Class 23: Authentication Pitfalls


Guest Lecture by Yuchen Zhou

Links

Try your favorite (or least favorite) site with Facebook Sign-On: SSOScan.com


Class 18: SIM Card Exploitation

Guest lecture by Karsten Nohl: Slides [PDF]

(The recording of his talk Friday should also be available soon.)

Action Items

Everyone should submit a project idea form by Monday, 4 November at 11:59pm.

Space-Time Tradeoffs

How can a cryptanalyst trade-off running time and memory?

What properties must the targeted protocol have in order for it to be vulnerable to such space-time tradeoffs?

You can see more details on the space-time tradeoffs (in this case with application to GSM) here: Interview on GSM Cracking

The first paper about time-memory tradeoffs in cryptanalysis is: Martin Hellman, A Cryptanalytic Time-Memory Tradeoff, IEEE Transactions on Information Theory, 1980.

Wikipedia has a pretty good description of rainbow tables.

What do you think the NSA is doing with the zettabytes of storage it is building in Utah?

"They would have plenty of space with five zettabytes to store at least something on the order of 100 years worth of the worldwide communications, phones and emails and stuff like that," Binney asserts, "and then have plenty of space left over to do any kind of parallel processing to try to break codes."

Links

Rooting SIM cards, Security Research Labs, Berlin.

Sim card flaws leave millions of mobile phones open to attack, hacker finds, The Guardian, 1 August 2013

Encryption Flaw Makes Phones Possible Accomplices in Theft, New York Times, 21 July 2013

Weak Encryption Enables SIM Card Root Attack, Threatpost, 1 August 2013


Pages

  • Challenges
  • Course Wrapup
  • Final Projects
  • Final Survey
  • Getting Started with Github
  • IRC
  • Problem Set 3 - Zhtta Server - Benchmarking
  • Project
  • Project Ideas
  • Problem Set 1 - zhttpto Web Server
  • Comments on PS1 Comments
  • Problem Set 1 Reference Solution
  • Problem Set 2 - The Good Auld Shell
  • Problem Set 3 - Zhtta Server
  • Page Removed
  • Schedule
  • Enrolling for Spring 2014
  • Syllabus
  • Using Materials
  • Using Rust for an Undergraduate OS Course
  • VirtualBox
  • Working on Github in cs4414