94 \renewcommand{\slidecaption}{APP 09, King's College London, 2 December 2013}

    42 \renewcommand{\slidecaption}{APP 09, King's College London, 3 December 2013}

   110   %\begin{center}

    58   \normalsize

   111   %\includegraphics[scale=1.3]{pics/barrier.jpg}

   112   %\end{center}

   113 

   114 \normalsize

   118   Of$\!$fice: & S1.27 (1st floor Strand Building)\\

    62   Office: & S1.27 (1st floor Strand Building)\\

   129 \begin{frame}[c]

    73 \begin{frame}[t]

   130 \frametitle{Last Week}

    74 \frametitle{Checking Solutions}

   131 

    75 

   132 Recall, the Schroeder-Needham (1978) protocol is vulnerable to replay attacks.

    76 How can you check somebody's solution without revealing the solution?\pause\bigskip

    77 

    78 Alice and Bob solve crosswords. Alice knows the answer for 21D (folio) but doesn't 

    79 want to tell Bob.\medskip

    80 

    81 You use an English  dictionary:

    82 

    83 \begin{itemize}

    84 \item folio \onslide<4->{$\stackrel{1}{\rightarrow}$ individual }

    85                 \onslide<5->{$\stackrel{2}{\rightarrow}$ human}

    86                 \onslide<6->{$\stackrel{3}{\rightarrow}$ or \ldots}

    87 \only<3>{

    88 \begin{quote}

    89 ``an \alert{individual} leaf of paper or parchment, either loose as one of a series or 

    90 forming part of a bound volume, which is numbered on the recto or front side only.''	

    91 \end{quote}}

    92 \only<4>{

    93 \begin{quote}

    94 ``a single \alert{human} being as distinct from a group''

    95 \end{quote}}

    96 \only<5>{

    97 \begin{quote}

    98 ``relating to \alert{or} characteristic of humankind''

    99 \end{quote}}

   100 \end{itemize}\bigskip\bigskip

   101 

   102 \only<7->{

   103 hash functions...but Bob can only check once he has also the solution

   104 }

   105 

   106 \end{frame}}

   107 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   108 

   109 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   110 \mode<presentation>{

   111 \begin{frame}[c]

   112 \frametitle{Zero-Knowledge Proofs}

   113 

   114 Two remarkable properties:\bigskip

   115 

   116 \begin{itemize}

   117 \item Alice only reveals the fact that she knows a secret.\bigskip

   118 \item Having been convinced, Bob cannot use the evidence in order to convince Carol.

   119 \end{itemize}

   120 

   121 \end{frame}}

   122 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   123 

   124 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   125 \mode<presentation>{

   126 \begin{frame}[t]

   127 \frametitle{\begin{tabular}{@{}c@{}}The Idea\end{tabular}}

   135 \begin{tabular}{@{}r@ {\hspace{1mm}}l@{}}

   130 \begin{tabular}{l@{\hspace{10mm}}r}

   136 \bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\

   131 \\[-10mm]

   137 \bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\

   132 \raisebox{10mm}{\large 1.} & \includegraphics[scale=0.1]{pics/alibaba1.png}\\

   138 \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\

   133 \raisebox{10mm}{\large 2.} & \includegraphics[scale=0.1]{pics/alibaba2.png}\\

   139 \bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\

   134 \raisebox{10mm}{\large 3.} & \includegraphics[scale=0.1]{pics/alibaba3.png}

   140 \bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\

   141 \end{tabular}

   142 \end{center}\pause

   143 

   144 Fix: Replace messages 2 and 3 to include a timestamp:\bigskip

   145 

   146 \begin{minipage}{1.1\textwidth}

   147 \begin{center}

   148 \begin{tabular}{@{\hspace{-2mm}}r@ {\hspace{1mm}}l@{}}

   149 \bl{$S \rightarrow A :$} & \bl{$\{B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\

   150 \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\

   153 \end{minipage}

   137 

   138 \small

   139 \only<2>{

   140 \begin{textblock}{12}(2,13.3)

   141 Even if Bob has a hidden camera, a recording will not be convincing to anyone else 

   142 (Alice and Bob could have made it all up).

   143 \end{textblock}}

   144 \only<3>{

   145 \begin{textblock}{12}(2,13.3)

   146 Even worse, an observer present at the experiment would not be convinced.

   147 \end{textblock}}

   160 \begin{frame}[t]

   154 \begin{frame}[c]

   161 \frametitle{Denning-Sacco Fix}

   155 \frametitle{Graph Isomorphism}

   162 

   156 

   163 Denning-Sacco (1981) suggested to add the timestamp, but omit the handshake:\bigskip

   164 

   165 \begin{minipage}{1.1\textwidth}

   167 \begin{tabular}{@{\hspace{-2mm}}r@ {\hspace{1mm}}l@{}}

   158 \begin{tabular}{l@{\hspace{10mm}}r}

   168 \bl{$A \rightarrow S :$} & \bl{$A, B$}\\

   159 \includegraphics[scale=0.8]{pics/graphs.png}\\

   169 \bl{$S \rightarrow A :$} & \bl{$\{B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\

   170 \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\

   171 \textcolor{lightgray}{$B \rightarrow A :$} & \textcolor{lightgray}{$\{N_B\}_{K_{AB}}$}\\

   172 \textcolor{lightgray}{$A \rightarrow B :$} & \textcolor{lightgray}{$\{N_B-1\}_{K_{AB}}$}\\

   175 \end{minipage}\bigskip

   162 

   176 

   163 Finding an isomorphism between two graphs is an NP complete problem.

   177 they argue \bl{$A$} and \bl{$B$} can check that the messages are not replays of earlier 

   164 \end{frame}}

   178 runs, by checking the time difference with when the protocol is last used

   165 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   179 \end{frame}}

   166 

   180 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   167 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   181 

   168 \mode<presentation>{

   182 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   169 \begin{frame}[c]

   183 \mode<presentation>{

   170 \frametitle{Graph Isomorphism Protocol}

   184 \begin{frame}[t]

   171 

   185 \frametitle{\begin{tabular}{@{}c@{}}Denning-Sacco-Lowe Fix of Fix\end{tabular}}

   172 Alice starts with knowing an isomorphism between graphs \bl{$G_1$} and \bl{$G_2$}\medskip

   186 

   173 

   187 Lowe (1997) disagreed and said the handshake should be kept, 

   174 \begin{enumerate}

   188 otherwise:\bigskip 

   175 \item Alice generates an isomorphic graph \bl{$H$} which she sends to Bob 

   189 

   176 \item Bob asks either for an isomorphism between \bl{$G_1$} and \bl{$H$}, or

   190 \begin{minipage}{1.1\textwidth}

   177 \bl{$G_2$} and \bl{$H$}	

   191 \begin{center}

   178 \item Alice and Bob repeat this procedure \bl{$n$} times	

   192 \begin{tabular}{@{\hspace{-7mm}}r@ {\hspace{1mm}}l@{}}

   179 \end{enumerate}\pause

   193 \bl{$A \rightarrow S :$} & \bl{$A, B$}\\

   180 

   194 \bl{$S \rightarrow A :$} & \bl{$\{B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\

   181 these are called commitment algorithms

   195 \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\

   182 \end{frame}}

   196 \bl{$I(A) \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\hspace{5mm}\textcolor{black}{replay}\\

   183 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%    

   197 \end{tabular}

   198 \end{center}

   199 \end{minipage}\bigskip

   200 

   201 When is this a problem?\pause\medskip

   202 

   203 Assume \bl{$B$} is a bank and the message is ``Draw \pounds{1000} from \bl{$A$}'s

   204 account and transfer it to \bl{$I$}.''

   205 \end{frame}}

   206 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

   207 

   208 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   209 \mode<presentation>{

   210 \begin{frame}[t]

   211 \frametitle{Privacy}

   212 

   213 \begin{minipage}{1.05\textwidth}

   214 \begin{itemize}

   215 \item we \alert{do} want that government data is made public (free maps for example)

   216 \item we \alert{do not} want that medical data becomes public (similarly tax data, school 

   217 records, job offers)\bigskip

   218 \item personal information can potentially lead to fraud 

   219 (identity theft)

   220 \end{itemize}\pause

   221 

   222 {\bf ``The reality'':}

   223 \only<2>{\begin{itemize}

   224 \item London Health Programmes lost in June unencrypted details of more than 8 million people

   225 (no names, but postcodes and details such as gender, age and ethnic origin)

   226 \end{itemize}}

   227 \only<3>{\begin{itemize}

   228 \item also in June Sony, got hacked: over 1M users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.

   229 \end{itemize}}

   230 \end{minipage}

   231 

   232 \end{frame}}

   233 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   234 

   236 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   185    

   237 \mode<presentation>{

   186 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   238 \begin{frame}[c]

   187 \mode<presentation>{

   239 \frametitle{Privacy and Big Data}

   188 \begin{frame}[c]

   240 

   189 \frametitle{Non-Interactive ZKPs}

   241 Selected sources of ``Big Data'':\smallskip{}

   190 

   242 

   243 \begin{itemize}

   244 \item Facebook 

   245 \begin{itemize}

   246 \item 40+ Billion photos (100 PB)

   247 \item 6 Billion messages daily (5 - 10 TB)

   248 \item 900 Million users  

   249 \end{itemize}

   250 \item Common Crawl

   251 \begin{itemize}

   252 \item covers 3.8 Billion webpages (2012 dataset)

   253 \item 50 TB of data

   254 \end{itemize}

   255 \item Google

   256 \begin{itemize}

   257 \item 20 PB daily (2008)

   258 \end{itemize}

   259 \item Twitter

   260 \begin{itemize}

   261 \item 7 Million users in the UK

   262 \item a company called Datasift is allowed to mine all tweets since 2010

   263 \item they charge 10k per month for other companies to target advertisement

   264 \end{itemize}

   265 \end{itemize}\pause

   266 

   267 

   268 \end{frame}}

   269 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   270 

   271 

   272 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   273 \mode<presentation>{

   274 \begin{frame}[c]

   275 \frametitle{Cookies\ldots}

   276 

   277 ``We have published a new cookie policy. It explains what cookies are 

   278 and how we use them on our site. To learn more about cookies and 

   279 their benefits, please view our cookie policy.\medskip

   280 

   281 If you'd like to disable cookies on this device, please view our information 

   282 pages on 'How to manage cookies'. Please be aware that parts of the 

   283 site will not function correctly if you disable cookies. \medskip

   284 

   285 By closing this 

   286 message, you consent to our use of cookies on this device in accordance 

   287 with our cookie policy unless you have disabled them.''

   288 

   289 

   290 \end{frame}}

   291 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   292 

   293 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   294 \mode<presentation>{

   295 \begin{frame}[c]

   296 \frametitle{Scare Tactics}

   297 

   298 The actual policy reads:\bigskip

   299 

   300 ``As we explain in our Cookie Policy, cookies help you to get the most 

   301 out of our websites.\medskip

   302 

   303 If you do disable our cookies you may find that certain sections of our 

   304 website do not work. For example, you may have difficulties logging in 

   305 or viewing articles.''

   306 

   307 

   308 

   309 

   310 \end{frame}}

   311 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   312 

   313 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   314 \mode<presentation>{

   315 \begin{frame}[c]

   316 \frametitle{Netflix Prize}

   317 

   318 Anonymity is \alert{necessary} for privacy, but \alert{not} enough!\bigskip

   319 

   320 \begin{itemize}

   321 \item Netflix offered in 2006 (and every year until 2010) a 1 Mio \$ prize for improving their movie rating algorithm

   322 \item dataset contained 10\% of all Netflix users (appr.~500K)

   323 \item names were removed, but included numerical ratings as well as times of rating

   324 \item some information was \alert{perturbed} (i.e., slightly modified)

   325 \end{itemize}

   326 

   327 \hfill{\bf\alert{All OK?}}

   328 

   329 \end{frame}}

   330 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   331 

   332 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   333 \mode<presentation>{

   334 \begin{frame}[c]

   335 \frametitle{Re-identification Attack}

   336 

   337 Two researchers analysed the data: 

   338 

   339 \begin{itemize}

   340 \item with 8 ratings (2 of them can be wrong) and corresponding dates that can have a margin 14-day error, 98\% of the

   341 records can be identified

   342 \item for 68\% only two ratings and dates are sufficient (for movie ratings outside the top 500)\bigskip\pause

   343 \item they took 50 samples from IMDb (where people can reveal their identity)

   344 \item 2 of them uniquely identified entries in the Netflix database (either by movie rating or by dates)

   345 \end{itemize}

   346 

   347 \end{frame}}

   348 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   349 

   350 

   351 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   352 \mode<presentation>{

   353 \begin{frame}[c]

   354 \frametitle{}

   355 

   356 \begin{itemize}

   357 \item Birth data, postcode and gender (unique for\\ 87\% of the US population)

   358 \item Preferences in movies (99\% of 500K for 8 ratings)

   359 \end{itemize}\bigskip

   360 

   361 Therefore best practices / or even law (HIPAA, EU): 

   362 

   363 \begin{itemize}

   364 \item only year dates (age group for 90 years or over), 

   365 \item no postcodes (sector data is OK, similarly in the US)\\

   366 \textcolor{gray}{no names, addresses, account numbers, licence plates}

   367 \item disclosure information needs to be retained for 5 years

   368 \end{itemize}

   369 

   370 \end{frame}}

   371 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   372 

   373 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   374 \mode<presentation>{

   375 \begin{frame}[c]

   376 \frametitle{How to Safely Disclose Information?}

   377 

   378 \only<1>{

   379 \begin{itemize}

   380 \item Assume you make a survey of 100 randomly chosen people.

   381 \item Say 99\% of the surveyed people in the 10 - 40 age group have seen the

   382 Gangnam video on youtube.\bigskip

   383 

   384 \item What can you infer about the rest of the population? 

   385 \end{itemize}}

   386 \only<2>{

   387 \begin{itemize}

   388 \item Is it possible to re-identify data later, if more data is released. \bigskip\bigskip\pause

   389 

   390 \item Not even releasing only  aggregate information prevents re-identification attacks.

   391 (GWAS was a public database of gene-frequency studies linked to diseases;

   392 you only needed partial DNA information  in order

   393 to identify whether an individual was part of the study --- DB closed in 2008) 

   394 \end{itemize}}

   395 

   396 \end{frame}}

   397 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   398 

   399 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   400 \mode<presentation>{

   401 \begin{frame}[c]

   402 \frametitle{Differential Privacy}

   403 

   404 \begin{center}

   405 User\;\;\;\;    

   406 \begin{tabular}{c}

   407 tell me \bl{$f(x)$} $\Rightarrow$\\

   408 $\Leftarrow$ \bl{$f(x) + \text{noise}$}

   409 \end{tabular}

   410 \;\;\;\;\begin{tabular}{@{}c}

   411 Database\\

   412 \bl{$x_1, \ldots, x_n$}

   413 \end{tabular}

   414 \end{center}

   415 

   416 

   417 \begin{itemize}

   418 \item \bl{$f(x)$} can be released, if \bl{$f$} is insensitive to

   419 individual entries  \bl{$x_1, \ldots, x_n$}\\

   420 \item Intuition: whatever is learned from the dataset would be learned regardless of whether

   421 \bl{$x_i$} participates\bigskip\pause 

   422 

   423 \item Noised needed in order to prevent queries:\\ Christian's salary $=$ 

   424 \begin{center}

   425 \bl{\large$\Sigma$} all staff $-$  \bl{\large$\Sigma$} all staff $\backslash$ Christian

   426 \end{center} 

   427 \end{itemize}

   428 

   429 \end{frame}}

   430 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   431 

   432 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   433 \mode<presentation>{

   434 \begin{frame}[c]

   435 \frametitle{Adding Noise}

   436 

   437 Adding noise is not as trivial as one would wish:

   438 

   439 \begin{itemize}

   440 \item If I ask how many of three have seen the Gangnam video and get a result

   441 as follows 

   442 

   443 \begin{center}

   444 \begin{tabular}{l|c}

   445 Alice & yes\\

   446 Bob & no\\

   447 Charlie & yes\\

   448 \end{tabular}

   449 \end{center}

   450 

   451 then I have to add a noise of \bl{$1$}. So answers would be in the

   452 range of \bl{$1$} to \bl{$3$}

   455 \item But if I ask five questions for all the dataset (has seen Gangnam video, is male, below 30, \ldots),

   193 This is amazing: Alison can publish some data that contains no data about her secret,

   456 then one individual can change the dataset by \bl{$5$}

   194 but can be used to convince anyone of the secret's existence.

   457 \end{itemize}

   195 \end{frame}}

   458 

   196 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   459 \end{frame}}

   197 

   460 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   198 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   461 

   199 \mode<presentation>{

   462 

   200 \begin{frame}[c]

   463 

   201 \frametitle{Problems of ZKPs}

   464 

   202 

   465 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   203 

   466 \mode<presentation>{

   204 \bigskip

   467 \begin{frame}[t]

   205 This is amazing: Alison can publish some data that contains no data about her secret,

   468 \frametitle{\begin{tabular}{@{}c@{}}Tor, Anonymous Webbrowsing\end{tabular}}

   206 but can be used to convince anyone of the secret's existence.

   469 

   207 \end{frame}}

   470 \begin{itemize}

   208 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   471 \item initially developed by US Navy Labs, but then opened up to the world 

   209 

   472 \item network of proxy nodes

   210 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   473 \item a Tor client establishes a ``random'' path to the destination server (you cannot trace back where the information came from)\bigskip\pause

   211 \mode<presentation>{

   474 \end{itemize}

   212 \begin{frame}[c]

   475 

   213 \frametitle{Random Number Generators}

   476 \only<2>{

   214 

   477 \begin{itemize}

   215 

   478 \item malicious exit node attack: someone set up 5 Tor exit nodes and monitored the traffic:

   216 \end{frame}}

   479 \begin{itemize}

   217 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   480 \item a number of logons and passwords used by embassies (Usbekistan `s1e7u0l7c', while

   481 Tunesia `Tunesia' and India `1234')

   482 \end{itemize}

   483 \end{itemize}}

   484 \only<3>{

   485 \begin{itemize}

   486 \item bad apple attack: if you have one insecure application, your IP can be tracked through Tor

   487 \begin{itemize}

   488 \item background: 40\% of traffic on Tor is generated by BitTorrent

   489 \end{itemize}

   490 \end{itemize}}

   491 

   492 

   493 \end{frame}}

   494 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   495 

   496 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   497 \mode<presentation>{

   498 \begin{frame}[t]

   499 \frametitle{\begin{tabular}{@{}c@{}}Skype Secure Communication\end{tabular}}

   500 

   501 \begin{itemize}

   502 \item Skype used to be known as a secure online communication (encryption cannot be disabled), 

   503 but \ldots\medskip

   504 

   505 \item it is impossible to verify whether crypto algorithms are correctly used, or whether  there are backdoors.\bigskip

   506  

   507 \item recently someone found out that you can reset the password of somebody else's

   508 account, only knowing their email address (needed to suspended the password reset feature temporarily)

   509 \end{itemize}

   510 

   511 

   512 \end{frame}}

   513 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   514 

   515 

   516 

   517 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   518 \mode<presentation>{

   519 \begin{frame}[c]

   520 \frametitle{\begin{tabular}{@{}c@{}}Take Home Point\end{tabular}}

   521 

   522 According to Ross Anderson: \bigskip

   523 \begin{itemize}

   524 \item Privacy in a big hospital is just about doable.\medskip

   525 \item How do you enforce privacy  in something as big as Google

   526 or complex as Facebook? No body knows.\bigskip

   527 

   528 Similarly, big databases imposed by government

   529 \end{itemize}

   530 

   531 

   532 \end{frame}}

   533 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   534 

   535 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

   536 \mode<presentation>{

   537 \begin{frame}[c]

   538 \frametitle{\begin{tabular}{@{}c@{}}Next Week\end{tabular}}

   539 

   540 Homework: Which areas should I focus on?

   541 

   542 

   543 \end{frame}}

   544 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

   545