aboutsummaryrefslogtreecommitdiff
path: root/slides/2018-ct-intro/src
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus@rgdd.se>2024-10-15 15:35:20 +0200
committerRasmus Dahlberg <rasmus@rgdd.se>2024-10-15 15:35:45 +0200
commit76bae02bcd7d6b3ec9eea428e5e95da184a8dbfb (patch)
tree410ab71c78c99d35aecd46733958a5699cdf5204 /slides/2018-ct-intro/src
parent883a67439aff566962adafeb0385c6ae972073a3 (diff)
Rescue some slides from old private mono repos
Diffstat (limited to 'slides/2018-ct-intro/src')
-rw-r--r--slides/2018-ct-intro/src/background.tex55
-rw-r--r--slides/2018-ct-intro/src/body.tex7
-rw-r--r--slides/2018-ct-intro/src/ct.tex77
-rw-r--r--slides/2018-ct-intro/src/outline.tex16
-rw-r--r--slides/2018-ct-intro/src/preamble.tex62
-rw-r--r--slides/2018-ct-intro/src/questions.tex17
-rw-r--r--slides/2018-ct-intro/src/take-away.tex24
-rw-r--r--slides/2018-ct-intro/src/titlepage.tex3
-rw-r--r--slides/2018-ct-intro/src/your-role.tex54
9 files changed, 315 insertions, 0 deletions
diff --git a/slides/2018-ct-intro/src/background.tex b/slides/2018-ct-intro/src/background.tex
new file mode 100644
index 0000000..a61d205
--- /dev/null
+++ b/slides/2018-ct-intro/src/background.tex
@@ -0,0 +1,55 @@
+\begin{frame}
+ \frametitle{How is trust established on the web?}
+ \centering
+ \includegraphics<1>[height=0.85\textheight]{img/chrome-http}
+ \includegraphics<2>[height=0.85\textheight]{img/chrome-https}
+\end{frame}
+
+\begin{frame}
+ \frametitle{What is the meaning of the padlock?}
+ \begin{columns}
+ \begin{column}{0.69\textwidth}
+ \begin{description}
+ \item[\tyes] Communication is encrypted
+ \item[\tyes] Communication is not tampered with
+ \item[\tyes] Server identity is verified
+ \end{description}
+ \end{column}
+ \begin{column}{0.29\textwidth}
+ \centering
+ \includegraphics[width=0.9\textwidth]{img/padlock}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Server verification relies on certificate issuance}
+ \centering
+ \includegraphics[height=0.85\textheight]{img/chrome-cert}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Tracking certificate issuance is a mess}
+ \centering
+ \includegraphics[height=0.8\textheight,width=0.7\textwidth]{img/ca-mess}
+ \scriptsize{\url{https://www.eff.org/files/colour_map_of_cas.pdf}}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Certificate issuance gone wrong...}
+ \centering
+ \begin{tabular}{cc|l}
+ Year & Issuer & Mis-issued certificates affected e.g. \\
+ \toprule
+ 2010 & Versign & Unkown \\
+ 2011 & Comodo & Google, Mozilla, Yahoo \\
+ 2011 & DigiNotar & Google\footnote{These certificates were used to attack $\approx100,000$ gmail users in Iran}, Skype, Tor... \\
+ 2012 & Trustwave & Enterprise employees \\
+ 2012 & T\"{u}rkTrust & Google \\
+ 2013 & ANSSI & Google \\
+ 2013 & Thawte & Google \\
+ 2016 & Let's Encrypt & Facebook \\
+ ... & ... & ... \\
+ \end{tabular}
+\end{frame}
+
diff --git a/slides/2018-ct-intro/src/body.tex b/slides/2018-ct-intro/src/body.tex
new file mode 100644
index 0000000..f3f6842
--- /dev/null
+++ b/slides/2018-ct-intro/src/body.tex
@@ -0,0 +1,7 @@
+\input{src/titlepage}
+\input{src/outline}
+\input{src/background}
+\input{src/ct}
+\input{src/your-role}
+\input{src/take-away}
+\input{src/questions}
diff --git a/slides/2018-ct-intro/src/ct.tex b/slides/2018-ct-intro/src/ct.tex
new file mode 100644
index 0000000..88496a3
--- /dev/null
+++ b/slides/2018-ct-intro/src/ct.tex
@@ -0,0 +1,77 @@
+\begin{frame}
+ \frametitle{Certificate Transparency (CT) to the resque}
+ \centering
+ \begin{columns}
+ \begin{column}{0.55\textwidth}
+ \begin{itemize}
+ \item Publicly log all certificates
+ \item Clients require proof of logging
+ \item Anyone can inspect the logs
+ \item Goal is to \alert{detect} mis-issuance
+ \end{itemize}
+ \end{column}
+ \begin{column}{0.49\textwidth}
+ \includegraphics[width=\textwidth]{img/ct}
+ \end{column}
+ \end{columns}
+ \vfill
+ \scriptsize{\url{https://www.certificate-transparency.org/what-is-ct}}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Adoption status of CT among common platforms}
+ \begin{columns}
+ \begin{column}{0.33\textwidth}
+ \centering
+ \includegraphics[width=0.75\textwidth]{img/chrome-logo}
+ \\incrementally
+ \end{column}
+ \begin{column}{0.33\textwidth}
+ \centering
+ \includegraphics[width=0.75\textwidth]{img/apple-logo}
+ \\incrementally soon
+ \end{column}
+ \begin{column}{0.33\textwidth}
+ \centering
+ \includegraphics[width=0.75\textwidth]{img/firefox-logo}
+ \\unclear
+ \end{column}
+ \end{columns}
+
+ \vfill
+ \begin{itemize}
+ \item Clients require at least two promises of log inclusion
+ \item Log is trusted until auditing hits deployment
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Who are the log operators?}
+ \centering
+ \begin{columns}
+ \begin{column}{0.59\textwidth}
+ \begin{itemize}
+ \item Google Chrome includes 27 different CT logs
+ \item Three logs found cheating while auditing (mistakes)
+ \begin{itemize}
+ \item Same key for test and production log (Izenpe)
+ \item Time rollback after power outage (Venafi)
+ \item Invalid promises of log inclusion (Cloudflare)
+ \end{itemize}
+ \end{itemize}
+ \end{column}
+ \begin{column}{0.39\textwidth}
+ \begin{tabular}{c|c}
+ Log operator & Number of logs \\
+ \toprule
+ DigiCert & 10 \\
+ Google & 9 \\
+ Cloudflare & 4 \\
+ Comodo & 2 \\
+ CNNIC & 1 \\
+ Venafi & 1 \\
+ \bottomrule
+ \end{tabular}
+ \end{column}
+ \end{columns}
+\end{frame}
diff --git a/slides/2018-ct-intro/src/outline.tex b/slides/2018-ct-intro/src/outline.tex
new file mode 100644
index 0000000..6e47792
--- /dev/null
+++ b/slides/2018-ct-intro/src/outline.tex
@@ -0,0 +1,16 @@
+\begin{frame}
+ \frametitle{Outline}
+ \begin{columns}
+ \begin{column}{0.49\textwidth}
+ \begin{enumerate}
+ \item Background
+ \item Principles
+ \item Status quo
+ \item Your role
+ \end{enumerate}
+ \end{column}
+ \begin{column}{0.49\textwidth}
+ \includegraphics[width=0.5\textwidth]{img/roadmap}
+ \end{column}
+ \end{columns}
+\end{frame}
diff --git a/slides/2018-ct-intro/src/preamble.tex b/slides/2018-ct-intro/src/preamble.tex
new file mode 100644
index 0000000..6905b0f
--- /dev/null
+++ b/slides/2018-ct-intro/src/preamble.tex
@@ -0,0 +1,62 @@
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+% Packages %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\usepackage[
+ lambda, advantage, operators, sets, adversary, landau, probability, notions,
+ logic, ff, mm, primitives, events, complexity, asymptotics, keys
+]{cryptocode}
+
+\usepackage{graphicx}
+\usepackage{mathtools}
+\usepackage{amsmath}
+\usepackage{amssymb}
+\usepackage{flowchart}
+\usepackage{pifont}
+\usepackage{graphicx}
+\usepackage{color}
+\usepackage{tikz}
+\usepackage{tikz-qtree}
+\usetikzlibrary{
+ shapes.misc,%
+ positioning,%
+ arrows,%
+ snakes,%
+ calc,%
+ shadows,%
+ shapes.arrows,%
+ fit,%
+ backgrounds,%
+}
+\usepackage{booktabs}
+\usepackage{smartdiagram}
+%\usepackage[position=bottom]{subfig} % environment for nested figures
+
+\usepackage{xcolor}
+\definecolor{darkGreen}{HTML}{008000}
+\definecolor{darkBlue}{HTML}{2809B2}
+\definecolor{darkRed}{HTML}{CC0000}
+\definecolor{darkGray}{HTML}{808080}
+\definecolor{darkOrange}{HTML}{D77D00}
+\definecolor{darkPurple}{HTML}{800080}
+\colorlet{lightGray}{gray!33}
+\colorlet{lightYellow}{yellow!50}
+\definecolor{darkGreen}{HTML}{008000}
+\definecolor{darkBlue}{HTML}{2809B2}
+\definecolor{darkRed}{HTML}{CC0000}
+
+% Figures, tables and code
+\usepackage{booktabs}
+\usepackage{colortbl}
+\usepackage{flowchart}
+\usepackage{adjustbox}
+\usepackage{listings}
+
+%\setbeamertemplate{itemize item}[circle]
+%\setbeamertemplate{itemize subitem}[default]
+%\setbeamertemplate{caption}[numbered]
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+% Defines %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\newcommand{\tyes}{\textcolor{darkGreen}{\ding{51}}}
+\newcommand{\tno}{\textcolor{darkRed}{\ding{55}}}
diff --git a/slides/2018-ct-intro/src/questions.tex b/slides/2018-ct-intro/src/questions.tex
new file mode 100644
index 0000000..85cb2f3
--- /dev/null
+++ b/slides/2018-ct-intro/src/questions.tex
@@ -0,0 +1,17 @@
+\begin{frame}
+ \frametitle{Any questions?} \label{frm:que}
+ \begin{columns}
+ \begin{column}{0.49\textwidth}
+ \centering
+ \includegraphics[width=0.75\textwidth]{img/qleft}
+ \end{column}
+ \begin{column}{0.49\textwidth}
+ \centering
+ \includegraphics[width=0.75\textwidth]{img/qright}
+ \end{column}
+ \end{columns}
+
+ \centering
+ \vspace{-1cm}
+ \includegraphics[width=0.20\textwidth]{img/ty}
+\end{frame}
diff --git a/slides/2018-ct-intro/src/take-away.tex b/slides/2018-ct-intro/src/take-away.tex
new file mode 100644
index 0000000..448e1aa
--- /dev/null
+++ b/slides/2018-ct-intro/src/take-away.tex
@@ -0,0 +1,24 @@
+\begin{frame}
+ \frametitle{Take away}
+ \begin{columns}
+ \begin{column}{0.69\textwidth}
+ \begin{itemize}
+ \item Certificate issuance has undergone a paradigm shift
+ \begin{itemize}
+ \item Automated and free certificates: Let's Encrypt
+ \item Transparency: CT, mandatory logging of certificates
+ \end{itemize}
+ \item CT does nothing for you without involvement
+ \begin{itemize}
+ \item Setup secure connections on your web services
+ \item Monitor domain names for mis-issued certificates
+ \end{itemize}
+ \end{itemize}
+ \end{column}
+ \begin{column}{0.29\textwidth}
+ \centering
+ \includegraphics[width=0.75\textwidth]{img/take-away}
+ \end{column}
+ \end{columns}
+
+\end{frame}
diff --git a/slides/2018-ct-intro/src/titlepage.tex b/slides/2018-ct-intro/src/titlepage.tex
new file mode 100644
index 0000000..9b18039
--- /dev/null
+++ b/slides/2018-ct-intro/src/titlepage.tex
@@ -0,0 +1,3 @@
+\begin{frame}
+ \titlepage
+\end{frame}
diff --git a/slides/2018-ct-intro/src/your-role.tex b/slides/2018-ct-intro/src/your-role.tex
new file mode 100644
index 0000000..8ce8a65
--- /dev/null
+++ b/slides/2018-ct-intro/src/your-role.tex
@@ -0,0 +1,54 @@
+\begin{frame}
+ \frametitle{Ensure that your web solutions get the padlock}
+ \centering
+ \includegraphics[width=\textwidth]{img/le}
+
+ \vfill
+ \begin{itemize}
+ \item There is a dedicated CT log for Let's Encrypt!
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Inspect certificates interactively}
+ \centering
+ \includegraphics[width=\textwidth]{img/monitor-comodo}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Inspect certificates interactively (cont.)}
+ \centering
+ \includegraphics[height=0.85\textheight]{img/monitor-facebook2}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Sign up for certificate notifications}
+ \centering
+ \includegraphics[width=\textwidth]{img/monitor-facebook}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Sign up for certificate notifications (cont.)}
+ \centering
+ \includegraphics[width=\textwidth]{img/monitor-sslmate}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Get your hands dirty by running your own CT monitor}
+ \begin{itemize}
+ \item Continiously fetch certificates from all logs
+ \begin{itemize}
+ \item Rest API\footnote{
+ \scriptsize{\url{https://tools.ietf.org/html/rfc6962}}
+ }
+ \item Certstream\footnote{%
+ \scriptsize{\url{https://github.com/CaliDog/certstream-server}}
+ }
+ \end{itemize}
+ \item Verify cryptographic properties
+ \begin{itemize}
+ \item Is yesterday's log included in today's log?
+ \item Are promises of inclusion honored?
+ \end{itemize}
+ \end{itemize}
+\end{frame}