Motorcycle Show

Model Range

2019 AJS Motorcycles

Tempest Roadster 125

Tempest Scrambler 125

Highway Star 125

DD125E-8

Daytona 125

Isaba 125

[Wk2] Lectures

Morning Lecture

"You are no better than a barbarian trying to box. Hit him in one spot, and his hands fly there; hit him somewhere else, and his hands go there"  - Demosthenes

Example: ANU Hack - what would you advise the UNSW VC? (Great Exam Q!!)  - temptation = strengthening firewalls  - structure of answer      -> not just a tough external shell but protect compartments e.g. a submarine

4 things you need to understand inside and out to be a professional at security engineering. The primary colours:      1. Trust      2. Secrets      3. Humans      4. Engineering - risk, complexity... what else?

BLOG about the objective of the UNSW email -> objective, intents, strengths & weaknesses. 

Trust  - who can you trust? -> no one, least of all yourself  - what can you trust? -> nothing!

Defense in Depth

Focus on the Development of Castles  -> wood -> stone -> moat -> walls -> outer wall and inner wall -> thick walls = security 10 years ago - if something breaks you don’t lose anything, opposite of a single point of failure for example a space shuttle

Apes vs Ants  - humans and apes are very complex but so are ants and bees  - ant fungus = risk! -> brittle, easily disrupted with a single point of failure  - complex society, essentially the colony is a creature, everyone has a precise role      -> apes have individual freedom (agency)

Bell-LaPadula Model  = a state machine model used for enforcing access control in government and military applications  - for example, normal, confidential, secret and top secret  - relies on human obedience which will fail  - single point of failure, strength of 10 000 with the brain of one

Clip from Wargames (1983)  - multiple physical measures e.g. deceptive appearance of house, two people, crack it open = tamper evident, locks and keys (definitive action) - enemy could stop a launch by killing someone

Physical Security  - key logger dongle tracks all the key strokes, keyboard -> dongle -> computer - camera watch them type it in (for passwords) - “Every contact leaves a trace” - Locks -> most padlocks can be unlocked with a “master key” (saw/bolt-cutters) - physical data destruction -> e.g. a shredder, can be pieced back together

Side Channel Attack In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself.  - Every contact leaves a trace  - Power and financial side channel attacks, audio etc. For example, a cache side-channel attack works by monitoring security critical operations. The attacker is then able to recover the secret key depending on the accesses made (or not made) by the victim, deducing the encryption key. Unlike other side-channel attacks, this method does not create a fault in the ongoing cryptographic operation and is invisible to the victim (wikipedia).

Example: Security for Journalists - Following the AFP raids on Australian journalists - Disable microphones -> run workshops on it

Example: FOI Planning - Freedom of Information Legislation also on a state level. What information would be good to know? Lodge on and report back - Ask the right questions - E.g. Great Barrier Reef or ANU Data Breach

Example: Disable Microphone in Sonos (Voice controlled smart speaker)

- Entropy = “randomness” - Valid sentences are long distances apart

Afternoon Lecture

Confidentiality

Vigenere - Caesar + Password  - Different encoding for different positions in the sequence  - Kasiski Test

 - Index of Coincidence - see homework

Enigma  - Caesar + almost infinite password (password extender)  - How does the enigma machine work? Don’t worry about the plug table just the rotors are enough to understand. https://www.youtube.com/watch?v=ASfAPOiq_eQ  - Brute forced = trying all possible solutions - The security relies on how the machine is set up -> receiver machines had to be set up the same way as the sending machine - Key Distribution Problem = the risks and costs associated with making sure the enigma machines match - Weaknesses:      - Repetition of the message key      - Repeatedly using the same stereotypical expressions in messages      - Having only three different rotors for the three positions in the scrambler

Security Bits

2^10 = 1024 2^20 ~= a million 2^30 ~= a billion Therefore, 2^29 ~= half a billion = 29 bits of security to crack it.

- Each bit doubles the security - Safest as it’s going to get at 256 -> anything bigger is completely out of the scope for 6441 - Analogy -> Marco Polo playing chess for the grains of rice

One-Time Pad  - Tempest      -> Project Venona = intended to decrypt messages transmitted by the      intelligence agencies of the Soviet Union. During the 37-year duration of the      Venona project, the Signal Intelligence Service obtained approximately 3,000      Soviet messages (only a small fraction of which were ever decrypted). - Breaks - Number Stations -> Radio (shortwave) station that just transmits random sequences - side channel attacks

Random Number Generator - Lava lamp random number generator

Example: Data Centres - Where are the data centres? Where do the fibre optic cables land? Analyse physical data -> around Alexandria

Example: Data Destruction - Retired drives in their data centres - Throwing out the drives is not deleting - Erase data, write overdose, smash it and then throw it in someone else’s bin

Type I/Type II Errors - Prediction vs Real World. Example, will the Pirate Party win the election? AIDS - Predict don’t and they do - Predict do and they don’t

Anatomy of Attack -> used to target random people for LOLs but now an organised criminal attack      1. Someone is targeted      2. Make them do something dumb      3. Exploit the weaknesses

Good Analysis by Bruce Schnier

Weakness of the Week Self-Interest - “bet on self interest, it’s the horse that always wins”.