1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
%
% Landing page
% - Recall TLS from last lecture
% - Encrypted tunnel between client-server
% - Authenticate client, server, or both; trust anchors hand-waved
% - Today is about how to authenticate servers in the web's PKI
%
\begin{frame}
\mktitle{Are we really connected to the real Google?}
\begin{tikzpicture}
\node[draw=none] (Login) at (0,0) {\includegraphics[height=0.8\textheight]{img/login}};\pause
%\node[draw=none] (Lock) at (0,0) {\includegraphics[height=0.8\textheight]{img/lock}};\pause
\node[draw=none] (Licence) at (Login.170) {\includegraphics[height=0.2\textheight]{img/certificate}};\pause
\node[draw=none] (CAs) at (Login.10) {\includegraphics[height=0.2\textheight]{img/cas}};
\node[draw=none,below=0cm of CAs] (Text) {...and many more};\pause
\node[draw=none,below=0cm of Text] (Fire) {\includegraphics[height=0.1\textheight]{img/fire}};
\end{tikzpicture}
\footnotetext[1]{\tiny{Summary of the DigiNotar incidence: \url{https://www.enisa.europa.eu/media/news-items/operation-black-tulip/} (2011)}}
\end{frame}
\begin{frame}
\mktitle{Learning outcomes}
\begin{columns}
\begin{column}{0.33\textwidth}
\centering\includegraphics[width=\columnwidth]{img/certificate}\\
\textbf{X.509 certificates}\\
Format, fields, ...
\end{column}
\pause
\begin{column}{0.33\textwidth}
\centering\includegraphics[width=\columnwidth]{img/cas}\\
\textbf{Certificate Authorities}\\
Ecosystem, validation, ...
\end{column}
\pause
\begin{column}{0.33\textwidth}
\centering\includegraphics[width=\columnwidth]{img/ct}\\
\textbf{Certificate Transparency}\\
Theory, practise, ...\\
\end{column}
\end{columns}
\pause
\vfill\alert{Why is this useful for me?}
% 1. You will likely encounter websites in one form or another. A site
% that's not working due to certificate errors; you need to get your own
% certificate for your site; etc. What should you get, why, and how?
% What steps are expected to keep your site's certificate secure?
% 2. Next time we will generalize. The technology surrounding certificate
% transparency is useful for a myriad of applications. Firmware, Go
% modules, official documents, etc.
\end{frame}
\begin{frame}
\mktitle{Middle part---Cronological}
\centering\includegraphics[width=\textwidth]{img/outline}
\end{frame}
\begin{frame}
\mktitle{Middle part---Segway to the end}
CT logs and monitoring $\rightarrow$ no undeteted DigiNotar-style attacks
\end{frame}
\begin{frame}
\mktitle{Middle part---Example of engagement}
\begin{description}
\item[]\textbf{Select all statements that are true:}
\item[$\square$] An X.509 certificate proves ownership of a website
\item[$\square$] An EV certificate is more secure than a DV certificate
\item[$\square$] Only Swedish CAs can issue \texttt{.se} certificates
\item[$\square$] There are hundreds of CAs across the globe
\end{description}
\end{frame}
\begin{frame}
\mktitle{Take away}
\begin{columns}
\begin{column}{0.5\textwidth}
\begin{itemize}
\item X.509 certificates
\begin{itemize}
\item ``Driver's licence for websites''
\item Am I connected to the right site?
\end{itemize}
\item Certificate Authorities (CAs)
\begin{itemize}
\item ``Transportstyrelsen for websites''
\item DV/OV/EV validated certificates
\item Weakest-link security
\end{itemize}
\item Certificate Transparency (CT)
\begin{itemize}
\item Holds CAs accountable (detection)
\item Enforced by Chrome, Safari, Edge
\item Monitor your own websites
\end{itemize}
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\includegraphics[width=\columnwidth]{img/crt}
\end{column}
\end{columns}
\end{frame}
|
