diff options
| author | Rasmus Dahlberg <rasmus@rgdd.se> | 2024-10-15 15:35:20 +0200 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2024-10-15 15:35:45 +0200 |
| commit | 76bae02bcd7d6b3ec9eea428e5e95da184a8dbfb (patch) | |
| tree | 410ab71c78c99d35aecd46733958a5699cdf5204 /slides/2018-ct-intro/src | |
| parent | 883a67439aff566962adafeb0385c6ae972073a3 (diff) | |
Rescue some slides from old private mono repos
Diffstat (limited to 'slides/2018-ct-intro/src')
| -rw-r--r-- | slides/2018-ct-intro/src/background.tex | 55 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/body.tex | 7 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/ct.tex | 77 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/outline.tex | 16 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/preamble.tex | 62 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/questions.tex | 17 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/take-away.tex | 24 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/titlepage.tex | 3 | ||||
| -rw-r--r-- | slides/2018-ct-intro/src/your-role.tex | 54 |
9 files changed, 315 insertions, 0 deletions
diff --git a/slides/2018-ct-intro/src/background.tex b/slides/2018-ct-intro/src/background.tex new file mode 100644 index 0000000..a61d205 --- /dev/null +++ b/slides/2018-ct-intro/src/background.tex @@ -0,0 +1,55 @@ +\begin{frame} + \frametitle{How is trust established on the web?} + \centering + \includegraphics<1>[height=0.85\textheight]{img/chrome-http} + \includegraphics<2>[height=0.85\textheight]{img/chrome-https} +\end{frame} + +\begin{frame} + \frametitle{What is the meaning of the padlock?} + \begin{columns} + \begin{column}{0.69\textwidth} + \begin{description} + \item[\tyes] Communication is encrypted + \item[\tyes] Communication is not tampered with + \item[\tyes] Server identity is verified + \end{description} + \end{column} + \begin{column}{0.29\textwidth} + \centering + \includegraphics[width=0.9\textwidth]{img/padlock} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Server verification relies on certificate issuance} + \centering + \includegraphics[height=0.85\textheight]{img/chrome-cert} +\end{frame} + +\begin{frame} + \frametitle{Tracking certificate issuance is a mess} + \centering + \includegraphics[height=0.8\textheight,width=0.7\textwidth]{img/ca-mess} + \scriptsize{\url{https://www.eff.org/files/colour_map_of_cas.pdf}} +\end{frame} + +\begin{frame} + \frametitle{Certificate issuance gone wrong...} + \centering + \begin{tabular}{cc|l} + Year & Issuer & Mis-issued certificates affected e.g. \\ + \toprule + 2010 & Versign & Unkown \\ + 2011 & Comodo & Google, Mozilla, Yahoo \\ + 2011 & DigiNotar & Google\footnote{These certificates were used to attack $\approx100,000$ gmail users in Iran}, Skype, Tor... \\ + 2012 & Trustwave & Enterprise employees \\ + 2012 & T\"{u}rkTrust & Google \\ + 2013 & ANSSI & Google \\ + 2013 & Thawte & Google \\ + 2016 & Let's Encrypt & Facebook \\ + ... & ... & ... \\ + \end{tabular} +\end{frame} + diff --git a/slides/2018-ct-intro/src/body.tex b/slides/2018-ct-intro/src/body.tex new file mode 100644 index 0000000..f3f6842 --- /dev/null +++ b/slides/2018-ct-intro/src/body.tex @@ -0,0 +1,7 @@ +\input{src/titlepage} +\input{src/outline} +\input{src/background} +\input{src/ct} +\input{src/your-role} +\input{src/take-away} +\input{src/questions} diff --git a/slides/2018-ct-intro/src/ct.tex b/slides/2018-ct-intro/src/ct.tex new file mode 100644 index 0000000..88496a3 --- /dev/null +++ b/slides/2018-ct-intro/src/ct.tex @@ -0,0 +1,77 @@ +\begin{frame} + \frametitle{Certificate Transparency (CT) to the resque} + \centering + \begin{columns} + \begin{column}{0.55\textwidth} + \begin{itemize} + \item Publicly log all certificates + \item Clients require proof of logging + \item Anyone can inspect the logs + \item Goal is to \alert{detect} mis-issuance + \end{itemize} + \end{column} + \begin{column}{0.49\textwidth} + \includegraphics[width=\textwidth]{img/ct} + \end{column} + \end{columns} + \vfill + \scriptsize{\url{https://www.certificate-transparency.org/what-is-ct}} +\end{frame} + +\begin{frame} + \frametitle{Adoption status of CT among common platforms} + \begin{columns} + \begin{column}{0.33\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/chrome-logo} + \\incrementally + \end{column} + \begin{column}{0.33\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/apple-logo} + \\incrementally soon + \end{column} + \begin{column}{0.33\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/firefox-logo} + \\unclear + \end{column} + \end{columns} + + \vfill + \begin{itemize} + \item Clients require at least two promises of log inclusion + \item Log is trusted until auditing hits deployment + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Who are the log operators?} + \centering + \begin{columns} + \begin{column}{0.59\textwidth} + \begin{itemize} + \item Google Chrome includes 27 different CT logs + \item Three logs found cheating while auditing (mistakes) + \begin{itemize} + \item Same key for test and production log (Izenpe) + \item Time rollback after power outage (Venafi) + \item Invalid promises of log inclusion (Cloudflare) + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.39\textwidth} + \begin{tabular}{c|c} + Log operator & Number of logs \\ + \toprule + DigiCert & 10 \\ + Google & 9 \\ + Cloudflare & 4 \\ + Comodo & 2 \\ + CNNIC & 1 \\ + Venafi & 1 \\ + \bottomrule + \end{tabular} + \end{column} + \end{columns} +\end{frame} diff --git a/slides/2018-ct-intro/src/outline.tex b/slides/2018-ct-intro/src/outline.tex new file mode 100644 index 0000000..6e47792 --- /dev/null +++ b/slides/2018-ct-intro/src/outline.tex @@ -0,0 +1,16 @@ +\begin{frame} + \frametitle{Outline} + \begin{columns} + \begin{column}{0.49\textwidth} + \begin{enumerate} + \item Background + \item Principles + \item Status quo + \item Your role + \end{enumerate} + \end{column} + \begin{column}{0.49\textwidth} + \includegraphics[width=0.5\textwidth]{img/roadmap} + \end{column} + \end{columns} +\end{frame} diff --git a/slides/2018-ct-intro/src/preamble.tex b/slides/2018-ct-intro/src/preamble.tex new file mode 100644 index 0000000..6905b0f --- /dev/null +++ b/slides/2018-ct-intro/src/preamble.tex @@ -0,0 +1,62 @@ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Packages % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\usepackage[ + lambda, advantage, operators, sets, adversary, landau, probability, notions, + logic, ff, mm, primitives, events, complexity, asymptotics, keys +]{cryptocode} + +\usepackage{graphicx} +\usepackage{mathtools} +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{flowchart} +\usepackage{pifont} +\usepackage{graphicx} +\usepackage{color} +\usepackage{tikz} +\usepackage{tikz-qtree} +\usetikzlibrary{ + shapes.misc,% + positioning,% + arrows,% + snakes,% + calc,% + shadows,% + shapes.arrows,% + fit,% + backgrounds,% +} +\usepackage{booktabs} +\usepackage{smartdiagram} +%\usepackage[position=bottom]{subfig} % environment for nested figures + +\usepackage{xcolor} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} +\definecolor{darkGray}{HTML}{808080} +\definecolor{darkOrange}{HTML}{D77D00} +\definecolor{darkPurple}{HTML}{800080} +\colorlet{lightGray}{gray!33} +\colorlet{lightYellow}{yellow!50} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} + +% Figures, tables and code +\usepackage{booktabs} +\usepackage{colortbl} +\usepackage{flowchart} +\usepackage{adjustbox} +\usepackage{listings} + +%\setbeamertemplate{itemize item}[circle] +%\setbeamertemplate{itemize subitem}[default] +%\setbeamertemplate{caption}[numbered] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Defines % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\newcommand{\tyes}{\textcolor{darkGreen}{\ding{51}}} +\newcommand{\tno}{\textcolor{darkRed}{\ding{55}}} diff --git a/slides/2018-ct-intro/src/questions.tex b/slides/2018-ct-intro/src/questions.tex new file mode 100644 index 0000000..85cb2f3 --- /dev/null +++ b/slides/2018-ct-intro/src/questions.tex @@ -0,0 +1,17 @@ +\begin{frame} + \frametitle{Any questions?} \label{frm:que} + \begin{columns} + \begin{column}{0.49\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/qleft} + \end{column} + \begin{column}{0.49\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/qright} + \end{column} + \end{columns} + + \centering + \vspace{-1cm} + \includegraphics[width=0.20\textwidth]{img/ty} +\end{frame} diff --git a/slides/2018-ct-intro/src/take-away.tex b/slides/2018-ct-intro/src/take-away.tex new file mode 100644 index 0000000..448e1aa --- /dev/null +++ b/slides/2018-ct-intro/src/take-away.tex @@ -0,0 +1,24 @@ +\begin{frame} + \frametitle{Take away} + \begin{columns} + \begin{column}{0.69\textwidth} + \begin{itemize} + \item Certificate issuance has undergone a paradigm shift + \begin{itemize} + \item Automated and free certificates: Let's Encrypt + \item Transparency: CT, mandatory logging of certificates + \end{itemize} + \item CT does nothing for you without involvement + \begin{itemize} + \item Setup secure connections on your web services + \item Monitor domain names for mis-issued certificates + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.29\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/take-away} + \end{column} + \end{columns} + +\end{frame} diff --git a/slides/2018-ct-intro/src/titlepage.tex b/slides/2018-ct-intro/src/titlepage.tex new file mode 100644 index 0000000..9b18039 --- /dev/null +++ b/slides/2018-ct-intro/src/titlepage.tex @@ -0,0 +1,3 @@ +\begin{frame} + \titlepage +\end{frame} diff --git a/slides/2018-ct-intro/src/your-role.tex b/slides/2018-ct-intro/src/your-role.tex new file mode 100644 index 0000000..8ce8a65 --- /dev/null +++ b/slides/2018-ct-intro/src/your-role.tex @@ -0,0 +1,54 @@ +\begin{frame} + \frametitle{Ensure that your web solutions get the padlock} + \centering + \includegraphics[width=\textwidth]{img/le} + + \vfill + \begin{itemize} + \item There is a dedicated CT log for Let's Encrypt! + \end{itemize} +\end{frame} + +\begin{frame} + \frametitle{Inspect certificates interactively} + \centering + \includegraphics[width=\textwidth]{img/monitor-comodo} +\end{frame} + +\begin{frame} + \frametitle{Inspect certificates interactively (cont.)} + \centering + \includegraphics[height=0.85\textheight]{img/monitor-facebook2} +\end{frame} + +\begin{frame} + \frametitle{Sign up for certificate notifications} + \centering + \includegraphics[width=\textwidth]{img/monitor-facebook} +\end{frame} + +\begin{frame} + \frametitle{Sign up for certificate notifications (cont.)} + \centering + \includegraphics[width=\textwidth]{img/monitor-sslmate} +\end{frame} + +\begin{frame} + \frametitle{Get your hands dirty by running your own CT monitor} + \begin{itemize} + \item Continiously fetch certificates from all logs + \begin{itemize} + \item Rest API\footnote{ + \scriptsize{\url{https://tools.ietf.org/html/rfc6962}} + } + \item Certstream\footnote{% + \scriptsize{\url{https://github.com/CaliDog/certstream-server}} + } + \end{itemize} + \item Verify cryptographic properties + \begin{itemize} + \item Is yesterday's log included in today's log? + \item Are promises of inclusion honored? + \end{itemize} + \end{itemize} +\end{frame} |