SlideShare a Scribd company logo

Becoming More Paranoid

Download as PPTX, PDF
David Evans
David Evans

Introduction to Cryptocurrency University of Virginia cs4501 Fall 2015 http://bitcoin-class.org

Government & Nonprofit
1 of 19
Image from http://www.theregister.co.uk/2015/02/22/lenovo_superfish_removal_tool/ (but I think they stole it from Monsters and Aliens) Cryptocurrency Cabal cs4501 Fall 2015 David Evans and Samee Zahur University of Virginia Class 5: Becoming More Paranoid
Upcoming Schedule • Today: How Cryptosystems Fail • Next Week: blockchain and mining (readings in notes) • Tuesday, 15 September: Problem Set 1 • Wednesday, 23 September: Checkup 2 (delayed from 21 Sept in original schedule) 1
“Hard” Problems 2 Why do cryptographers consider discrete logarithm to be a hard problem?
3
Why do cryptosystems fail in practice? 4
Trusting Software 5
6
7
SSL (Secure Sockets Layer) 8 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol
SSL (Secure Sockets Layer) 9 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol How did client get KUCA?
10
Certificates 11 VarySign.com TJ multibit.org multibit.org, KUMultibit CP Verifies using KUVarySign How does VarySign decide if it should give certificate to requester? CP = KRVarySign[“multibit.org”, KUMultibit]
12
13
14
15
16 https://www.google.com/#q=chair
17 • Internet explorer connects to a web server on port 443 using SSL. The data is encrypted. • Komodia’s SSL hijacker intercepts the communication and redirects it to Komodia’s Redirector. The channel between the SSL hijacker and the Redirector is encrypted. • At this stage, Komodia’s Redirector can shape the traffic, block it, or redirect it to another website. • Communication between the Redirector and the website is encrypted using SSL. • All data received from the website can be again modified and/or blocked. When data manipulation is done, it is forwarded again to Internet explorer. • The browser displays the SSL lock, and the session will not display any “Certificate warnings”. http://www.komodia.com/products/komodias-ssl-decoderdigestor (in archive.org)
Charge Problem Set 1: due Tuesday 18 Upcoming office hours: Now (Samee) tomorrow (Dave, 2:30-3:30) Monday (Ori, 5-6:30pm)

Recommended

Always on availability groups way too deep
Always on availability groups way too deepAlways on availability groups way too deep
Always on availability groups way too deep
Joseph D'Antoni
 
Dockercon 16 Recap
Dockercon 16 RecapDockercon 16 Recap
Dockercon 16 Recap
Lee Calcote
 
QA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of ServiceQA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of Service
QAFest
 
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
Otávio Santana
 
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Ukraine
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
David Evans
 
More mining
More miningMore mining
More mining
sameezahur
 
Mining
MiningMining
Mining
David Evans
 

Recommended

Always on availability groups way too deep
Always on availability groups way too deepAlways on availability groups way too deep
Always on availability groups way too deep
Joseph D'Antoni
 
Dockercon 16 Recap
Dockercon 16 RecapDockercon 16 Recap
Dockercon 16 Recap
Lee Calcote
 
QA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of ServiceQA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of Service
QAFest
 
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
Otávio Santana
 
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Ukraine
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key Signatures
David Evans
 
More mining
More miningMore mining
More mining
sameezahur
 
Mining
MiningMining
Mining
David Evans
 
Cryptography
CryptographyCryptography
Cryptography
David Evans
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
David Evans
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
David Evans
 
Hash functions
Hash functionsHash functions
Hash functions
sameezahur
 
Merkle Trees
Merkle TreesMerkle Trees
Merkle Trees
David Evans
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
David Evans
 
Altcoins
AltcoinsAltcoins
Altcoins
sameezahur
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
David Evans
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
David Evans
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
David Evans
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
David Evans
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
David Evans
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
David Evans
 
Mostly About Superfish
Mostly About SuperfishMostly About Superfish
Mostly About Superfish
David Evans
 
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
Daniel Bryant
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
Cloudflare
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
Andrejs Vorobjovs
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
Steve Poole
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
Tiago Mendo
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
Luis Grangeia
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
Simon Haslam
 
RIPE 84: Revocation
RIPE 84: RevocationRIPE 84: Revocation
RIPE 84: Revocation
APNIC
 

More Related Content

Viewers also liked

Viewers also liked (13)

Cryptography
CryptographyCryptography
Cryptography
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Hash functions
Hash functionsHash functions
Hash functions
 
Merkle Trees
Merkle TreesMerkle Trees
Merkle Trees
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
 
Altcoins
AltcoinsAltcoins
Altcoins
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
 

Similar to Becoming More Paranoid

CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
Daniel Bryant
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
Luis Grangeia
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
Simon Haslam
 
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
Craeg Strong
 

Similar to Becoming More Paranoid (20)

Mostly About Superfish
Mostly About SuperfishMostly About Superfish
Mostly About Superfish
 
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 
RIPE 84: Revocation
RIPE 84: RevocationRIPE 84: Revocation
RIPE 84: Revocation
 
Training Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLTraining Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSL
 
Cloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC OverviewCloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC Overview
 
Cloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC OverviewCloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC Overview
 
State of the Web
State of the WebState of the Web
State of the Web
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?
 
Secure Code the Cyber Pandemic Vaccine - Wayne Burke
Secure Code the Cyber Pandemic Vaccine - Wayne BurkeSecure Code the Cyber Pandemic Vaccine - Wayne Burke
Secure Code the Cyber Pandemic Vaccine - Wayne Burke
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015
 

More from David Evans

More from David Evans (17)

Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
 
How to Live in Paradise
How to Live in ParadiseHow to Live in Paradise
How to Live in Paradise
 
Mining Economics
Mining EconomicsMining Economics
Mining Economics
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the Masses
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of Reserve
 
Silk Road
Silk RoadSilk Road
Silk Road
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, Permacoin
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate Cryptocurrencies
 
Script
ScriptScript
Script
 
Selfish Mining
Selfish MiningSelfish Mining
Selfish Mining
 
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, SupsersizingQuiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
 
Mining Pools and Profits
Mining Pools and ProfitsMining Pools and Profits
Mining Pools and Profits
 
More Mining
More MiningMore Mining
More Mining
 
Mining
MiningMining
Mining
 
Proofs of Work
Proofs of WorkProofs of Work
Proofs of Work
 
DigiCash
DigiCashDigiCash
DigiCash
 

Recently uploaded

Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery ServicePrivate Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
kumargunjan9515
 
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
kumargunjan9515
 
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
kumargunjan9515
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdf
SERUDS INDIA
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Sareena Khatun
 
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Delhi Call girls
 

Recently uploaded (20)

Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie WhitehouseTime, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
 
74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptx74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptx
 
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
 
Lorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final PresentationLorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final Presentation
 
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery ServicePrivate Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
 
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 
Finance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCCFinance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCC
 
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Basheerbagh ( 8250092165 ) Cheap rates call girls | Get low budget
 
Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdf
 
NGO working for orphan children’s education
NGO working for orphan children’s educationNGO working for orphan children’s education
NGO working for orphan children’s education
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
2024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 322024: The FAR, Federal Acquisition Regulations, Part 32
2024: The FAR, Federal Acquisition Regulations, Part 32
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'
 
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
 
NAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptxNAP Expo - Delivering effective and adequate adaptation.pptx
NAP Expo - Delivering effective and adequate adaptation.pptx
 

Becoming More Paranoid

  • 1. Image from http://www.theregister.co.uk/2015/02/22/lenovo_superfish_removal_tool/ (but I think they stole it from Monsters and Aliens) Cryptocurrency Cabal cs4501 Fall 2015 David Evans and Samee Zahur University of Virginia Class 5: Becoming More Paranoid
  • 2. Upcoming Schedule • Today: How Cryptosystems Fail • Next Week: blockchain and mining (readings in notes) • Tuesday, 15 September: Problem Set 1 • Wednesday, 23 September: Checkup 2 (delayed from 21 Sept in original schedule) 1
  • 3. “Hard” Problems 2 Why do cryptographers consider discrete logarithm to be a hard problem?
  • 4. 3
  • 5. Why do cryptosystems fail in practice? 4
  • 7. 6
  • 8. 7
  • 9. SSL (Secure Sockets Layer) 8 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol
  • 10. SSL (Secure Sockets Layer) 9 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol How did client get KUCA?
  • 11. 10
  • 12. Certificates 11 VarySign.com TJ multibit.org multibit.org, KUMultibit CP Verifies using KUVarySign How does VarySign decide if it should give certificate to requester? CP = KRVarySign[“multibit.org”, KUMultibit]
  • 13. 12
  • 14. 13
  • 15. 14
  • 16. 15
  • 18. 17 • Internet explorer connects to a web server on port 443 using SSL. The data is encrypted. • Komodia’s SSL hijacker intercepts the communication and redirects it to Komodia’s Redirector. The channel between the SSL hijacker and the Redirector is encrypted. • At this stage, Komodia’s Redirector can shape the traffic, block it, or redirect it to another website. • Communication between the Redirector and the website is encrypted using SSL. • All data received from the website can be again modified and/or blocked. When data manipulation is done, it is forwarded again to Internet explorer. • The browser displays the SSL lock, and the session will not display any “Certificate warnings”. http://www.komodia.com/products/komodias-ssl-decoderdigestor (in archive.org)
  • 19. Charge Problem Set 1: due Tuesday 18 Upcoming office hours: Now (Samee) tomorrow (Dave, 2:30-3:30) Monday (Ori, 5-6:30pm)