diff options
| author | Rasmus Dahlberg <rasmus@rgdd.se> | 2024-10-15 15:35:20 +0200 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2024-10-15 15:35:45 +0200 |
| commit | 76bae02bcd7d6b3ec9eea428e5e95da184a8dbfb (patch) | |
| tree | 410ab71c78c99d35aecd46733958a5699cdf5204 /slides/2018-lwm/src | |
| parent | 883a67439aff566962adafeb0385c6ae972073a3 (diff) | |
Rescue some slides from old private mono repos
Diffstat (limited to 'slides/2018-lwm/src')
| -rw-r--r-- | slides/2018-lwm/src/body.tex | 268 | ||||
| -rw-r--r-- | slides/2018-lwm/src/preamble.tex | 99 | ||||
| -rw-r--r-- | slides/2018-lwm/src/questions.tex | 17 | ||||
| -rw-r--r-- | slides/2018-lwm/src/titlepage.tex | 3 |
4 files changed, 387 insertions, 0 deletions
diff --git a/slides/2018-lwm/src/body.tex b/slides/2018-lwm/src/body.tex new file mode 100644 index 0000000..67f3c5e --- /dev/null +++ b/slides/2018-lwm/src/body.tex @@ -0,0 +1,268 @@ +\begin{frame} + \frametitle{Certificate Transparency (CT)} + \begin{columns} + \begin{column}{0.49\textwidth} + \begin{itemize} + \item Add transparency to CA ecosystem + \item Publicly log all certificates + \item No need\footnotemark{} to trust the log + \begin{itemize} + \item Membership proofs + \item Append-only proofs + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.49\textwidth} + \centering + \includegraphics[width=\textwidth]{img/ct} + \burl{http://www.certificate-transparency.org/what-is-ct} + \end{column} + \end{columns} + \footnotetext{As deployed right now we do trust the logs tho \Frowny} +\end{frame} + +\begin{frame} + \frametitle{Certificate logging in greater detail + \titlefloatright{Merkle tree}} + \centering + \vfill + \input{img/mt} + \pause + \vfill + \begin{columns} + \begin{column}{0.49\textwidth} + \begin{itemize} + \item Append new certificates in batches + \end{itemize} + \end{column} + \begin{column}{0.49\textwidth} + \begin{itemize} + \item Sign tree head every hour \ding{224} STH + \end{itemize} + \end{column} + \end{columns} + \vfill + %\vfill\centering\alert{Anyone can audit and monitor the log, but as deployed + % not much of this yet} +\end{frame} + +\begin{frame} + \frametitle{Generating a membership proof + \titlefloatright{Audit path}} + \centering + \vfill + \input{img/mtp} + \vfill + \begin{columns} + \begin{column}{0.49\textwidth} + \begin{itemize} + \item Traverse tree from root to leaf + \end{itemize} + \end{column} + \begin{column}{0.49\textwidth} + \begin{itemize} + \item Grab all sibling hashes on the way + \end{itemize} + \end{column} + \end{columns} + \vfill +\end{frame} + +\begin{frame} + \frametitle{Two approaches towards monitoring a CT log} + \begin{columns} + \begin{column}{0.49\textwidth} + \centering + \vbox to 0.8\textheight { + \textbf{Self-monitoring} + \vfill + \input{img/self-monitor} + \vfill + \pause + \begin{description} + \item[\Frowny] Continuous uptime + \item[\Frowny] Download everything + \end{description} + \pause + } + \end{column} + \begin{column}{0.49\textwidth} + \centering + \vbox to 0.8\textheight { + \textbf{Monitoring-as-a-service} + \vfill + \input{img/tp-monitor} + \pause + \vfill + \begin{description} + \item[\Smiley] Ezpz + \item[\Frowny] Trusted 3rd party + \end{description} + } + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Notion of what we would like to achieve + \titlefloatright{`Wish list'}} + \begin{columns} + \begin{column}{0.59\textwidth} + \begin{itemize} + \item CT/bis backwards compatibility + \item Piggy-back on gossip-audit model + \item Self-monitor wildcards w/o full download + \item Reduced 3rd party monitoring trust + \end{itemize} + \end{column} + \begin{column}{0.39\textwidth} + \centering + \includegraphics[height=0.8\textheight]{img/wish} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{An overview of light-weight monitoring} + \centering + \input{img/overview} + \vfill + \begin{columns} + \begin{column}{0.49\textwidth} + \begin{itemize} + \item A new Merkle tree for each batch + \end{itemize} + \end{column} + \begin{column}{0.49\textwidth} + \begin{itemize} + \item Add snapshot to STH as extension + \end{itemize} + \end{column} + \end{columns} + \vfill\centering\alert{One wildcard (non-)membership notification per STH}\\ + \pause + \alert{How do you know if you got all notifications \ding{224} index + extension} +\end{frame} + +\begin{frame} + \frametitle{Wildcard notifications} + \centering + \input{img/wildcard} + \begin{columns} + \begin{column}{0.39\textwidth} + \begin{itemize} + \item Merkleize reverse-sorted list + \end{itemize} + \end{column} + \begin{column}{0.59\textwidth} + \begin{itemize} + \item Wildcard proof \ding{224} at most two audit paths + \end{itemize} + \end{column} + \end{columns} + \pause + \vfill\centering\alert{Security of this data structure? It is still just a + Merkle tree...} +\end{frame} + +\begin{frame} + \frametitle{Performance evaluation \titlefloatright{Experimental setup}} + \begin{columns} + \begin{column}{0.49\textwidth} + \vbox to .6\textheight{ + \begin{itemize} + \item PoC: 351 lines of Go\footnotemark + \item Interesting metrics + \begin{itemize} + \item Snapshot creation time + \item Proof generation time + \item Proof verification time + \item Bandwidth overhead + \end{itemize} + \item Two log characteristics that matter + \begin{itemize} + \item STH frequency + \item Batch size + \end{itemize} + \end{itemize} + \vfill\centering\alert{We observed all Chrome-included logs for eight + months to determine these characteristics} + } + \end{column} + \begin{column}{0.49\textwidth} + \vbox to 0.8\textheight{ + \centering + \vfill + \textbf{Google's Icarus Log}\\ + \vfill + \includegraphics[width=\textwidth]{img/frequency}\\ + \vfill + \includegraphics[width=\textwidth]{img/batch} + \vfill + } + \end{column} + \end{columns} + \footnotetext{\burl{https://github.com/rgdd/lwm}} +\end{frame} + +\begin{frame} + \frametitle{Snapshot creation time} + \centering + \includegraphics[height=0.6\textheight]{img/snapshot} + \vfill\centering\alert{Negligible in comparison to STH issuance rate (1h)} +\end{frame} + +\begin{frame} + \frametitle{Proof generation time} + \centering + \includegraphics[height=0.6\textheight]{img/proofgen} + \vfill\centering\alert{At least 288M non-membership proofs per hour on a + single core} +\end{frame} + +\begin{frame} + \frametitle{Proof generation and verification for *.com} + \centering + \includegraphics[height=0.6\textheight]{img/proofcom} + \vfill\centering\alert{352k matches in max batch \ding{224} 29k proofs per + hour on a single core} +\end{frame} + +\begin{frame} + \frametitle{Bandwidth overhead} + \begin{columns} + \begin{column}{0.69\textwidth} + \begin{description} + \item[Audit paths] max batch size \ding{224} 1 KB + \item[Self-monitor] compare to median batch size of 32.6 MB + \item[Notifier] 288M audit paths per hour \ding{224} 640 Mbps + \end{description} + \end{column} + \begin{column}{0.39\textwidth} + \centering\includegraphics[width=\textwidth]{img/perf} + \burl{http://blog.coviam.com/wp-content/uploads/2016/07/Performance-Evaluation-Process-z.jpg} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \frametitle{Take away} + \begin{columns} + \begin{column}{0.79\textwidth} + \begin{itemize} + \item Unfortunate if CT monitoring relies on trusted parties + \item Light-weight monitoring + \begin{itemize} + \item One verifiable wildcard notification per batch + \item Untrusted notification component with push/pull model + \item Untrusted log \ding{224} rely on one honest monitor + \item Trusted log \ding{224} no need to also trust monitor + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.19\textwidth} + \centering\includegraphics[width=\textwidth]{img/takeaway} + \end{column} + \end{columns} +\end{frame} diff --git a/slides/2018-lwm/src/preamble.tex b/slides/2018-lwm/src/preamble.tex new file mode 100644 index 0000000..abefa6d --- /dev/null +++ b/slides/2018-lwm/src/preamble.tex @@ -0,0 +1,99 @@ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Packages % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\usepackage[ + lambda, advantage, operators, sets, adversary, landau, probability, notions, + logic, ff, mm, primitives, events, complexity, asymptotics, keys +]{cryptocode} + +\usepackage{marvosym} +\usepackage{rotate} +\usepackage{graphicx} +\usepackage{mathtools} +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{flowchart} +\usepackage{smartdiagram} +\usepackage{pifont} +\usepackage{graphicx} +\usepackage{color} +\usepackage{drawstack} +\usepackage{tikz} +\usepackage{tikz-qtree} +\usetikzlibrary{ + arrows,% + decorations.markings,% + backgrounds,% + calc,% + fit,% + positioning,% + shapes.misc,% + shadows,% + shapes.arrows,% + shapes,% + snakes,% +} +\usepackage{booktabs} +\usepackage{smartdiagram} +\usepackage{floatrow} +%\usepackage[position=bottom]{subfig} % environment for nested figures + +\usepackage{xcolor} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} +\definecolor{darkGray}{HTML}{808080} +\definecolor{darkOrange}{HTML}{D77D00} +\definecolor{darkPurple}{HTML}{800080} +\colorlet{lightGray}{gray!33} +\colorlet{lightYellow}{yellow!50} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} + +% Figures, tables and code +\usepackage{booktabs} +\usepackage{colortbl} +\usepackage{flowchart} +\usepackage{adjustbox} +\usepackage{listings} + +\lstdefinestyle{CStyle}{ + backgroundcolor=\color{lightGray!25}, + commentstyle=\color{darkGreen}, + keywordstyle=\color{darkBlue}, + numberstyle=\tiny\color{darkRed}, + stringstyle=\color{darkPurple}, + basicstyle=\footnotesize, + breakatwhitespace=false, + breaklines=false, + captionpos=b, + keepspaces=true, + numbers=left, + numbersep=5pt, + showspaces=false, + showstringspaces=false, + showtabs=false, + tabsize=2, + language=C, + morekeywords={size_t}, +} + +%\setbeamertemplate{itemize item}[circle] +%\setbeamertemplate{itemize subitem}[default] +%\setbeamertemplate{caption}[numbered] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Defines % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\makeatletter +\let\@@magyar@captionfix\relax %needed for \titlefloatright +\makeatother + +\newcommand{\tyes}{\textcolor{darkGreen}{\ding{51}}} +\newcommand{\tno}{\textcolor{darkRed}{\ding{55}}} +\newcommand{\burl}[1]{\tiny{\url{#1}}} +\newcommand{\TODO}[1]{\textcolor{red}{TODO}: #1} +\newcommand{\titlefloatright}[1]{\hspace{0pt plus 1 filll}#1$\;$} + +\def\rding{\rotatebox[origin=c]{-90}{\ding{224}}} diff --git a/slides/2018-lwm/src/questions.tex b/slides/2018-lwm/src/questions.tex new file mode 100644 index 0000000..85cb2f3 --- /dev/null +++ b/slides/2018-lwm/src/questions.tex @@ -0,0 +1,17 @@ +\begin{frame} + \frametitle{Any questions?} \label{frm:que} + \begin{columns} + \begin{column}{0.49\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/qleft} + \end{column} + \begin{column}{0.49\textwidth} + \centering + \includegraphics[width=0.75\textwidth]{img/qright} + \end{column} + \end{columns} + + \centering + \vspace{-1cm} + \includegraphics[width=0.20\textwidth]{img/ty} +\end{frame} diff --git a/slides/2018-lwm/src/titlepage.tex b/slides/2018-lwm/src/titlepage.tex new file mode 100644 index 0000000..9b18039 --- /dev/null +++ b/slides/2018-lwm/src/titlepage.tex @@ -0,0 +1,3 @@ +\begin{frame} + \titlepage +\end{frame} |