diff options
Diffstat (limited to 'slides/2022-kll/src/body.tex')
| -rw-r--r-- | slides/2022-kll/src/body.tex | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/slides/2022-kll/src/body.tex b/slides/2022-kll/src/body.tex new file mode 100644 index 0000000..495bb27 --- /dev/null +++ b/slides/2022-kll/src/body.tex @@ -0,0 +1,109 @@ +% +% Landing page +% - Recall TLS from last lecture +% - Encrypted tunnel between client-server +% - Authenticate client, server, or both; trust anchors hand-waved +% - Today is about how to authenticate servers in the web's PKI +% + +\begin{frame} + \mktitle{Are we really connected to the real Google?} + \begin{tikzpicture} + \node[draw=none] (Login) at (0,0) {\includegraphics[height=0.8\textheight]{img/login}};\pause + %\node[draw=none] (Lock) at (0,0) {\includegraphics[height=0.8\textheight]{img/lock}};\pause + \node[draw=none] (Licence) at (Login.170) {\includegraphics[height=0.2\textheight]{img/certificate}};\pause + \node[draw=none] (CAs) at (Login.10) {\includegraphics[height=0.2\textheight]{img/cas}}; + \node[draw=none,below=0cm of CAs] (Text) {...and many more};\pause + \node[draw=none,below=0cm of Text] (Fire) {\includegraphics[height=0.1\textheight]{img/fire}}; + \end{tikzpicture} + + \footnotetext[1]{\tiny{Summary of the DigiNotar incidence: \url{https://www.enisa.europa.eu/media/news-items/operation-black-tulip/} (2011)}} +\end{frame} + +\begin{frame} + \mktitle{Learning outcomes} + \begin{columns} + \begin{column}{0.33\textwidth} + \centering\includegraphics[width=\columnwidth]{img/certificate}\\ + \textbf{X.509 certificates}\\ + Format, fields, ... + \end{column} + + \pause + \begin{column}{0.33\textwidth} + \centering\includegraphics[width=\columnwidth]{img/cas}\\ + \textbf{Certificate Authorities}\\ + Ecosystem, validation, ... + \end{column} + + \pause + \begin{column}{0.33\textwidth} + \centering\includegraphics[width=\columnwidth]{img/ct}\\ + \textbf{Certificate Transparency}\\ + Theory, practise, ...\\ + \end{column} + \end{columns} + + \pause + \vfill\alert{Why is this useful for me?} + % 1. You will likely encounter websites in one form or another. A site + % that's not working due to certificate errors; you need to get your own + % certificate for your site; etc. What should you get, why, and how? + % What steps are expected to keep your site's certificate secure? + % 2. Next time we will generalize. The technology surrounding certificate + % transparency is useful for a myriad of applications. Firmware, Go + % modules, official documents, etc. +\end{frame} + +\begin{frame} + \mktitle{Middle part---Cronological} + \centering\includegraphics[width=\textwidth]{img/outline} +\end{frame} + +\begin{frame} + \mktitle{Middle part---Segway to the end} + + CT logs and monitoring $\rightarrow$ no undeteted DigiNotar-style attacks +\end{frame} + +\begin{frame} + \mktitle{Middle part---Example of engagement} + + \begin{description} + \item[]\textbf{Select all statements that are true:} + \item[$\square$] An X.509 certificate proves ownership of a website + \item[$\square$] An EV certificate is more secure than a DV certificate + \item[$\square$] Only Swedish CAs can issue \texttt{.se} certificates + \item[$\square$] There are hundreds of CAs across the globe + \end{description} +\end{frame} + +\begin{frame} + \mktitle{Take away} + \begin{columns} + \begin{column}{0.5\textwidth} + \begin{itemize} + \item X.509 certificates + \begin{itemize} + \item ``Driver's licence for websites'' + \item Am I connected to the right site? + \end{itemize} + \item Certificate Authorities (CAs) + \begin{itemize} + \item ``Transportstyrelsen for websites'' + \item DV/OV/EV validated certificates + \item Weakest-link security + \end{itemize} + \item Certificate Transparency (CT) + \begin{itemize} + \item Holds CAs accountable (detection) + \item Enforced by Chrome, Safari, Edge + \item Monitor your own websites + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \includegraphics[width=\columnwidth]{img/crt} + \end{column} + \end{columns} +\end{frame} |