diff --git a/applications/Makefile b/applications/Makefile new file mode 100644 index 0000000..9526715 --- /dev/null +++ b/applications/Makefile @@ -0,0 +1,5 @@ +SUBDIR+= signal +SUBDIR+= digital-postbox-tutorial + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/subdir.mk diff --git a/applications/digital-postbox-tutorial/.gitignore b/applications/digital-postbox-tutorial/.gitignore new file mode 100644 index 0000000..67cb3d2 --- /dev/null +++ b/applications/digital-postbox-tutorial/.gitignore @@ -0,0 +1,3 @@ +ltxobj/ +notes.pdf +slides.pdf diff --git a/applications/digital-postbox-tutorial/2022-03-02-11-05.xoj b/applications/digital-postbox-tutorial/2022-03-02-11-05.xoj new file mode 100644 index 0000000..59c079f Binary files /dev/null and b/applications/digital-postbox-tutorial/2022-03-02-11-05.xoj differ diff --git a/applications/digital-postbox-tutorial/Makefile b/applications/digital-postbox-tutorial/Makefile new file mode 100644 index 0000000..17ba41c --- /dev/null +++ b/applications/digital-postbox-tutorial/Makefile @@ -0,0 +1,31 @@ +.PHONY: all +all: notes.pdf slides.pdf + +LATEXFLAGS+= -shell-escape + +SRC+= preamble.tex +SRC+= abstract.tex contents.tex + +DEPENDS+= lex-eidas.pdf + +notes.pdf: notes.tex +notes.pdf: ${SRC} + +slides.pdf: slides.tex +slides.pdf: ${SRC} + +lex-eidas.pdf: + curl -o $@ https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&from=EN + + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + +.PHONY: distclean +distclean: + ${RM} lex-eidas.pdf + + +INCLUDE_MAKEFILES=../../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/applications/digital-postbox-tutorial/abstract.tex b/applications/digital-postbox-tutorial/abstract.tex new file mode 100644 index 0000000..4012d9d --- /dev/null +++ b/applications/digital-postbox-tutorial/abstract.tex @@ -0,0 +1,22 @@ +% What's the problem? +% Why is it a problem? Research gap left by other approaches? +% Why is it important? Why care? +% What's the approach? How to solve the problem? +% What's the findings? How was it evaluated, what are the results, limitations, +% what remains to be done? + +% XXX Summary +\emph{Summary:} +\dots + +% XXX Motivation and intended learning outcomes +\emph{Intended learning outcomes:} +\dots + +% XXX Prerequisites +\emph{Prerequisites:} +\dots + +% XXX Reading material +\emph{Reading:} +\dots diff --git a/applications/digital-postbox-tutorial/contents.tex b/applications/digital-postbox-tutorial/contents.tex new file mode 100644 index 0000000..3096dc9 --- /dev/null +++ b/applications/digital-postbox-tutorial/contents.tex @@ -0,0 +1,218 @@ +\mode* + +\section{Digital Postbox} + +Traditionally we send paper mail by addressing a letter to a physical address +(including the recipient's name). +We write the address on an envelope and send it. +We want a digital transformation. +You should design a digital postbox and delivery service. + +\mode{% +\begin{frame} + \begin{idea}[Digital mail] + \begin{itemize} + \item We send paper mail by writing an address on an envelope. + \item We want to have a digital version. + \end{itemize} + \end{idea} + + \begin{remark} + \begin{itemize} + \item We have a few already: Kivra, eBoks, Digimail, Min myndighetspost. + \item Managed by DIGG\footnote{% + See \url{https://www.digg.se/digital-post}. + } + \end{itemize} + \end{remark} +\end{frame} +} + +\begin{frame} +\begin{exercise}[Functionality] + What functionality do we need? (High level) +\end{exercise} + +\begin{onlyenv}<2> + \begin{solution} + We'd need at least the following: + \begin{itemize} + \item Registration + \item Sending mail + \item Reading mail + \end{itemize} + \end{solution} +\end{onlyenv} +\end{frame} + +\begin{frame} +\begin{exercise}[Requirements] + What are the requirements on the service? +\end{exercise} +\end{frame} + +We have the following requirements on the service: +\begin{frame} +\begin{description} + \item[Registration] + A user can register for a post box. + As this post service will replace physical mail, it must be tied to a real + identity with a physical address. + + \pause + + \item[Sending mail] + A sender should be able to send mail to a recipient. + This mail should not be readable by any intermediary. + + \item[Reading mail] + The owner can read the mail. + Only the owner should be able to do this --- no one else, not even service + staff! + Recipient must be able to verify the authenticity of mail. +% +% \item[Anonymous mail] (Extra feature) +% A sender can send a letter to a recipient, but neither the recipient nor +% the service will learn the identity of the sender. +% The service will not learn the recipient either. +\end{description} +\end{frame} + +\begin{frame} + \begin{remark} + DIGG\footnote{Myndigheten för digital förvaltning} sets the official + requirements, see + \url{https://www.digg.se/digitala-tjanster/digital-post/digital-post-for-dig-som-leverantor/allmanna-villkor/allmanna-villkor-fr.o.m.-16-januari-2023/bilaga-1-krav-pa-sakerhet-for-brevladeoperatorer}. + \end{remark} +\end{frame} + +Solving this assignment will touch upon almost every topic in the course. +Make sure to base your designs on the theory of the course, add references +(that will help you). +\enquote{This feels secure} is not a convincing argument. +Likewise, \enquote{all connections should use TLS} will not cut it either; why +do you want TLS, what properties do you need and which of those will TLS +provide and why? + +\mode{% + \begin{frame} + \begin{exercise}[Design the digital mail service] + \begin{description} + \item[Registration] + Alice can register for a post box. + + \item[Sending mail] + Alice should be able to send mail to a recipient Bob. + Mail should not be readable by any intermediary. + + \item[Reading mail] + Bob can read all his received mail. + Service staff should not be able to read mail! + Bob must be able to verify the authenticity of mail, \eg that it's + from Alice. + \end{description} + \end{exercise} + + \pause + + \begin{block}{Organization} + \begin{itemize} + \item Groups of around three--four people. + \item Pick one of the three tasks functionalities. + \item Work for 15 minutes. + \item Group presentations and discussions. + \end{itemize} + \end{block} + \end{frame} + + \begin{frame} + \begin{solution} + \begin{itemize} + \item Presentation from groups. + \item Comments from everyone else. + \end{itemize} + \end{solution} + + \begin{question} + \begin{itemize} + \item Obstacles? + \item Limitations? + \item Recovery from failure? + \item In whom do we trust? + \end{itemize} + \end{question} + \end{frame} +} + +Notes from the session: +\begin{itemize} + \item Same as Signal protocol. + \item Just tie in BankID to get real identities. + \item The problem of end-to-end encryption: lost keys doesn't work. But it + still works with the existing digital mail services. +\end{itemize} + +\begin{frame} + \begin{exercise}[Data and metadata] + What data and metadata are revealed to whom? + How does this compare to the physical mail service? + \end{exercise} +\end{frame} + +\mode{% + \begin{frame} + \begin{exercise}[Adapt for anonymity] + \begin{description} + \item[Weak sender anonymity] + Alice can send a letter to Bob, but the service will not learn the + identity of the sender. + + \item[Sender anonymity] + Alice can send a letter to Bob, but neither Bob nor the service will + learn the identity of the sender. + + \item[Sender--receiver anonymity] + Same, but the service will not learn that Bob is the recipient + either. + \end{description} + \end{exercise} + + \pause + + \begin{block}{Organization} + \begin{itemize} + \item Groups of around three--four people. + \item Work for 20 minutes. + \item Group presentations and discussions. + \end{itemize} + \end{block} + \end{frame} + + \begin{frame} + \begin{solution} + \begin{itemize} + \item Presentation from groups. + \item Comments from everyone else. + \end{itemize} + \end{solution} + + \begin{question} + \begin{itemize} + \item Obstacles? + \item Limitations? + \item Recovery from failure? + \item In whom do we trust? + \end{itemize} + \end{question} + \end{frame} +} + + +\section{Digital identity} + +\begin{frame} + \begin{exercise} + What requirements do we have on digital identity for our postbox system? + How can we achieve those requirements? + \end{exercise} +\end{frame} diff --git a/applications/digital-postbox-tutorial/discussions-20240226.md b/applications/digital-postbox-tutorial/discussions-20240226.md new file mode 100644 index 0000000..d661ff3 --- /dev/null +++ b/applications/digital-postbox-tutorial/discussions-20240226.md @@ -0,0 +1,61 @@ +# Functionality + + - Server/client system? Peer to peer system? + - UI (but that's out of scope for now) + + - Addressing (registration) + - Payment for the service. (registration) + - To be able to send mail. + - To be able to receive mail. + - Some type infrastructure for storing mail. + +# Requirement + - Send/Receive: Mail is supposed to arrive in some timely fashion. + - Send/Receive: Mailman can't open mail. + - Send/Receive: Format for what can be sent. Size? Type? + - Send?/Receive/Addressing: Authentication? No authentication for the physical + mail. Must have authentication to read one's own mail. + - Send: Handle heavy load. (How heavy?) + +## Registration: +- Unique address +- Authentication that the user is indeed themselves and want to register for + the service. (Authorization to do this.) +- Where to store the addresses? How do senders find the addresses? + +## Send: +- How to find the address of somebody? +- Data handover? What data? Encrypted? With what key? + +## Receive: +- Decryption, with what key? How is that stored? +- Authentication to access the mail. +- Authentication so we know that the message integrity is fine. +- Where to find the data? + + +# Solutions + +## Registration: +- Auth using BankID +- Derive a public key from the BankID +- Use personnummer as address +- Saves us from a lot of problems with addresses +- BankID is a trusted source + +## Send: +- Use the Signal protocol to handle the encryption and authentication +- Clear text for addresses (compatible with personnummer) +- Someone observing the network can learn who is sending to whom, but not the + content of the message. +- What can be sent? Not just PDF and text, can even include movies. Depends on + the recipient's client. Allows for bad stuff to be sent. +- Infrastructure: server/client or p2p? Peers always online. + +## Receive: +- Asymetric encryption to protect the mail. +- Trust the service, keys stored at the service. +- Signing mails, what keys to encrypt with? If attacker breaks, we don't want + to ruin it for all mails. Key renewal. But must store all keys to access old + keys. + diff --git a/applications/digital-postbox-tutorial/notes.tex b/applications/digital-postbox-tutorial/notes.tex new file mode 100644 index 0000000..57440e9 --- /dev/null +++ b/applications/digital-postbox-tutorial/notes.tex @@ -0,0 +1,45 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage[noamsthm,notheorems]{beamerarticle} +\setjobnamebeamerversion{slides} + +%\usepackage{authblk} +%\let\institute\affil + +\declaretheorem[numbered=unless unique,style=theorem]{theorem} +\declaretheorem[numbered=unless unique,style=definition]{definition} +\declaretheorem[numbered=unless unique,style=definition]{assumption} +\declaretheorem[numbered=unless unique,style=definition]{protocol} +\declaretheorem[numbered=unless unique,style=example]{example} +%\declaretheorem[style=definition,numbered=unless unique, +% name=Example,refname={example,examples}]{example} +\declaretheorem[numbered=unless unique,style=remark]{remark} +\declaretheorem[numbered=unless unique,style=remark]{idea} +\declaretheorem[numbered=unless unique,style=exercise]{exercise} +\declaretheorem[numbered=unless unique,style=exercise]{question} +\declaretheorem[numbered=unless unique,style=solution]{solution} + +\begin{document} +\title{% + Tutorial: Digital Postbox and Identity +} +\author{Daniel Bosk} +\institute{% + KTH EECS +} + +\maketitle + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +\printbibliography +\end{document} diff --git a/applications/digital-postbox-tutorial/preamble.tex b/applications/digital-postbox-tutorial/preamble.tex new file mode 100644 index 0000000..9378c24 --- /dev/null +++ b/applications/digital-postbox-tutorial/preamble.tex @@ -0,0 +1,39 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[british]{babel} +\usepackage{booktabs} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{digital-postbox-tutorial.bib} + +\usepackage[all]{foreign} +\renewcommand{\foreignfullfont}{} +\renewcommand{\foreignabbrfont}{} + +\usepackage{newclude} +\usepackage{import} + +\usepackage[strict]{csquotes} +\usepackage[single]{acro} + +\usepackage{subcaption} + +\usepackage[noend]{algpseudocode} +\usepackage{xparse} + +\let\email\texttt + +\usepackage[outputdir=ltxobj]{minted} +\setminted{autogobble} + +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{mathtools} +\usepackage{amsthm} +\usepackage{thmtools} +\usepackage[unq]{unique} +\DeclareMathOperator{\powerset}{\mathcal{P}} + +\usepackage[binary-units]{siunitx} + +\usepackage[capitalize]{cleveref} diff --git a/applications/digital-postbox-tutorial/slides.tex b/applications/digital-postbox-tutorial/slides.tex new file mode 100644 index 0000000..46785d2 --- /dev/null +++ b/applications/digital-postbox-tutorial/slides.tex @@ -0,0 +1,118 @@ +\documentclass[ignoreframetext]{beamer} +\input{preamble.tex} + +\usetheme{Berlin} +\setbeamertemplate{footline}%{miniframes theme} +{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle} \hfill \insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} +} +\setbeamercovered{transparent} +\setbeamertemplate{bibliography item}[text] + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow!50!black} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + +\begin{document} +\title{% + Tutorial: Digital Postbox and Identity +} +\author{Daniel Bosk} +\institute{% + KTH EECS +} + +\begin{frame} + \maketitle +\end{frame} + +\mode +\input{contents.tex} +\mode* + +\begin{frame}[allowframebreaks] + \printbibliography +\end{frame} +\end{document} diff --git a/applications/signal/Makefile b/applications/signal/Makefile new file mode 100644 index 0000000..88ae6a9 --- /dev/null +++ b/applications/signal/Makefile @@ -0,0 +1,4 @@ +.PHONY: all +all: mls.pdf + +INCLUDE_MAKEFILES=../../makefiles diff --git a/course-overview/.gitignore b/course-overview/.gitignore new file mode 100644 index 0000000..67cb3d2 --- /dev/null +++ b/course-overview/.gitignore @@ -0,0 +1,3 @@ +ltxobj/ +notes.pdf +slides.pdf diff --git a/course-overview/Makefile b/course-overview/Makefile new file mode 100644 index 0000000..d474041 --- /dev/null +++ b/course-overview/Makefile @@ -0,0 +1,22 @@ +.PHONY: all +all: notes.pdf slides.pdf + +LATEXFLAGS+= -shell-escape + +SRC+= preamble.tex +SRC+= abstract.tex contents.tex + +notes.pdf: notes.tex +notes.pdf: ${SRC} + +slides.pdf: slides.tex +slides.pdf: ${SRC} + + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + + +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/course-overview/abstract.tex b/course-overview/abstract.tex new file mode 100644 index 0000000..4012d9d --- /dev/null +++ b/course-overview/abstract.tex @@ -0,0 +1,22 @@ +% What's the problem? +% Why is it a problem? Research gap left by other approaches? +% Why is it important? Why care? +% What's the approach? How to solve the problem? +% What's the findings? How was it evaluated, what are the results, limitations, +% what remains to be done? + +% XXX Summary +\emph{Summary:} +\dots + +% XXX Motivation and intended learning outcomes +\emph{Intended learning outcomes:} +\dots + +% XXX Prerequisites +\emph{Prerequisites:} +\dots + +% XXX Reading material +\emph{Reading:} +\dots diff --git a/course-overview/contents.tex b/course-overview/contents.tex new file mode 100644 index 0000000..7e82160 --- /dev/null +++ b/course-overview/contents.tex @@ -0,0 +1,306 @@ +\mode* + +\section{The goal} + +\begin{frame}[fragile] + \begin{center} + \Large + Primitives + \qquad + \qquad + Constructions + \end{center} +\end{frame} + +\begin{frame}[fragile] + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{block}{Primitives} + \begin{itemize} + \item Block ciphers + \item Stream ciphers + \item Hash functions + \item Message authentication codes + \item Digital signatures + \item Public key encryption + \item Zero-knowledge proofs + \item Secure multi-party computation + \end{itemize} + \end{block} + \end{column} + \begin{column}{0.5\textwidth} + \begin{block}{Constructions} + \begin{itemize} + \item Key exchange protocols + \item Identification and authentication protocols + \item Complex constructions from primitives + \end{itemize} + \end{block} + \end{column} + \end{columns} +\end{frame} + +\subsection{Primitives} + +\begin{frame}[fragile] + \begin{example}[Primitives: OTP] + \begin{itemize} + \item The One-Time Pad is perfectly secure. + \item It is a stream cipher. + \item It's also malleable---predictable bit flips! + \end{itemize} + \end{example} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[Primitives: RSA and ElGamal] + \begin{itemize} + \item RSA and ElGamal are public key encryption schemes. + \item They secure the connection to our internet bank. + \item Is it a good idea to send + \begin{center} + Enc(\texttt{``Transfer 1000 SEK to account 1234''}, k) + \end{center} + to the bank? + \end{itemize} + \end{example} +\end{frame} + +\subsection{Constructions} + +\begin{frame}[fragile] + \begin{example}[Construction: BankID] + \begin{itemize} + \item BankID is a construction based on public key encryption. + \item It is used to authenticate users. + \item It is also used to sign transactions. + \item How should this be constructed to minimize attacks? + \end{itemize} + \end{example} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[Construction: Tor] + \begin{itemize} + \item Tor is a construction based on onion routing. + \item It is used to anonymize internet traffic. + \item It uses crypto a lot. + \item How should this be constructed to minimize attacks? + \end{itemize} + \end{example} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[Example: The Signal Protocol] + \begin{itemize} + \item The Signal Protocol is used for secure messaging. + \item It provides end-to-end encryption for messages. + \item Key features include perfect forward secrecy and deniability. + \item Widely used in applications like WhatsApp and Facebook Messenger. + \item How to do group messaging securely? + \end{itemize} + \end{example} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[Example: Remote Attestation Protocols] + \begin{itemize} + \item Remote Attestation validates the integrity of a device. + \item It leverages cryptographic proofs to verify software states. + \item Commonly used in trusted computing environments. + \item Helps in ensuring the device has not been tampered with. + \item How can we use this and how can we do it correctly? + \end{itemize} + \end{example} +\end{frame} + +\begin{frame}[fragile] + \begin{example}[Example: Keyless Entry to Cars] + \begin{itemize} + \item Keyless entry systems use wireless communication. + \item Protocols allow unlocking and starting the vehicle without a + physical key. + \item Vulnerable to relay attacks if not properly secured. + \end{itemize} + \end{example} +\end{frame} + +\subsection{Intended learning outcomes} + +\begin{frame}[fragile] + \begin{block}{Intended learning outcomes} + After passing the course, the student should be able to: + \begin{itemize} + \item use basic terminology in + computer security and cryptography correctly + \item describe cryptographic concepts and explain their security + properties + \item find and use documentation of cryptographic libraries and standards + \item identify and categorise threats against a cryptographic IT-system + at a conceptual level, suggest appropriate countermeasures and present + the reasoning to others + \end{itemize} + \end{block} +\end{frame} + +\begin{frame} + \begin{block}{Purpose} + \dots in order to + \begin{itemize} + \item as citizen and engineer be able to discuss applied cryptography in + general, and risks of using/developing cryptography in particular + \item in professional life and/or research and development project be + able to evaluate challenges in software development related to + cryptography. + \end{itemize} + \end{block} +\end{frame} + +\begin{frame} + \begin{block}{In other words ...} + \begin{itemize} + \item<+> You should be able to write your own version of BankID. + \item<+> You should be able to make well-founded contributions to + discussions about things like ChatControl. + \end{itemize} + \end{block} +\end{frame} + + +\section{The content} + +\subsection{Lectures} + +\begin{frame}[fragile] + \begin{block}{Lecture format} + \begin{itemize} + \item Most on campus + \item Some flipped (watch videos before class) + \item Some online (participate through Zoom) + \end{itemize} + \end{block} + + \begin{figure} + \includegraphics[width=0.8\textwidth]{figs/lecture-mode.png} + \caption{Screenshot from Canvas showing the lecture mode.} + \end{figure} +\end{frame} + +\begin{frame}[fragile] + \begin{block}{Lecture content} + \begin{itemize} + \item Crypto primitives + \item Practical applications + \item Issues and higher level problems + \end{itemize} + \end{block} +\end{frame} + +\begin{frame}[fragile] + \begin{block}{Lecture content (cont.)} + \begin{itemize} + \item The lectures are complemented by reading material. + \item \alert<2>{However, not all of them are published yet.} + \end{itemize} + \end{block} + + \begin{figure} + \includegraphics[width=0.8\textwidth]{figs/lecture-mode.png} + \caption{Screenshot from Canvas showing the lecture mode.} + \end{figure} +\end{frame} + +\subsection{Assignments} + +\begin{frame}[fragile] + \begin{block}{LADOK modules} + \begin{itemize} + \item LAB1 + \item INL1 + \end{itemize} + \end{block} +\end{frame} + +\begin{frame}[fragile] + \begin{block}{LAB1, mandatory} + \begin{itemize} + \item Cryptanalysis of Ciphertexts + \item Implement AES (Kattis Problem) + \item AES presentation + \item MANDATORY Seminar (31/1): usability (Sonja) ON CAMPUS + \item MANDATORY Seminar (pick 6/2): Impact considerations around crypto systems (Sonja) ON CAMPUS + \item MANDATORY Design Considerations (after the impact considerations seminar) + \item MANDATORY Lab (20-21/2): Introduction to ProVerif (Karl and Jesper) ON CAMPUS + \end{itemize} + \end{block} +\end{frame} + +\begin{frame}[fragile] + \begin{block}{LAB1, optional} + \begin{itemize} + \item Optional: Cryptopals (C, B, A) + \item Optional: Side channels (C, B, A) + \item Optional: Secure multi-party computation (C, B, A) + \end{itemize} + \end{block} + + \begin{remark}[Higher grades] + \begin{itemize} + \item To get a higher grade, you need to do some of the optional + assignments. + \end{itemize} + \end{remark} +\end{frame} + +\begin{frame}[fragile] + \begin{block}{INL1} + \begin{itemize} + \item INL1Quiz Cryptographic Concepts 2024 + \item INL1Written + \item INL1Oral + \end{itemize} + \end{block} +\end{frame} + +\begin{frame}[fragile] + \begin{block}{Assignment format} + \begin{itemize} + \item Most can be done at any time. + \item Some have a specified lab session. + \begin{itemize} + \item MANDATORY Seminar (31/1): usability (Sonja) ON CAMPUS + \item MANDATORY Seminar (pick 6/2): Impact considerations around + crypto systems (Sonja) ON CAMPUS + \item MANDATORY Lab (20-21/2): Introduction to ProVerif (Karl and + Jesper) ON CAMPUS + \end{itemize} + \item All assignments are individual. + \end{itemize} + \end{block} + + \begin{remark}[LabWeek] + \begin{itemize} + \item If you miss, you can catch up in LabWeek in June. + \end{itemize} + \end{remark} +\end{frame} + +\subsection{Structure} + +\begin{frame}[fragile] + \begin{center} + \huge + Canvas + \end{center} +\end{frame} + + +\section{What you should be able to do in the end} + +\begin{frame}[fragile] + \begin{block}{What you should be able to to do} + \begin{itemize} + \item Let's look at INL1Written + \end{itemize} + \end{block} +\end{frame} diff --git a/course-overview/figs/HAC-TOC.png b/course-overview/figs/HAC-TOC.png new file mode 100644 index 0000000..7d5fce9 Binary files /dev/null and b/course-overview/figs/HAC-TOC.png differ diff --git a/course-overview/figs/lecture-mode.png b/course-overview/figs/lecture-mode.png new file mode 100644 index 0000000..ee9781f Binary files /dev/null and b/course-overview/figs/lecture-mode.png differ diff --git a/course-overview/notes.tex b/course-overview/notes.tex new file mode 100644 index 0000000..f72f055 --- /dev/null +++ b/course-overview/notes.tex @@ -0,0 +1,45 @@ +\documentclass{article} + +\usepackage[hyphens]{url} +\usepackage[hidelinks]{hyperref} + +\input{preamble.tex} + +\usepackage[noamsthm,notheorems]{beamerarticle} +\setjobnamebeamerversion{slides} + +%\usepackage{authblk} +%\let\institute\affil + +\declaretheorem[numbered=unless unique,style=theorem]{theorem} +\declaretheorem[numbered=unless unique,style=definition]{definition} +\declaretheorem[numbered=unless unique,style=definition]{assumption} +\declaretheorem[numbered=unless unique,style=definition]{protocol} +\declaretheorem[numbered=unless unique,style=example]{example} +%\declaretheorem[style=definition,numbered=unless unique, +% name=Example,refname={example,examples}]{example} +\declaretheorem[numbered=unless unique,style=remark]{remark} +\declaretheorem[numbered=unless unique,style=remark]{idea} +\declaretheorem[numbered=unless unique,style=exercise]{exercise} +\declaretheorem[numbered=unless unique,style=exercise]{question} +\declaretheorem[numbered=unless unique,style=solution]{solution} + +\begin{document} +\title{% + Overview of the Applied Crypto course +} +\author{Daniel Bosk} +\institute{% + KTH EECS +} + +\maketitle + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\input{contents.tex} + +\printbibliography +\end{document} diff --git a/course-overview/preamble.tex b/course-overview/preamble.tex new file mode 100644 index 0000000..918f380 --- /dev/null +++ b/course-overview/preamble.tex @@ -0,0 +1,43 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[british]{babel} +\usepackage{booktabs} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage[all]{foreign} +\renewcommand{\foreignfullfont}{} +\renewcommand{\foreignabbrfont}{} + +\usepackage{newclude} +\usepackage{import} + +\usepackage[strict]{csquotes} +\usepackage[single]{acro} + +\usepackage{subcaption} + +\usepackage[noend]{algpseudocode} +\usepackage{xparse} + +\let\email\texttt + +\usepackage[outputdir=ltxobj]{minted} +\setminted{autogobble} + +\usepackage{pythontex} +\setpythontexoutputdir{.} +\setpythontexworkingdir{..} + +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{mathtools} +\usepackage{amsthm} +\usepackage{thmtools} +\usepackage[unq]{unique} +\DeclareMathOperator{\powerset}{\mathcal{P}} + +\usepackage[binary-units]{siunitx} + +\usepackage[capitalize]{cleveref} diff --git a/course-overview/slides.tex b/course-overview/slides.tex new file mode 100644 index 0000000..d632236 --- /dev/null +++ b/course-overview/slides.tex @@ -0,0 +1,118 @@ +\documentclass[ignoreframetext]{beamer} +\input{preamble.tex} + +\usetheme{Berlin} +\setbeamertemplate{footline}%{miniframes theme} +{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle} \hfill \insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} +} +\setbeamercovered{transparent} +\setbeamertemplate{bibliography item}[text] + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + +\begin{document} +\title{% + Overview of the Applied Crypto course +} +\author{Daniel Bosk} +\institute{% + KTH EECS +} + +\begin{frame} + \maketitle +\end{frame} + +\mode +\input{contents.tex} +\mode* + +\begin{frame}[allowframebreaks] + \printbibliography +\end{frame} +\end{document} diff --git a/evaluation/.gitignore b/evaluation/.gitignore new file mode 100644 index 0000000..5b214dd --- /dev/null +++ b/evaluation/.gitignore @@ -0,0 +1,9 @@ +ltxobj/ +results-INL1.csv +results-LAB1.csv +results.csv +results.pdf +results.sh +results.tex +submissions-INL1.csv +submissions-LAB1.csv diff --git a/evaluation/Makefile b/evaluation/Makefile new file mode 100644 index 0000000..6d19167 --- /dev/null +++ b/evaluation/Makefile @@ -0,0 +1,9 @@ +LATEXFLAGS+= -shell-escape + +.PHONY: all +all: results.pdf results.sh +Makefile: results.nw + ${NOTANGLE.mk} +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk +include ${INCLUDE_MAKEFILES}/noweb.mk diff --git a/evaluation/preamble.tex b/evaluation/preamble.tex new file mode 100644 index 0000000..768337c --- /dev/null +++ b/evaluation/preamble.tex @@ -0,0 +1,49 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[swedish,british]{babel} + +\usepackage{noweb} +\noweboptions{longchunks,longxref} +\usepackage{booktabs} + +\usepackage[natbib,style=alphabetic,maxbibnames=99]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage[all]{foreign} +\renewcommand{\foreignfullfont}{} +\renewcommand{\foreignabbrfont}{} + +%\usepackage{newclude} +\usepackage{import} + +\usepackage[strict]{csquotes} +\usepackage[single]{acro} + +\usepackage{subcaption} + +\usepackage[noend]{algpseudocode} +\usepackage{xparse} + +\let\email\texttt + +\usepackage[outputdir=ltxobj]{minted} +\setminted{autogobble,linenos} + +\usepackage{pythontex} +\setpythontexoutputdir{.} +\setpythontexworkingdir{..} + +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{mathtools} +\usepackage{amsthm} +\usepackage{thmtools} +\usepackage[unq]{unique} +\DeclareMathOperator{\powerset}{\mathcal{P}} + +\usepackage[binary-units]{siunitx} + +\usepackage{didactic} + +\usepackage{hyperref} +\usepackage{cleveref} diff --git a/evaluation/results.nw b/evaluation/results.nw new file mode 100644 index 0000000..0dadb3c --- /dev/null +++ b/evaluation/results.nw @@ -0,0 +1,346 @@ +\documentclass[a4paper]{article} +\input{preamble.tex} + +% https://tex.stackexchange.com/a/205183/17418 +\def\shortyear#1{\expandafter\shortyearhelper#1} +\def\shortyearhelper#1#2#3#4{#3#4} + +\title{Results summary: tilkry\shortyear{\the\year}} +\author{Daniel Bosk} + +\begin{document} +\maketitle +\tableofcontents +@ + +\begin{pycode} +import subprocess + +def minted_output(command): + output = subprocess.run(command, capture_output=True) + print(r'\begin{minted}{text}') + print(output.stdout.decode('utf-8').strip()) + print(r'\end{minted}') +\end{pycode} + +\section{The stats} + +We'll give an overview of the stats here. +In the following section we see how they are computed. +In this section we'll just run the script and show the output here. + +\subsection{Results on INL1} + +The INL1 module has only mandatory assignments. +Let's start with the overall grades: +\begin{pycode} +minted_output(['bash', 'results.sh', 'grades', 'INL1']) +\end{pycode} + +We can see that there are some Fs. +Let's see which assignments generated Fs: +\begin{pycode} +minted_output(['bash', 'results.sh', 'fails', 'INL1']) +\end{pycode} +Most are due to the quiz. + +\subsection{Results on LAB1} + +Let's move on to LAB1. +This is the more complex part where there are optional assignments, and +depending on how the student does they'll get a grade in the scale between A +and F. +\begin{pycode} +minted_output(['bash', 'results.sh', 'grades', 'LAB1']) +\end{pycode} +Most students did well. +Particularly many got an A or B. + +Let's see which assignments generated Fs: +\begin{pycode} +minted_output(['bash', 'results.sh', 'fails', 'LAB1']) +\end{pycode} +Only one. +This is probably due to the students not having submitted some of the mandatory +assignments. +Therefore, let's have a look at which assignments missed the most submissions: +\begin{pycode} +minted_output(['bash', 'results.sh', 'missing', 'LAB1']) +\end{pycode} +We see that rather many of the mandatory assignments are missing submissions. + + +\section{The script, or, how the results are made} + +We'll write a short shell script that fetches the results from Canvas and +summarizes them in statistics. +This will be done in the same way as they are reported to LADOK, so they'll be +representative. +<>= +#!/bin/bash + +<> +<> + +main() { + <> +} + +# call main if not sourced +# https://stackoverflow.com/a/28776166/1305099 +(return 0 2>/dev/null) || main "$@" +@ + +We'll also make calls to that code in this documentation, to get the results +and how they were generated. +<>= +<> + +.PHONY: all +all: results.pdf results.sh + +results.pdf: results.tex results.sh +@ + +We'll also build this Makefile. +We're fortunately enough that [[make]] tries to remake any Makefile that it +loads. +<>= +Makefile: results.nw + ${NOTANGLE.mk} +@ + +We'll execute the script in the documentation using PythonTeX, so we need the +[[-shell-escape]] flag. +<>= +LATEXFLAGS+= -shell-escape +@ + +Finally, we'll use some automation to build. +<>= +INCLUDE_MAKEFILES=../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk +include ${INCLUDE_MAKEFILES}/noweb.mk +@ + + +\subsection{Calling the functions} + +We'll take the function name as the first argument and simply call it. +If we don't have any arguments, we'll call the [[all]] function. +<>= +[[ "$1" = "" ]] && all || "$@" +<>= +all() { + <> +} +@ + + + +\subsection{Fetching the results} + +Let's start by defining the course and modules that we're interested in. +<>= +YEAR=$(date +%y) +COURSE=tilkry${YEAR} +@ + +We'll now defined two functions that can be used to fetch the desired results. +These will also act as a cache, so that we don't fetch results more than once. + +We have two modules: LAB1 and INL1. +LAB1 needs a particular module to compute the final grade ([[-S]] option). +So we need to treat that with a special case. +But INL1 can use the default. + +We'll use a function to fetch the results for each module. +It takes the module as an argument. +If the module is LAB1, we'll use the special case. + +We'll compute the grades using [[canvaslms results]], which is the same way as +the results are reported to LADOK. +However, this takes time, so we'll only do it if the file doesn't already +exist. +This way each function can call the same function to fetch the results, but it +will slow down only if they don't already exist. +<>= +fetch_results() { + local module=$1 + local file=results-${module}.csv + + echo "$file" + + [[ -f $file ]] && return + + case $module in + LAB1) + canvaslms results -c ${COURSE} -F '' \ + -A "^${module}" -S canvaslms.grades.tilkry${module} \ + > ${file} + ;; + *) + canvaslms results -c ${COURSE} -F '' \ + -A "^${module}" \ + > ${file} + ;; + esac +} +@ + +We'll do the same for fetching submission results for the individual +assignments (not the module as a whole). +There is no special case for this one. +<>= +fetch_submissions() { + local module=$1 + local file=submissions-${module}.csv + + echo "$file" + + [[ -f $file ]] && return + + canvaslms submissions -c ${COURSE} \ + -A "^${module}" \ + > ${file} +} +@ + + +\subsection{The stats} + +Let's look at the stats. +We'll add one function per stat we want. + +\subsection{Grades of modules} + +We'll start by looking at the grades of the modules. +We'll create a function that generates stats for a module, where the module is +passed as an argument. +<>= +grades() { + local modules="$@" + + for module in $modules; do + local results=`fetch_results $module` + echo + echo "${module}:" + cat $results | cut -f 4 | sort | uniq -c + done +} +@ + +If we consider running [[grades LAB1 INL1]], the result looks like this: +\begin{pycode} +minted_output(['bash', 'results.sh', 'grades', 'LAB1', 'INL1']) +\end{pycode} + + +\subsection{Which assignments generated Fs?}\label{GeneratedFs} + +We want to know this for each of the modules (LAB1, INL1). +We want a function that takes the module as an argument and then outputs the +distribution of Fs for the assignments. +We'll do this by filtering out the Fs and then count the occurrences of each +assignment. +<>= +fails() { + local modules="$@" + + for module in $modules; do + local submissions=`fetch_submissions $module` + echo + echo "${module} Fs:" + grep -E '\sFx?\s' $submissions | cut -f 2 | sort | uniq -c \ + | sort -n + done +} +@ + +If we consider running [[fails INL1]], the result looks like this: +\begin{pycode} +minted_output(['bash', 'results.sh', 'fails', 'INL1']) +\end{pycode} + +\subsection{Stats of LAB1 and INL1} + +We'll start by looking at the grades of LAB1, which is also the final grade. +<>= +echo +grades LAB1 +fails LAB1 +echo +grades INL1 +fails INL1 +@ + +\subsection{Which assignments were the least popular?} + +We now want to see which assignments the students did and which they did not. +In \cref{GeneratedFs} we saw which assignments generated Fs. +But that will only catch the assignments that students did and failed, not +assignments where students made no attempt. + +We'll create a function that takes the module as an argument and then outputs +the distribution of submissions for each assignment. +A submission is counted as a submission if it has a date. +<>= +submissions() { + local modules="$@" + + for module in $modules; do + <> + <> + echo + echo "${module} submissions:" + grep <> \ + | <> + <> + done +} +<>= +local submissions=`fetch_submissions $module` +<>= +local num_users=`cat $submissions | cut -f 3 | sort -u | wc -l` +<>= +-P '\d{4}-\d{2}-\d{2}' $submissions +<>= +cut -f 2 | sort | uniq -c | sort -rn +<>= +echo "Out of maximum ${num_users}." +@ + +If we consider running [[submissions INL1]], the result looks like this: +\begin{pycode} +minted_output(['bash', 'results.sh', 'submissions', 'INL1']) +\end{pycode} +But if we look at LAB1, which has optional assignments, we get this: +\begin{pycode} +minted_output(['bash', 'results.sh', 'submissions', 'LAB1']) +\end{pycode} + +We also add a function for the opposite, to count how many submissions an +assignment is missing. +<>= +missing() { + local modules="$@" + for module in $modules; do + <> + <> + echo + echo "${module} missing submissions:" + grep -v -P <> \ + | <> + <> + done +} +@ + +If we consider running [[missing LAB1]], the result looks like this: +\begin{pycode} +minted_output(['bash', 'results.sh', 'missing', 'LAB1']) +\end{pycode} +We can see that the assignment \enquote{Secure multi-party computation} is the +only (optional) assignment that no student did. + +\end{document} diff --git a/makefiles b/makefiles index 01ac17e..f8aa545 160000 --- a/makefiles +++ b/makefiles @@ -1 +1 @@ -Subproject commit 01ac17e46017837aad4ebfd4f6a31c76c99c57eb +Subproject commit f8aa5459d4fd486c3094804131448100da4568b8 diff --git a/one-way/contents.tex b/one-way/contents.tex index 195636f..079dfb9 100644 --- a/one-way/contents.tex +++ b/one-way/contents.tex @@ -11,6 +11,97 @@ % 15 and 30 frames, all told. +\section{Introduction} + +\begin{frame} + \begin{example}[Encrypt with OTP] + \begin{itemize} + \item Let \(\Enc[_k][\cdot] = \Dec[_k][\cdot] = \cdot\oplus k\bmod 2\). + + \pause{} + + \item Alice and Bob share \(k\). + \item Alice sends \(\Enc[_k][m] = c\) to Bob. + + \pause{} + + \item Eve intercepts \(c\), she cannot get to \(m\). + + \pause{} + + \item Eve computes \(c' = c\oplus m_E\) and passes \(c'\) to Bob. + + \pause{} + + \item Bob computes \(\Dec[_k][c'] = \Dec[_k][c\oplus m_E] = m\oplus + k\oplus m_E\oplus k = m\oplus m_E\). + \end{itemize} + \end{example} + + \pause{} + + \begin{exercise} + How can we solve this? + Bob needs to know that Eve modified the message! + \end{exercise} +\end{frame} + +\begin{frame} + \begin{idea}[\acp{MAC}] + \acuse{MA} + \begin{itemize} + \item Alice and Bob need something that Eve doesn't know how to modify. + + \pause{} + + \item If that something is tied to the message, then a modified message + would be detectable. + \end{itemize} + \end{idea} + + \pause{} + + \begin{exercise} + Any ideas on how we can construct such a thing? + \end{exercise} +\end{frame} + +\mode{\NewVariable{\vk}{vk}} + +\begin{frame}[fragile] + \begin{solution} + \begin{itemize} + \item We need redundancy. + \item Let's try with a cipher. + \item Alice and Bob share a verification key \(\vk\). + \item Take the ciphertext \(c\) and generate a tag \(t\): + \[t = \Enc[_{\vk}][c].\] + \item Send \((c, t)\) to Bob. + Bob gets \((c', t')\). + \item Bob computes \(t'' = \Enc[_{\vk}][c']\), checks \(t'' \stackrel?= + t'\). + \end{itemize} + \end{solution} + + \pause{} + + \begin{question} + \begin{itemize} + \item Any thoughts on this construction? + \end{itemize} + \end{question} +\end{frame} + +\begin{frame}[fragile] + \begin{block}{idea} + \begin{itemize} + \item We also want compression. + \item Can't make things double in size. + \end{itemize} + \end{block} +\end{frame} + + \section{One-way functions} \subsection{Hash functions} @@ -52,21 +143,7 @@ \subsection{Hash functions} \end{exercise} \end{frame} -\begin{frame} - \begin{definition}[One-way function\footfullcite{GoldreichFOC-1}] - \begin{itemize} - \item Let \(h\colon \{0,1\}^*\to \{0,1\}^*\). - \item \(h\) is \emph{one-way} if - \begin{enumerate} - \item there exists an efficient algorithm \(A\) such that \(A(x) - = h(x)\); - \item for every efficient algorithm \(A^\prime\), every positive - polynomial \(p(\cdot)\) and all sufficiently large \(n\)'s - \[\Prob{A^\prime(h(x), 1^n) \in h^{-1}(h(x))} < \frac{1}{p(n)}\] - \end{enumerate} - \end{itemize} - \end{definition} -\end{frame} +\mode{\includepdf[pages=2-7]{./dog-hash-tilkry24.pdf}} \begin{frame} \begin{definition}[Preimage resistance] @@ -91,6 +168,28 @@ \subsection{Hash functions} \end{definition} \end{frame} +\mode{\includepdf[pages=8-9]{./dog-hash-tilkry24.pdf}} + +\begin{frame} + \begin{definition}[One-way function\footfullcite{GoldreichFOC-1}] + \begin{itemize} + \item Let \(h\colon \{0,1\}^*\to \{0,1\}^*\). + \item \(h\) is \emph{one-way} if + \begin{enumerate} + \item there exists an efficient algorithm \(A\) such that \(A(x) + = h(x)\); + \item for every efficient algorithm \(A^\prime\), every positive + polynomial \(p(\cdot)\) and all sufficiently large \(n\)'s + \[\Prob{A^\prime(h(x), 1^n) \in h^{-1}(h(x))} < \frac{1}{p(n)}\] + \end{enumerate} + \end{itemize} + \end{definition} +\end{frame} + +\mode{\includepdf[pages=10-29]{./dog-hash-tilkry24.pdf}} + +\subsection{Hash functions in practice} + \begin{frame} \begin{example}[Implementations you might've heard of] \begin{itemize} @@ -109,6 +208,8 @@ \subsection{Hash functions} \end{example} \end{frame} +\mode{\includepdf[pages=30-39]{./dog-hash-tilkry24.pdf}} + \begin{frame} \begin{remark} \begin{itemize} @@ -123,10 +224,10 @@ \subsection{Hash functions} \end{remark} \end{frame} -\subsection{\Aclp{MAC}} +\section{\Aclp{MAC}} \begin{frame} - \begin{example} + \begin{example}[Encrypt with OTP, again] \begin{itemize} \item Let \(\Enc[_k][\cdot] = \Dec[_k][\cdot] = \cdot\oplus k\bmod 2\). @@ -176,6 +277,12 @@ \subsection{\Aclp{MAC}} \begin{exercise} Any ideas on how we can construct such a thing? \end{exercise} + + \begin{remark} + \begin{itemize} + \item Last time we used a cipher. + \end{itemize} + \end{remark} \end{frame} \begin{frame} @@ -191,7 +298,11 @@ \subsection{\Aclp{MAC}} \pause{} \item A secret hash function would violate Kerckhoff's principle, so - that's not an option. + that's not an option.\only<3>{\footnote{% + However, in theory, we should pick a random hash function. + But, in practice, we use a fixed hash function. + There aren't too many to choose from \dots + }} \pause{} @@ -199,14 +310,15 @@ \subsection{\Aclp{MAC}} \item Then \(h(m) = t\) and \begin{itemize} - \item \(\Dec[k]{c^\prime} = m^\prime = m\oplus m_E, h(m^\prime)\neq + \item \(\Dec[k][c^\prime] = m^\prime = m\oplus m_E, h(m^\prime)\neq t\). - \item \(\Dec[k]{c} = m, h(m) = t\). + \item \(\Dec[k][c] = m, h(m) = t\). \end{itemize} \pause{} \item Eve makes up \(m'\), she can compute \(t' = h(m')\). + Also lets Eve guess \(m\). \end{itemize} \end{example} \end{frame} @@ -231,6 +343,12 @@ \subsection{\Aclp{MAC}} \item But the idea is correct. \end{itemize} \end{remark} + + \begin{exercise} + \begin{itemize} + \item Why is it fine for \(s\) but not for \(m\) (before)? + \end{itemize} + \end{exercise} \end{frame} \begin{frame} diff --git a/one-way/dog-hash-tilkry24.pdf b/one-way/dog-hash-tilkry24.pdf new file mode 100644 index 0000000..166bd08 Binary files /dev/null and b/one-way/dog-hash-tilkry24.pdf differ diff --git a/one-way/one-way-slides.tex b/one-way/one-way-slides.tex index 1e777db..0a1e5eb 100644 --- a/one-way/one-way-slides.tex +++ b/one-way/one-way-slides.tex @@ -38,11 +38,12 @@ Daniel Bosk } \institute[KTH/MIUN]{% - School of Computer Science and Communication,\\ - KTH Royal Institute of Technology, Stockholm - \and - Department of Information and Communication Systems,\\ - Mid Sweden University, Sundsvall + School of Electrical Engineering and Computer Science,\\ + KTH Royal Institute of Technology, Stockholm\footnote{% + Part of the work was done while at the + Department of Information and Communication Systems, + Mid Sweden University, Sundsvall. + } } \date{\today} @@ -52,6 +53,8 @@ \maketitle \end{frame} +\mode{\includepdf[pages=1]{./dog-hash-tilkry24.pdf}} + \begin{abstract} \input{abstract.tex} \end{abstract} diff --git a/one-way/preamble.tex b/one-way/preamble.tex index 94bbcd4..e40ad51 100644 --- a/one-way/preamble.tex +++ b/one-way/preamble.tex @@ -9,8 +9,8 @@ \usepackage{multicol} \usepackage{booktabs} \usepackage[strict]{csquotes} -\usepackage{cleveref} \usepackage{amssymb,amsmath,amsthm} +\usepackage{pdfpages} \setbeamertemplate{bibliography item}[text] \usepackage[natbib,sorting=none,maxbibnames=99]{biblatex} @@ -23,3 +23,4 @@ \usepackage{tikz} \usetikzlibrary{arrows} +\usepackage{cleveref} diff --git a/project/scenario2024.md b/project/scenario2024.md new file mode 100644 index 0000000..e6e1a45 --- /dev/null +++ b/project/scenario2024.md @@ -0,0 +1,113 @@ +# Last year's scenario/system description + +Due to the recent changes at twitter and Slack, and security problems with +Mastodon (e.g Links to an external site.), KTH decided to commission +a new system for KTH students and staff to communicate in various +constellations: individually, in closed groups according to topics or +roles, KTH wide, and open to the public, with configurable duration +of how long messages are stored. There is a prototype with all the +functionality except security by cryptography, which is your task. For +instance, access rights work correctly but nothing is encrypted or hashed. + +# Scenario/system description 2024, alternative 1 + +KTH wants to improve the security and usability of the access card system. The +cards should be optional, it should be possible to use a smartphone instead +(changes usability, whether the smartphone increases usability is up for +discussion). + +The access system handles both staff and students. Different individuals should +have different access rights. Access rights might be changed at any time +(including expiring at termination of studies or employment). + +Your task is to design the crypto that secures this system. + +# Scenario/system description 2024, alternative 2 + +KTH wants to improve the security and usability of the access card system. The +(passive) cards should be replaced by (active) key fobs that can be kept in the +pocket while opening a door (as is quite popular on modern cars, see [Smart +key][smartkey]). Possibly a smartphone can act as such an active key fob. + +Your task is to design the crypto that secures this system. + +[smartkey]: https://en.wikipedia.org/wiki/Smart_key + +# Scenario/system description 2024, alternative 3 + +People have trouble distinguishing between AI-generated and camera-recorded +photographic images. We want to be able to cryptographically verify the +authenticity of images captured by camera, thus ensuring that the images are +real and not AI-generated. + +Any photographic output from a camera should be signed by the camera. It should +not be possible to get a camera signature on an image or video it didn't +capture, so the image sensor outputs signed data that the camera then writes to +storage. + +Any image viewer/video player (like a web browser) should be able to add a +warning to the user (e.g. a red border) if the signature is missing or invalid +(i.e. it might be AI generated). + +Outline the needed crypto. Discuss the properties needed and any obstacles. +Remember to cover all relevant areas that we've covered in the course. + +## Things to think about + +Key revocation: adversarial environment, must revoke leaked keys. + +What to do with a camera if a key is revoked? Useless camera, recovery? + +Extracting the crypto HW from the camera to use it to sign other things. + +Use sidechannel attacks to extract the key. + +How to generate randomness, what source of entropy? If the HW can be tricked to +reuse the same randomness twice (zero entropy in the pool) for the same +message, we can extract the key. (For some schemes, such as Schnorr.) + +Image editing? Can sign the raw image and change image format to provide raw +(signed) and edits. Same for compression, if the compression runs in a secure +environment, it can sign the compressed image and still be trusted that it +verified the signature and that the results is still "the same". + +Taking a photo of an AI generated image? Can include a depth sensor and sign +that data with the image, to tie them together. + +Strong randomness when keys are generated, "non-overlapping" keys. + +Can track the camera by the signature, privacy concerns. +Can also use the signature to track illegal images (eg +child pornography) back to the camera and its owner. + +If only some cameras have this capability, we'll still get the problem that +people might believe pictures that are taken by "ordinary people" but censored +by the "elite journalists with an agenda" who can afford the expensive cameras +that can sign images. This is a social problem, not a technical one. + +## Alternative solutions + +Using MACs with the camera manufacturer. Manufacturer resigns it. For privacy. + +# Scenario/system description 2024, alternative 4 + +People have trouble distinguishing between bots and humans on platforms such as +Twitter (now that the real service is called X, we can actually use Twitter as +a figurative example service). The problem with bots is that one person may +appear as thousands of persons by having bot accounts act like other humans +liking tweets and posting new tweets propagating similar opinions. Thus someone +might believe that many more people share a certain opinion than is actually +the case. + +To approach this problem, we want to be able to cryptographically detect if two +users on Twitter are the same person or not, thus detecting networks of bots +belonging to the same person. For this reason we will force all users to +digitally sign all their tweets. A person making a bot network will have to +sign all tweets (or likes) with the same key. + +Someone reading a twitter feed can then detect if two tweets are signed by the +same key, and thus the same person. This can be used to detect bot networks. + +Outline the needed crypto. Discuss the properties needed and any obstacles. +Remember to cover all relevant areas that we've covered in the course. + diff --git a/pub-key/Makefile b/pub-key/Makefile index 5507a57..3b09415 100644 --- a/pub-key/Makefile +++ b/pub-key/Makefile @@ -15,6 +15,7 @@ beamer-didactic.sty: ../beamer-didactic/beamer-didactic.sty ../beamer-didactic/beamer-didactic.sty: ${MAKE} -C $(dir $@) $(notdir $@) +bibliography.bib: crypto.bib bibliography.bib: bibliography.bib(pub-key.bib crypto.bib) diff --git a/pub-key/contents.tex b/pub-key/contents.tex index 5846412..e9b05b7 100644 --- a/pub-key/contents.tex +++ b/pub-key/contents.tex @@ -11,6 +11,16 @@ % 15 and 30 frames, all told. +\section{Introduction} + +\subsection{The idea and its origin} + +\mode{\includepdf[pages=42-47]{./dog-pubkey-tilkry24.pdf}} + +%\subsection{Preliminaries} +% +%\mode{\includepdf[pages=49-59]{./dog-pubkey-tilkry24.pdf}} + \section{Public-key cryptography} \subsection{Key-exchange schemes} @@ -27,15 +37,15 @@ \subsection{Key-exchange schemes} \end{itemize} \end{idea} -% \pause{} -% -% \begin{exercise} -% \begin{itemize} -% \item Say Alice and Bob want to communicate. -% \item Eve wants to eavesdrop as usual. -% \item What are the requirements of such a system? -% \end{itemize} -% \end{exercise} + \pause + + \begin{example}[Key agreement] + \begin{itemize} + \item Can exchange keys if set up properly. + \item Kerberos is all about agreeing on symmetric keys---using only + symmetric keys. + \end{itemize} + \end{example} \end{frame} \begin{frame} @@ -47,6 +57,8 @@ \subsection{Key-exchange schemes} \end{solution} \end{frame} +\mode{\includepdf[pages=49-54]{./dog-pubkey-tilkry24.pdf}} + \begin{frame} \begin{definition}[\Acl{DLP}, \acs{DLP}] \begin{itemize} @@ -65,6 +77,8 @@ \subsection{Key-exchange schemes} \end{definition} \end{frame} +\mode{\includepdf[pages=59]{./dog-pubkey-tilkry24.pdf}} + \begin{frame} \begin{definition}[\Acl{DHP}, \acs{DHP}\footfullcite{DiffieHellman}] \begin{description} @@ -104,11 +118,7 @@ \subsection{Key-exchange schemes} \begin{itemize} \item \citeauthor{DiffieHellman}\footfullcite{DiffieHellman} used \ac{DHP} to create a key-exchange protocol. - - \pause{} - - \item Take some time to figure out how we can use these problems to - achieve what we want. + Take some time to think about how. \end{itemize} \end{exercise} @@ -118,6 +128,13 @@ \subsection{Key-exchange schemes} \item Then they can use the key to encrypt their communications. \end{itemize} \end{block} + + \begin{definition}[\Acl{DHP}, \acs{DHP}] + \begin{description} + \item[Given] \(g, g^x, g^y\in \ZZ_p^*\) + \item[Find] \(g^{xy}\) + \end{description} + \end{definition} \end{frame} \begin{frame} @@ -161,7 +178,7 @@ \subsection{Key-exchange schemes} \begin{itemize} \item This is not secure as it is. \item \(g^x, g^y\) are \emph{not authenticated}! - \item Alice can tell the difference between Bob and Eve! + \item Alice can't tell the difference between Bob and Eve! \end{itemize} \end{remark} \end{frame} @@ -173,7 +190,7 @@ \subsection{Encryption and decryption} \begin{itemize} \item Fine, we can use \(g^{xy}\) as a key in a cipher. \begin{itemize} - \item \(\Enc[g^{xy}]{m}\), where \(\Enc\) is a symmetric cipher. + \item \(\Enc[g^{xy}][m]\), where \(\Enc\) is a symmetric cipher. \end{itemize} \item But shouldn't we be able to include a message directly? \end{itemize} @@ -200,6 +217,67 @@ \subsection{Encryption and decryption} \end{definition} \end{frame} +\begin{frame} + \begin{definition}[Chosen Plaintext Attack (CPA)] + A \emph{chosen plaintext attack} is a scenario in which an adversary + can choose arbitrary plaintexts to be encrypted and then obtain the + corresponding ciphertexts. + \end{definition} + + \pause{} + + \begin{example} + \begin{itemize} + \item Difficult for symmetric ciphers. + \item Easy for public-key ciphers, just encrypt with the public key. + \end{itemize} + \end{example} +\end{frame} + +\begin{frame} + \begin{example}[CPA attack] + \begin{itemize} + \item Alice encrypts \(m\) with Bob's public key, gets \(c\). + \item Alice sends \(c\) to Bob. + \item Eve guesses \(m'\) might be the message. + \item Eve encrypts \(m'\) with Bob's public key, gets \(c'\). + \item If \(c = c'\), then \(m = m'\). + \end{itemize} + \end{example} + + \pause + + \begin{definition}[Semantic Security] + An encryption scheme is \emph{semantically secure} if an adversary + cannot derive any meaningful information about the plaintext from the ciphertext. + \end{definition} +\end{frame} + +\begin{frame} + \begin{definition}[ElGamal Encryption Scheme\footfullcite{ElGamal}] + \footnotesize + Set-up: + \begin{itemize} + \item Let \(g\in \ZZ_p^*\), randomly choose \(0 < x < |\ZZ_p^*|\). + \item Alice publishes \(\ZZ_p^*, g, g^x\) to everyone. + \end{itemize} + Encryption and decryption: + \begin{itemize} + \item Bob chooses random \(0 < y < |\ZZ_p^*|\) and computes \(g^y\). + \item Bob's message \(m\in \ZZ_p^*\). + \item He sends \((g^y, m(g^{x})^y)\) to Alice. + \item Alice computes \((g^y)^{-x}\) and \(m(g^x)^y (g^{y})^{-x} = m\). + \end{itemize} + \end{definition} + + \begin{remark}[Semantic Security of ElGamal] + \begin{itemize} + \item The ElGamal encryption scheme offers semantic security under the + assumption that the \ac{DDH} problem is hard. + \end{itemize} + \end{remark} +\end{frame} + \subsection{Digital signatures} \begin{frame} @@ -217,15 +295,31 @@ \subsection{Digital signatures} \end{itemize} \end{itemize} \end{idea} +\end{frame} - \pause{} - +\begin{frame} \begin{exercise} \begin{itemize} \item Look at the ElGamal encryption scheme for a bit. \item Try to find a way to \enquote{run it backwards}. \end{itemize} \end{exercise} + + \begin{definition}[ElGamal Encryption Scheme\footfullcite{ElGamal}] + \footnotesize + Set-up: + \begin{itemize} + \item Let \(g\in \ZZ_p^*\), randomly choose \(0 < x < |\ZZ_p^*|\). + \item Alice publishes \(\ZZ_p^*, g, g^x\) to everyone. + \end{itemize} + Encryption and decryption: + \begin{itemize} + \item Bob chooses random \(0 < y < |\ZZ_p^*|\) and computes \(g^y\). + \item Bob's message \(m\in \ZZ_p^*\). + \item He sends \((g^y, m(g^{x})^y)\) to Alice. + \item Alice computes \((g^y)^{-x}\) and \(m(g^x)^y (g^{y})^{-x} = m\). + \end{itemize} + \end{definition} \end{frame} \begin{frame} @@ -233,7 +327,8 @@ \subsection{Digital signatures} \begin{definition}[ElGamal Signature Scheme\footfullcite{ElGamal}] Set-up: \begin{itemize} - \item Let \(g\in \ZZ_p^*\) and \framebox{\(h\) be a one-way function}. + \item Let \(g\in \ZZ_p^*\) and \framebox{\(h\) be a collision-reistant + hash function}. \item Alice publishes \(\ZZ_p^*, g, g^x\) to everyone. \end{itemize} Signing \(m\in \ZZ_p^*\): @@ -313,6 +408,22 @@ \subsection{Homomorphic properties} The encryption (decryption) function of the ElGamal cryptosystem is a homomorphism, what structure does it preserve? \end{exercise} + + \begin{definition}[ElGamal Encryption Scheme\footfullcite{ElGamal}] + \footnotesize + Set-up: + \begin{itemize} + \item Let \(g\in \ZZ_p^*\), randomly choose \(0 < x < |\ZZ_p^*|\). + \item Alice publishes \(\ZZ_p^*, g, g^x\) to everyone. + \end{itemize} + Encryption and decryption: + \begin{itemize} + \item Bob chooses random \(0 < y < |\ZZ_p^*|\) and computes \(g^y\). + \item Bob's message \(m\in \ZZ_p^*\). + \item He sends \((g^y, m(g^{x})^y)\) to Alice. + \item Alice computes \((g^y)^{-x}\) and \(m(g^x)^y (g^{y})^{-x} = m\). + \end{itemize} + \end{definition} \end{frame} \begin{frame} @@ -325,7 +436,7 @@ \subsection{Homomorphic properties} \pause{} - \item Create ciphertext + \item Create ciphertext (multiplying) \begin{align*} (g^y g^{y^\prime}, m\cdot g^{xy}\cdot m^\prime\cdot g^{x y^\prime}) &= (g^{y + y^\prime}, m\cdot m^\prime\cdot g^{xy + xy^\prime}) \\ @@ -344,7 +455,7 @@ \subsection{Homomorphic properties} \end{frame} \begin{frame} - \begin{remark} + \begin{remark}[Digital signatures] \begin{itemize} \item We use a hash function in the signature scheme to counter the homomorphic property. @@ -357,6 +468,36 @@ \subsection{Homomorphic properties} a new message \emph{without knowing the signature key!} \end{itemize} \end{remark} + + \pause + + \begin{exercise}[Public-key encryption] + \begin{itemize} + \item How to deal with encryption and decryption? + \end{itemize} + \end{exercise} +\end{frame} + +\begin{frame}[fragile] + \begin{solution} + \begin{itemize} + \item Padding! + \item See e.g.~OAEP+. + \item And see the Public Key Cryptography Standards (PKCS). + \end{itemize} + \end{solution} + + \begin{example}[OAEP+] + \begin{itemize} + \item Standardized in PKCS\#1 v2 and RFC 2437. + \end{itemize} + \end{example} + + \begin{example}[\Ac{DH} key-agreement] + \begin{itemize} + \item Standardized in PKCS\#3, v1.4. + \end{itemize} + \end{example} \end{frame} \begin{frame} @@ -364,12 +505,16 @@ \subsection{Homomorphic properties} \begin{itemize} \item There are many schemes with different homomorphic properties. \item There is even \emph{fully homomorphic - encryption}~\cite{GentryFullyHomomorphicEncryption}. + encryption}~\footfullcite{GentryFullyHomomorphicEncryption}. \end{itemize} \end{remark} \end{frame} +\section{Public-key infrasturctures, PKIs} + +\mode{\includepdf[pages=96-99]{./dog-pubkey-tilkry24.pdf}} + %%%%%%%%%%%%%%%%%%%%%% \begin{frame}[allowframebreaks] diff --git a/pub-key/dog-pubkey-tilkry24.pdf b/pub-key/dog-pubkey-tilkry24.pdf new file mode 100644 index 0000000..166bd08 Binary files /dev/null and b/pub-key/dog-pubkey-tilkry24.pdf differ diff --git a/pub-key/preamble.tex b/pub-key/preamble.tex index 0fd4583..5762118 100644 --- a/pub-key/preamble.tex +++ b/pub-key/preamble.tex @@ -11,6 +11,7 @@ \usepackage[strict]{csquotes} \usepackage{cleveref} \usepackage{amssymb,amsmath,amsthm} +\usepackage{pdfpages} \setbeamertemplate{bibliography item}[text] \usepackage[natbib,sorting=none,maxbibnames=99]{biblatex} diff --git a/pub-key/pub-key-slides.tex b/pub-key/pub-key-slides.tex index e86acac..4874f90 100644 --- a/pub-key/pub-key-slides.tex +++ b/pub-key/pub-key-slides.tex @@ -38,11 +38,12 @@ Daniel Bosk } \institute[KTH/MIUN]{% - School of Computer Science and Communication,\\ - KTH Royal Institute of Technology, Stockholm - \and - Department of Information and Communication Systems,\\ - Mid Sweden University, Sundsvall + School of Electrical Engineering and Computer Science,\\ + KTH Royal Institute of Technology, Stockholm\footnote{% + Part of the work done while at the + Department of Information and Communication Systems, + Mid Sweden University, Sundsvall. + } } \date{\today} @@ -52,6 +53,8 @@ \maketitle \end{frame} +\mode{\includepdf[pages=40]{./dog-pubkey-tilkry24.pdf}} + \begin{abstract} \input{abstract.tex} \end{abstract}