sen-material: comparison slides01.tex

equal deleted inserted replaced

-:bd2b16f82601
+:a5184c270f30
 \normalsize
 \begin{center}
 \begin{tabular}{ll}
 Email:  & christian.urban at kcl.ac.uk\\
-Office: & S1.27 (1st floor Strand Building)\\
+Of$\!$fice: & S1.27 (1st floor Strand Building)\\
 Slides: & KEATS
 \end{tabular}
 \end{center}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}
+\begin{center}
+\includegraphics[scale=2.1]{pics/barrier.jpg}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{\begin{tabular}{@ {}c@ {}}Security Engineers\end{tabular}}
 \end{center}
 \begin{itemize}
 \item Chip-and-PIN was introduced in the UK in 2004
 \item before that customers had to sign a receipt\medskip
-\item Is Chip-and-PIN a more secure system? What do you think?
+\item Is Chip-and-PIN a more secure system?
 \end{itemize}
 \begin{flushright}
 \small\textcolor{gray}{(Some other countries still use the old method.)}
 \end{flushright}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Yes\ldots\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Yes \ldots\end{tabular}}
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
 {\normalsize\color{darkgray}
 \begin{minipage}{10cm}\raggedright\small
-``Chip-and-PIN is so effective in this country that fraudsters are starting to move their activities overseas,''
+``Chip-and-PIN is so effective in this country [UK] that fraudsters are starting to move their activities overseas,''
 said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006).
 \end{minipage}};
 \end{tikzpicture}\bigskip
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}Let's see\ldots\end{tabular}}
+\frametitle{\begin{tabular}{c}But let's see \ldots\end{tabular}}
 \begin{textblock}{1}(3,4)
 \begin{tabular}{c}
 \includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
 \begin{tabular}{c}
 \includegraphics[scale=3]{pics/store.png}\\[-2mm]
 \end{tabular}
 \end{textblock}
-\only<2->{
-\begin{textblock}{1}(12,6.5)
-\begin{tabular}{c}
-\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
-\small terminal\\[-2mm] \small producer
-\end{tabular}
-\end{textblock}}
 \begin{textblock}{1}(4.5,9.9)
 \begin{tabular}{c}
 \includegraphics[scale=0.16]{pics/rman.png}\\[-1mm]
 \small costumer / you
 \end{tabular}
 \end{textblock}
+\only<2->{
+\begin{textblock}{1}(4.5,7.5)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (1,-1) node (Y) {};
+\draw[red, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<3->{
+\begin{textblock}{1}(6.8,7.5)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (1,1) node (Y) {};
+\draw[red, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}
+\begin{textblock}{1}(4.8,5.9)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (1.4,0) node (Y) {};
+\draw[red, <->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<4->{
+\begin{textblock}{1}(12,6.5)
+\begin{tabular}{c}
+\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
+\small card\\[-2mm]\small terminal\\[-2mm] \small producer
+\end{tabular}
+\end{textblock}
+\begin{textblock}{1}(10,7)
+\begin{tikzpicture}[scale=1.6]
+\draw[white] (0,0) node (X) {};
+\draw[white] (-1,0.6) node (Y) {};
+\draw[red, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Problem\ldots\end{tabular}}
+\frametitle{\begin{tabular}{c}The Problem \ldots\end{tabular}}
 \begin{textblock}{1}(3,4)
 \begin{tabular}{c}
 \includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
 \begin{textblock}{1}(4.5,9.9)
 \begin{tabular}{c}
 \includegraphics[scale=0.13]{pics/rman.png}\\[-1mm]
 \small costumer / you
 \end{tabular}
+\end{textblock}
+\begin{textblock}{1}(4.5,7.5)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (1,-1) node (Y) {};
+\draw[gray, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}
+\begin{textblock}{1}(6.8,7.5)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (1,1) node (Y) {};
+\draw[gray, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}
+\begin{textblock}{1}(4.8,5.9)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (1.4,0) node (Y) {};
+\draw[gray, <->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}
+\begin{textblock}{1}(10,7)
+\begin{tikzpicture}[scale=1.6]
+\draw[white] (0,0) node (X) {};
+\draw[white] (-1,0.6) node (Y) {};
+\draw[gray, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
 \end{textblock}
 \begin{textblock}{14}(1,13.5)
 \begin{itemize}
 \item the burden of proof for fraud and financial liability was shifted to the costumer
 \begin{textblock}{1}(5.6,6)
 \begin{tikzpicture}[scale=2.5]
 \draw[white] (0,0) node (X) {};
 \draw[white] (1,0) node (Y) {};
-\only<1>{\draw[red, <-, line width = 2mm] (X) -- (Y);
+\only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
 \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
-\only<2>{\draw[red, ->, line width = 2mm] (X) -- (Y);
+\only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
 \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
-\only<3>{\draw[red, <-, line width = 2mm] (X) -- (Y);
+\only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
 \node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
 \end{tikzpicture}
 \end{textblock}
 \begin{textblock}{1}(9,5.5)
 \begin{tabular}{c}
 \includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
-\small Client
+\small Client(s)
 \end{tabular}
 \end{textblock}
 \begin{textblock}{13}(1,13)
 \begin{itemize}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}Scala + Play\end{tabular}}
-\footnotesize simple response from the server:
+\footnotesize a simple response from the server:
 {\lstset{language=Scala}\fontsize{8}{10}\selectfont
 \texttt{\lstinputlisting{app0.scala}}}\bigskip
 \footnotesize
 \draw[white] (1,0) node (Y) {};
 \draw[white] (0.05,-0.3) node (X1) {};
 \draw[white] (0.95,-0.3) node (Y1) {};
 \only<1-2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
 \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
+\only<1>{\draw[white, <-, line width = 1mm] (X1) -- (Y1);
+\node [inner sep=2pt,label=below:\textcolor{white}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
 \only<2>{\draw[red, <-, line width = 1mm] (X1) -- (Y1);
 \node [inner sep=2pt,label=below:\textcolor{black}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
 \only<3->{\draw[red, ->, line width = 2mm] (X) -- (Y);
 \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
 \only<3->{\draw[red, ->, line width = 1mm] (X1) -- (Y1);
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
 {\normalsize\color{darkgray}
 \begin{minipage}{10cm}\raggedright\small
 {\bf EU Privacy Directive about Cookies:}\smallskip\\
 ``In May 2011, a European Union law was passed stating that websites that leave non-essential cookies on visitors' devices have to alert the visitor and get acceptance from them. This law applies to both individuals and businesses based in the EU regardless of the nationality of their website's visitors or the location of their web host. It is not enough to simply update a website's terms and conditions or privacy policy. The deadline to comply with the new EU cookie law was 26th May 2012 and failure to do so could mean a fine of up to \pounds{}500,000.''
+\hfill\small\textcolor{gray}{$\rightarrow$BBC News}
 \end{minipage}};
 \end{tikzpicture}
 \end{textblock}}
 \end{frame}}
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}My First Webapp\end{tabular}}
 {\bf GET request:}\smallskip
 \begin{enumerate}
-\item read cookie from client
+\item read the cookie from client
 \item if none is present, set \texttt{visits} to \textcolor{blue}{$0$}
-\item if cookie is present, extract \texttt{visits}
+\item if cookie is present, extract \texttt{visits} counter
 \item if \texttt{visits} is greater or equal \textcolor{blue}{$10$}, \\
-print valued customer message\\
+print a valued customer message\\
-otherwise just normal message
+otherwise just a normal message
 \item increase \texttt{visits} by \textcolor{blue}{$1$} and store new cookie with client
 \end{enumerate}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \begin{center}
 \includegraphics[scale=1.8]{pics/barrier.jpg}
 \end{center}
-\end{frame}}
+\begin{itemize}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\item data integrity needs to be ensured
+\end{itemize}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{frame}}
-\mode<presentation>{
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\mbox{}\\[-9mm]
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\mbox{}\\[-7mm]
 {\lstset{language=Scala}\fontsize{8}{10}\selectfont
 \texttt{\lstinputlisting{app3.scala}}}
+\small
+\begin{itemize}
+\item the counter/hash pair is intended to prevent tampering
+\end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}SHA-1\end{tabular}}
 \begin{itemize}
-\item SHA-1 is a cryptographic hash function
+\item SHA-1 is a cryptographic hash function\\
+(MD5, SHA-256, SHA-512, \ldots)
+\item message $\rightarrow$ digest
 \item no known attack exists, except brute force\bigskip\pause
-\item but dictionary attacks can be very effective for extracting passwords
+\item but dictionary attacks are very ef$\!$fective for extracting passwords (later)
 \end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mbox{}\\[-9mm]
 {\lstset{language=Scala}\fontsize{8}{10}\selectfont
 \texttt{\lstinputlisting{app4.scala}}}
+\begin{textblock}{1}(9,1)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, <-, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}
+\begin{textblock}{1}(6.6,4.9)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (1,-1) node (Y) {};
+\draw[red, <-, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}
+\begin{itemize}
+\item passwords are {\bf not} stored in clear text
+\end{itemize}
 % Unix password
 % http://ubuntuforums.org/showthread.php?p=5318038
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}Password Blunders\end{tabular}}
+in late 2009, when an SQL injection attack against online games
+service RockYou.com exposed 32 million plaintext passwords
+1.3 million Gawker credentials exposed in December 2010 contained MD5 hashes
 % linkedIn password
 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+Web user maintains 25 separate accounts but uses just 6.5 passwords
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits.
 % rainbow tables
 % http://en.wikipedia.org/wiki/Rainbow_table
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
+\frametitle{\begin{tabular}{c}Homework\end{tabular}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
 \frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}}
 \begin{itemize}
 \item What are we trying to protect?
 \item What properties are we trying to enforce?\medskip
 \end{itemize}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}The Security Mindset\end{tabular}}
 The difference between a criminal is to only think about how things can go wrong.
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{c}Maps in Scala\end{tabular}}
+\begin{itemize}
+\item {\bf\texttt{map}} takes a function, say f, and applies it to every element of the list:
+\end{itemize}
+\begin{textblock}{15}(2,7)
+\fontsize{13}{14}\selectfont
+\bf\texttt{List(1, 2, 3, 4, 5, 6, 7, 8, 9)}
+\end{textblock}
+\begin{textblock}{15}(2,10)
+\fontsize{13}{14}\selectfont
+\bf\texttt{List(1, 4, 9, 16, 25, 36, 49, 64, 81)}
+\end{textblock}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \end{document}
 %%% Local Variables:

changeset 8	a5184c270f30
parent 7	bd2b16f82601
child 9	6dca9c220c8e