diff --git a/course-design/contents.tex b/course-design/contents.tex index faae245..9dcdc32 100644 --- a/course-design/contents.tex +++ b/course-design/contents.tex @@ -531,7 +531,14 @@ \subsection{Format} \mode{% \begin{frame} - \begin{block}{Assessment} + \begin{block}{Teaching}<+> + \begin{itemize} + \item Reading material and watching videos. + \item Discuss and work with material at synchronous seminars. + \end{itemize} + \end{block} + + \begin{block}{Assessment}<+> \begin{itemize} \item A synchronous seminar to summarize all work and tie the sack. \end{itemize} @@ -728,6 +735,17 @@ \subsection{Final assessment} \end{question} \end{frame} +\begin{onlyenv} +\section{The material} + +\begin{frame}[fragile] + \begin{center} + \huge + Canvas + \end{center} +\end{frame} +\end{onlyenv} + %%% REFERENCES %%% diff --git a/modules/02-passwd/01-seminar.md b/modules/02-passwd/01-seminar.md new file mode 100644 index 0000000..756cd4f --- /dev/null +++ b/modules/02-passwd/01-seminar.md @@ -0,0 +1,14 @@ +The library will come and talk about tools to use for searching and how to do +literature reviews. + +**Participation**: Online in the class Zoom room. Working webcam and microphone +is required. + +**Preparation**: The assignments that you just did (all previous material). You +need a device that you can work with web tools on. + +**Seminar content**: The library will talk about different types of literature +reviews. They will also present some useful tools for searching for literature. +We'll use these tools to search for literature to answer some of the research +questions we've discussed in the preparation material. (That's why you need a +device to work on.) diff --git a/modules/02-passwd/02-seminar.md b/modules/02-passwd/02-seminar.md new file mode 100644 index 0000000..f5f43bd --- /dev/null +++ b/modules/02-passwd/02-seminar.md @@ -0,0 +1,12 @@ +**Participation**: Online in the class Zoom room. Working webcam and microphone +is required. + +**Preparation**: The assignments that you just did (all previous material from +last seminar until now). + +**Seminar content**: We will discuss the papers that you've worked with. + +Particularly, we'll discuss how they relate to the research questions that was +the origin of the discussion. What we're interested in is how well these papers +answer those research questions and, particularly, how we can answer *exactly* +those questions. diff --git a/modules/02-passwd/contents.tex b/modules/02-passwd/contents.tex index 4aba4a6..c94d985 100644 --- a/modules/02-passwd/contents.tex +++ b/modules/02-passwd/contents.tex @@ -24,23 +24,19 @@ \clearpage -\section{Introduction} +\section
{Introduction} -\begin{frame} We've had passwords for about as long as we've had computers. Unfortunately, we still\footnote{As of \today.} haven't managed to do it right in practice. -\end{frame} So here we'll deal with the following question. -\begin{frame} - \begin{question}\label{RQ} - How can we know how secure our password-based authentication system will be? - \end{question} -\end{frame} +\begin{question}\label{RQ} + How can we know how secure our password-based authentication system will be? +\end{question} -\section{How do we know it's secure?} +\section[How do we know?]{How do we know it's secure?} \begin{frame} We have a system where users log in. @@ -48,16 +44,43 @@ \section{How do we know it's secure?} We've decided to use a password-based authentication system\footnote{% Yes, I know it's a bit of an oxymoron, but humor me. }. -\end{frame} -\begin{frame} \begin{exercise} - What do we need to know to try to answer \cref{RQ}? + What do we need to know to try to answer + \only
{\cref{RQ}}% + \only{how secure this will be}% + ? \end{exercise} \end{frame} +We first need to know what we mean by security. +Depending on that, we can evaluate security differently. + +\begin{frame}[fragile] + \begin{block}{How you answered} + \begin{itemize} + \item need definition of secure + \item need definition of adversary + \item threat modelling + \item context (banking, webmail, postal tracking?) + \item implementation details + \begin{itemize} + \item password policy + \item password storage + \item encryption methods used + \item NIST guidelines + \item two-factor authentication + \item lock-out policies + \item connection security + \end{itemize} + \item check how users choose passwords + \item test the passwords by guessing + \item check for password reuse + \end{itemize} + \end{block} +\end{frame} -\section{What do we mean by secure?} +\section[Define secure?]{What do we mean by secure?} Well, first of all, we need to define what we mean by \enquote{being secure}. \Cref{RQ} asks us to estimate how secure a password-based authentication system @@ -70,6 +93,20 @@ \section{What do we mean by secure?} \end{exercise} \end{frame} +\begin{frame}[fragile] + \begin{block}{How you answered} + \begin{itemize} + \item define in terms of brute forceability/guessability + \item define in terms of confidentiality, integrity, availability + \item only the right subject can access + \item the number of defences + \item security of credentials (confidentiality, integrity, availability) + \item probability that no one successfully tricks the system into believing + that they are someone they are not + \end{itemize} + \end{block} +\end{frame} + \begin{frame} \begin{solution} The first thing to do is to investigate how others have defined this. @@ -77,7 +114,14 @@ \section{What do we mean by secure?} \end{solution} \end{frame} -\subsection{Literature reviews} +\begin{frame} + \begin{exercise} + Now that you've had the seminar with the library, + how would you go about? + \end{exercise} +\end{frame} + +\subsection
{Literature reviews} There are several ways to do a literature review, or literature study. The first, and more rigorous, is to do a systematic literature review. @@ -121,25 +165,26 @@ \subsection{Literature reviews} In the case of a literature review, we still search the scientific literature. However, we don't need to document systematically how we do it. -\begin{frame} +\begin{frame}
\begin{exercise} - We want to investigate the most common definitions of security for - authentication systems and for which types of authentication systems + We want to investigate \alert<2>{the most common} definitions of security + for authentication systems and for which types of authentication systems they're used. Which type of literature review should we do; systematic or non-systematic? Why? \end{exercise} -\end{frame} + \begin{onlyenv}
In this case, the goal is to get an overview of the literature. Since purpose is to research what definitions there are and how they're used, we must document our method of research. This means that we should do a systematic literature review. + \end{onlyenv} -\begin{frame} \begin{exercise} - We want to explore different definitions of security for authentication - systems to find a definition to use for our study. + We want to \alert<2>{explore \only<2>{\textins{some} }different} + definitions of security for authentication systems to find a definition to + use for our study. Which type of literature review should we do; systematic or non-systematic? Why? \end{exercise} @@ -190,6 +235,12 @@ \subsection{A definition of security} We let the \emph{security level} of an authentication system be the inverse probability of a successful attack. \end{definition} +\only{% +\pause +\begin{remark} + Many were onto something like this, in one way or another. +\end{remark} +} \end{frame} Now, that captures the essence of what we want. @@ -197,11 +248,26 @@ \subsection{A definition of security} defining what \enquote{hard} means. This leads us down the path of formal security, \eg using complexity theory. +\begin{frame}
\begin{exercise} Search for a suitable formal definition of security for an authentication system, one that captures what we've laid out above. \end{exercise} +\begin{example} + Useful tools: + \begin{itemize} + \item Google Scholar with keywords + \item Semantic Scholar + \item Search non-scholar Google + \item Web of Science + \item Inciteful + \item SciSpace + \item Elicit + \end{itemize} +\end{example} +\end{frame} + When I did this, I first searched for authentication. Then I tried to look for any definitions among the results. I didn't find anything. @@ -257,6 +323,12 @@ \section{Evaluating security} \item An empirical investigation. \end{enumerate} \end{solution} + + \mode{% + \begin{remark}[Your answers] + Some gave one, some gave the other, some gave both. + \end{remark} + } \end{frame} \subsection{Deductive evaluation} @@ -279,14 +351,10 @@ \subsection{Deductive evaluation} \end{frame} A uniform distribution means that -\begin{frame} - all passwords are equally likely (\(\frac{1}{N^n}\)) -\end{frame} +all passwords are equally likely (\(\frac{1}{N^n}\)) and that -\begin{frame} - the Shannon entropy is maximized and equal to \(-\log \frac{1}{N^n} = n \log - {N}\), -\end{frame} +the Shannon entropy is maximized and equal to \(-\log \frac{1}{N^n} = n \log +{N}\), where \(N\) is the number of possible characters and \(n\) is the length of the password. @@ -306,6 +374,20 @@ \subsection{Deductive evaluation} Is it really secure, why or why not? How can we answer this question? \end{exercise} + + \begin{solution} + We can try forcing some user-generated passwords. + + We've assumed that the passwords are uniformly distributed. + But are they? + How can we find out? + \end{solution} + + \begin{onlyenv} + \begin{remark} + Most answers were onto that this might not match reality. + \end{remark} + \end{onlyenv} \end{frame} \subsection{Empirical evaluation} @@ -321,6 +403,12 @@ \subsection{Empirical evaluation} What is the password distribution? How are passwords chosen? \end{question} + +\pause + +\begin{solution} + Passwords are usually affected by a password policy. +\end{solution} \end{frame} Usually there is a \emph{password policy} which affects how users choose @@ -328,15 +416,27 @@ \subsection{Empirical evaluation} So we should change the question into the following. \begin{frame} -\begin{question} +\begin{question}[Password distribution] How does different password policies affect the password distribution? \end{question} -\begin{question}\label{Guessability} +\begin{question}[Password distribution, guessability]\label{Guessability} How easily can we guess the passwords under different password policies? \end{question} -\begin{exercise} - How should we try to answer these questions? -\end{exercise} +\only<1>{% + \begin{exercise} + How should we try to answer these questions? + \end{exercise} +} +\only<2>{% + \begin{block}{How you answered} + \begin{itemize} + \item First question: Some suggested trying to look at real world + passwords. + \item Second question: Some suggested probability theory. + Some suggested empirical evaluation (guessing). + \end{itemize} + \end{block} +} \end{frame} \paragraph{Case studies on empirical evaluation} @@ -349,6 +449,31 @@ \subsection{Empirical evaluation} We will explore these papers to see how they tried to answer these questions, so we'll return to them. +\begin{frame} + \begin{example}[Password distribution, guessability] + \fullcite{OfPasswordsAndPeople} + \end{example} + + \begin{example}[Guessability, usability] + \fullcite{CanLongPasswordsBeSecureAndUsable} + \end{example} + + \pause + + \begin{exercise} + \begin{itemize} + \item How well did the papers answer the questions? + \item Questions: + \begin{itemize} + \item How does different password policies affect the password + distribution? + \item How easily can we guess the passwords under different password + policies? + \end{itemize} + \end{itemize} + \end{exercise} +\end{frame} + However, we can do other estimates deductively too. For instance, we have the very famous \enquote{correct horse battery staple} from xkcd (\cref{xkcd936}). @@ -358,7 +483,8 @@ \subsection{Empirical evaluation} \begin{frame} \begin{figure}[h] - \includegraphics[width=\linewidth]{fig/password_strength.png} + \centering + \includegraphics[width=0.8\linewidth]{fig/password_strength.png} \caption{% The famous xkcd \enquote{correct horse battery staple} comic. Image: xkcd.com/936/. @@ -366,7 +492,13 @@ \subsection{Empirical evaluation} \end{figure} \end{frame} -\section{But is it even a good model to begin with?} +\begin{frame} + \begin{exercise} + Did any of the papers answer the question of how the passwords are chosen? + \end{exercise} +\end{frame} + +\section[Is it a good model?]{But is it even a good model to begin with?} \begin{frame} \begin{exercise} @@ -374,6 +506,19 @@ \section{But is it even a good model to begin with?} What questions should we ask? How can we answer them? \end{exercise} + + \only{% + \begin{block}{How you answered} + \begin{itemize} + \item Hardly anyone thought of the users' ability to tell verifiers + apart. + \item Two-factor authentication etc.? + \item Eavesdropping? + \item Password storage? Password reuse? + \item Authenticating password vs user. + \end{itemize} + \end{block} + } \end{frame} Well, our model says that the verifier is benign. @@ -385,9 +530,23 @@ \section{But is it even a good model to begin with?} \begin{frame} \begin{question} Can the verifier be an adversary or is the verifier always benign? + What are the consequences of this? \end{question} \end{frame} +\begin{frame} + \begin{example} + \fullcite{WhyPhishingWorks} + \end{example} + + \pause + + \begin{example}[Consequences] + We need the zero-knowledge property in our security definition. + (We actually need \emph{malicious}, not honest, verifier zero-knowledge. + \end{example} +\end{frame} + Now this depends on the users. Can they tell a benign verifier from an adversary? Turns out they can't\autocite{WhyPhishingWorks}. @@ -401,6 +560,7 @@ \section{But is it even a good model to begin with?} \begin{frame} \begin{figure} + \centering \includegraphics[height=0.9\textheight]{fig/password_reuse.png} \caption{% Illustrating whether the benign verifier assumption is a good idea in @@ -416,9 +576,42 @@ \section{But is it even a good model to begin with?} answered this question. So we'll return to this paper later. + +\section{Conclusion} + +\begin{frame} + We might need a qualitative (\eg usability) study + \only{\newline}% + to inform our deductive (\eg cryptographic) choices. +\end{frame} + %\begin{frame} % \begin{question} % Are there more reasons? % Password re-use, incompetent service, malicious service. % \end{question} %\end{frame} + +\begin{frame} + \begin{exercise} + \begin{itemize} + \item How did \citetitle{WhyPhishingWorks} answer the question? + \end{itemize} + \end{exercise} +\end{frame} + +\mode{% +\section{Evaluating other aspects} + +\begin{frame} + \begin{block}{Mentioned areas} + \begin{itemize} + \item Password storage + \item Password reuse + \item Two-factor authentication + \item Lock-out policies + \item Connection security + \end{itemize} + \end{block} +\end{frame} +} diff --git a/modules/02-passwd/slides.tex b/modules/02-passwd/slides.tex index 2287028..fa24869 100644 --- a/modules/02-passwd/slides.tex +++ b/modules/02-passwd/slides.tex @@ -20,7 +20,8 @@ \end{beamercolorbox} } \setbeamercovered{transparent} -\setbeamertemplate{bibliography item}[text] +% we need to set this to nothing to handle author-year citations +\setbeamertemplate{bibliography item}{\relax} \AtBeginSection[]{% \begin{frame}