 All right folks How about now better Yeah Okay Okay, so people for the for people who are watching the recording. I'm sorry, but I Forgot the mic, so we just have this mic here So I'll have to try to reiterate your questions talk loud if you need to talk And let's Announcements. Oh midterm on the fifth All saw the piazza post it's on the website in this room on the fifth same time. No notes. No nothing You'll do well. I have faith. I can't promise you'll do well, but you can do well so let's then step back a little bit and Refresh ourselves. We're finishing up our last little bit of crypto here. So what is the Key problem that we've seen in public key cryptography. Yeah, okay So why why are they susceptible to man in the middle of tax? All the time, I mean when does that actually when is it actually a problem? Because we when we talked about the security of public key crypto systems, right? We assumed that everyone knew everyone's public heat right even knew everyone's public key But that didn't enable her to launching attacks. Yeah Yeah, so then they keep the the problem here is that the How do we exchange public keys and how do I know that your public key is actually and you are who you say you are when you're Giving me your public key. So how to do that type of mechanism? So we talked about and we derived actually one kind of mechanism for this the public key infrastructure What was that about? Yeah, certificate authority So we kind of delegate trust to some other authorities who can sign and create certificates for other people Then they can have a complex chain of hierarchy of people We can decide which certain authorities we're willing to trust based on what we want to have happen so yeah, we can create this nice kind of more centralized structure of and Essentially delegating that key verification process to somebody else. So there's some other Certificate authority, but it's somebody else that we're delegating and saying like, okay, they'll figure out who's who But what if we can't do that? So What if you're what if you don't trust these companies? What if you? Don't You won't let's say you're an activist and you have reason to distrust your government or any other certificate authorities And then how do you actually use public key cryptography? In a safe or potentially safe way Decentralized right so the key problem there is there's a central entity that maybe we don't trust Right so then we can decentralize it and so what would would this actually look like? Can you see my cursor? No, me either, okay So don't also don't have the the thing so things gonna get even worse and what is going on now? There we go. Wow, that was weird Okay, cool. Okay, so we don't have a central entity that we can trust so let's talk about our situation, right? So we have and I'm gonna try to draw as little as possible. It's not going well This is with my finger. Okay, so we have Alice and Bob, right? They have their public keys right public key of Bob Public key of Alice so then what would this decentralized model look like or what maybe So yeah, let's think about that so we have to bootstrap this process somehow right so okay Alice and Bob Let's say they know each other right in person But then how can they verify each other's identity and and so if we think about Decentralizing with certificate authority, right? What was special about a certificate authority where they could sign Great signatures and certificates for other people's public key What was special about them? Yeah, that was the only special thing is we decided to trust them right other than that There's nothing special. They were just another entity with a public key and a private key So Alice or Bob could make a certificate for the other one, right? That says I'm Alice and I trust that this is Bob and I verify this is Bob How can they actually do this so how can Alice and Bob may be verified with an identity in where? In person. Yeah, so they have to meet in person Right. They have to either share their fingerprint of their key or something or a hash of their key with each other So that they know what the other person's key looks like They probably need to verify then maybe Identification card maybe to verify they're actually their real identity, right? Okay, so if they can do that then let's say Alice and Bob have verified each other Now we have what called Charlie Charlie comes in the picture Now how can Alice try to convince Charlie that she is who she says she is Yeah No, no back behind you. Sorry Yeah, so maybe what if Bob and Charlie know each other, right? They've actually verified each other met in person But Alice and Charlie have never met So when Alice and Bob meet Right, just like before we could say that there's a Don't write this all up. Well you see for cert so Alice has a certificate from Bob on The public key of Alice right so we saw this last time This is a cryptographic proof that she can give to anyone and said that Bob knows that I am And so with this Bob then has the private key of Bob the private key of out Sorry public the public key of Bob public key of Alice and a certificate from Alice about the public key of Bob Right, and so when Bob and Charlie meet what does so Charlie has his public key And then what does he know when he and Bob verify each other Bob and Charlie meet? Yeah, so Let's say not yet. Well, or let's say they happen simultaneously. Whatever. Let's ignore the public key of Alice for right now But at least so Bob and Charlie will meet so Bob and Charlie will get the public key of Bob Right and then Charlie will get a certificate from Bob that says hey Charlie is who he says he is and similarly Bob will now get another certificate from Charlie About the public key of Bob, right? So when Alice and Charlie meet I want to maybe communicate with each other What can Alice give to Bob? Sorry, what can Alice give to Charlie? Maybe Through Bob that she is who she says she is. Yeah, this certificate of Bob on her public key, right? Because Charlie can take that right so Alice can send this over to Charlie Charlie can get this He can see okay. This is a certificate So I can check it with Bob's public key with Charlie has he can check it He can then hash the public key of Alice make sure it matches the hash in there just like that mechanism that we came up with before and Then Charlie so then what does Charlie know Charlie doesn't actually know that Alice is who she said she is What does Charlie actually know? Yeah, that Bob thinks she is who she said she is Right if Charlie just brought Bob then well then you can trust Alice Right because Alice's Bob is about for Alice and so then Charlie and Alice can now Verify essentially to other's identities without ever meeting just based on their certificates Right, but what if then Charlie? knows Daisy and Daisy knows What's an e name? Eve there we go. Wow Eve was evil. We'll go with Ellen. She's nice. Okay, Ellen and So, okay, so this is gonna be a little bit convoluted, but let's say so Alice has met Charlie, right? We can say that Alice and Charlie trust each other now Maybe they've signed each other's keys because they trust each other Now Alice meets Eve wants to talk to Eve Should Alice trust Eve so we're using kind of a bi-directional link here to kind of denote trust They trust each other. They've signed each other's keys, right? so that you can think of Charlie can have a signature and We could now in this case send all the public keys and you can say hey look all these people like I've got my public key signed by Dale who got it signed by Ellen and And and maybe Alice can prove that to Ellen and show that hey Charlie signed mine Links right so you have people here that all verify the identity of other people But now you get into this important problem of trust what how do you trust? So maybe of course you trust the people that you manually verify their keys in person you trust them a lot But then what about the people they verify are they as good as you about trusting and verifying people And then what about the people that those people trust and then those people trust right? So here you have kind of two or three degrees of separation here between Alice and Eve and so yeah, so anyways the There's a couple interesting things. What do you do if so we'll think about this for a second. What do you do if? Frank, well, I'm really running out of names here Frank What if Frank is here? He wants to talk to Alice and he says I'm Frank and here are I've got a hundred certificates on my feet Signatures on my feet certificates But Alice doesn't have any of them in common So she's not able to address because Frank could have made up all those key fairs right We don't know that those are from actual different people right they could have been made from anything So yeah, but but it could be that you know We just don't have anybody in our social connections that actually match with each other right maybe those are all legitimate keys but we're operating from the assumption of Maximal distrust right we'd say yeah, I don't really believe that you're Frank I'm gonna wait until maybe I can communicate with other people So can you use a system like this for let's say websites? Like we talked about we used the website model last time Could you yes, would you want to? What would it mean? Yeah, so you'd need the websites would need a way of kind of cross verifying each other which is not Exactly clear how they would do that Right, but even if you had like I don't know Microsoft trusting Amazon Or I don't know Microsoft and Apple used to be partners like it was a big deal when Office would work on a Mac or whatever, but now they're directly competing in a lot of different areas or So yeah, it's not really clear how you do this crap And then if you're a new website, how do you get integrated into this graph? Like who's gonna be the one to sign your key and give you a certificate so that you can join this web Are they gonna pay or you have to pay for that privilege? Just have a centralized person exactly so that's where you now get the public key infrastructure, right? So the important thing to think about these two different models, right? You have this centralized model with this public key infrastructure And you have this more decentralized model it may or may not work depending on different situation what about if like we talked about here these are people and This is like a way to do encrypted communication between each other something like this be feasible So how would you do it design it? I Okay, so a new person in person give them your a print out of it. Let's call it the fingerprint of your key Which is like the hash of your key so that they know it's you and they can verify that that key has your identity We can maybe use emails in this case so we can verify that that key has is associated with your email address And then they could sign that key send it back to you So now you have that as part of your signatures that you can prove to other people Yeah That's one person Yeah Yes, this is a real thing. This is not those a You know this problem a lot also in like open-source software that uses key signing for software distribution Like also, how do you do this kind of trust? So you literally get people in a room like this you bring your identification card and a print out of your Fingerprints and you check everyone and then when you've checked everybody you create signatures So you could then have a big network of people so you could actually be more connected through people And then maybe you need to then we have to again worry about the well, what do you do about trust right? How does trust propagate so? Now you have a problem of well, how do I so I know do I really trust all of you? If you're just doing this for an assignment Right versus the open-source developer. That's a crazy Contributor that is very Someone who I know it takes key signing very seriously and it's you know, I trust them more than a random Maybe person in my class, right? Yeah, so you can have mechanisms then maybe to set how different people what levels of trust they have so that the trust Doesn't propagate too far to various people With the downside here you have to meet in person, right? So you're at least limited to your local network of people in your immediate Right, so then you're relying on other people who maybe travel more often and who sign more keys with other people in other Geographies you're trusting them a lot to be the connector between different groups and different social network clusters, let's say Benefits what are the benefits? Oh, yeah, please Start signing a bunch of keys Right, so yeah a tacker could start pretend and if you're a trusted entity, right? People will trust your vouching for other people in your signatures Yeah, also what happens well, let's go to that scenario So what happens if you break into one of these people what if Bob's a secret key is stolen because he accidentally Exactly having more often than you think instead of sending you his public key He sent you with private key Bob send you this and then this even happens when we run when we used to run the capital flight events where all the teams had to Basically VPN into us, so they need to create keys They had to send us the public keys we get added to our system Like 30 teams at least two or three would send you their private key as well This is not how this is supposed to work But then it was actually very helpful for debugging later, so I got to connect as them because I had their key How does he know when I got stolen? Yeah, you kind of want to invalidate all of Bob's signatures, right, but then how do you do that in this graph? Because just because you've signed somebody's key doesn't mean you actually have a way to communicate with them all the time, right? Well, I guess if you're using emails, you can just go through this whole graph and figure out everyone's emails and just send out a nice polite email To everyone being like oh Bob's key revoke trust in Bob's key But that's kind of actually a crazy thing to do and to actually try to implement an email look to people like that is Crazy, so you need some mechanism again similar to the certificate authority model We need some kind of mechanism for key revocation Say it again Yes, you can do it basically when people talk they could kind of pass a revocation list along the problem is With the revocation list they can never shrink Because we never want Bob's key to ever be used in the future again, right? So Bob's key has to be on this list forever that it's been revoked If you think about over time the number of revocation just keeps growing and growing and growing. You can't really throw it in a way so Yeah, it's a tricky There's no I think easy or good answers. There's all various kind of ad hoc solutions that try to address this But it's a fundamentally difficult problem here. I Mean this is like this actually to be perfectly honest The best reason of switching to grade scope and then my own server is I didn't have a password reset set up So whenever a student would lose their password, they have to email me and I have to go fix it So you hope people remember their passwords. They of course don't which I understand So yeah, this is essentially the same thing if you lose access to your key or you accidentally Whatever just want to revoke your key It makes it a huge pain to deal with this in the system. Well, any other thoughts on this? the and the great thing here is Here you're kind of putting trust into users and not the system itself, right? So before with certificate authorities, we talked about how now we have the central entity that has all this trust Well now every end user essentially has to decide who they trust Right and why and how much trust to put in somebody The difficult thing is propagating that trust throughout the graph and figuring all that out So PGP is probably the most well-known open source implementation of this of public key cryptography Pretty good privacy And I don't know what I can't remember what GPG stands for if anybody remembers is it GNU public something what? There we go GNU privacy guard Cool, so the basic idea is software that allows you to create a public key and a private key And then allows you to do things like all the operations that we talked about of actually encrypting a message With somebody else's public key or creating a signature on a message so that everyone knows that a message only came from you You can do things you can also do and it has this whole web of trust model that we just talked about so You can have other people sign your key So they've verified that you are who you say you are and then you can add to your public key you send to other people You've now accumulated more and more signatures. We have more and more people that value for you And that you are who you say you are The pretty cool system again doing more You know future homework assignment Cool, okay, awesome And so kind of wrapping up crypto, so we've only really scratched the surface here So we've the goal here was to have you kind of understand what are these credit is that we can use to get things like confidentiality and integrity and specifically how In what mechanisms do they work? Why do they work? What are some of the pros and cons? There's all kinds of crazy things with breaking cryptography. So if you're interested in breaking crypto, there's insane math that is done to break cryptography, so like we talked about taking a Hash collision attack from a brute force of two to the 128 to two to the 127 is a huge breakthrough there And attacks get better over time Very interesting thing that I read recently when looking up. So the vision air cipher I think I forgot to mention it was I think created in about the 1500s and it was considered to be perfect Unbreakable and now you're breaking it as a homework assignment Because and that the method of identifying repetitions in order to identify key length that was created in I believe the 1800s And so that's what led to the first breaking of this Cycler so You know all kinds of like theoretical concepts of how to break it based on how the algorithm works When we looked at the you know the insane DES system right how it worked with the different s-boxes and permutations and substitution Like you know people are able to find flaws in that which is insanely cool The other cool thing is breaking implementations and this is I think happens much more often of people Using the wrong key for something or What are some common implementations? Oh, so there's a really cool attack that involves padding so we kind of ignored this problem of Every time you encrypt something in a symmetric Crypto system it has to be a size of the block size right and we looked at ecd Just like splitting up the input into different blocks We looked at cvc of chaining those blocks The problem is what happened with your data does not end in an actual offset of your block size Right you need to add some data there, but you need to know that that is data that's been added there and not to move Anyways long story short if you Are able to if a crypto system tells you that the padding was incorrect or correct You can actually use that data to break and drive the key It is actually super crazy and a really cool attack But it's based on an implementation flaw of getting this kind of additional information If this kind of thing excites you and you're really stoked about this The best advice I have is to go through this website. It's called crypto pals.com They have a series of different like challenges where essentially you build the crypto system and then break it in kind of the same challenges going to be like Build an ecd crypto system that and actually some of the first things are doing vision air and other types of things But then you do this cbc padding oracle attack And you can kind of read how it works, but then actually implementing it I've worked my way through some of this not Not super far, but it is insanely fun if you're really into this stuff Yes, I think the best thing there would probably be the crypto systems that were done in like world war two When I say like the enigma machines and early types of crypto systems like that. I think they're just essentially more complicated versions of permutations and ships and So yeah, that's kind of where I'd look there Historically, I think Probably after that point is out of the realm of essentially doing it by hand and they needed machines to do it Cool so the other way that you can kind of do research in cryptography is essentially securing crypto and that can involve You know creating new theory new implementations So coming up with brand new models of doing cryptography finding different so The other really interesting thing have you either thought at all about or talked about the quantum computers All right, so what would be basis of security for rsa? And it's easy to multiply two numbers together, but it's very difficult to find the factors of a large number But it's not let's say necessarily proven that it is difficult and with quantum computers There are algorithms that they can run to factor a number in Less time than it would take a normal computer Anyway, so then there's so knowing that There are future cryptography that's been developed that actually is quantum proof So even if there are quantum computers, they still can't Do the difficult operation in an easy amount of time And there's all types of areas of super cool types of cryptography One of the super interesting things is homomorphic encryption. So this is like a So how many people use gmail for their email? Yeah, most everyone. Okay. Do you think it's cool that google now has a copy of every email and communication you send? Pretty cool Yeah, expected right why why is it nice or it is nice But why Yeah, if you lose your password you can read your emails they provide search capabilities, which is super nice, right? You like to be able to search their emails You could and there are Systems where you can have based on public private key you upload your public key And they encrypt all of your emails with your public key So you're the only person that can read them. You have to download them locally use your private key to decrypt it But that has a lot of problems Particularly with something like email like I don't want to store all my emails on my local system I want to and I want to be able to use google's resources to search my email So homomorphic encryption is a super cool idea Where you can actually google can encrypt your emails in such a way that they can't know what the contents are But they can do operations on them like search So they could identify all the emails that match a specific search term And send those encrypted emails to you So the only thing they learn is that that search term is in there They send them to you you decrypt it and then you have the full contents of the email Yeah So this is there's two different ways. So one is emails in transit So if I send you an email what what happens to our email along the way And the other option is when you get an email Is it encrypted so that your um email provider can't read it? Or if your email provider is subpoenaed by the u.s. Government They can say well here here it is. It's just an encrypted blob. I have no idea what's in here Yeah, so two different kind of areas there Um other kind of crazy or insane uh cryptography operations Uh secure multi-party computation. This is essentially the idea Oh, maybe it's a relevant example. So if the uh Let's say ASU and U of A want to calculate some what would be An important thing for a university to maybe know across let's say the state of Arizona So like we want to calculate some kind of value about our students Like statistics or something what would be useful Income that's a good one. Yeah, so we want to calculate what's the average income of a student at ASU and University of Arizona but ASU we don't trust U of A we're not going to give them access to our data Right and we don't actually trust them either So they or they don't trust us so they don't want to give us access to their data So how can we run this calculation across both our data sets? So that we know that um we can actually cryptographically verify the result And the only thing they learn about it is the outcome nobody learns about each other's data Other things that you can think about are health care So you have two different maybe insurance companies That are actually competitors and don't want to give each other access to their data But they want to run rates of like how many people get cancer in a certain area or something And the more data you have the better that can actually be And you can do secure multi-party computation to do this. It's really really cool And there's a whole host of other areas that I we didn't even touch on but there's a lot of other areas Also kind of applied cryptography. So how do you take these ideas and use them in new different interesting ways? Kind of using the primitives that we've talked about here, how can you shape them? And create something new so for instance like Anybody use signal? Yeah, or what's app? facebook messenger How many hands am I gonna see up? Does nobody use any kind of app to talk to anyone? Instagram dms like how far do I? Okay. Yeah, those are definitely not encrypted Even so at least a whatsapp even though it's owned by facebook is end-to-end encrypted so that um Not even what's actually be able to read your messages. There is a little bit of weirdness there. They're not quite 100 aware of At least I know signal is probably the best option now for actual secure end-to-end communication where they can't Cannot read your messages or anything. So if you want to have secure communication Probably actually the best way and that's turned this into real things is Is Signal cool questions crypto Yes, I believe they have ways to deal with that by kind of inserting fake responses Because it doesn't really matter because once you get the data and you can decrypt it You know which ones are and are not so you can add noise into there. So you can fool those types of systems But yeah, definitely that's I know that's a concern and they definitely have ways to deal with it Yeah questions all right Making real good progress. I'm very happy and now And now my mouse cursor disappears. How does this happen? All right, maybe it's powerpoint okay So now we're going to go right into authentication. So now we've actually learned enough about Entography to understand how those parameters work so we can understand how to actually authenticate people so first What is authorization? We've already talked about this. So what's authorization? So authorization right is what can you do on this page? What were some? Like access control models so access control is a part of authorization. What were some access control models like role-based maybe role-based access control well Yeah, so permission lists or um, yeah permission lists access control lists Discretionary access control mandatory access control Right all different types of models of thinking about who can access what but we still didn't answer an important question there, right? So what is authentication? Compared to authorization Yeah, we talked a lot about how do we decide who can do what but we didn't talk about how do we decide who is who? Right when you go through a computer system, how does it know that you are who you say they are? Right, so authentic. You can think of I think of it like this authentication is who are you? And authorization is what can you do? We kind of come at this in the reverse order of what you can do and then Who are you? I think it's important so we can talk about that first in crypto and then this So how do we do authentication in the real world? Like how do you know I am who I say I am? Have you ever checked my ID? Well, maybe I or maybe the real Adam actually did that right signed up and then I Broke into his computer uploaded a new picture to ASU And registered a domain name with his name and then uploaded my picture there And then just showed up and taught and nobody else showed up and taught So y'all just assume I am who I say I am yeah, I seem credible We haven't actually done that yet. I don't think maybe when you start studying in the midterm you'll realize I just made stuff up. Yeah Interesting so maybe it doesn't matter so it's kind of like the python like duck type duck typing argument versus Static typing right it's like I don't really care what object you are as long as you do what you say you can do right So as long as you teach the class fine, we actually don't care who you are Interesting What was that? Yeah, I don't know I'm trying to think of you should watch the movie catch me if you can I think that's another interesting one where this identity problem comes up, right? But how do you know who actually is who? It depends on one thing it's like, uh, maybe I'm teaching a class and I can maybe BS my way through it or whatever But if I'm playing a plane or something you'd probably want to make sure I am who I say I am right massive authentication failure in this class How could you authenticate me? Yeah, so maybe you can look at multiple and that's kind of what you talked about like right multiple pieces of information You look at the website You look at my website, but then you realize I control that so maybe you'll get ASU's website You can maybe think even through So the other thing to think about is nobody mentioned this the undergrad GAs right we're all Took this class last semester But like a different person showed up to teach this semester with the same name That would probably be a little weird. So at least you know the scam went back farther than one semester You can maybe contact other people So first we need to kind of define what we mean and what are we talking about with authentication so Yeah, okay cool perfect, okay, so You basically have you are a principal and not the principal of a school like you are a a unique entity Right, so and this is tied to Your identity which is slightly different in this context. So essentially the way to think of it is And you can see this in Various websites So you are you right if you think about in terms of identity, right? But how does a computer system know? Represent you and your identity They don't say well, he's uh, five ten and brown hair and That's how they authenticate people right like how does the computer said what does the computer system think of your identity? Or for instance when you log into my as you Yeah, your username and password. So your username is associated with a bunch of information Probably one of which is your unique identifier that uniquely identifies you Right usually that's an I usually it's an integer because that's a lot easier for computers to deal with so you'll be some unique identity so and essentially We want authentication is this process of binding and And the other notion we want to come up with here is a subject So this is something that acts on behalf of an entity Right, so you're a principal You're not you're a person, right? You're using when you log on to my as you you're not actually logging on to my as you You're using a web browser that is logging on talking hud protocol to my asu.com That's talking to the web server so In some sense there's no way they don't actually know they're talking to you a real person It could be a robot. It could be somebody pretending to be you your friend at the keyboard whatever Right, but this idea is how do we then bind an identity and how do we specify that? Okay? You are this person So we've talked about some notions. So what are some other ways? So somebody mentioned username passwords Why is that an authentication mechanism? What is that actually checking actually verifying your identity? Why only me? Potentially. Yes. Okay. So yeah, that's that's the key, right? So it's when you created this account or on this system Right, you came up with a unique password that is known only to you So that means in future visits to this system You can authenticate with it by giving that information that you only gave a long time ago Right, that still doesn't actually guarantee that you are who you say they are right you can create a You can go create a twitter account as anybody or whatever pretending to be then Right, so still the notion of identity is a little bit difficult there But at least with username password we can say that okay, you are the person who originally created this account Okay, username passwords are one. What else do you actually use? Yeah, let's go over here. Yeah Yeah, so biometrics. So does anybody actually use that on their devices? What do you actually use face recognition? Fingerprint Oh I would stand that anybody use that So what's that trying to authenticate you based on? How do you know if I can check everyone's face or fingerprint? Yeah, so when you set up or created this this thing, so you're Minding a physical attribute of yourself to the system right and using that to talk to the system Or your face facial recognition Okay, so that's one. What else or another one? Yeah So what does that mean? Yeah, okay, so let's think about um a text message, right? So you get a You sign on to a website It has username password. It says hey, I want to really check that this is you I just sent you a text message to the phone number that you have Typing that code here so I can verify that. So what are they actually trying to authenticate there? Now, you know the password and that you Have a phone capable of written your device capable of receiving that text message Because it's actually a lot of attacks recently against The phone Okay, so what else Smart card. Yeah, did anybody use that for work? Yeah, so you have a smart card you have to plug into your computer So the way that works there's some key on there that they're using to validate that you are who you say they are Yeah, what else? Back there Ah the device that you usually logged in from right um has anybody gone on a trip and tried to log into their gmail Do you get a scary warning message that says uh, hey, you're logging in from uh, the philippines and you usually log in In tendy, arizona, right telling you that it may be suspicious It usually probably won't block your access, but it'll at least alert you that maybe something is weird That's going on if that's not you right Okay, cool. Anything else? Yeah Yeah, so So we'll talk about it in networking, but a remote service doesn't get your mac address Only on your local network, uh, but if it's an app running they could use that so they could use that as a feature To fingerprint you be key. Yeah, so a little maybe have one You show it for the last little show and tell Over there of multiple people great. So yeah, a little usb key that you plug in that again have like a security It probably has a Private key that's only on that device and so it's able to authenticate that you will have this physical device Because it's the only device that has that key um What about you ever um Go to like get a new computer or something and go to amazon or PayPal or something And it says hey, I don't recognize this device Was it checking there? Uh cookies are part of it. Yeah, it's actually more Yeah, so they need to try to do another layer of authentication They're worried that it's somebody else that's stolen your username password So they actually fingerprint your browser to try to determine what does this browser look like and is this the same browser that I see Over and over accessing your account cool All right These are good examples So we can kind of and the way I think about these we break these down into different categories and this kind of helps When thinking about authentication, right? So One category could be what you know. So something that you know. So A classic example is username passwords, right? That's something that you know because you set up using passwords in the past And it should be something that you're the only person that knows that What's another example of something that you know? Questions, right? Is it true that you're yeah, what are some what are some security questions you've heard? Mother's main name name of your first pet. What else? What city were you born in? Favorite movie Yeah, so it's starting to sound like somebody's social networking page Right, and it's actually one of the big problems of security questions is off too often people It's very easy to find out this information the name of your first pet all this kind of stuff, but What was it? You can lie. Yeah, but you have to remember which lies you made to which systems I've heard of a case where somebody uh For their security questions randomly typed in letters And so the one they would have to call in to be like hey to the problem with my account They're like great answer the security questions. You just have to say a bunch of gibberish Like I don't know what the letters are hoping that they could actually see it if not then Not really good. Okay. What are the things that you know anybody apply for a loan? What kind of questions get asked there? Credit score what else? Yeah, where have you been out alone before they also yeah addresses. Yeah, this is a super interesting thing So they ask you what are other they give you like it's like a multiple choice test That they say hey, which of these four addresses have you lived in in the past? And it's like three addresses and none of the above You have to answer several of those Personally, the only way I can answer those is looking at Amazon addresses Wow interesting. Yeah, so there's problems there But this is kind of an interesting example of something that you know that you never explicitly told somebody or that You didn't tell them in the context of authentication, right? This is information that they're mining from public data and public information and all kinds of data sources To create questions that only you should be able to answer So then the other okay, so yeah the Other aspects here are like what you possess. So this is something That like we talked about the text message to the device, right? You possess that phone that is capable of answering that text message or the phone call Right. Yeah, so the text message is it's called the sim jacking or sim swapping Where essentially what they'll do is there's multiple ways to do it one of the easiest ways is you just Go into a Verizon or AT&T store And you either trick or bribe the employee to make you a sim card that has that phone number on it And then you try to log into the site and right before you do you plug in the sim card So that you're now the owner of that phone number and then you sign in get the text message unplugged with sim So they never really know that happened and now you stole that authentication token Yeah, it's really funny. I've talked to various people and apparently the phone companies are very upset that the technology companies Decided to just use the phone network for this important piece of authentication that is never designed to do And yeah, so that's why now more often Like on gmail you have actually I think three years ago somebody in my class in 365 said that they had their coinbase account hacked into by a sim swapping attack Other ways of perpetuating the attack are you bribe an employee at the companies at like AT&T or whatever to install Software essentially malware on their system that allows the bad guys remotely to get text messages and other and like Create sim cards for various things so you don't even need to go into a place Yeah, how does what? Um I don't know all the details. I know it's possible to um One of the things they do is they can like uh trick you to connect to a cell tower so you can make a uh system That pretends to be a cell phone tower You can get phones to connect to you and you can tell them to not use any encryption or anything And so when they talk to you, uh all the text messages all the phone calls are unencrypted So I know that's one way they can tap into your phone network, uh your cell phone that way I don't know about cloning. I'm not I don't know how that works Yeah, there's all kinds of cool stuff. Yeah Or like Yes, okay, yeah Cool. Yeah, so let's uh, this is a part of the what you possess so it's similar to a uv key or anything. It's um See I can show you because So this is my uh google authenticator. I have Google dropbox and github things on there. So it's a six digit number that changes every minute. I believe And the whole idea is the way this is set up is you have um like a qr code that's shown on the computer screen And then you point the app at the qr code and essentially what happens is now you've shared a secret key between both sides And then what happens is based on that secret key You can generate the same random number at a certain point in time and it's done cryptographically We didn't talk about that type of crypto. Um, but basically The idea is that's why I can show you that key because if you had those six digits You can't predict what the next one's going to be unless you have the secret so the secret lives in the app and so um, they know that If you have this phone you have this app and so that you're secure In that way. So yeah rather than sending you a text messages or the other way that google does it is if you install the gmail app Gmail will pop up a thing saying hey looks like you're trying to sign in is that okay like approve it here And then you can approve it through the app there So yes, those are much better than using a text message But a text message is much better than not using any second factor. So we'll talk about that later in a bit Yeah Oh, I was going to get to it later. Yeah um So these are all different things of what you possess right you possess this ube key that has a key burned into it You possess an authenticator app you possess a phone number that can do this um Then the third category is who you are right? So this is where we get the biometrics Right, so when you talk about face we talked about, um fingerprint iris scan would be another one And you can think about other ones. These are kind of the three main ones that you should definitely burn into your brain Because they come up over and over again Other things that we talked about the context of like, where are you or what's the context like of what's going on, right? That could be with the gmail of where are you logging into your gmail from what ip address What country is that ip address likely located in all that stuff? So for getting the fourth one for a bit because I want to focus on these three, uh, what are some of the pros and cons of each of these Like what's the benefit of what you know in theory you should be the only one that knows it is that true usually Who else may know that you're let's say password The person that looks on your desk at a sticking out where you've written it. What else? You may not know it because you've forgotten it, right? And so you need some other way of getting access to your account Yes, this happens constantly Your password your you may use a browser password manager now your browser knows your password It may be a third party password manager app that knows your password. What else? The website that decided they don't need to have their password Yeah, so Another way to think about that is every website where you reuse that that password also know your password Right hashing or no hashing when you log into that website, you have to send them your password And they now know your password so You would have to say well now i'm using unique passwords on every website I ever visit and every app I ever use So then you have this problem of how do I remember 200 password So yeah, you have this so you have interesting problems here of what you know forgetting I think of the huge one in terms of usability And then if you know people are going to forget this means you need to have another mechanism to get access to your account So what happens when you forget a password on a website? How do you still authenticate because you you now have to be able to authenticate? How do you do that? Yeah, they essentially prove that you own the email address associated with that account, right? So I'll send an email to your account. You click on that link. It has a randomly generated Number there and the website verifies that yes, this is the same number And so now it gives you access in the ability to change your password So if you're an attacker if you can't break the authentication on the username password You could try to break the forgotten password method and if you can do that you can get into people's accounts, right? Any other downsides? What about pros what about good things? Yeah One pro or con how you look at it is that Or what you know other people can know it like maybe for your router at home You want to know the password and to want your family to know the password Yeah, that's or uh, well maybe a better more realistic example would be like a netflix password Right netflix would very much like that. You're the only person that knows this password So yeah, so you have this ability like It's kind of nice just like actually like a key, right? You can make copies of a key and give it to people that you want to so that they can get access to things But then it becomes more good. Well Yeah, it becomes difficult to maybe share selectively or something like that because then they could share that on with other people Yeah, so sharing the interesting. What are some other pros? I mean, there must be pros. We use it everywhere, right? Yeah Yeah, you don't have to carry anything with you, right? Everything should be in your brain. What else? Yeah Yeah a lot easier to yeah easier to set up. I think that's definitely true What about changing is being able to change your password a good thing Yeah, just like we talked about a key revocation, right? You want to change your password? The other people, you know, can't guess it Um, okay, so then same analysis what you possess pros and cons of Things that you possess. Yeah Yeah, if that's your only way of authentication, right? You got ube key Well, you think I'm lost stolen And then the worst part would be Whoever stole that thing could impersonate you, right? So sorry for I'm sure the ube keys that are used here and I use for anything super important So don't target these nice people that shared their ube keys with us, right? But if that was if there was a billion dollars to whoever possessed this ube key you would have a huge target, right? Because now you possess this device whoever possesses it now has access. Yeah Yeah, okay, so that's a great great point. So yeah, so now you need to target this specific device Right, which all of us can do But let's say how are we compared to all of the people on the internet? So attackers on the internet Could be you know can scan millions of websites in A day Anyways, so yeah, the level there is kind of interesting right because now you're requiring this steal something physically in person Which restricts the attackers capabilities and who's able to do that whereas it's just a To steal your username password. I can just trick you to install some malware on your computer that tracks your Keystroke interesting. Yes, which revokes your access to that thing, right, which is yeah, that's that's interesting Yeah, so you can give it to somebody else to use for a while and then they can give it back Yeah, okay, so the possession so yeah, so then Access to that device now gives you access to whatever the thing is authenticating to right? So yeah, now you have so you have problems of theft and loss Which you don't really have a password. I mean you can Fetch yes, but um you can't like You can forget a password, but if you forget a password, it's not like that means somebody else can find it and use it later Oh interesting. Okay. So yeah, because it's an item you can use it in a will As and actually give it to other people It is not protected by the fifth amendment. Ooh interesting. Um, yeah, I'd have to think more about that. I don't know where I don't know Yeah, great. So how do you uvkey people know that your uvkey is actually safe and that the uvkey corporation who makes them Didn't just actually steal your private key Right or have a backdoor that every time you connect it to your usb drive actually sends your key back to them Just in case anybody's using it for a billion dollar operation. They can steal that, right? Yeah, so like the way you possess is interesting because now you're trusting this device You're trusting the manufacturer of the device the whole supply chain Yeah, awesome What about what you are what are some pros and cons? Yeah What if you have a twin? Yeah, so maybe the one maybe another way to put that is so one of the things we would hope is that features like our fingerprints and FACE are actually unique But in a case that maybe you have a twin or a sibling that looks very much like you maybe Your face actually looks like theirs and they could have lost your mice Is that ever happened anything? I'm sure that it hasn't happened Yeah, I mean it makes sense. Yeah It requires extra hardware so it can be expensive to develop these kind of authentication mechanisms And then do what? Well, they need to actually Make a big finger with your fingers I feel that Yeah, so you have to deal with training of models that may have biases in them to based on the team that developed them or input data Yeah, yeah, so we talked about the passwords, right? It's very easy to change passwords Is it easy to change your fingerprints? I mean you got about 10 choices, right? Anytime you could change it then at some point like You could lose so if you knew that this thumb protected a billion-dollar account, right? Yeah Yeah, all it takes would be like hole cutters or something and cut off a thumb and I lose a thumb and you get a billion dollars Yeah, yeah, or you borrow somebody's phone or anything, right? Yeah It's like a black thing. Oh, that's super interesting Yeah, I haven't heard about that. But at least reminds me of the movie like men in black Where they like zap off your fingerprints so you don't have any anymore, but yeah, you could have you know Or maybe another way to think about it is your attributes could change right like facial ID What about you're wearing glasses or sunglasses like different things on your face? What if you grow a beard does your facial ID work? Those are all different aspects Yeah, oh interesting. We'll talk about that maybe in a second but Yeah, okay, so so yeah, so that that needs to be stored somewhere, right? And presumably or maybe depending on how you do it Maybe that's enough for somebody to recreate like your face or your thumb print so for instance Actually probably facial recognition So the other question is how good are these systems, right? So for facial recognition systems the early ones that were on laptops and phones You could just print out a picture in the person's face And then hold it up to the screen that would unlock So okay, so picture. So then how do you solve that problem? You need a picture Yeah, that's expensive though. That requires new devices New hardware. Yeah Yeah, maybe you require eye movement or blink, right? So we know as we're looking at a thing We know the image wouldn't ever move the eyes and we can do eye recognition pretty good But I know a person would so they upgraded their systems to do they call this liveness detection to try to determine that the thing They're looking at in the face is alive And so they rolled this out said great it beats the pictures And now what did people do they print it out pictures cut out the eyes And put little black things behind it and moved them and it works and it unlocks the phones So then they had to do things like depth so that's when things like the The connect sensor was kind of the early one, but I know the iphone has it probably some android devices too Consents depth so they build kind of a 3d recreation of your face But those can still be beat by a mask you can 3d print a mask with somebody's face Interesting yeah, I hadn't thought about that it's You could get around that depending on the system So you could have like a secure boot thing that figures out that no hardware has been tampered with but Yeah, that's an interesting attack factor other things with thumb thumb prints so So you can get somebody's thumb print and you can 3d print a thumb like a clay thumb based off of that And use that I mean it's not made of clay or whatever, but plastic thumb doesn't work So for a live this test there, they try to detect Like your Like your heartbeat or whatever off there through the sensor to detect that your thumb is actually really there But yeah, so um, let's see privacy. Okay, we're running the privacy thing later about faces and stuff We'll talk about that later. Um, okay, great. This is a good way of thinking about these different types of authentication mechanisms Hey, we got the whole recording this time But still no