\documentclass[dvipsnames,14pt,t, xelatex]{beamer}

\usepackage{../slides}

\usepackage{../graphics}

\usepackage{../langs}

\setmonofont[Scale=.88]{Consolas}

\newfontfamily{\consolas}{Consolas}

\hfuzz=220pt 

% beamer stuff 

\renewcommand{\slidecaption}{APP 01, King's College London}

\lstset{language=JavaScript,

        style=mystyle,

        numbersep=0pt,

        numbers=none,

        xleftmargin=0mm}

\begin{document}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\frametitle{%

  \begin{tabular}{@ {}c@ {}}

  \LARGE Access Control and \\[-3mm] 

  \LARGE Privacy Policies (1)\\[-6mm] 

  \end{tabular}}

  \begin{center}

  \includegraphics[scale=1.3]{../pics/barrier.jpg}

  \end{center}

  \normalsize

  \begin{center}

  \begin{tabular}{ll}  

  Email:  & christian.urban at kcl.ac.uk\\

  Office: & S1.27 (1st floor Strand Building)\\

  Slides: & KEATS

  \end{tabular}

  \end{center}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\begin{center}

\includegraphics[scale=2.1]{../pics/barrier.jpg}

\end{center}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\begin{center}

\begin{tikzpicture}[scale=1.3]

  %\draw[very thick, scale=1] (0, 0) grid (6, -4);

  \draw (0,0) node (X) {\includegraphics[scale=0.1]{../pics/rman.png}};

  \draw (6,0) node (Y) {\includegraphics[scale=0.1]{../pics/gman.png}};

  \node[below] at (X.south) {Alice};

  \node[below] at (Y.south) {Bob};

  \draw[red,<->,line width = 3mm] (X) -- (Y);

  \node [inner sep=5pt,label=above:{\begin{tabular}{c}

                                    secure/private\\

                                    communication

                                    \end{tabular}}] 

  at ($ (X)!.5!(Y) $) {};

  \draw (1.0,-1.5) node {\includegraphics[scale=0.05]{../pics/nsa.png}};

  \draw (2.4,-1.5) node {\includegraphics[scale=0.3]{../pics/gchq.jpg}};

  \draw (1.7,-2.3) node {\huge\ldots};

  \draw (4.2,-1.5) node {\includegraphics[scale=0.05]{../pics/apple.png}};

  \draw (5.4,-1.7) node {\includegraphics[scale=0.15]{../pics/google.png}};

  \draw (5.0,-2.3) node {\huge\ldots};

\end{tikzpicture}

\end{center}

\begin{center}

\includegraphics[scale=0.1]{../pics/snowden.jpg}

\end{center}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\begin{center}

\includegraphics[scale=0.45]{../pics/lavabit-email.jpg}

\end{center}

\small{}\mbox{}\hfill{}

Lavabit email service closed down on 8 August 2013. \\

\mbox{}\hfill{}\url{www.goo.gl/bgSrVp}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\frametitle{Also Bad Guys}

\begin{textblock}{1}(4,2.5)

  \begin{tikzpicture}[scale=1.3]

  \draw (0,0) node (X) {\includegraphics[scale=0.1]{../pics/rman.png}};

  \draw (4,0) node (Y) {\includegraphics[scale=0.1]{../pics/gman.png}};

  \draw[red, <->, line width = 2mm] (X) -- (Y);

  \end{tikzpicture}

\end{textblock}

\begin{textblock}{1}(1,5)

\begin{bubble}[11cm]

\small

Anonymous Hacker operating a 10k bonnet using the ZeuS

hacking tool wrote:\medskip\\ ``FYI I do not cash out the bank

accounts or credit cards, I just sell the information (I know,

its just as bad...), there isn't even a law against

such in most countries, dealing with stolen information is

most of the time a legally greyzone (I was just as surprised

when I looked it up), I'm not talking about 3rd world

countries, but about European like Spain (The Mariposa botnet

owner never got charged, because a botnet isn't illegal, only

abusing CC information is, but that did other guys).''

\hfill{}\url{www.goo.gl/UWluh0}

\end{bubble}

\end{textblock}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\frametitle{This is a Misconception!}

\begin{center}

\includegraphics[scale=0.55]{../pics/cryptographic-small.png}

\end{center}

\centering

\begin{bubble}[9cm]

\small

There is some consensus that the NSA can probably not

brute-force magically better than the ``public''. 

\end{bubble}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

The content of this course is very much inspired by the work of 

three people:\bigskip

\small

\begin{center}

\begin{tabular}{ccc}

\includegraphics[scale=1.4]{../pics/schneier.png} &

\includegraphics[scale=0.103]{../pics/ross.jpg} &

\includegraphics[scale=0.2]{../pics/halderman.jpg} \\

Bruce Schneier & Ross Anderson & Alex Halderman\\

\tiny\url{en.wikipedia.org/wiki/Bruce_Schneier} & 

\tiny\url{www.cl.cam.ac.uk/~rja14} & 

\tiny\url{jhalderm.com}

\end{tabular}

\end{center}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\alert{\bf Security engineers} require a particular \alert{\bf mindset}:

\bigskip\medskip

\begin{overlayarea}{\textwidth}{5cm}

\small

\only<1>{\begin{bubble}[10cm]

``Security engineers --- at least the good ones --- see

the world differently. They can't walk into a store without

noticing how they might shoplift. They can't use a computer

without wondering about the security vulnerabilities. They

can't vote without trying to figure out how to vote twice.

They just can't help it.''\\

\hfill{}---Bruce Schneier

\end{bubble}}%

\only<2>{\begin{bubble}[10.5cm]

``Security engineering\ldots requires you to think

differently. You need to figure out not how something works,

but how something can be made to not work. You have to imagine

an intelligent and malicious adversary inside your system

\ldots, constantly trying new ways to

subvert it. You have to consider all the ways your system can

fail, most of them having nothing to do with the design

itself. You have to look at everything backwards, upside down,

and sideways. You have to think like an alien.''\hfill{}---Bruce Schneier

\end{bubble}}

\end{overlayarea}

\begin{flushright}

\includegraphics[scale=0.0087]{../pics/schneierbook1.jpg}\;

\includegraphics[scale=0.0087]{../pics/schneierbook2.jpg}\;

\includegraphics[scale=0.23]{../pics/schneierbook3.jpg}\;

\includegraphics[scale=0.85]{../pics/schneier.png}

\end{flushright}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{Breaking Things}

For example:

\begin{center}

\begin{bubble}[10cm]\small

Prof.~V.~Nasty gives the following final exam question (closed books, 

closed notes):\bigskip

\noindent

\begin{tabular}{@ {}l}

Write the first 100 digits of $\pi$:\\

3.\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_

\end{tabular}

\end{bubble}

\end{center}

How can you cheat in this exam and how can you defend against such cheating?

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\frametitle{\textcolor{red}{Warning}}

\small

\begin{itemize}

\item<1-> I will be teaching techniques that can be used to

      compromise security and privacy. 

\end{itemize}

\onslide<2->{

\begin{itemize}

\item Don’t be evil! 

\only<3>{\item Using those techniques in the real world may

violate the law or King’s rules, and it may be unethical.}

\only<3>{\item Under some circumstances, even probing for weaknesses of a

system may result in severe penalties, up to and including

expulsion, fines and jail time.} 

\only<3>{\item Acting lawfully and ethically is \underline{your} responsibility.} 

\only<4>{\item Ethics requires you to

refrain from doing harm.} 

\only<4>{\item \underline{Always} respect privacy and rights of

others.} 

\only<4>{\item Do not tamper with any of King's systems.} 

\only<5>{\item If you try

out a technique, always make doubly sure you are working in a

safe environment so that you cannot cause any harm, not even

accidentally.} 

\only<5>{\item Don't be evil. Be an \underline{ethical} hacker.}

\end{itemize}}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{Secure Systems}

For a secure system, four requirements need to come 

together:

\begin{itemize}

\item {\bf Policy}\\

  {\small What is supposed to be achieved?}

\item {\bf Mechanism}\\

  {\small Cipher, access controls, tamper resistance, \ldots} 

\item {\bf Assurance}\\

  {\small The amount of reliance you can put on the mechanism.}

\item {\bf Incentive}\\

  {\small The motive that the people guarding and maintaining the 

  system have to do their job properly, and also the motive 

  that the attackers have to try to defeat your policy.}

\end{itemize}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{Chip-and-PIN}

\begin{center}

\includegraphics[scale=0.3]{../pics/creditcard1.jpg}\;

\includegraphics[scale=0.3]{../pics/creditcard2.jpg}

\end{center}

\begin{itemize}

\item Chip-and-PIN was introduced in the UK in 2004

\item before that customers had to sign a receipt\bigskip

\item \bf Is Chip-and-PIN a more secure system?

\end{itemize}

\begin{flushright}

\small\textcolor{gray}{(some other countries still use the old method)}

\end{flushright}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{Yes \ldots}

\ldots if you believe the banks:\bigskip

\begin{bubble}[10cm] 

\small ``Chip-and-PIN is so effective in this country [UK]

that fraudsters are starting to move their activities

overseas,''\smallskip\\ 

\hfill{}said some spokesman for Lloyds TSB\\ 

\hfill(in The Guardian, 2006)

\end{bubble}\bigskip

\begin{itemize}

\item mag-stripe cards cannot be cloned anymore

\item stolen or cloned cards need to be used abroad 

\item fraud on lost, stolen and counterfeit credit 

cards was down \pounds{60m} (24\%) on 2004's figure

\end{itemize}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{But let's see}

\begin{textblock}{1}(3,4)

\begin{tabular}{c}

\includegraphics[scale=0.3]{../pics/bank.png}\\[-2mm]

\small Bank

\end{tabular}

\end{textblock}

\begin{textblock}{1}(7,4.5)

\begin{tabular}{c}

\includegraphics[scale=3]{../pics/store.png}\\[-2mm]

\end{tabular}

\end{textblock}

\begin{textblock}{1}(4.5,9.9)

\begin{tabular}{c}

\includegraphics[scale=0.16]{../pics/rman.png}\\[-1mm]

\small customer / you

\end{tabular}

\end{textblock}  

\only<2->{

\begin{textblock}{1}(4.5,7.5)

  \begin{tikzpicture}[scale=1.3]

  \draw[white] (0,0) node (X) {};

  \draw[white] (1,-1) node (Y) {};

  \draw[red, ->, line width = 2mm] (X) -- (Y);

  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};

  \end{tikzpicture}

\end{textblock}}

\only<3->{

\begin{textblock}{1}(6.8,7.5)

  \begin{tikzpicture}[scale=1.3]

  \draw[white] (0,0) node (X) {};

  \draw[white] (1,1) node (Y) {};

  \draw[red, ->, line width = 2mm] (X) -- (Y);

  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};

  \end{tikzpicture}

\end{textblock}

\begin{textblock}{1}(4.8,5.9)

  \begin{tikzpicture}[scale=1.3]

  \draw[white] (0,0) node (X) {};

  \draw[white] (1.4,0) node (Y) {};

  \draw[red, <->, line width = 2mm] (X) -- (Y);

  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};

  \end{tikzpicture}

\end{textblock}}

\only<4->{  

\begin{textblock}{1}(12,6.5)

\begin{tabular}{c}

\includegraphics[scale=0.8]{../pics/factory.png}\\[-1mm]

\small card\\[-2mm]\small terminal\\[-2mm] \small producer

\end{tabular}

\end{textblock}

\begin{textblock}{1}(10,7)

  \begin{tikzpicture}[scale=1.6]

  \draw[white] (0,0) node (X) {};

  \draw[white] (-1,0.6) node (Y) {};

  \draw[red, ->, line width = 2mm] (X) -- (Y);

  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};

  \end{tikzpicture}

\end{textblock}}  

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{Chip-and-PIN}

\begin{itemize}

\item A ``tamperesitant'' terminal playing Tetris on 

\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}.\smallskip\\

\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})

\end{itemize}

\includegraphics[scale=0.2]{../pics/tetris.jpg}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}

\frametitle{Chip-and-PIN}

\begin{itemize}

\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after 

  \pounds{1M} had been stolen from customer accounts\smallskip 

\item in 2008, hundreds of card readers for use in Britain, Ireland, 

  the Netherlands, Denmark, and Belgium had been expertly tampered with 

  shortly after manufacture so that details and PINs of credit cards 

  were sent during the 9 months before over mobile phone networks 

  to criminals in Lahore, Pakistan

\end{itemize}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{Chip-and-PIN is Broken}

\begin{flushright}

\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;

\includegraphics[scale=1.5]{../pics/anderson.jpg}

\end{flushright}

\begin{itemize}

\item man-in-the-middle attacks by the group around Ross Anderson\medskip

\end{itemize}

\begin{center}

\mbox{}\hspace{-20mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}

\end{center}

\begin{textblock}{1}(11.5,13.7)

\begin{tabular}{l}

\footnotesize on BBC Newsnight\\[-2mm] 

\footnotesize in 2010 or 

\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}

\end{tabular}

\end{textblock}

\end{frame}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\begin{frame}[c]

\frametitle{\Large Chip-and-PIN is Really Broken}

\begin{flushright}

\includegraphics[scale=0.01]{../pics/andersonbook1.jpg}\;

\includegraphics[scale=1.5]{../pics/anderson.jpg}

\end{flushright}

\begin{itemize}