
+$\underbrace{\texttt{\Grid{+H70mMjAM8p}}}_{\bl{H_2}}$
+\end{center}
+
+\begin{itemize}
+\item you can also use the even and odd bytes
+\item the point is you cannot decrypt the halves, even if you
+ have the key
+\end{itemize}
+
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+
+\begin{center}
+\begin{tabular}{l@{\hspace{9mm}}l}
+\begin{tabular}[t]{@{}l@{}}
+\bl{$A \to C : K^{pub}_A$}\\
+\bl{$C \to B : K^{pub}_C$}\\
+\bl{$B \to C : K^{pub}_B$}\\
+\bl{$C \to A : K^{pub}_C$}\medskip\\
+\bl{$\{A,m\}_{K^{pub}_C} \;\mapsto\; H_1,H_2$}\\
+\bl{$\{B,m'\}_{K^{pub}_C} \;\mapsto\; M_1,M_2$}\bigskip\\
+\bl{$\{C,a\}_{K^{pub}_B} \;\mapsto\; C_1,C_2$}\\
+\bl{$\{C,b\}_{K^{pub}_A} \;\mapsto\; D_1,D_2$}
+\end{tabular} &
+\begin{tabular}[t]{@{}l@{}}
+\bl{$A \to C : H_1$}\\
+\bl{$C \to B : C_1$}\\
+\bl{$B \to C : \{C_1, M_1\}_{K^{pub}_C}$}\\
+\bl{$C \to A : \{H_1, D_1\}_{K^{pub}_A}$}\\
+\bl{$A \to C : \{H_2, D_1\}_{K^{pub}_C}$}\\
+\bl{$C \to B : \{C_2, M_1\}_{K^{pub}_B}$}\\
+\bl{$B \to C : M_2$}\\
+\bl{$C \to A : D_2$}
+\end{tabular}
+\end{tabular}
+\end{center}\pause
+
+\footnotesize
+\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the
+weather today in London?
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+
+\begin{itemize}
+\item you have to ask something that cannot be imitated
+ (requires \bl{$A$} and \bl{$B$} know each other)
+\item what happens if \bl{$m$} and \bl{$m'$} are voice
+ messages?\bigskip\pause
+
+\item So \bl{$C$} can either leave the communication unchanged,
+ or invent a complete new conversation
+
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
\frametitle{Car Transponder (HiTag2)}
\begin{enumerate}
@@ -1183,6 +1302,7 @@
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
@@ -1206,14 +1326,254 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
-\frametitle{Problems with EMV}
+
+\begin{itemize}
+\item the moral: establishing a secure connection from
+ ``zero'' is almost impossible---you need to rely on some
+ established trust\medskip
+
+\item that is why PKI relies on certificates, which however are
+ badly, badly realised
+
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Trusted Third Parties}
+
+Simple protocol for establishing a secure connection via a
+mutually trusted 3rd party (server):
+
+\begin{center}
+\begin{tabular}{r@ {\hspace{1mm}}l}
+\bl{$A \rightarrow S :$} & \bl{$A, B$}\\
+\bl{$S \rightarrow A :$} & \bl{$\{K_{AB}, \{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
+\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
+\bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
+\end{tabular}
+\end{center}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{PKI: The Main Idea}
+
+\begin{itemize}
+\item the idea is to have a certificate authority (CA)
+\item you go to the CA to identify yourself
+\item CA: ``I, the CA, have verified that public key
+ \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
+\item CA must be trusted by everybody\medskip
+\item certificates are time limited, and can be revoked
+
+\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
+explicitly limits liability to \$100.)
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{PKI: Chains of Trust}
+
+\begin{center}
+ \begin{tikzpicture}[scale=1,
+ node/.style={
+ rectangle,rounded corners=3mm,
+ very thick,draw=black!50,minimum height=18mm, minimum width=23mm,
+ top color=white,bottom color=black!20}]
+
+ \node (A) at (0,0) [node] {};
+ \node [below right] at (A.north west)
+ {\small\begin{tabular}{@{}l}CA\\Root Cert.\end{tabular}};
+
+ \node (B) at (4,0) [node] {};
+ \node [below right=1mm] at (B.north west)
+ {\mbox{}\hspace{-1mm}\small
+ \begin{tabular}{@{}l}Subordinate\\ CA\end{tabular}};
+
+ \node (C) at (8,0) [node] {};
+ \node [below right] at (C.north west)
+ {\small\begin{tabular}{@{}l}Server\\ Bank.com\end{tabular}};
+
+ \draw [->,line width=4mm] (A) -- (B);
+ \draw [->,line width=4mm] (B) -- (C);
+
+ \node (D) at (6,-3) [node] {};
+ \node [below right] at (D.north west)
+ {\small\begin{tabular}{@{}l}Browser\\ Root Store\end{tabular}};
+
+ \node (E) at (2,-3) [node] {};
+ \node [below right] at (E.north west)
+ {\small\begin{tabular}{@{}l}Browser\\ Vendor\end{tabular}};
+
+ \draw [->,line width=4mm] (E) -- (D);
+ \end{tikzpicture}
+\end{center}
+
+\begin{itemize}
+\item CAs make almost no money anymore, because of stiff
+ competition
+\item browser companies are not really interested in security;
+ only in market share
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{PKI: Weaknesses}
+
+CAs just cannot win (make any profit):\medskip
\begin{itemize}
-\item it is a wrapper for many protocols
-\item specification by consensus (resulted unmanageable complexity)
-\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
-further parts are secret
-\item other attacks have been found
+\item there are hundreds of CAs, which issue millions of
+ certificates and the error rate is small
+
+\item users (servers) do not want to pay or pay as little as
+ possible\bigskip
+
+\item a CA can issue a certificate for any domain not needing
+ any permission (CAs are meant to undergo audits,
+ but\ldots DigiNotar)
+
+\item if a CA has issued many certificates, it ``becomes too
+ big to fail''
+
+\item Can we be sure CAs are not just frontends of some
+ government organisation?
+
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{PKI: Weaknesses}
+
+\begin{itemize}
+
+\item many certificates are issued via Whois, whether you own
+ the domain\ldots if you hijacked a domain, it is easy to
+ obtain certificates\medskip
+
+\item the revocation mechanism does not work (Chrome has given
+ up on general revocation lists)\medskip
+
+\item lax approach to validation of certificates
+ (Have you ever bypassed certification warnings?)\medskip
+
+\item sometimes you want to actually install invalid
+ certificates (self-signed)
+
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{PKI: Attacks}
+
+\begin{itemize}
+
+\item Go directly after root certificates
+ \begin{itemize}
+ \item governments can demand private keys\smallskip
+ \item 10 years ago it was estimated that breaking a 1024 bit
+ key takes one year and costs 10 - 30 Mio \$; this is now
+ reduced to 1 Mio \$
+ \end{itemize}
+
+\item Go after buggy implementations of certificate
+ validation\smallskip
+
+\item Social Engineering
+ \begin{itemize}
+ \item in 2001 somebody pretended to be
+ from Microsoft and asked for two code-signing
+ certificates
+ \end{itemize}\bigskip
+\end{itemize}
+
+\small The eco-system is completely broken (it relies on
+thousands of entities to do the right thing). Maybe DNSSEC
+where keys can be attached to domain names is a way out.
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Real Attacks}
+
+\begin{itemize}
+
+\item In 2011, DigiNotar (Dutch company) was the first CA that
+ got compromised comprehensively, and where many
+ fraudulent certificates were issued to the wild. It
+ included approximately 300,000 IP addresses, mostly
+ located in Iran. The attackers (in Iran?) were likely
+ interested ``only'' in collecting gmail passwords.\medskip
+
+\item The Flame malware piggy-bagged on this attack by
+ advertising malicious Windows updates to some targeted
+ systems (mostly in Iran, Israel, Sudan).
+
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{PKI is Broken}
+
+\begin{itemize}
+
+\item PKI and certificates are meant to protect you against
+ MITM attacks, but if the attack occurs your are
+ presented with a warning and you need to decide whether
+ you are under attack.\medskip
+
+\item Webcontent gets often loaded from 3rd-party servers,
+ which might not be secured\medskip
+
+\item Misaligned incentives: browser vendors are not
+ interested in breaking webpages with invalid
+ certificates
+
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+
+Why are there so many invalid certificates?\bigskip
+
+\begin{itemize}
+
+\item insufficient name coverage (www.example.com should
+include example.com)
+
+\item IoT: many appliances have web-based admin interfaces;
+ the manufacturer cannot know under which IP and domain name
+ the appliances are run (so cannot install a valid certificate)
+
+\item expired certificates, or incomplete chains of trust
+ (servers are supposed to supply them)
+
\end{itemize}
\end{frame}