sen-material: comparison slides/slides02.tex

equal deleted inserted replaced

-:f76e1456b365
+:76f9457b8f51
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[t]
+\begin{frame}[c]
-\frametitle{How to Salt?}
+\frametitle{Exam and Homework}
-\begin{center}\tt\small
+\begin{itemize}
-\begin{tabular}{lcl}
+\item reminder\ldots KEATS
-1salt & $\Rightarrow$ & 8189effef4d4f7411f4153b13ff72546dd682c69\\
+\end{itemize}
-2salt & $\Rightarrow$ & 1528375d5ceb7d71597053e6877cc570067a738f\\
-3salt & $\Rightarrow$ & d646e213d4f87e3971d9dd6d9f435840eb6a1c06\\
-4salt & $\Rightarrow$ & 5b9e85269e4461de0238a6bf463ed3f25778cbba\\
-\end{tabular}
-\end{center}
-\begin{itemize}
-\item in Unix systems: \texttt{hash(salt + password)}, or even
-\texttt{hash$^{\texttt{1500}}$(salt + password)}\smallskip\pause
-\item Bruce Schneier in cases messages are long: \\
-instead of \texttt{m $\mapsto$ hash(m)},\\ use \texttt{m $\mapsto$ hash(hash(m) + m)}
-\end{itemize}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}
-Can you track a user {\bf without}:
-\begin{itemize}
-\item Cookies
-\item JavaScript
-\item LocalStorage/SessionStorage/GlobalStorage
-\item Flash, Java or other plugins
-\item Your IP address or user agent string
-\item Any methods employed by Panopticlick\\
-\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
-\end{itemize}
-Even when you disabled cookies entirely, have JavaScript turned off and use a VPN
-service, and also \ldots
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}
-\frametitle{Verizon}
-\mbox{}\\[-23mm]\mbox{}
-\begin{center}
-\includegraphics[scale=0.21]{../pics/verizon.png}
-\end{center}
-\vfill\footnotesize
-\url{http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{Web-Protocol}
-\only<1->{
-\begin{textblock}{1}(2,2)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{../pics/firefox.jpg}};
-\end{tikzpicture}
-\end{textblock}}
-\only<1->{
-\begin{textblock}{1}(11,2)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{../pics/servers.png}};
-\end{tikzpicture}
-\end{textblock}}
-\only<1->{
-\begin{textblock}{1}(5,2.5)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (3,0) node (Y) {};
-\draw[red, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}}
-\only<2->{
-\begin{textblock}{1}(5,6)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (3,0) node (Y) {};
-\draw[red, <-, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
-\node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{../pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}}
-\only<3->{
-\begin{textblock}{1}(4.2,11)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (3,0) node (Y) {};
-\draw[red, ->, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}}
-\only<4->{
-\begin{textblock}{1}(4.2,13.9)
-\begin{tikzpicture}[scale=1.3]
-\draw[white] (0,0) node (X) {};
-\draw[white] (3,0) node (Y) {};
-\draw[red, <-, line width = 2mm] (X) -- (Y);
-\node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
-\end{tikzpicture}
-\end{textblock}}
-\end{frame}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{Today's Lecture}
 \begin{center}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{E-Voting}
-\begin{bubble}[9cm]
+\begin{bubble}[10cm]
 ``Any electronic voting system should provide at least the same
-security, privacy and transparency as the system it replaces.''
+security, privacy and transparency as the system it replaces.''\medskip\\
+\small\hfill ---Australian Voting Commission
 \end{bubble}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \frametitle{E-Voting}
 \mbox{}\\[-12mm]
 \begin{itemize}
 \item US used mechanical machines since the 30s, later punch cards,
-now DREs and optical scan voting machines
+until recently DREs and optical scan voting machines
-\item Estonia used in 2007 the Internet for national elections
+\item Estonia used in 2007, 2011 and 2015 the Internet for national elections
 \textcolor{gray}{(there were earlier pilot studies in other
 countries)}
 \item India uses e-voting devices since at least
 2003\\ \textcolor{gray}{(``keep-it-simple'' machines produced by a
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[t]
 \frametitle{E-Voting in Estonia}
 \begin{itemize}
-\item worlds first general election that used internet voting (2007)
+\item worlds first general election that used internet voting (2007, 2011, 2015)
 \item builds on the Estonian ID card (a smartcard like CC)
 \item Internet voting can be used before the election (votes can be changed an
 unlimited amount of times, last vote is tabulated, you can even change your
 vote on the polling day in person)
 \item in the 2011 parliamentary election 24\% voted via Internet\bigskip\pause
 Alex Halderman:
 \begin{itemize}
 \item acquired a machine from an anonymous source\medskip
-\item they try to keep secret the source code running the machine\medskip\pause
+\item they try to keep secret the source code running on the machine\medskip\pause
 \item first reversed-engineered the machine (extremely tedious)
 \item could completely reboot the machine and even install a virus that infects other Diebold machines
 \item obtained also the source code for other machines
 \end{itemize}
 \begin{itemize}
 \item keep a paper trail and design your system to keep this secure\medskip
 \item make the software open source (avoid security-by-obscurity)\medskip
 \item have a simple design in order to minimise the attack surface
-\end{itemize}\pause
+\end{itemize}\pause\bigskip
 But overall, in times of NSA/state sponsored cyber-crime, e-voting is
 too hard with current technology.
 \end{frame}
 first lecture
 \end{column}
 \begin{column}<2>{.4\textwidth}
 \centering
 \includegraphics[scale=0.32]{../pics/trainwreck.jpg}\\
-next week
+next
 \end{column}
 \end{columns}
 \end{center}
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[t]
+\frametitle{How to Salt?}
+\begin{center}\tt\small
+\begin{tabular}{lcl}
+1salt & $\Rightarrow$ & 8189effef4d4f7411f4153b13ff72546dd682c69\\
+2salt & $\Rightarrow$ & 1528375d5ceb7d71597053e6877cc570067a738f\\
+3salt & $\Rightarrow$ & d646e213d4f87e3971d9dd6d9f435840eb6a1c06\\
+4salt & $\Rightarrow$ & 5b9e85269e4461de0238a6bf463ed3f25778cbba\\
+\end{tabular}
+\end{center}
+\begin{itemize}
+\item in Unix systems: \texttt{hash(salt + password)}, or even
+\texttt{hash$^{\texttt{1500}}$(salt + password)}\smallskip\pause
+\item Bruce Schneier in cases messages are long: \\
+instead of \texttt{m $\mapsto$ hash(m)},\\ use \texttt{m $\mapsto$ hash(hash(m) + m)}
+\end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}
+Can you track a user {\bf without}:
+\begin{itemize}
+\item Cookies
+\item JavaScript
+\item LocalStorage/SessionStorage/GlobalStorage
+\item Flash, Java or other plugins
+\item Your IP address or user agent string
+\item Any methods employed by Panopticlick\\
+\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
+\end{itemize}
+Even when you disabled cookies entirely, have JavaScript turned off and use a VPN
+service, and also \ldots
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}
+\frametitle{Verizon}
+\mbox{}\\[-23mm]\mbox{}
+\begin{center}
+\includegraphics[scale=0.21]{../pics/verizon.png}
+\end{center}
+\vfill\footnotesize
+\url{http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Web-Protocol}
+\only<1->{
+\begin{textblock}{1}(2,2)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{../pics/firefox.jpg}};
+\end{tikzpicture}
+\end{textblock}}
+\only<1->{
+\begin{textblock}{1}(11,2)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{../pics/servers.png}};
+\end{tikzpicture}
+\end{textblock}}
+\only<1->{
+\begin{textblock}{1}(5,2.5)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<2->{
+\begin{textblock}{1}(5,6)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, <-, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
+\node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{../pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<3->{
+\begin{textblock}{1}(4.2,11)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<4->{
+\begin{textblock}{1}(4.2,13.9)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, <-, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \end{document}
 %%% Local Variables:
 %%% mode: latex

changeset 465	76f9457b8f51
parent 415	56bc53ba7c5b
child 466	ddf7315450c9