Never would I have thought that I would receive a lecture via a skype call⊠however this course continues to surprise me. Notes for this weekâs lectures as per usual :) This week notes will be in their purest form: brain dribble.
Needed a 64 bit key, but how do we get users to generate a 64 bit key. Was a lot to ask users to generate. Designers decided to generate the last 24 bits by themselves, using an IV.
Seed was different for each packet, 40 bit key that was shared and everyone used, and then the 24 bit value that was generated.Â
To decrypt, you get the 24 bit thing sent in the clear - (IV) and combine with the secret to get the 64 bitÂ
Danger when someone transmits the same data under the same key - data is replicated in the same frame
Collision for IV - square root of 2^24Â = 2^12 ~= 4000
Relatively small amount of packets needed to be sent before collision
Mixing data and control (key characteristic of attacks):
WEP attack - carrying out the normal function, can be abused by users to gain more control
I.e. Richard smuggling expensive express envelopes by hiding them in a satchel, posting them to himselfÂ
If there is a potential ambiguity in the channel and you are able to control how that is resolved - you gain control of the channel
Computer rapidly switches between jobs - âcontext switchingâ rather than concurrencyModern cpuâs use the notion of interruption Stack keeps track of what is being used
Latest process - top of the stack. When itâs finished, the information about the process gets thrown out, stack pointer gets moved down
After process have been re-awakened, need information about what the process is currently doing. This is stored in the disk, because RAM is expensive
Stack is also used to store local data about the program - much fasterÂ
Running program data is in the stack, as well as other frozen processes
Stack is stored backwards -> grows down
If can persuade the buffer you are writing to is bigger than it is - then you can be writing to other memory of the person that is asleep
Pointer to the next instruction about to be executed -> control
Contains other information
Write to the return address, overwrite the current thing
Bitcoin - canât counterfeit easily (work ratio)
No matter how good something is, every 18 months your attacker gains 1 bit of work due to Mooreâs law i.e. lose one bit of security
Number of transistors per square inch on integrated circuits had doubled every year since the integrated circuit was invented.Â
Thread model - attacker has physical access to the disk, assume full control of the hard driveÂ
Generate random key, encrypted version of the key stored in the disk
Application layer protocol used to send messages between browsers and web servers. HTTP requests go from the browser to the server.Â
Databases / SQL - browser sending an HTTP get request from the server with the username and password as data
Server queries database with âSELECT password FROM users WHERE matchâ
An HTTP cookie is a small piece of data sent in a response from a web server and stored on the userâs computer by the browser
A session cookies is a unique ID generated by the server and sent to the user when they first connect or login
Browser sends it with all HTTP requests
XSS - cross-site scripting is an attack in which an attacker injects data, such as a malicious program
Reflected XSS - occurs when user input is immediately returned by a web application.Â
Stored - you enter data which is stored within the application and then returned later
SQL injection is a code injection technique in which malicious SQL statements are inserted into an entry field for execution.
Goal behind an SQL query is to gain access
Blind SQL injections are identical to normal SQL Injection except that when an attacker attempts to exploit an application rather than getting a useful error message
Cross Site Request Forgery:
Attack on an authenticated user i,.e. Already logged in
When you log in to a website it sends you a cookie to your browser to keep you logged in.
If attacker knows the format of the bank request, they can hide a transfer request inside an img using html
Cross Site Request Forgery Defences:
Primary mitigation is with tokens
Generate a suitably random token, store value server-side
Sent token to user, expect this token back as part of any user requests
In a GET request, this token will be appended to the URL
If a website has XSS vulnerabilities, CSRF mitigations are pointless
Payment Process: Current versus Bitcoin:
Current payment systems require third-party intermediaries that often charge high processing fees
Machine-to-machine payment using the Bitcoin protocol allows for direct payment between individuals, as well as support micropayments -> reduce transaction costs
Built using cryptographic principles i.e. blockchain and hashing
Difficult to fake transactions - too many bits so it isnât worth
A chain of chronologically linked blocks where each block is linked to the previous block
Blocks are unique - no two blocks will have the same hash
Consists of hundreds of transactions
Put around 2000 transactions in one block
Blockâs hash summarises the data into a combination of letters and numbers
SHA-256 hashing algorithm
If a transaction in the block is changed, the hash is changed
This is important because each block has the hash of the previous block -> need to check against all previous blocks
When a transaction is mine, it isnât immediately added but placed in a transaction pool
The miner gathers enough to form a block - called a candidate block
Hash the block header along with a nonce
When we hash we hope the block hash value is below a certain target value
The nonce is a random number brute forced by miners to try and create the correct hash
When nonce is found, it is broadcast and the block is added to the existing chain
Growth of mining pools could eventually lead back to a centralised system
PoW mining uses excessive amounts of electricity
PoS algorithm attributes mining power to proportion of total bitcoins held, rather than computing power
Rewards are transaction fees rather than new cryptocurrency
Types of crypto currencies:
Uses the SHA-256 algorithm - very processor intensive and complex requires lots of dedicated hardware
More accessible for normal uses to mine on their CPUs as the algorithm used is less CPU intensive, but more memory intensive
Centralised architecture - libra will be managed by the Libra Association, having more control over the blockchain
There is no âminingâ - to set up a node on Libra, need $10000
Blockchain doesnât have a strong concept of identity (public, private) key pairing
Doesnât exempt transaction from tracing
Relations between address - inferring identity
Interactions between nodes and users
Unlinkability -> stealth addresses with view keys
Transaction mixing -> ring signatures
Concealing transaction amounts -> RingCt signatures
Purpose might also be to discredit a crypto instead of money
Credibility decided on the majority
Off-springs created oneâs solution for a hash is not added into their own spin-off
Motive might be to discredit the cryptocurrency
Usually happened on small networks
Verge 51% attack, on April 2018
Groups of hackers found two main flaws in the system:
Bug which lowered the hashing difficulty for a hashing algo (Scrypt)
Verge allowed 5 different hashing algorithms, and only the difficulty for Scrypt is lowered
Hacked 3 times over 2 weeks
Cryptocurrency exchanges:
Mt.Gox - bitcoin exchange that was launched in 2010. Handled over 70% of all Bitcoin transactions in 2013
Previous owner retained admin level user account when MtGox was sold in 2011
Attacker logged in to the account
Assigned himself a large number of BTC which he sold on the exchange
Price dropped immediately
Obtained private keys of MtGox clients
Created selling orders on these accounts and bought the BTC he stoleÂ
SQL Injection vulnerability was found
MtGox user database began circulating online and included:
Plain text email addresses
MD5 Hashed passwords, with some unsalted
Future of Cryptocurrency:
Overcoming resistance from:
Established finance institutes (eg banks)
Governments (they donât like that you donât pay tax by concurrency)
To the sft that utilises cryptocurrency
Cryptocurrency wallet/exchange/
Two sorts of ciphers, symmetric and asymmetric -> regards the keys
For a symmetric: you can decrypt and encrypt
For an asymmetric: you have separate private and public keys to decrypt and encrypt (RSA)
How would I cope, how would my business cope? -> âgobagâ
Home Study - read up about the âblock modesâ - only need to learn/understand ECB, CBC, CTR
Identifying for who? Computer/human?
Facebook. Police, baggage screening
Authentication and identification - what is the difference?
Computerised authentication system -> needs to make a decision about whether it is you or not
Something that you know - i.e a password. Easy way of doing authentication
How do you know that you share the same secret?
Something that you are - UnfakeableÂ
Two factor authentication:
Something that you have AND something that you know i.e. and password
All of these things seem different, but ultimately they are all just things that you know, and are all secrets
Something that you are can be replicated
Serious problem -> authenticating bombs, missiles etc
Biometrics - not real authentication, collecting another shared secret from a person, and can be bypassed
