--- a/slides01.tex	Tue Sep 25 02:25:56 2012 +0100
+++ b/slides01.tex	Tue Sep 25 08:29:04 2012 +0100
@@ -93,7 +93,7 @@
   \begin{center}
   \begin{tabular}{ll}
   Email:  & christian.urban at kcl.ac.uk\\
-  Office: & S1.27 (1st floor Strand Building)\\
+  Of$\!$fice: & S1.27 (1st floor Strand Building)\\
   Slides: & KEATS
   \end{tabular}
   \end{center}
@@ -102,6 +102,16 @@
 \end{frame}}
  %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}
+
+\begin{center}
+\includegraphics[scale=2.1]{pics/barrier.jpg}
+\end{center}
+
+\end{frame}}
+ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
@@ -145,7 +155,7 @@
 \begin{itemize}
 \item Chip-and-PIN was introduced in the UK in 2004
 \item before that customers had to sign a receipt\medskip
-\item Is Chip-and-PIN a more secure system? What do you think?
+\item Is Chip-and-PIN a more secure system?
 \end{itemize}
 
 \begin{flushright}
@@ -160,13 +170,13 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Yes\ldots\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Yes \ldots\end{tabular}}
 
 \begin{tikzpicture}
 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
 {\normalsize\color{darkgray}
 \begin{minipage}{10cm}\raggedright\small
-``Chip-and-PIN is so effective in this country that fraudsters are starting to move their activities overseas,'' 
+``Chip-and-PIN is so effective in this country [UK] that fraudsters are starting to move their activities overseas,'' 
 said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006).
 \end{minipage}};
 \end{tikzpicture}\bigskip
@@ -185,7 +195,7 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}Let's see\ldots\end{tabular}}
+\frametitle{\begin{tabular}{c}But let's see \ldots\end{tabular}}
 
 
 \begin{textblock}{1}(3,4)
@@ -201,20 +211,58 @@
 \end{tabular}
 \end{textblock}
 
-\only<2->{  
-\begin{textblock}{1}(12,6.5)
-\begin{tabular}{c}
-\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
-\small terminal\\[-2mm] \small producer
-\end{tabular}
-\end{textblock}}  
-
 \begin{textblock}{1}(4.5,9.9)
 \begin{tabular}{c}
 \includegraphics[scale=0.16]{pics/rman.png}\\[-1mm]
 \small costumer / you
 \end{tabular}
 \end{textblock}  
+
+\only<2->{
+\begin{textblock}{1}(4.5,7.5)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (1,-1) node (Y) {};
+  \draw[red, ->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}}
+
+\only<3->{
+\begin{textblock}{1}(6.8,7.5)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (1,1) node (Y) {};
+  \draw[red, ->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}
+
+\begin{textblock}{1}(4.8,5.9)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (1.4,0) node (Y) {};
+  \draw[red, <->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}}
+
+\only<4->{  
+\begin{textblock}{1}(12,6.5)
+\begin{tabular}{c}
+\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
+\small card\\[-2mm]\small terminal\\[-2mm] \small producer
+\end{tabular}
+\end{textblock}
+  
+\begin{textblock}{1}(10,7)
+  \begin{tikzpicture}[scale=1.6]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (-1,0.6) node (Y) {};
+  \draw[red, ->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}}  
   
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
@@ -304,7 +352,7 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Problem\ldots\end{tabular}}
+\frametitle{\begin{tabular}{c}The Problem \ldots\end{tabular}}
 
 
 \begin{textblock}{1}(3,4)
@@ -334,6 +382,42 @@
 \end{tabular}
 \end{textblock}  
   
+\begin{textblock}{1}(4.5,7.5)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (1,-1) node (Y) {};
+  \draw[gray, ->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}
+
+\begin{textblock}{1}(6.8,7.5)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (1,1) node (Y) {};
+  \draw[gray, ->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}
+
+\begin{textblock}{1}(4.8,5.9)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (1.4,0) node (Y) {};
+  \draw[gray, <->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}
+
+\begin{textblock}{1}(10,7)
+  \begin{tikzpicture}[scale=1.6]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (-1,0.6) node (Y) {};
+  \draw[gray, ->, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}  
+  
 \begin{textblock}{14}(1,13.5)
 \begin{itemize}
 \item the burden of proof for fraud and financial liability was shifted to the costumer
@@ -380,11 +464,11 @@
   \begin{tikzpicture}[scale=2.5]
   \draw[white] (0,0) node (X) {};
   \draw[white] (1,0) node (Y) {};
-  \only<1>{\draw[red, <-, line width = 2mm] (X) -- (Y);
+  \only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
   \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
-  \only<2>{\draw[red, ->, line width = 2mm] (X) -- (Y);
+  \only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
   \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
-  \only<3>{\draw[red, <-, line width = 2mm] (X) -- (Y);
+  \only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
   \node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
   \end{tikzpicture}
 \end{textblock}
@@ -393,7 +477,7 @@
 \begin{textblock}{1}(9,5.5)
 \begin{tabular}{c}
 \includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
-\small Client
+\small Client(s)
 \end{tabular}
 \end{textblock}
   
@@ -412,7 +496,7 @@
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}Scala + Play\end{tabular}}
 
-\footnotesize simple response from the server:
+\footnotesize a simple response from the server:
 
 {\lstset{language=Scala}\fontsize{8}{10}\selectfont
 \texttt{\lstinputlisting{app0.scala}}}\bigskip
@@ -458,6 +542,8 @@
   \draw[white] (0.95,-0.3) node (Y1) {};
   \only<1-2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
   \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
+  \only<1>{\draw[white, <-, line width = 1mm] (X1) -- (Y1);
+  \node [inner sep=2pt,label=below:\textcolor{white}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
   \only<2>{\draw[red, <-, line width = 1mm] (X1) -- (Y1);
   \node [inner sep=2pt,label=below:\textcolor{black}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
   \only<3->{\draw[red, ->, line width = 2mm] (X) -- (Y);
@@ -492,6 +578,7 @@
 \begin{minipage}{10cm}\raggedright\small
 {\bf EU Privacy Directive about Cookies:}\smallskip\\
 ``In May 2011, a European Union law was passed stating that websites that leave non-essential cookies on visitors' devices have to alert the visitor and get acceptance from them. This law applies to both individuals and businesses based in the EU regardless of the nationality of their website's visitors or the location of their web host. It is not enough to simply update a website's terms and conditions or privacy policy. The deadline to comply with the new EU cookie law was 26th May 2012 and failure to do so could mean a fine of up to \pounds{}500,000.''
+\hfill\small\textcolor{gray}{$\rightarrow$BBC News}
 \end{minipage}};
 \end{tikzpicture}
 \end{textblock}}
@@ -506,12 +593,12 @@
 
 {\bf GET request:}\smallskip
 \begin{enumerate}
-\item read cookie from client
+\item read the cookie from client
 \item if none is present, set \texttt{visits} to \textcolor{blue}{$0$}
-\item if cookie is present, extract \texttt{visits}
+\item if cookie is present, extract \texttt{visits} counter
 \item if \texttt{visits} is greater or equal \textcolor{blue}{$10$}, \\
-print valued customer message\\
-otherwise just normal message
+print a valued customer message\\
+otherwise just a normal message
 \item increase \texttt{visits} by \textcolor{blue}{$1$} and store new cookie with client
 \end{enumerate}
 
@@ -539,23 +626,30 @@
 \mode<presentation>{
 \begin{frame}[c]
 
-  \begin{center}
-  \includegraphics[scale=1.8]{pics/barrier.jpg}
-  \end{center}
+\begin{center}
+\includegraphics[scale=1.8]{pics/barrier.jpg}
+\end{center}
+
+\begin{itemize}
+\item data integrity needs to be ensured
+\end{itemize}
 
 \end{frame}}
- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
 
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
-\mbox{}\\[-9mm]
+\mbox{}\\[-7mm]
 
 {\lstset{language=Scala}\fontsize{8}{10}\selectfont
 \texttt{\lstinputlisting{app3.scala}}}
 
-  
+\small
+\begin{itemize}
+\item the counter/hash pair is intended to prevent tampering
+\end{itemize}  
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
@@ -565,9 +659,11 @@
 \frametitle{\begin{tabular}{c}SHA-1\end{tabular}}
   
 \begin{itemize}
-\item SHA-1 is a cryptographic hash function
+\item SHA-1 is a cryptographic hash function\\
+(MD5, SHA-256, SHA-512, \ldots) 
+\item message $\rightarrow$ digest
 \item no known attack exists, except brute force\bigskip\pause
-\item but dictionary attacks can be very effective for extracting passwords
+\item but dictionary attacks are very ef$\!$fective for extracting passwords (later)
 \end{itemize}  
   
 \end{frame}}
@@ -581,6 +677,24 @@
 {\lstset{language=Scala}\fontsize{8}{10}\selectfont
 \texttt{\lstinputlisting{app4.scala}}}
 
+\begin{textblock}{1}(9,1)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (3,0) node (Y) {};
+  \draw[red, <-, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}
+
+\begin{textblock}{1}(6.6,4.9)
+  \begin{tikzpicture}[scale=1.3]
+  \draw[white] (0,0) node (X) {};
+  \draw[white] (1,-1) node (Y) {};
+  \draw[red, <-, line width = 2mm] (X) -- (Y);
+  \node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
+  \end{tikzpicture}
+\end{textblock}
+
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
@@ -590,6 +704,9 @@
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}
 
+\begin{itemize}
+\item passwords are {\bf not} stored in clear text
+\end{itemize}
 % Unix password
 % http://ubuntuforums.org/showthread.php?p=5318038
 
@@ -601,12 +718,23 @@
 \begin{frame}[c]
 \frametitle{\begin{tabular}{c}Password Blunders\end{tabular}}
 
+in late 2009, when an SQL injection attack against online games 
+service RockYou.com exposed 32 million plaintext passwords
+
+1.3 million Gawker credentials exposed in December 2010 contained MD5 hashes
 % linkedIn password
 % http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html
 
+
+
+Web user maintains 25 separate accounts but uses just 6.5 passwords
+
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
+%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits.
+
+
 % rainbow tables
 % http://en.wikipedia.org/wiki/Rainbow_table
 
@@ -687,6 +815,16 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
+\frametitle{\begin{tabular}{c}Homework\end{tabular}}
+
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
 \frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}}
 
 \begin{itemize}
@@ -707,11 +845,6 @@
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
-
-
-
-
-
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \begin{frame}[c]
@@ -728,6 +861,28 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
 
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{c}Maps in Scala\end{tabular}}
+
+\begin{itemize}
+\item {\bf\texttt{map}} takes a function, say f, and applies it to every element of the list:
+\end{itemize}
+
+\begin{textblock}{15}(2,7)
+\fontsize{13}{14}\selectfont
+\bf\texttt{List(1, 2, 3, 4, 5, 6, 7, 8, 9)}
+\end{textblock}
+
+\begin{textblock}{15}(2,10)
+\fontsize{13}{14}\selectfont
+\bf\texttt{List(1, 4, 9, 16, 25, 36, 49, 64, 81)}
+\end{textblock}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   
+
 
 \end{document}