SlideShare a Scribd company logo

Becoming More Paranoid

Download as PPTX, PDF
David Evans
David Evans

Introduction to Cryptocurrency University of Virginia cs4501 Fall 2015 http://bitcoin-class.org

Government & Nonprofit
1 of 19
Image from http://www.theregister.co.uk/2015/02/22/lenovo_superfish_removal_tool/ (but I think they stole it from Monsters and Aliens) Cryptocurrency Cabal cs4501 Fall 2015 David Evans and Samee Zahur University of Virginia Class 5: Becoming More Paranoid
Upcoming Schedule • Today: How Cryptosystems Fail • Next Week: blockchain and mining (readings in notes) • Tuesday, 15 September: Problem Set 1 • Wednesday, 23 September: Checkup 2 (delayed from 21 Sept in original schedule) 1
“Hard” Problems 2 Why do cryptographers consider discrete logarithm to be a hard problem?
3
Why do cryptosystems fail in practice? 4
Trusting Software 5
6
7
SSL (Secure Sockets Layer) 8 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol
SSL (Secure Sockets Layer) 9 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol How did client get KUCA?
10
Certificates 11 VarySign.com TJ multibit.org multibit.org, KUMultibit CP Verifies using KUVarySign How does VarySign decide if it should give certificate to requester? CP = KRVarySign[“multibit.org”, KUMultibit]
12
13
14
15
16 https://www.google.com/#q=chair
17 • Internet explorer connects to a web server on port 443 using SSL. The data is encrypted. • Komodia’s SSL hijacker intercepts the communication and redirects it to Komodia’s Redirector. The channel between the SSL hijacker and the Redirector is encrypted. • At this stage, Komodia’s Redirector can shape the traffic, block it, or redirect it to another website. • Communication between the Redirector and the website is encrypted using SSL. • All data received from the website can be again modified and/or blocked. When data manipulation is done, it is forwarded again to Internet explorer. • The browser displays the SSL lock, and the session will not display any “Certificate warnings”. http://www.komodia.com/products/komodias-ssl-decoderdigestor (in archive.org)
Charge Problem Set 1: due Tuesday 18 Upcoming office hours: Now (Samee) tomorrow (Dave, 2:30-3:30) Monday (Ori, 5-6:30pm)

Recommended

Always on availability groups way too deep
Always on availability groups way too deepAlways on availability groups way too deep
Always on availability groups way too deepJoseph D'Antoni
 
Dockercon 16 Recap
Dockercon 16 RecapDockercon 16 Recap
Dockercon 16 RecapLee Calcote
 
QA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of ServiceQA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of ServiceQAFest
 
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...Otávio Santana
 
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”GlobalLogic Ukraine
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key SignaturesDavid Evans
 
More mining
More miningMore mining
More miningsameezahur
 
Mining
MiningMining
MiningDavid Evans
 

Recommended

Always on availability groups way too deep
Always on availability groups way too deepAlways on availability groups way too deep
Always on availability groups way too deepJoseph D'Antoni
 
Dockercon 16 Recap
Dockercon 16 RecapDockercon 16 Recap
Dockercon 16 RecapLee Calcote
 
QA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of ServiceQA Fest 2018. Денис Жевнер. 56k Denial of Service
QA Fest 2018. Денис Жевнер. 56k Denial of ServiceQAFest
 
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...
MicroProfile: uma nova forma de desenvolver aplicações corporativas na era do...Otávio Santana
 
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”
GlobalLogic Azure TechTalk ONLINE “Marketing Data Lake in Azure”GlobalLogic Ukraine
 
Asymmetric Key Signatures
Asymmetric Key SignaturesAsymmetric Key Signatures
Asymmetric Key SignaturesDavid Evans
 
More mining
More miningMore mining
More miningsameezahur
 
Mining
MiningMining
MiningDavid Evans
 
Cryptography
CryptographyCryptography
CryptographyDavid Evans
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?David Evans
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyDavid Evans
 
Hash functions
Hash functionsHash functions
Hash functionssameezahur
 
Merkle Trees
Merkle TreesMerkle Trees
Merkle TreesDavid Evans
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeDavid Evans
 
Altcoins
AltcoinsAltcoins
Altcoinssameezahur
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting TransactionsDavid Evans
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm ConfirmationsDavid Evans
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin ScriptDavid Evans
 
The Blockchain
The BlockchainThe Blockchain
The BlockchainDavid Evans
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in BitcoinDavid Evans
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!David Evans
 
Mostly About Superfish
Mostly About SuperfishMostly About Superfish
Mostly About SuperfishDavid Evans
 
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"Daniel Bryant
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...Andrejs Vorobjovs
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureTiago Mendo
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureLuis Grangeia
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!Simon Haslam
 
RIPE 84: Revocation
RIPE 84: RevocationRIPE 84: Revocation
RIPE 84: RevocationAPNIC
 

More Related Content

Viewers also liked

Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?David Evans
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyDavid Evans
 
Hash functions
Hash functionsHash functions
Hash functionssameezahur
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeDavid Evans
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting TransactionsDavid Evans
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm ConfirmationsDavid Evans
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in BitcoinDavid Evans
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!David Evans
 

Viewers also liked (13)

Cryptography
CryptographyCryptography
Cryptography
 
Class 1: What is Money?
Class 1: What is Money?Class 1: What is Money?
Class 1: What is Money?
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Hash functions
Hash functionsHash functions
Hash functions
 
Merkle Trees
Merkle TreesMerkle Trees
Merkle Trees
 
Hidden Services, Zero Knowledge
Hidden Services, Zero KnowledgeHidden Services, Zero Knowledge
Hidden Services, Zero Knowledge
 
Altcoins
AltcoinsAltcoins
Altcoins
 
Scripting Transactions
Scripting TransactionsScripting Transactions
Scripting Transactions
 
Midterm Confirmations
Midterm ConfirmationsMidterm Confirmations
Midterm Confirmations
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
 
The Blockchain
The BlockchainThe Blockchain
The Blockchain
 
Anonymity in Bitcoin
Anonymity in BitcoinAnonymity in Bitcoin
Anonymity in Bitcoin
 
Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!Cryptocurrency Jeopardy!
Cryptocurrency Jeopardy!
 

Similar to Becoming More Paranoid

Mostly About Superfish
Mostly About SuperfishMostly About Superfish
Mostly About SuperfishDavid Evans
 
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"Daniel Bryant
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...Andrejs Vorobjovs
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerSteve Poole
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureTiago Mendo
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureLuis Grangeia
 
RIPE 84: Revocation
RIPE 84: RevocationRIPE 84: Revocation
RIPE 84: RevocationAPNIC
 
Training Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLTraining Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLContinuent
 
Cloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC OverviewCloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC OverviewCanturk Isci
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?pqrs1234
 
Secure Code the Cyber Pandemic Vaccine - Wayne Burke
Secure Code the Cyber Pandemic Vaccine - Wayne BurkeSecure Code the Cyber Pandemic Vaccine - Wayne Burke
Secure Code the Cyber Pandemic Vaccine - Wayne BurkeEC-Council
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15Ed Bellis
 
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemCraeg Strong
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
 

Similar to Becoming More Paranoid (20)

Mostly About Superfish
Mostly About SuperfishMostly About Superfish
Mostly About Superfish
 
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"CodeOne SF 2018 "Are you deploying and operating with security in mind?"
CodeOne SF 2018 "Are you deploying and operating with security in mind?"
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
 
Java application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developerJava application security the hard way - a workshop for the serious developer
Java application security the hard way - a workshop for the serious developer
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 
RIPE 84: Revocation
RIPE 84: RevocationRIPE 84: Revocation
RIPE 84: Revocation
 
Training Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSLTraining Slides: 302 - Securing Your Cluster With SSL
Training Slides: 302 - Securing Your Cluster With SSL
 
Cloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC OverviewCloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC Overview
 
Cloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC OverviewCloud Security & Compliance - JPMC Overview
Cloud Security & Compliance - JPMC Overview
 
State of the Web
State of the WebState of the Web
State of the Web
 
What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?What is SSL/TLS, 1-way and 2-way SSL?
What is SSL/TLS, 1-way and 2-way SSL?
 
Secure Code the Cyber Pandemic Vaccine - Wayne Burke
Secure Code the Cyber Pandemic Vaccine - Wayne BurkeSecure Code the Cyber Pandemic Vaccine - Wayne Burke
Secure Code the Cyber Pandemic Vaccine - Wayne Burke
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based SystemADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
ADDO 2022 Putting the Sec in DevSecOps for an AWS Lambda Based System
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
ZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSIZKorum: Building the Next Generation eAgora powered by SSI
ZKorum: Building the Next Generation eAgora powered by SSI
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015
 

More from David Evans

Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksDavid Evans
 
How to Live in Paradise
How to Live in ParadiseHow to Live in Paradise
How to Live in ParadiseDavid Evans
 
Mining Economics
Mining EconomicsMining Economics
Mining EconomicsDavid Evans
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the MassesDavid Evans
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of ReserveDavid Evans
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!David Evans
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinDavid Evans
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate CryptocurrenciesDavid Evans
 
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, SupsersizingQuiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, SupsersizingDavid Evans
 
Mining Pools and Profits
Mining Pools and ProfitsMining Pools and Profits
Mining Pools and ProfitsDavid Evans
 

More from David Evans (17)

Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for CypherpunksTrick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
Trick or Treat?: Bitcoin for Non-Believers, Cryptocurrencies for Cypherpunks
 
How to Live in Paradise
How to Live in ParadiseHow to Live in Paradise
How to Live in Paradise
 
Mining Economics
Mining EconomicsMining Economics
Mining Economics
 
Multi-Party Computation for the Masses
Multi-Party Computation for the MassesMulti-Party Computation for the Masses
Multi-Party Computation for the Masses
 
Proof of Reserve
Proof of ReserveProof of Reserve
Proof of Reserve
 
Silk Road
Silk RoadSilk Road
Silk Road
 
Blooming Sidechains!
Blooming Sidechains!Blooming Sidechains!
Blooming Sidechains!
 
Useful Proofs of Work, Permacoin
Useful Proofs of Work, PermacoinUseful Proofs of Work, Permacoin
Useful Proofs of Work, Permacoin
 
Alternate Cryptocurrencies
Alternate CryptocurrenciesAlternate Cryptocurrencies
Alternate Cryptocurrencies
 
Script
ScriptScript
Script
 
Selfish Mining
Selfish MiningSelfish Mining
Selfish Mining
 
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, SupsersizingQuiz 2: Bitcoin Protocol, Mining, Supsersizing
Quiz 2: Bitcoin Protocol, Mining, Supsersizing
 
Mining Pools and Profits
Mining Pools and ProfitsMining Pools and Profits
Mining Pools and Profits
 
More Mining
More MiningMore Mining
More Mining
 
Mining
MiningMining
Mining
 
Proofs of Work
Proofs of WorkProofs of Work
Proofs of Work
 
DigiCash
DigiCashDigiCash
DigiCash
 

Recently uploaded

Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceHigh Profile Call Girls
 
How the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersHow the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersCongressional Budget Office
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…nishakur201
 
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...narwatsonia7
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up NumberMs Riya
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...narwatsonia7
 
DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024Energy for One World
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...ankitnayak356677
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...Christina Parmionova
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27JSchaus & Associates
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Christina Parmionova
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Christina Parmionova
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...ResolutionFoundation
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...CedZabala
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfyalehistoricalreview
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012rehmti665
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.Christina Parmionova
 

Recently uploaded (20)

Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
 
How the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists LawmakersHow the Congressional Budget Office Assists Lawmakers
How the Congressional Budget Office Assists Lawmakers
 
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
Goa Escorts WhatsApp Number South Goa Call Girl … 8588052666…
 
The Federal Budget and Health Care Policy
The Federal Budget and Health Care PolicyThe Federal Budget and Health Care Policy
The Federal Budget and Health Care Policy
 
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(NEHA) Bhosari Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCeCall Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
 
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
No.1 Call Girls in Basavanagudi ! 7001305949 ₹2999 Only and Free Hotel Delive...
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
 
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
Russian Call Girl Hebbagodi ! 7001305949 ₹2999 Only and Free Hotel Delivery 2...
 
DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024
 
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.
 
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.Earth Day 2024 - AMC "COMMON GROUND'' movie night.
Earth Day 2024 - AMC "COMMON GROUND'' movie night.
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
 
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdfYHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
YHR Fall 2023 Issue (Joseph Manning Interview) (2).pdf
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.
 

Becoming More Paranoid

  • 1. Image from http://www.theregister.co.uk/2015/02/22/lenovo_superfish_removal_tool/ (but I think they stole it from Monsters and Aliens) Cryptocurrency Cabal cs4501 Fall 2015 David Evans and Samee Zahur University of Virginia Class 5: Becoming More Paranoid
  • 2. Upcoming Schedule • Today: How Cryptosystems Fail • Next Week: blockchain and mining (readings in notes) • Tuesday, 15 September: Problem Set 1 • Wednesday, 23 September: Checkup 2 (delayed from 21 Sept in original schedule) 1
  • 3. “Hard” Problems 2 Why do cryptographers consider discrete logarithm to be a hard problem?
  • 4. 3
  • 5. Why do cryptosystems fail in practice? 4
  • 7. 6
  • 8. 7
  • 9. SSL (Secure Sockets Layer) 8 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol
  • 10. SSL (Secure Sockets Layer) 9 Client Server Hello KRCA[Server Identity, KUS]Verify Certificate using KUCA Check identity matches URL Generate random K EKUS (K) Decrypt using KRSSecure channel using K Simplified TLS Handshake Protocol How did client get KUCA?
  • 11. 10
  • 12. Certificates 11 VarySign.com TJ multibit.org multibit.org, KUMultibit CP Verifies using KUVarySign How does VarySign decide if it should give certificate to requester? CP = KRVarySign[“multibit.org”, KUMultibit]
  • 13. 12
  • 14. 13
  • 15. 14
  • 16. 15
  • 18. 17 • Internet explorer connects to a web server on port 443 using SSL. The data is encrypted. • Komodia’s SSL hijacker intercepts the communication and redirects it to Komodia’s Redirector. The channel between the SSL hijacker and the Redirector is encrypted. • At this stage, Komodia’s Redirector can shape the traffic, block it, or redirect it to another website. • Communication between the Redirector and the website is encrypted using SSL. • All data received from the website can be again modified and/or blocked. When data manipulation is done, it is forwarded again to Internet explorer. • The browser displays the SSL lock, and the session will not display any “Certificate warnings”. http://www.komodia.com/products/komodias-ssl-decoderdigestor (in archive.org)
  • 19. Charge Problem Set 1: due Tuesday 18 Upcoming office hours: Now (Samee) tomorrow (Dave, 2:30-3:30) Monday (Ori, 5-6:30pm)