From ade547daf46ddb2d7b203626b6ecb8945e547927 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Wed, 27 Sep 2023 15:25:35 +0200 Subject: [PATCH 1/5] Adds some comments on students' performance --- modules/02-passwd/contents.tex | 73 +++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 6 deletions(-) diff --git a/modules/02-passwd/contents.tex b/modules/02-passwd/contents.tex index 4aba4a6..893eb60 100644 --- a/modules/02-passwd/contents.tex +++ b/modules/02-passwd/contents.tex @@ -56,6 +56,22 @@ \section{How do we know it's secure?} \end{exercise} \end{frame} +\begin{frame}[fragile] + \begin{itemize} + \item need definition of secure + \item need definition of adversary + \item threat modelling + \item context + \item implementation details + \item password policy + \item storage + \item encryption methods used + \item check how users choose passwords + \item test the passwords by guessing + \item check for password reuse + \item NIST guidelines + \end{itemize} +\end{frame} \section{What do we mean by secure?} @@ -77,6 +93,18 @@ \section{What do we mean by secure?} \end{solution} \end{frame} +\begin{frame}[fragile] + \begin{itemize} + \item define in terms of brute forceability/guessability + \item define in terms of confidentiality, integrity, availability + \item only the right subject can access + \item the number of defences + \item security of credentials (confidentiality, integrity, availability) + \item probability that no one successfully tricks the system into believing + that they are someone they are not + \end{itemize} +\end{frame} + \subsection{Literature reviews} There are several ways to do a literature review, or literature study. @@ -129,14 +157,14 @@ \subsection{Literature reviews} Which type of literature review should we do; systematic or non-systematic? Why? \end{exercise} -\end{frame} -In this case, the goal is to get an overview of the literature. -Since purpose is to research what definitions there are and how they're used, -we must document our method of research. -This means that we should do a systematic literature review. + \mode
{% + In this case, the goal is to get an overview of the literature. + Since purpose is to research what definitions there are and how they're + used, we must document our method of research. + This means that we should do a systematic literature review. + } -\begin{frame} \begin{exercise} We want to explore different definitions of security for authentication systems to find a definition to use for our study. @@ -197,11 +225,21 @@ \subsection{A definition of security} defining what \enquote{hard} means. This leads us down the path of formal security, \eg using complexity theory. +\begin{frame} \begin{exercise} Search for a suitable formal definition of security for an authentication system, one that captures what we've laid out above. \end{exercise} +\begin{example} + \begin{itemize} + \item Google Scholar with keywords + \item KTH Library search + \item Search non-scholar Google + \end{itemize} +\end{example} +\end{frame} + When I did this, I first searched for authentication. Then I tried to look for any definitions among the results. I didn't find anything. @@ -257,6 +295,12 @@ \section{Evaluating security} \item An empirical investigation. \end{enumerate} \end{solution} + + \mode{% + \begin{remark}[Your answers] + Some gave one, some gave the other, some gave both. + \end{remark} + } \end{frame} \subsection{Deductive evaluation} @@ -306,6 +350,12 @@ \subsection{Deductive evaluation} Is it really secure, why or why not? How can we answer this question? \end{exercise} + + \mode{% + \begin{remark} + Most answers were onto that this might not match reality. + \end{remark} + } \end{frame} \subsection{Empirical evaluation} @@ -374,6 +424,17 @@ \section{But is it even a good model to begin with?} What questions should we ask? How can we answer them? \end{exercise} + + \mode{% + \begin{remark} + \begin{itemize} + \item Hardly anyone thought of mapping the users' ability to tell + verifiers apart. + \item Two-factor authentication etc.? + \item Eavesdropping? + \end{itemize} + \end{remark} + } \end{frame} Well, our model says that the verifier is benign. From 3a8bbc2a86980031f179258973c950f37d3860b8 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Tue, 17 Oct 2023 18:40:41 +0200 Subject: [PATCH 2/5] Adds seminar LMS instructions for first module --- modules/02-passwd/01-seminar.md | 14 ++++++++++++++ modules/02-passwd/02-seminar.md | 12 ++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 modules/02-passwd/01-seminar.md create mode 100644 modules/02-passwd/02-seminar.md diff --git a/modules/02-passwd/01-seminar.md b/modules/02-passwd/01-seminar.md new file mode 100644 index 0000000..756cd4f --- /dev/null +++ b/modules/02-passwd/01-seminar.md @@ -0,0 +1,14 @@ +The library will come and talk about tools to use for searching and how to do +literature reviews. + +**Participation**: Online in the class Zoom room. Working webcam and microphone +is required. + +**Preparation**: The assignments that you just did (all previous material). You +need a device that you can work with web tools on. + +**Seminar content**: The library will talk about different types of literature +reviews. They will also present some useful tools for searching for literature. +We'll use these tools to search for literature to answer some of the research +questions we've discussed in the preparation material. (That's why you need a +device to work on.) diff --git a/modules/02-passwd/02-seminar.md b/modules/02-passwd/02-seminar.md new file mode 100644 index 0000000..f5f43bd --- /dev/null +++ b/modules/02-passwd/02-seminar.md @@ -0,0 +1,12 @@ +**Participation**: Online in the class Zoom room. Working webcam and microphone +is required. + +**Preparation**: The assignments that you just did (all previous material from +last seminar until now). + +**Seminar content**: We will discuss the papers that you've worked with. + +Particularly, we'll discuss how they relate to the research questions that was +the origin of the discussion. What we're interested in is how well these papers +answer those research questions and, particularly, how we can answer *exactly* +those questions. From 14209539fb075758cf5dd19e5ab8710b4d8bcfee Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Sat, 2 Dec 2023 08:29:27 +0100 Subject: [PATCH 3/5] Improves passwd module --- modules/02-passwd/contents.tex | 160 +++++++++++++++++++++++++++------ modules/02-passwd/slides.tex | 3 +- 2 files changed, 134 insertions(+), 29 deletions(-) diff --git a/modules/02-passwd/contents.tex b/modules/02-passwd/contents.tex index 893eb60..ebc09da 100644 --- a/modules/02-passwd/contents.tex +++ b/modules/02-passwd/contents.tex @@ -52,25 +52,36 @@ \section{How do we know it's secure?} \begin{frame} \begin{exercise} - What do we need to know to try to answer \cref{RQ}? + What do we need to know to try to answer \only{the question + above}\only
{\cref{RQ}}? \end{exercise} \end{frame} +We first need to know what we mean by security. +Depending on that, we can evaluate security differently. + \begin{frame}[fragile] + \begin{block}{How you answered} \begin{itemize} \item need definition of secure \item need definition of adversary \item threat modelling - \item context + \item context (banking, webmail, postal tracking?) \item implementation details - \item password policy - \item storage - \item encryption methods used + \begin{itemize} + \item password policy + \item password storage + \item encryption methods used + \item NIST guidelines + \item two-factor authentication + \item lock-out policies + \item connection security + \end{itemize} \item check how users choose passwords \item test the passwords by guessing \item check for password reuse - \item NIST guidelines \end{itemize} + \end{block} \end{frame} \section{What do we mean by secure?} @@ -86,14 +97,8 @@ \section{What do we mean by secure?} \end{exercise} \end{frame} -\begin{frame} - \begin{solution} - The first thing to do is to investigate how others have defined this. - So our approach will be to do a literature review. - \end{solution} -\end{frame} - \begin{frame}[fragile] + \begin{block}{How you answered} \begin{itemize} \item define in terms of brute forceability/guessability \item define in terms of confidentiality, integrity, availability @@ -103,9 +108,24 @@ \section{What do we mean by secure?} \item probability that no one successfully tricks the system into believing that they are someone they are not \end{itemize} + \end{block} \end{frame} -\subsection{Literature reviews} +\begin{frame} + \begin{solution} + The first thing to do is to investigate how others have defined this. + So our approach will be to do a literature review. + \end{solution} +\end{frame} + +\begin{frame} + \begin{exercise} + Now that you've had the seminar with the library, + how would you go about? + \end{exercise} +\end{frame} + +\subsection
{Literature reviews} There are several ways to do a literature review, or literature study. The first, and more rigorous, is to do a systematic literature review. @@ -149,7 +169,7 @@ \subsection{Literature reviews} In the case of a literature review, we still search the scientific literature. However, we don't need to document systematically how we do it. -\begin{frame} +\begin{frame}
\begin{exercise} We want to investigate the most common definitions of security for authentication systems and for which types of authentication systems @@ -158,7 +178,7 @@ \subsection{Literature reviews} Why? \end{exercise} - \mode
{% + \only
{% In this case, the goal is to get an overview of the literature. Since purpose is to research what definitions there are and how they're used, we must document our method of research. @@ -218,6 +238,12 @@ \subsection{A definition of security} We let the \emph{security level} of an authentication system be the inverse probability of a successful attack. \end{definition} +\only{% +\pause +\begin{remark} + Many were onto something like this, in one way or another. +\end{remark} +} \end{frame} Now, that captures the essence of what we want. @@ -225,17 +251,22 @@ \subsection{A definition of security} defining what \enquote{hard} means. This leads us down the path of formal security, \eg using complexity theory. -\begin{frame} +\begin{frame}
\begin{exercise} Search for a suitable formal definition of security for an authentication system, one that captures what we've laid out above. \end{exercise} -\begin{example} +\begin{example} + Useful tools: \begin{itemize} \item Google Scholar with keywords - \item KTH Library search + \item Semantic Scholar \item Search non-scholar Google + \item Web of Science + \item Inciteful + \item SciSpace + \item Elicit \end{itemize} \end{example} \end{frame} @@ -371,6 +402,12 @@ \subsection{Empirical evaluation} What is the password distribution? How are passwords chosen? \end{question} + +\pause + +\begin{solution} + Passwords are usually affected by a password policy. +\end{solution} \end{frame} Usually there is a \emph{password policy} which affects how users choose @@ -384,9 +421,21 @@ \subsection{Empirical evaluation} \begin{question}\label{Guessability} How easily can we guess the passwords under different password policies? \end{question} -\begin{exercise} - How should we try to answer these questions? -\end{exercise} +\only<1>{% + \begin{exercise} + How should we try to answer these questions? + \end{exercise} +} +\only<2>{% + \begin{block}{How you answered} + \begin{itemize} + \item First question: Some suggested trying to look at real world + passwords. + \item Second question: Some suggested probability theory. + Some suggested empirical evaluation (guessing). + \end{itemize} + \end{block} +} \end{frame} \paragraph{Case studies on empirical evaluation} @@ -408,7 +457,8 @@ \subsection{Empirical evaluation} \begin{frame} \begin{figure}[h] - \includegraphics[width=\linewidth]{fig/password_strength.png} + \centering + \includegraphics[width=0.8\linewidth]{fig/password_strength.png} \caption{% The famous xkcd \enquote{correct horse battery staple} comic. Image: xkcd.com/936/. @@ -416,6 +466,33 @@ \subsection{Empirical evaluation} \end{figure} \end{frame} +\begin{frame} + \begin{remark} + \begin{itemize} + \item This is hard. + \end{itemize} + \end{remark} + + \begin{exercise} + \begin{itemize} + \item How well did the papers answer the questions? + \item Papers: + \begin{itemize} + \item \citetitle{OfPasswordsAndPeople} + \item \citetitle{CanLongPasswordsBeSecureAndUsable} + \item \citetitle{GuessingHumanChosenSecrets2012} + \end{itemize} + \item Questions: + \begin{itemize} + \item How does different password policies affect the password + distribution? + \item How easily can we guess the passwords under different password + policies? + \end{itemize} + \end{itemize} + \end{exercise} +\end{frame} + \section{But is it even a good model to begin with?} \begin{frame} @@ -425,15 +502,17 @@ \section{But is it even a good model to begin with?} How can we answer them? \end{exercise} - \mode{% - \begin{remark} + \only{% + \begin{block}{How you answered} \begin{itemize} - \item Hardly anyone thought of mapping the users' ability to tell - verifiers apart. + \item Hardly anyone thought of the users' ability to tell verifiers + apart. \item Two-factor authentication etc.? \item Eavesdropping? + \item Password storage? Password reuse? + \item Authenticating password vs user. \end{itemize} - \end{remark} + \end{block} } \end{frame} @@ -462,6 +541,7 @@ \section{But is it even a good model to begin with?} \begin{frame} \begin{figure} + \centering \includegraphics[height=0.9\textheight]{fig/password_reuse.png} \caption{% Illustrating whether the benign verifier assumption is a good idea in @@ -483,3 +563,27 @@ \section{But is it even a good model to begin with?} % Password re-use, incompetent service, malicious service. % \end{question} %\end{frame} + +\begin{frame} + \begin{exercise} + \begin{itemize} + \item How did \citetitle{WhyPhishingWorks} answer the question? + \end{itemize} + \end{exercise} +\end{frame} + +\mode{% +\section{Evaluating other aspects} + +\begin{frame} + \begin{block}{Mentioned areas} + \begin{itemize} + \item Password storage + \item Password reuse + \item Two-factor authentication + \item Lock-out policies + \item Connection security + \end{itemize} + \end{block} +\end{frame} +} diff --git a/modules/02-passwd/slides.tex b/modules/02-passwd/slides.tex index 2287028..01975f5 100644 --- a/modules/02-passwd/slides.tex +++ b/modules/02-passwd/slides.tex @@ -20,7 +20,8 @@ \end{beamercolorbox} } \setbeamercovered{transparent} -\setbeamertemplate{bibliography item}[text] +% we need to set this to nothing to handle author-year citations +\setbeamertemplate{bibliography item}{} \AtBeginSection[]{% \begin{frame} From 401758c14605fc22a86b2bcd982a2774b6b906d0 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Wed, 31 Jan 2024 10:30:28 +0100 Subject: [PATCH 4/5] Adds slides to course overview --- course-design/contents.tex | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/course-design/contents.tex b/course-design/contents.tex index faae245..9dcdc32 100644 --- a/course-design/contents.tex +++ b/course-design/contents.tex @@ -531,7 +531,14 @@ \subsection{Format} \mode{% \begin{frame} - \begin{block}{Assessment} + \begin{block}{Teaching}<+> + \begin{itemize} + \item Reading material and watching videos. + \item Discuss and work with material at synchronous seminars. + \end{itemize} + \end{block} + + \begin{block}{Assessment}<+> \begin{itemize} \item A synchronous seminar to summarize all work and tie the sack. \end{itemize} @@ -728,6 +735,17 @@ \subsection{Final assessment} \end{question} \end{frame} +\begin{onlyenv} +\section{The material} + +\begin{frame}[fragile] + \begin{center} + \huge + Canvas + \end{center} +\end{frame} +\end{onlyenv} + %%% REFERENCES %%% From e69720ec94dc4468a0862c1648b90da6e01c9d35 Mon Sep 17 00:00:00 2001 From: Daniel Bosk Date: Wed, 31 Jan 2024 23:05:37 +0100 Subject: [PATCH 5/5] Improves 02-passwd slides for seminar --- modules/02-passwd/contents.tex | 99 ++++++++++++++++++++++++---------- modules/02-passwd/slides.tex | 2 +- 2 files changed, 71 insertions(+), 30 deletions(-) diff --git a/modules/02-passwd/contents.tex b/modules/02-passwd/contents.tex index 4aba4a6..85c8384 100644 --- a/modules/02-passwd/contents.tex +++ b/modules/02-passwd/contents.tex @@ -24,23 +24,19 @@ \clearpage -\section{Introduction} +\section
{Introduction} -\begin{frame} We've had passwords for about as long as we've had computers. Unfortunately, we still\footnote{As of \today.} haven't managed to do it right in practice. -\end{frame} So here we'll deal with the following question. -\begin{frame} - \begin{question}\label{RQ} - How can we know how secure our password-based authentication system will be? - \end{question} -\end{frame} +\begin{question}\label{RQ} + How can we know how secure our password-based authentication system will be? +\end{question} -\section{How do we know it's secure?} +\section[How do we know?]{How do we know it's secure?} \begin{frame} We have a system where users log in. @@ -48,16 +44,17 @@ \section{How do we know it's secure?} We've decided to use a password-based authentication system\footnote{% Yes, I know it's a bit of an oxymoron, but humor me. }. -\end{frame} -\begin{frame} \begin{exercise} - What do we need to know to try to answer \cref{RQ}? + What do we need to know to try to answer + \only
{\cref{RQ}}% + \only{how secure this will be}% + ? \end{exercise} \end{frame} -\section{What do we mean by secure?} +\section[Define secure?]{What do we mean by secure?} Well, first of all, we need to define what we mean by \enquote{being secure}. \Cref{RQ} asks us to estimate how secure a password-based authentication system @@ -123,23 +120,24 @@ \subsection{Literature reviews} \begin{frame} \begin{exercise} - We want to investigate the most common definitions of security for - authentication systems and for which types of authentication systems + We want to investigate \alert<2>{the most common} definitions of security + for authentication systems and for which types of authentication systems they're used. Which type of literature review should we do; systematic or non-systematic? Why? \end{exercise} -\end{frame} + \begin{onlyenv}
In this case, the goal is to get an overview of the literature. Since purpose is to research what definitions there are and how they're used, we must document our method of research. This means that we should do a systematic literature review. + \end{onlyenv} -\begin{frame} \begin{exercise} - We want to explore different definitions of security for authentication - systems to find a definition to use for our study. + We want to \alert<2>{explore \only<2>{\textins{some} }different} + definitions of security for authentication systems to find a definition to + use for our study. Which type of literature review should we do; systematic or non-systematic? Why? \end{exercise} @@ -279,14 +277,10 @@ \subsection{Deductive evaluation} \end{frame} A uniform distribution means that -\begin{frame} - all passwords are equally likely (\(\frac{1}{N^n}\)) -\end{frame} +all passwords are equally likely (\(\frac{1}{N^n}\)) and that -\begin{frame} - the Shannon entropy is maximized and equal to \(-\log \frac{1}{N^n} = n \log - {N}\), -\end{frame} +the Shannon entropy is maximized and equal to \(-\log \frac{1}{N^n} = n \log +{N}\), where \(N\) is the number of possible characters and \(n\) is the length of the password. @@ -306,6 +300,14 @@ \subsection{Deductive evaluation} Is it really secure, why or why not? How can we answer this question? \end{exercise} + + \begin{solution} + We can try forcing some user-generated passwords. + + We've assumed that the passwords are uniformly distributed. + But are they? + How can we find out? + \end{solution} \end{frame} \subsection{Empirical evaluation} @@ -328,10 +330,10 @@ \subsection{Empirical evaluation} So we should change the question into the following. \begin{frame} -\begin{question} +\begin{question}[Password distribution] How does different password policies affect the password distribution? \end{question} -\begin{question}\label{Guessability} +\begin{question}[Password distribution, guessability]\label{Guessability} How easily can we guess the passwords under different password policies? \end{question} \begin{exercise} @@ -349,6 +351,16 @@ \subsection{Empirical evaluation} We will explore these papers to see how they tried to answer these questions, so we'll return to them. +\begin{frame} + \begin{example}[Password distribution, guessability] + \fullcite{OfPasswordsAndPeople} + \end{example} + + \begin{example}[Guessability, usability] + \fullcite{CanLongPasswordsBeSecureAndUsable} + \end{example} +\end{frame} + However, we can do other estimates deductively too. For instance, we have the very famous \enquote{correct horse battery staple} from xkcd (\cref{xkcd936}). @@ -366,7 +378,13 @@ \subsection{Empirical evaluation} \end{figure} \end{frame} -\section{But is it even a good model to begin with?} +\begin{frame} + \begin{exercise} + Did any of the papers answer the question of how the passwords are chosen? + \end{exercise} +\end{frame} + +\section[Is it a good model?]{But is it even a good model to begin with?} \begin{frame} \begin{exercise} @@ -385,9 +403,23 @@ \section{But is it even a good model to begin with?} \begin{frame} \begin{question} Can the verifier be an adversary or is the verifier always benign? + What are the consequences of this? \end{question} \end{frame} +\begin{frame} + \begin{example} + \fullcite{WhyPhishingWorks} + \end{example} + + \pause + + \begin{example}[Consequences] + We need the zero-knowledge property in our security definition. + (We actually need \emph{malicious}, not honest, verifier zero-knowledge. + \end{example} +\end{frame} + Now this depends on the users. Can they tell a benign verifier from an adversary? Turns out they can't\autocite{WhyPhishingWorks}. @@ -416,6 +448,15 @@ \section{But is it even a good model to begin with?} answered this question. So we'll return to this paper later. + +\section{Conclusion} + +\begin{frame} + We might need a qualitative (\eg usability) study + \only{\newline}% + to inform our deductive (\eg cryptographic) choices. +\end{frame} + %\begin{frame} % \begin{question} % Are there more reasons? diff --git a/modules/02-passwd/slides.tex b/modules/02-passwd/slides.tex index 2287028..395cdf5 100644 --- a/modules/02-passwd/slides.tex +++ b/modules/02-passwd/slides.tex @@ -20,7 +20,7 @@ \end{beamercolorbox} } \setbeamercovered{transparent} -\setbeamertemplate{bibliography item}[text] +\setbeamertemplate{bibliography item}{\relax} \AtBeginSection[]{% \begin{frame}