From 118c8650d925d24443ca2c71b053be5ce23fdedd Mon Sep 17 00:00:00 2001 From: Leonard Kugis Date: Sat, 7 Mar 2020 18:56:18 +0100 Subject: IntroSec Added a few words on Cryptocurrencies. Beginning with privacy. --- .../introduction_to_information_security.md | 51 ++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md index 947b427..60774c8 100644 --- a/en_GB/Introduction to Information Security/introduction_to_information_security.md +++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md @@ -250,6 +250,11 @@ In that case, there could be a program the user has execute rights on, containin Those programs are called *set UID* (SUID) and *set GID* (SGID) programs. They set the *effective UID/GID pair* to the ones required to access the file (they might have to be created) and reset them on exit. Be careful with *SUID to Root* programs! +### Android + +In android, each app has an AID. Normal privileged apps have an AID above 10000, high privileged ones have the range 1000-1999. +For each app, a new user is created. Every app runs in its own JVM, which runs on the underlying Linux with AID as UID. + ## Encryption ### Kerckhoffs' Principle @@ -379,6 +384,52 @@ Infrastructure providing the service of public key distribution. Medium. CA checks same as *DV* + company identity checked by third parties. - Extended Validation SSL Certificate (EV cert) Expensive. CA checks same as *OV* + official record matching. + +## Cryptocurrencies + +### Ledger + +A *ledger* keeps a log of all transactions and fulfills the following security services: + +- Log entries cannot be modified +- Log entries cannot be deleted +- Log entries cannot be reordered + +Ledgers can be centralized (trusted third party) or distributed. + +### Byzantine Generals Problem + +Byzantine generals: *n* generals, *m* of which are traitors. +*Practical Byzantine Fault Tolerance (PBFT)*: True consensus is possible, if + +$$ +\text{n} \geq 3 \cdot m + 1 +$$, +with *n* replicas and *m* faulty nodes. +As long as this holds true, the primary can assure that enough replicas are forwarding his message correctly. + +#### Protocol + +1. Client sends authenticated request to all replicas. +2. Primary *p* sends autheticated *pre-prepare* to all backups. +3. Every backup *i* agreeing, sends a *prepare* to all other replicas. +4. Once a replica has $2 \cdot \text{m}$ prepares collected from other replicas, it sends *commit* to all other replicas. +5. Once a replica has $2 \cdot \text{m} + 1$ commits collected from other replicas, its sends *reply* to the client. +6. Client waits for at least $\text{m} + 1$ replies in order to consider the request as valid. + +All messages are authenticated and signed by the sender. + +## Privacy + +### Foundation + +Privacy is based on the *Universal Declaration of Human Rights*. No one shall be interfered in his private life. + +### Dimensions + +- Surveillance: What do others know about you? +- Ownership: What may others do with your data? +- Nuisance: Right to be let alone ## Crypto Analysis -- cgit v1.2.1