aboutsummaryrefslogtreecommitdiff
path: root/slides/2019-side-channels
diff options
context:
space:
mode:
Diffstat (limited to 'slides/2019-side-channels')
-rw-r--r--slides/2019-side-channels/README1
-rw-r--r--slides/2019-side-channels/beamercolorthemergd.sty24
-rw-r--r--slides/2019-side-channels/beamerfontthemergd.sty9
-rw-r--r--slides/2019-side-channels/beamerinnerthemergd.sty49
-rw-r--r--slides/2019-side-channels/beamerouterthemergd.sty65
-rw-r--r--slides/2019-side-channels/beamerthemergd.sty23
-rw-r--r--slides/2019-side-channels/img/attacker.jpgbin0 -> 9649 bytes
-rw-r--r--slides/2019-side-channels/img/client.pngbin0 -> 48225 bytes
-rwxr-xr-xslides/2019-side-channels/img/countermeasure.py18
-rw-r--r--slides/2019-side-channels/img/demo.pngbin0 -> 506328 bytes
-rw-r--r--slides/2019-side-channels/img/grandpa.pngbin0 -> 155510 bytes
-rw-r--r--slides/2019-side-channels/img/isn7
-rwxr-xr-xslides/2019-side-channels/img/logo.pngbin0 -> 66309 bytes
-rw-r--r--slides/2019-side-channels/img/meltdown-dump.pngbin0 -> 120959 bytes
-rw-r--r--slides/2019-side-channels/img/meltdown-ff.pngbin0 -> 167652 bytes
-rw-r--r--slides/2019-side-channels/img/meltdown-insn.pngbin0 -> 36580 bytes
-rw-r--r--slides/2019-side-channels/img/meltdown-isn3
-rw-r--r--slides/2019-side-channels/img/meltdown-out-of-order.pngbin0 -> 79533 bytes
-rw-r--r--slides/2019-side-channels/img/meltdown-pageload.pngbin0 -> 88408 bytes
-rw-r--r--slides/2019-side-channels/img/meltdown.pngbin0 -> 79199 bytes
-rw-r--r--slides/2019-side-channels/img/memlayout.pngbin0 -> 49683 bytes
-rw-r--r--slides/2019-side-channels/img/pandora.jpgbin0 -> 2892561 bytes
-rw-r--r--slides/2019-side-channels/img/printersound.pngbin0 -> 150660 bytes
-rw-r--r--slides/2019-side-channels/img/security-door-zoomin.pngbin0 -> 316445 bytes
-rw-r--r--slides/2019-side-channels/img/security-door-zoomout.pngbin0 -> 712986 bytes
-rw-r--r--slides/2019-side-channels/img/security-door.pngbin0 -> 371971 bytes
-rw-r--r--slides/2019-side-channels/img/server.pngbin0 -> 22816 bytes
-rw-r--r--slides/2019-side-channels/img/smartcard.pngbin0 -> 122659 bytes
-rwxr-xr-xslides/2019-side-channels/img/strcmp.py18
-rw-r--r--slides/2019-side-channels/img/timeit.pngbin0 -> 309045 bytes
-rw-r--r--slides/2019-side-channels/img/ultrasound.pngbin0 -> 330507 bytes
-rw-r--r--slides/2019-side-channels/img/voip.pngbin0 -> 150740 bytes
-rw-r--r--slides/2019-side-channels/main.tex26
-rw-r--r--slides/2019-side-channels/slides.pdfbin0 -> 6759710 bytes
-rw-r--r--slides/2019-side-channels/src/body.tex536
-rw-r--r--slides/2019-side-channels/src/preamble.tex114
-rw-r--r--slides/2019-side-channels/src/titlepage.tex3
37 files changed, 896 insertions, 0 deletions
diff --git a/slides/2019-side-channels/README b/slides/2019-side-channels/README
new file mode 100644
index 0000000..c1ef746
--- /dev/null
+++ b/slides/2019-side-channels/README
@@ -0,0 +1 @@
+Guest lecture on side channels / timing attacks.
diff --git a/slides/2019-side-channels/beamercolorthemergd.sty b/slides/2019-side-channels/beamercolorthemergd.sty
new file mode 100644
index 0000000..74ced1c
--- /dev/null
+++ b/slides/2019-side-channels/beamercolorthemergd.sty
@@ -0,0 +1,24 @@
+\mode<presentation>
+
+%%%
+% Color definitions
+%%%
+\RequirePackage{xcolor}
+\definecolor{rgdGreen}{RGB}{33,114,106}
+\definecolor{rgdYellow}{RGB}{255,210,4}
+\definecolor{rgdOrange}{RGB}{232,114,12}
+\colorlet{rgdGray}{gray!33}
+\colorlet{rgdBlack}{black}
+
+%%%
+% Beamer colors
+%%%
+\setbeamercolor*{titlepage}{fg=rgdBlack}
+\setbeamercolor*{author}{fg=rgdGreen}
+\setbeamercolor*{date}{fg=black}
+\setbeamercolor*{header}{bg=rgdYellow,fg=black}
+\setbeamercolor*{trailer}{bg=rgdGray,fg=black}
+\setbeamercolor*{item}{fg=rgdGreen}
+\setbeamercolor*{alerted text}{fg=rgdGreen}
+
+\mode<all>
diff --git a/slides/2019-side-channels/beamerfontthemergd.sty b/slides/2019-side-channels/beamerfontthemergd.sty
new file mode 100644
index 0000000..a6d212c
--- /dev/null
+++ b/slides/2019-side-channels/beamerfontthemergd.sty
@@ -0,0 +1,9 @@
+\mode<presentation>
+
+\setbeamerfont{title}{size=\large,shape=\bfseries}
+\setbeamerfont{subtitle}{size=\normalsize,shape=\bfseries}
+\setbeamerfont{frametitle}{size=\large,shape=\bfseries}
+\setbeamerfont{institute}{size=\small}
+\setbeamerfont{date}{size=\small}
+
+\mode<all>
diff --git a/slides/2019-side-channels/beamerinnerthemergd.sty b/slides/2019-side-channels/beamerinnerthemergd.sty
new file mode 100644
index 0000000..4dfd6cf
--- /dev/null
+++ b/slides/2019-side-channels/beamerinnerthemergd.sty
@@ -0,0 +1,49 @@
+\mode<presentation>
+
+%%%
+% Title page
+%%%
+\defbeamertemplate*{title page}{rgd}[1][]{
+ \begin{tikzpicture}[remember picture, overlay]
+ \usebeamercolor{titlepage}
+ % Add top-left triangle with university logo
+ \filldraw[draw=rgdGray,fill=rgdGray]
+ (current page.north west) --
+ (current page.north) --
+ node[draw=none,pos=0.5](Logo){\includegraphics[width=3cm]{img/logo}}
+ (current page.west) --
+ (current page.north west);
+ % Add title
+ \node[
+ text=fg,
+ text width=0.75\paperwidth,
+ ] (Title) at ([shift={(0,-0.5cm)}]current page){%
+ \centering\usebeamerfont{title}\inserttitle\\%
+ };
+ % Add subtitle
+ \node[
+ text=fg,
+ text width=0.75\paperwidth,
+ below=0pt of Title,
+ ] (Subtitle) {%
+ \centering\usebeamerfont{subtitle}\insertsubtitle\\%
+ };
+ % Add authors
+ \usebeamercolor{author}
+ \node[
+ text=fg,
+ text width=0.75\paperwidth,
+ below=12pt of Subtitle,
+ ] (Author) {%
+ \centering\usebeamerfont{author}\insertauthor\\%
+ };
+ % Add date
+ \node[
+ text=fg,
+ text width=0.75\paperwidth,
+ below right= 0.25cm and 4.5cm of current page.north,
+ ](Date) {\today};
+ \end{tikzpicture}
+}
+
+\mode<all>
diff --git a/slides/2019-side-channels/beamerouterthemergd.sty b/slides/2019-side-channels/beamerouterthemergd.sty
new file mode 100644
index 0000000..15501a8
--- /dev/null
+++ b/slides/2019-side-channels/beamerouterthemergd.sty
@@ -0,0 +1,65 @@
+\mode<presentation>
+
+%%%
+% Frame header
+%%%
+\defbeamertemplate*{frametitle}{corporate}[1][]{%
+ \nointerlineskip
+ % Add frame title
+ \begin{beamercolorbox}[
+ wd=\paperwidth,
+ ht=3ex,
+ dp=1.5ex,
+ left,
+ leftskip=2ex
+ ]{header}
+ \insertframetitle
+ \end{beamercolorbox}
+ % Add line after header
+ \nointerlineskip
+ \begin{beamercolorbox}[
+ wd=\paperwidth,
+ ht=0.25ex
+ ]{trailer}
+ \end{beamercolorbox}%
+}
+
+%%%
+% Frame trailer
+%%%
+\defbeamertemplate*{footline}{corporate}{%
+ \hbox{%
+ % Add mail
+ \begin{beamercolorbox}[
+ wd=0.22\paperwidth,
+ ht=2ex,
+ dp=0.5ex,
+ left,
+ leftskip=2ex
+ ]{trailer}
+ \texttt{rasmus.dahlberg@kau.se}
+ \end{beamercolorbox}%
+ % Add author
+ \begin{beamercolorbox}[
+ wd=0.73\paperwidth,
+ ht=2ex,
+ dp=0.5ex,
+ left,
+ leftskip=2ex
+ ]{header}
+ \inserttitle--- \insertsubtitle
+ \end{beamercolorbox}%
+ % Add page counter
+ \begin{beamercolorbox}[
+ wd=0.05\paperwidth,
+ ht=2ex,
+ dp=0.5ex,
+ right,
+ rightskip=1ex
+ ]{header}
+ \insertframenumber/\inserttotalframenumber
+ \end{beamercolorbox}%
+ }
+}
+
+\mode<all>
diff --git a/slides/2019-side-channels/beamerthemergd.sty b/slides/2019-side-channels/beamerthemergd.sty
new file mode 100644
index 0000000..022ef2c
--- /dev/null
+++ b/slides/2019-side-channels/beamerthemergd.sty
@@ -0,0 +1,23 @@
+\mode<presentation>
+
+%%%
+% Load beamer settings
+%%%
+\usecolortheme{rgd}
+\usefonttheme{rgd}
+\useinnertheme{rgd}
+\useoutertheme{rgd}
+
+%%%
+% Disable navigation tools on slides
+%%%
+\setbeamertemplate{navigation symbols}{}
+
+%%%
+% Object styles
+%%%
+\setbeamertemplate{itemize item}[square]
+\setbeamertemplate{itemize subitem}[default]
+\setbeamertemplate{sections/subsections in toc}[square]
+
+\mode<all>
diff --git a/slides/2019-side-channels/img/attacker.jpg b/slides/2019-side-channels/img/attacker.jpg
new file mode 100644
index 0000000..3a0adec
--- /dev/null
+++ b/slides/2019-side-channels/img/attacker.jpg
Binary files differ
diff --git a/slides/2019-side-channels/img/client.png b/slides/2019-side-channels/img/client.png
new file mode 100644
index 0000000..f1ad88d
--- /dev/null
+++ b/slides/2019-side-channels/img/client.png
Binary files differ
diff --git a/slides/2019-side-channels/img/countermeasure.py b/slides/2019-side-channels/img/countermeasure.py
new file mode 100755
index 0000000..dda0868
--- /dev/null
+++ b/slides/2019-side-channels/img/countermeasure.py
@@ -0,0 +1,18 @@
+#!/usr/bin/python
+
+def is_equal(s1, s2):
+ '''
+ Returns true if the strings s1 and s2 encode the same information.
+ '''
+ if len(s1) != len(s2):
+ return False
+
+ result = 0
+ for (x,y) in zip(s1,s2):
+ result |= ord(x) ^ ord(y)
+
+ return result == 0
+
+target, strs = "abc", [ "ab", "abc", "abcd", "bbc", "abe" ]
+for s in strs:
+ print("{} == {} ? {}".format(target,s,is_equal(target,s)))
diff --git a/slides/2019-side-channels/img/demo.png b/slides/2019-side-channels/img/demo.png
new file mode 100644
index 0000000..509c9ad
--- /dev/null
+++ b/slides/2019-side-channels/img/demo.png
Binary files differ
diff --git a/slides/2019-side-channels/img/grandpa.png b/slides/2019-side-channels/img/grandpa.png
new file mode 100644
index 0000000..1953027
--- /dev/null
+++ b/slides/2019-side-channels/img/grandpa.png
Binary files differ
diff --git a/slides/2019-side-channels/img/isn b/slides/2019-side-channels/img/isn
new file mode 100644
index 0000000..4e536b5
--- /dev/null
+++ b/slides/2019-side-channels/img/isn
@@ -0,0 +1,7 @@
+read(MEM[5]);
+read(MEM[5]);
+...
+raise_exception();
+data = read(MEM[7]);
+read(MEM[data])
+...
diff --git a/slides/2019-side-channels/img/logo.png b/slides/2019-side-channels/img/logo.png
new file mode 100755
index 0000000..0c7c885
--- /dev/null
+++ b/slides/2019-side-channels/img/logo.png
Binary files differ
diff --git a/slides/2019-side-channels/img/meltdown-dump.png b/slides/2019-side-channels/img/meltdown-dump.png
new file mode 100644
index 0000000..6ecf2cf
--- /dev/null
+++ b/slides/2019-side-channels/img/meltdown-dump.png
Binary files differ
diff --git a/slides/2019-side-channels/img/meltdown-ff.png b/slides/2019-side-channels/img/meltdown-ff.png
new file mode 100644
index 0000000..f097f49
--- /dev/null
+++ b/slides/2019-side-channels/img/meltdown-ff.png
Binary files differ
diff --git a/slides/2019-side-channels/img/meltdown-insn.png b/slides/2019-side-channels/img/meltdown-insn.png
new file mode 100644
index 0000000..6b3b686
--- /dev/null
+++ b/slides/2019-side-channels/img/meltdown-insn.png
Binary files differ
diff --git a/slides/2019-side-channels/img/meltdown-isn b/slides/2019-side-channels/img/meltdown-isn
new file mode 100644
index 0000000..19e9bd5
--- /dev/null
+++ b/slides/2019-side-channels/img/meltdown-isn
@@ -0,0 +1,3 @@
+data = read(MEM[addr])
+raise_exception();
+read(probe_array[data * 4096])
diff --git a/slides/2019-side-channels/img/meltdown-out-of-order.png b/slides/2019-side-channels/img/meltdown-out-of-order.png
new file mode 100644
index 0000000..b941373
--- /dev/null
+++ b/slides/2019-side-channels/img/meltdown-out-of-order.png
Binary files differ
diff --git a/slides/2019-side-channels/img/meltdown-pageload.png b/slides/2019-side-channels/img/meltdown-pageload.png
new file mode 100644
index 0000000..1304f32
--- /dev/null
+++ b/slides/2019-side-channels/img/meltdown-pageload.png
Binary files differ
diff --git a/slides/2019-side-channels/img/meltdown.png b/slides/2019-side-channels/img/meltdown.png
new file mode 100644
index 0000000..476eada
--- /dev/null
+++ b/slides/2019-side-channels/img/meltdown.png
Binary files differ
diff --git a/slides/2019-side-channels/img/memlayout.png b/slides/2019-side-channels/img/memlayout.png
new file mode 100644
index 0000000..779f137
--- /dev/null
+++ b/slides/2019-side-channels/img/memlayout.png
Binary files differ
diff --git a/slides/2019-side-channels/img/pandora.jpg b/slides/2019-side-channels/img/pandora.jpg
new file mode 100644
index 0000000..b8763ea
--- /dev/null
+++ b/slides/2019-side-channels/img/pandora.jpg
Binary files differ
diff --git a/slides/2019-side-channels/img/printersound.png b/slides/2019-side-channels/img/printersound.png
new file mode 100644
index 0000000..99e253d
--- /dev/null
+++ b/slides/2019-side-channels/img/printersound.png
Binary files differ
diff --git a/slides/2019-side-channels/img/security-door-zoomin.png b/slides/2019-side-channels/img/security-door-zoomin.png
new file mode 100644
index 0000000..200de7f
--- /dev/null
+++ b/slides/2019-side-channels/img/security-door-zoomin.png
Binary files differ
diff --git a/slides/2019-side-channels/img/security-door-zoomout.png b/slides/2019-side-channels/img/security-door-zoomout.png
new file mode 100644
index 0000000..934e998
--- /dev/null
+++ b/slides/2019-side-channels/img/security-door-zoomout.png
Binary files differ
diff --git a/slides/2019-side-channels/img/security-door.png b/slides/2019-side-channels/img/security-door.png
new file mode 100644
index 0000000..0a38cec
--- /dev/null
+++ b/slides/2019-side-channels/img/security-door.png
Binary files differ
diff --git a/slides/2019-side-channels/img/server.png b/slides/2019-side-channels/img/server.png
new file mode 100644
index 0000000..8ca8af3
--- /dev/null
+++ b/slides/2019-side-channels/img/server.png
Binary files differ
diff --git a/slides/2019-side-channels/img/smartcard.png b/slides/2019-side-channels/img/smartcard.png
new file mode 100644
index 0000000..d8306cd
--- /dev/null
+++ b/slides/2019-side-channels/img/smartcard.png
Binary files differ
diff --git a/slides/2019-side-channels/img/strcmp.py b/slides/2019-side-channels/img/strcmp.py
new file mode 100755
index 0000000..89688fc
--- /dev/null
+++ b/slides/2019-side-channels/img/strcmp.py
@@ -0,0 +1,18 @@
+#!/usr/bin/python
+
+def is_equal(s1, s2):
+ '''
+ Returns true if the strings s1 and s2 encode the same information.
+ '''
+ if len(s1) != len(s2):
+ return False
+
+ for (x,y) in zip(s1,s2):
+ if x != y:
+ return False
+
+ return True
+
+target, strs = "abc", [ "ab", "abc", "abcd", "bbc", "abe" ]
+for s in strs:
+ print("{} == {} ? {}".format(target,s,is_equal(target,s)))
diff --git a/slides/2019-side-channels/img/timeit.png b/slides/2019-side-channels/img/timeit.png
new file mode 100644
index 0000000..0ee3c11
--- /dev/null
+++ b/slides/2019-side-channels/img/timeit.png
Binary files differ
diff --git a/slides/2019-side-channels/img/ultrasound.png b/slides/2019-side-channels/img/ultrasound.png
new file mode 100644
index 0000000..b0de69e
--- /dev/null
+++ b/slides/2019-side-channels/img/ultrasound.png
Binary files differ
diff --git a/slides/2019-side-channels/img/voip.png b/slides/2019-side-channels/img/voip.png
new file mode 100644
index 0000000..1c0a912
--- /dev/null
+++ b/slides/2019-side-channels/img/voip.png
Binary files differ
diff --git a/slides/2019-side-channels/main.tex b/slides/2019-side-channels/main.tex
new file mode 100644
index 0000000..89521c9
--- /dev/null
+++ b/slides/2019-side-channels/main.tex
@@ -0,0 +1,26 @@
+\pdfminorversion=4
+%\documentclass[handout,aspectratio=169]{beamer}
+\documentclass[aspectratio=169]{beamer}
+\usetheme{rgd}
+
+\input{src/preamble}
+
+\title{%
+ Side-channels that break security in practise
+}
+\subtitle{%
+}
+\author{%
+ Rasmus Dahlberg
+}
+\institute{%
+ Karlstad University
+}
+\date{%
+ \today
+}
+
+\begin{document}
+ \input{src/titlepage}
+ \input{src/body}
+\end{document}
diff --git a/slides/2019-side-channels/slides.pdf b/slides/2019-side-channels/slides.pdf
new file mode 100644
index 0000000..6009645
--- /dev/null
+++ b/slides/2019-side-channels/slides.pdf
Binary files differ
diff --git a/slides/2019-side-channels/src/body.tex b/slides/2019-side-channels/src/body.tex
new file mode 100644
index 0000000..a2ede47
--- /dev/null
+++ b/slides/2019-side-channels/src/body.tex
@@ -0,0 +1,536 @@
+\begin{frame}
+ \mktitle{Learning outcomes}
+ \begin{columns}
+ \begin{column}{0.75\textwidth}
+ \begin{itemize}
+ \item Understand the threat of side-channels
+ \item Get an intuition of timing attacks
+ \end{itemize}
+ \end{column}
+ \begin{column}{0.25\textwidth}
+ \centering
+ \includegraphics[width=.8\textwidth]{img/meltdown}
+ \end{column}
+ \end{columns}
+ \vfill
+ \alert{No in-depth programming and cryptographic details}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Setting and security}
+ \begin{tikzpicture}
+ \node[draw=none](server){
+ \includegraphics[width=60pt]{img/server}
+ };
+ \node[draw=none,left=100pt of server](client){
+ \includegraphics[width=40pt]{img/client}
+ };
+ \path[draw, latex-latex] (client) -- (server);
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Security on paper}
+ \includegraphics[height=.67\textheight]{img/security-door-zoomin}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Reality --- not a black box}
+ \includegraphics[height=.67\textheight]{img/security-door-zoomout}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Side channels --- Pandora's box}
+ \begin{columns}
+ \begin{column}{.5\textwidth}
+ \hfill
+ \includegraphics[height=.67\textheight]{img/pandora}
+ \end{column}
+ \begin{column}{.5\textwidth}
+ \begin{itemize}
+ \item Power consumption
+ \item EM radiation
+ \item Heat
+ \item Sound
+ \item Cache
+ \item Faults
+ \item Timing
+ \item Size
+ \item ...
+ % REMINDER@Pandora: ... -> e.g., disk access patterns
+ \end{itemize}
+ \end{column}
+ \end{columns}
+ % REMINDER@Pandora: sky is the limit, there are lots of things to measure
+\end{frame}
+
+\begin{frame}
+ \mktitle{Printer sounds --- document content leaked}
+ \includegraphics[height=.67\textheight]{img/printersound}
+ \vfill\scriptsize{
+ Backes \emph{et~al.}:
+ Acoustic Side-Channel Attacks on Printers,
+ In: USENIX Security
+ (2010)
+ }
+\end{frame}
+
+\begin{frame}
+ \mktitle{Laptop sounds --- secret key leaked}
+ \includegraphics[width=.67\textwidth]{img/ultrasound}
+ \vfill\scriptsize{
+ Genkin \emph{et~al.}:
+ RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis,
+ In: Crypto
+ (2014)
+ }
+\end{frame}
+
+\begin{frame}
+ \mktitle{Energy consumption --- secret key leaked}
+ \includegraphics[width=.67\textwidth]{img/smartcard}
+ \vfill\scriptsize{
+ Messerges \emph{et~al.}:
+ Power Analysis Attacks of Modular Exponentiation in Smartcards,
+ In: CHES (1999)
+ }
+\end{frame}
+
+\begin{frame}
+ \mktitle{Packet size --- encrypted content leaked}
+ \includegraphics[height=.67\textheight]{img/voip}
+ \vfill\scriptsize{
+ White \emph{et~al.}:
+ Phonotactic Reconstruction of Encrypted VoIP Conversations:
+ Hookt on Fon-iks,
+ In: IEEE SP
+ (2011)
+ }
+\end{frame}
+
+\begin{frame}
+ \mktitle{Response timing --- message forgery}
+ \begin{tikzpicture}
+ \node[draw=none](server){
+ \includegraphics[width=60pt]{img/server}
+ };
+ \node[draw=none,left=100pt of server](client){
+ \includegraphics[width=40pt]{img/attacker}
+ };
+ \path[draw, -latex]
+ (client.34) |-
+ node[draw=none,above,pos=.75]{\texttt{msg, tag}}
+ (server.155);
+ \path[draw, -latex]
+ (server.199) |-
+ node[draw=none,above,pos=.75]{\texttt{yes/no}}
+ (client.335);
+ \end{tikzpicture}
+ \vfill\scriptsize{
+ Crosby \emph{et al.}:
+ Opportunities and Limits of Remote Timing Attacks,
+ In: TISSEC
+ (2009)
+ }\\
+ \scriptsize{
+ Hale:
+ A lesson in timing attacks,
+ URL: \url{https://codahale.com/a-lesson-in-timing-attacks/}
+ (2009)
+ }
+\end{frame}
+
+\begin{frame}
+ \mktitle{Scope}
+ \begin{tikzpicture}
+ \node[draw,rectangle,
+ minimum width=.6\textwidth,
+ minimum height=.4\textheight,
+ fill=gray!33,
+ ](sc){};
+ \node[draw=none,below=0pt of sc.150]{side-channels};
+ \node[draw,circle,
+ minimum width=.15\textwidth,
+ fill=rgdGreen,
+ text=white,
+ ](t){\textbf{timing}};
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Effort to crack this password?}
+ \begin{tikzpicture}[
+ rgddBox/.style = {
+ draw = black,
+ minimum width = 20pt,
+ minimum height = 20pt,
+ fill = gray!33,
+ font = \bfseries,
+ }
+ ]
+ \def\rgddBoxData{{z},{f},{T},{B},{s},{v},{g},{O},{e},{t}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox](p\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x};
+ \fi
+ \node[draw=none,text=darkRed,above=0pt of p\i]{\i};
+ }
+ %\pause
+ \foreach[count=\i] \x in \rgddBoxData{
+ \node[draw=none,text=darkGreen,below=0pt of p\i]{52};
+ }
+ \end{tikzpicture}
+ \pause
+ \vfill
+ 144555105949057024
+ \pause
+ \vfill
+ $52^{10}$ combinations and 100M queries/s $\rightarrow$ 46 years
+ %REMINDER@Password: exponential increase for each character
+ \pause
+ \\\includegraphics[height=.2\textheight]{img/grandpa}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Experiment --- are these strings equal?}
+ \pause
+ \texttt{0000000000000000} \floatright{\texttt{9389349108837912}}\\
+ \pause
+ \texttt{0000439513027213} \floatright{\texttt{0000431513027213}}\\
+ \pause
+ \texttt{7485820126271479} \floatright{\texttt{7485820126371479}}\\
+\end{frame}
+
+\begin{frame}
+ \mktitle{Comparing strings like a programmer}
+ \begin{tikzpicture}[
+ rgddBox/.style = {
+ draw = black,
+ minimum width = 20pt,
+ minimum height = 20pt,
+ fill = gray!33,
+ font = \bfseries,
+ },
+ rgddPopup/.style = {
+ draw=rgdGreen,
+ thick,
+ rectangle,
+ fill=rgdYellow,
+ minimum width = \textwidth,
+ minimum height = 40pt,
+ },
+ ]
+ \def\rgddBoxData{{7},{4},{8},{5}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox](p\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x};
+ \fi
+ }
+
+ \def\rgddBoxData{{7},{4},{0},{2}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox,right=60pt of p4](q\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of q\pgfmathresult](q\i){\x};
+ \fi
+ }
+
+ \foreach \i in {1,...,3}{
+ \only<\i>{\node[draw=none,below=6pt of p\i]{\lding};}
+ \only<\i>{\node[draw=none,below=6pt of q\i]{\lding};}
+ }
+
+ \only<4>{
+ \node[rgddPopup] at ($ (p4) !.5! (q4) $) {\Huge no need to continue};
+ }
+ \end{tikzpicture}
+\end{frame}
+
+%\begin{frame}
+% \mktitle{Programming 101 --- string comparison}
+% \lstinputlisting[style=CStyle,firstline=3,lastline=14]{img/strcmp.py}
+%\end{frame}
+
+\begin{frame}
+ \mktitle{Timing --- an inutitive note}
+ \includegraphics[width=\textwidth]{img/timeit}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Effort to crack this password?}
+ \begin{tikzpicture}[
+ rgddBox/.style = {
+ draw = black,
+ minimum width = 20pt,
+ minimum height = 20pt,
+ fill = gray!33,
+ font = \bfseries,
+ }
+ ]
+ \def\rgddBoxData{{z},{f},{T},{B},{s},{v},{g},{O},{e},{t}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox](p\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x};
+ \fi
+ \node[draw=none,text=darkRed,above=0pt of p\i]{\i};
+ }
+ \foreach[count=\i] \x in \rgddBoxData{
+ \node[draw=none,text=darkGreen,below=0pt of p\i]{52};
+ }
+ \end{tikzpicture}
+ \vfill
+
+ \pause
+ \begin{tikzpicture}[
+ rgddBox/.style = {
+ draw = black,
+ minimum width = 20pt,
+ minimum height = 20pt,
+ fill = gray!33,
+ font = \bfseries,
+ }
+ ]
+ \def\rgddBoxData{{a},{a},{a},{a},{a},{a},{a},{a},{a},{a}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox](q\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of q\pgfmathresult](q\i){\x};
+ \fi
+
+ }
+
+ \def\rgddBoxData{{z},{f},{T},{B},{s},{v},{g},{O},{e},{t}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i<5\pause\fi
+ \ifnum\i=1\relax
+ \node[rgddBox, text=darkOrange](q\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox, text=darkOrange, right=6pt of q\pgfmathresult](q\i){\x};
+ \fi
+ }
+ \end{tikzpicture}
+ %$52*10$ tries $\rightarrow$ ``negl'' time
+ %REMINDER@Password: linear increase for each character
+\end{frame}
+
+\begin{frame}
+ \mktitle{Demo --- Experimental setup}
+
+ \begin{tikzpicture}
+ \node[draw=none](server){
+ \includegraphics[width=60pt]{img/server}
+ };
+ \node[draw=none,left=100pt of server](client){
+ \includegraphics[width=40pt]{img/attacker}
+ };
+ \path[draw, -latex]
+ (client.34) |-
+ node[draw=none,above,pos=.75]{\texttt{msg, tag}}
+ (server.155);
+ \path[draw, -latex]
+ (server.199) |-
+ node[draw=none,above,pos=.75]{\texttt{yes/no}}
+ (client.335);
+ \path[draw,-latex]
+ (server) edge[loop right]
+ node[draw=none,pos=.7,below]{
+ \begin{tabular}{c}
+ byte-by-byte cmp\\
+ with $\approx$ms sleep
+ \end{tabular}
+ }
+ ();
+
+ \end{tikzpicture}
+ \vfill\url{https://github.com/rgdd/timing-server}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Can you recommend another demo? Asking for a friend}
+ \includegraphics[height=.67\textheight]{img/demo}
+ \url{https://www.youtube.com/watch?v=2-zQp26nbY8}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Countermeasure -- constant time compare}
+ \begin{tikzpicture}[
+ rgddBox/.style = {
+ draw = black,
+ minimum width = 20pt,
+ minimum height = 20pt,
+ fill = gray!33,
+ font = \bfseries,
+ },
+ rgddPopup/.style = {
+ draw=rgdGreen,
+ thick,
+ rectangle,
+ fill=rgdYellow,
+ minimum width = \textwidth,
+ minimum height = 40pt,
+ },
+ ]
+ \def\rgddBoxData{{7},{4},{8},{5}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox](p\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x};
+ \fi
+ }
+
+ \def\rgddBoxData{{7},{4},{0},{2}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox,right=60pt of p4](q\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of q\pgfmathresult](q\i){\x};
+ \fi
+ }
+
+ \foreach \i in {1,...,4}{
+ \only<\i>{\node[draw=none,below=6pt of p\i]{\lding};}
+ \only<\i>{\node[draw=none,below=6pt of q\i]{\lding};}
+ }
+ \end{tikzpicture}
+\end{frame}
+
+%\begin{frame}
+% \mktitle{Countermeasure --- constant time compare}
+% \lstinputlisting[style=CStyle,firstline=3,lastline=14]{img/countermeasure.py}
+%\end{frame}
+
+\begin{frame}
+ \mktitle{Lessons learned}
+ \centering
+
+ \textbf{Adversarial input?}
+ Think twice before using standard equality operators
+
+ \vfill
+ \textbf{Cryptography in code?} Stick to cryptographic libraries, hope for
+ the best
+\end{frame}
+
+\begin{frame}
+ \mktitle{Meltdown}
+ \includegraphics[height=.67\textheight]{img/meltdown}
+ \vfill\scriptsize{
+ Lipp \emph{et~al.}:
+ Meltdown,
+ In: CoRR abs/1801.01207
+ (2018)
+ }
+\end{frame}
+
+\begin{frame}
+ \mktitle{Preliminaries --- per-process virtual memory layout}
+ \includegraphics[width=.67\textwidth]{img/memlayout}
+ \vfill
+ \begin{tikzpicture}
+ \Tree [
+ .{page table} [
+ .{\textcolor{darkBlue}{address translation}}
+ ] [
+ .{\textcolor{darkGreen}{privelege checks}}
+ ]
+ ]
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Preliminaries --- caching and out-of-order execution}
+ \begin{tikzpicture}[
+ rgddBox/.style = {
+ draw = black,
+ minimum width = 20pt,
+ minimum height = 20pt,
+ fill = gray!33,
+ font = \bfseries,
+ }
+ ]
+ \def\rgddBoxData{{},{},{},{},{},{},{},{},{}}
+ \foreach[count=\i] \x in \rgddBoxData{
+ \ifnum\i=1\relax
+ \node[rgddBox](p\i){\x};
+ \else
+ \pgfmathparse{int(\i-1)}
+ \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x};
+ \fi
+ \node[draw=none,text=darkRed,above=0pt of p\i]{\i};
+
+ }
+
+ % First access
+ \node[draw=none,below=of p3,font=\rmfamily](call1){%
+ \texttt{access}($\mathsf{MEM}[5]$)
+ };
+ \path[draw, -latex]
+ (call1) --
+ node[draw=none,sloped,above,font=\scriptsize]{slow}
+ (p5.248);
+
+ % Second access
+ \node[draw=none,below=of p7,font=\rmfamily](call2){%
+ \texttt{access}($\mathsf{MEM}[5]$)
+ };
+ \path[draw, -latex]
+ (call2) --
+ node[draw=none,sloped,above,font=\scriptsize]{fast}
+ (p5.292);
+ \end{tikzpicture}
+
+ \pause
+ \begin{columns}
+ \begin{column}{.29\textwidth}
+ \lstinputlisting[style=CStyle]{img/isn}
+ \end{column}
+
+ \begin{column}{.49\textwidth}
+ \includegraphics[width=\textwidth]{img/meltdown-out-of-order}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Ooops --- leaked privileged memory?}
+ \begin{columns}
+ \begin{column}{.45\textwidth}
+ \lstinputlisting[style=CStyle]{img/meltdown-isn}
+ \end{column}
+ \end{columns}
+ \pause
+ \vfill
+ \includegraphics[width=.67\textwidth]{img/meltdown-pageload}
+\end{frame}
+
+\begin{frame}
+ \mktitle{Proof of concept}
+ \hfill
+ \includegraphics[height=.5\textheight]{img/meltdown-dump}
+ \hfill
+ \includegraphics[height=.5\textheight]{img/meltdown-ff}
+ \hfill
+\end{frame}
+
+\begin{frame}
+ \vfill\centering\Large\textbf{
+ That's it --- questions?
+ }\vfill
+\end{frame}
diff --git a/slides/2019-side-channels/src/preamble.tex b/slides/2019-side-channels/src/preamble.tex
new file mode 100644
index 0000000..56ed3df
--- /dev/null
+++ b/slides/2019-side-channels/src/preamble.tex
@@ -0,0 +1,114 @@
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+% Packages %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\usepackage[utf8]{inputenc}
+\usepackage[swedish]{babel}
+
+\usepackage[
+ lambda, advantage, operators, sets, adversary, landau, probability, notions,
+ logic, ff, mm, primitives, events, complexity, asymptotics, keys
+]{cryptocode}
+
+\usepackage{rotate}
+\usepackage{graphicx}
+\usepackage{mathtools}
+\usepackage{amsmath}
+\usepackage{amssymb}
+\usepackage{flowchart}
+\usepackage{smartdiagram}
+\usepackage{pifont}
+\usepackage{wasysym}
+\usepackage{graphicx}
+\usepackage{color}
+\usepackage{drawstack}
+\usepackage{tikz}
+\usepackage{tikz-qtree}
+\usetikzlibrary{
+ arrows,%
+ decorations.markings,%
+ backgrounds,%
+ calc,%
+ fit,%
+ positioning,%
+ shapes.misc,%
+ shadows,%
+ shapes.arrows,%
+ shapes,%
+ snakes,%
+}
+\usepackage{booktabs}
+\usepackage{smartdiagram}
+%\usepackage{floatrow}% this one causes error on arch for some reason
+\usepackage[position=bottom]{subfig} % environment for nested figures
+
+\usepackage{xcolor}
+\definecolor{darkGreen}{HTML}{008000}
+\definecolor{darkBlue}{HTML}{2809B2}
+\definecolor{darkRed}{HTML}{CC0000}
+\definecolor{darkGray}{HTML}{808080}
+\definecolor{darkOrange}{HTML}{D77D00}
+\definecolor{darkPurple}{HTML}{800080}
+\colorlet{lightGray}{gray!33}
+\colorlet{lightYellow}{yellow!50}
+\definecolor{darkGreen}{HTML}{008000}
+\definecolor{darkBlue}{HTML}{2809B2}
+\definecolor{darkRed}{HTML}{CC0000}
+
+\usepackage{hyperref}
+\hypersetup{
+ colorlinks = true, % Color links instead of boxes
+ urlcolor = darkBlue, % Color external hyper links
+ linkcolor = darkBlue, % Color internal links
+ citecolor = darkBlue, % Color citations
+}
+
+% Figures, tables and code
+\usepackage{booktabs}
+\usepackage{colortbl}
+\usepackage{flowchart}
+\usepackage{adjustbox}
+\usepackage{listings}
+
+\lstdefinestyle{CStyle}{
+ backgroundcolor=\color{lightGray!25},
+ commentstyle=\color{darkGreen},
+ keywordstyle=\color{darkBlue},
+ numberstyle=\tiny\color{darkRed},
+ stringstyle=\color{darkPurple},
+ basicstyle=\footnotesize,
+ breakatwhitespace=false,
+ breaklines=false,
+ captionpos=b,
+ keepspaces=true,
+ numbers=left,
+ numbersep=5pt,
+ showspaces=false,
+ showstringspaces=false,
+ showtabs=false,
+ tabsize=2,
+ language=C,
+ morekeywords={size_t,def,in,zip,True,False,ord},
+}
+
+\setbeamertemplate{itemize item}[circle]
+\setbeamertemplate{itemize subitem}[default]
+\setbeamertemplate{caption}[numbered]
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+% Defines %
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\makeatletter
+\let\@@magyar@captionfix\relax %needed for \titlefloatright
+\makeatother
+
+\newcommand{\tyes}{\textcolor{darkGreen}{\ding{51}}}
+\newcommand{\tno}{\textcolor{darkRed}{\ding{55}}}
+\newcommand{\burl}[1]{\tiny{\url{#1}}}
+\newcommand{\TODO}[1]{\textcolor{red}{TODO}: #1}
+\newcommand{\floatright}[1]{\hspace{0pt plus 1 filll}#1$\;$}
+
+\def\rding{\rotatebox[origin=c]{-91}{\ding{224}}}
+\def\lding{\rotatebox[origin=c]{91}{\ding{224}}}
+
+% TODO: fix this properly...
+\newcommand{\mktitle}[1]{\centering\textbf{\large#1}\vfill\normalsize}
diff --git a/slides/2019-side-channels/src/titlepage.tex b/slides/2019-side-channels/src/titlepage.tex
new file mode 100644
index 0000000..9b18039
--- /dev/null
+++ b/slides/2019-side-channels/src/titlepage.tex
@@ -0,0 +1,3 @@
+\begin{frame}
+ \titlepage
+\end{frame}