1Computer security: certification6.033 Spring 2007How confidential is traffic inthis lecture room?• sudo tcpdump -s 0 -Ai en1– Complete trace of all packets on wirelessc3d4• c3d4 a1b2 0002 0004 0000 0000– You shouldn’t do this• Example:13:57:53.794429 IP 18.188.69.36.mdns > 224.0.0.251.mdns: 0 [4a] [4q] SRV? Ben’s music._daap._tcp.local. TXT? Ben’s music._daap._tcp.local. A? ben-powerbook-g4-15.local. AAAA? ben-powerbook-g4-15.local. (367)Example Data inside packetGET /tracking/tracking.cgi?tracknum=1Z1836810375022812 HTTP/1.1Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shock wave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application /msword, */*Accept-Language: en-usAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)Host: wwwapps.ups.comConnection: Keep-AliveURLs are visible in Referer and in the GET commandAuxiliary Material for LectureResearch into Video Streaming for DP2?2GMail is not encrypted by default• Passed in the clear:– Contacts lists– GCalendar events• GZipped text– Inbox entries– Mail messages["112677a23fed4887",0,0,"12:58 pm","\u003cspan id\u003d\"_upro_rms@ gnu.org\"\>Richard Stallman\u003c/span\>"," ","[csail-related] Thwart big brother--trade charliecards. 13:45 Tuesday at rm 381","I have a charlie card with zero value currently stored on on it which I used for a couple of …",[],"","112677a23fed4887",0,"Mon May 7 2007_12:58 PM",0,"",0,0,1] Hint: Change the GMail URL to https:// !IChat is Plaintext• strings log.dump | grep ichatballoon | cut -d\> -f 4-A: it's just better not to reveal personal informationB: why?A: I dunno, identity theft and stuffB: oh, okayA: maybe I just won't worry about itQuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.QuickTime™ and aTIFF (Uncompressed) decompressorare needed to see this picture.Authentication logic (p 11-83)• 1. Delegation of authority:– If A says (B speaks for A) ⇒ B speaks for A• 2. Use of delegated authority:– If B speaks for A and B says (A says X) ⇒ A says X• 3. Chaining of delegation– If B speaks for A and A speaks for C ⇒ B speaks for CExample0. {A: M}KAprivif verify( ..., KApub) accepts then:1. KAprivsays A says Mif KAprivspeaks for KApub, apply rule 3:2. KApubsays A says Mif KApubspeaks for A, apply rule 2:3. A says Mdoes KApubspeak for A?1. {KApubspeaks for A}KMITprivif verifies with KMITpub2. KMITprivsays KApubspeaks for Aif KMITprivspeaks for KMITpub3. KMITpubsays KApubspeaks for Aif KMITpubspeaks for MIT4. MIT says KApubspeaks for Aif MIT speaks for A5. KApubspeaks for
View Full Document
Unlocking...