\documentclass[dvipsnames,14pt,t]{beamer}
\usepackage{beamerthemeplainculight}
\usepackage[T1]{fontenc}
\usepackage[latin1]{inputenc}
\usepackage{mathpartir}
\usepackage[absolute,overlay]{textpos}
\usepackage{ifthen}
\usepackage{tikz}
\usepackage{pgf}
\usepackage{calc} 
\usepackage{ulem}
\usepackage{courier}
\usepackage{listings}
\renewcommand{\uline}[1]{#1}
\usetikzlibrary{arrows}
\usetikzlibrary{automata}
\usetikzlibrary{shapes}
\usetikzlibrary{shadows}
\usetikzlibrary{positioning}
\usetikzlibrary{calc}
\usepackage{graphicx} 

\definecolor{javared}{rgb}{0.6,0,0} % for strings
\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc

\lstset{language=Java,
	basicstyle=\ttfamily,
	keywordstyle=\color{javapurple}\bfseries,
	stringstyle=\color{javagreen},
	commentstyle=\color{javagreen},
	morecomment=[s][\color{javadocblue}]{/**}{*/},
	numbers=left,
	numberstyle=\tiny\color{black},
	stepnumber=1,
	numbersep=10pt,
	tabsize=2,
	showspaces=false,
	showstringspaces=false}

\lstdefinelanguage{scala}{
  morekeywords={abstract,case,catch,class,def,%
    do,else,extends,false,final,finally,%
    for,if,implicit,import,match,mixin,%
    new,null,object,override,package,%
    private,protected,requires,return,sealed,%
    super,this,throw,trait,true,try,%
    type,val,var,while,with,yield},
  otherkeywords={=>,<-,<\%,<:,>:,\#,@},
  sensitive=true,
  morecomment=[l]{//},
  morecomment=[n]{/*}{*/},
  morestring=[b]",
  morestring=[b]',
  morestring=[b]"""
}

\lstset{language=Scala,
	basicstyle=\ttfamily,
	keywordstyle=\color{javapurple}\bfseries,
	stringstyle=\color{javagreen},
	commentstyle=\color{javagreen},
	morecomment=[s][\color{javadocblue}]{/**}{*/},
	numbers=left,
	numberstyle=\tiny\color{black},
	stepnumber=1,
	numbersep=10pt,
	tabsize=2,
	showspaces=false,
	showstringspaces=false}

% beamer stuff 
\renewcommand{\slidecaption}{APP 01, King's College London, 25.~September 2012}


\begin{document}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}<1>[t]
\frametitle{%
  \begin{tabular}{@ {}c@ {}}
  \LARGE Access Control and \\[-3mm] 
  \LARGE Privacy Policies (1)\\[-6mm] 
  \end{tabular}}

  \begin{center}
  \includegraphics[scale=1.3]{pics/barrier.jpg}
  \end{center}

\normalsize
  \begin{center}
  \begin{tabular}{ll}
  Email:  & christian.urban at kcl.ac.uk\\
  Office: & S1.27 (1st floor Strand Building)\\
  Slides: & KEATS
  \end{tabular}
  \end{center}


\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Security Engineers\end{tabular}}

According to Bruce Schneier, {\bf security engineers} require
a particular {\bf mindset}:\bigskip

\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{10cm}\raggedright\small
``Security engineers --- at least the good ones --- see the world dif$\!$ferently. 
They can't walk into a store without noticing how they might shoplift. They can't 
use a computer without wondering about the security vulnerabilities. They can't 
vote without trying to figure out how to vote twice. They just can't help it.''
\end{minipage}};
\end{tikzpicture}

\begin{flushright}
\includegraphics[scale=0.0087]{pics/schneierbook1.jpg}\;
\includegraphics[scale=0.0087]{pics/schneierbook2.jpg}\;
\includegraphics[scale=0.85]{pics/schneier.png}
\end{flushright}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Chip-and-PIN\end{tabular}}

\begin{center}
\includegraphics[scale=0.3]{pics/creditcard1.jpg}\;
\includegraphics[scale=0.3]{pics/creditcard2.jpg}
\end{center}

\begin{itemize}
\item Chip-and-PIN was introduced in the UK in 2004
\item before that customers had to sign a receipt\medskip
\item Is Chip-and-PIN a more secure system? What do you think?
\end{itemize}

\begin{flushright}
\small\textcolor{gray}{(Some other countries still use the old method.)}
\end{flushright}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Yes\ldots\end{tabular}}

\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{10cm}\raggedright\small
``Chip-and-PIN is so effective in this country that fraudsters are starting to move their activities overseas,'' 
said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006).
\end{minipage}};
\end{tikzpicture}\bigskip


\begin{itemize}
\item mag-stripe cards cannot be cloned anymore
\item stolen or cloned cards need to be used abroad 
\item fraud on lost, stolen and counterfeit credit cards was down \pounds{}60m (24\%) on 2004's figure
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Let's see\ldots\end{tabular}}


\begin{textblock}{1}(3,4)
\begin{tabular}{c}
\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
\small Bank
\end{tabular}
\end{textblock}

\begin{textblock}{1}(7,4.5)
\begin{tabular}{c}
\includegraphics[scale=3]{pics/store.png}\\[-2mm]
\end{tabular}
\end{textblock}

\only<2->{  
\begin{textblock}{1}(12,6.5)
\begin{tabular}{c}
\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
\small terminal\\[-2mm] \small producer
\end{tabular}
\end{textblock}}  

\begin{textblock}{1}(4.5,9.9)
\begin{tabular}{c}
\includegraphics[scale=0.16]{pics/rman.png}\\[-1mm]
\small costumer / you
\end{tabular}
\end{textblock}  
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}


\begin{itemize}
\item A ``tamperesitant'' terminal playing Tetris on 
\textcolor{blue}{\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}}.\\
\textcolor{lightgray}{\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})}
\end{itemize}
 
  
\includegraphics[scale=0.2]{pics/tetris.jpg}
  
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}


\begin{itemize}
\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after \pounds{}1m had been stolen from customer accounts\smallskip 
\item in 2008, hundreds of card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been 
expertly tampered with shortly after manufacture so that details and PINs of credit cards were sent during the 9 months 
before over mobile phone networks to criminals in Lahore, Pakistan
\end{itemize}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Chip-and-PIN is Broken\end{tabular}}

\begin{flushright}
\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
\includegraphics[scale=1.5]{pics/anderson.jpg}
\end{flushright}

\begin{itemize}
\item man-in-the-middle attacks by the group around Ross Anderson\medskip
\end{itemize}

\begin{center}
\mbox{}\hspace{-20mm}\includegraphics[scale=0.5]{pics/chip-attack.png}
\end{center}


\begin{textblock}{1}(11.5,13.7)
\begin{tabular}{l}
\footnotesize on BBC Newsnight\\[-2mm] 
\footnotesize in 2010 or \textcolor{blue}{\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}}
\end{tabular}
\end{textblock}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Chip-and-PIN is Really Broken\end{tabular}}

\begin{flushright}
\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
\includegraphics[scale=1.5]{pics/anderson.jpg}
\end{flushright}

\begin{itemize}
\item same group successfully attacked this year card readers and ATM machines
\item the problem: several types of ATMs generate poor random numbers, which are used as nonces
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}The Problem\ldots\end{tabular}}


\begin{textblock}{1}(3,4)
\begin{tabular}{c}
\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
\small Bank
\end{tabular}
\end{textblock}

\begin{textblock}{1}(7,4.5)
\begin{tabular}{c}
\includegraphics[scale=3]{pics/store.png}\\[-2mm]
\end{tabular}
\end{textblock}

\begin{textblock}{1}(12,6.5)
\begin{tabular}{c}
\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
\small terminal\\[-2mm] \small producer
\end{tabular}
\end{textblock}

\begin{textblock}{1}(4.5,9.9)
\begin{tabular}{c}
\includegraphics[scale=0.13]{pics/rman.png}\\[-1mm]
\small costumer / you
\end{tabular}
\end{textblock}  
  
\begin{textblock}{14}(1,13.5)
\begin{itemize}
\item the burden of proof for fraud and financial liability was shifted to the costumer
\end {itemize} 
\end{textblock}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Screwed Again\end{tabular}}


\begin{flushright}
\includegraphics[scale=0.3]{pics/rbssecure.jpg}
\end{flushright}

\begin{itemize}
\item {\bf Responsibility}\\
``You understand that you are financially responsible for all uses of RBS Secure.''\\
\textcolor{lightgray}{\footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp}}
\end{itemize}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Web Applications\end{tabular}}


\begin{textblock}{1}(2,5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{pics/servers.png}\\[-2mm]
\small Servers from\\[-2mm] 
\small Dot.com Inc.
\end{tabular}
\end{textblock}

\begin{textblock}{1}(9,5.5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
\small Client
\end{tabular}
\end{textblock}
  
\begin{textblock}{13}(1,13)  
\begin{itemize}
\item What are pitfalls and best practices?
\end{itemize}  
\end{textblock}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Scala + Play\end{tabular}}

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinputlisting{app0.scala}}}\bigskip

\footnotesize
alternative response:\\

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{Ok("<H1>Hello world!</H1>").as(HTML)}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinputlisting{app1.scala}}}

  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

% linkedIn password
% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html

% rainbow tables
% http://en.wikipedia.org/wiki/Rainbow_table

% Unix password
% http://ubuntuforums.org/showthread.php?p=5318038

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}

\begin{itemize}
\item How fast can hackers crack SHA-1 passwords? \pause

\item The answer is 2 billion attempts per second\\ 
using a Radeon HD 7970
\end{itemize}

\begin{center}
\begin{tabular}{@ {\hspace{-12mm}}rl}
password length & time\smallskip\\\hline
5 letters & 5 secs\\
6 letters & 500 secs\\
7 letters & 13 hours\\
8 letters & 57 days\\
9 letters & 15 years\\
\end{tabular}
\end{center}

\small
5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\ 
(1 letter - upper case, lower case, digits, symbols $\approx$ 100)

\only<2->{
\begin{textblock}{1}(12,5)
\begin{tabular}{c}
\includegraphics[scale=0.3]{pics/radeon.jpg}\\[-6mm]
\footnotesize graphics card\\[-1mm]
\footnotesize ca.~\pounds{}300
\end{tabular}
\end{textblock}}



\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Privacy\end{tabular}}


\begin{itemize}
\item Scott McNealy: \\``You have zero privacy anyway. Get over it.''
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Passwords\end{tabular}}

\begin{itemize}
\item How do recover from a break in?
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Thinking as a Defender\end{tabular}}

\begin{itemize}
\item What are we trying to protect?
\item What properties are we trying to enforce?\medskip

\item Who are the attackers? Capabilities? Motivations?
\item What kind of attack are we trying to protect?
\item Who can fix any vulnerabilities?\medskip

\item What are the weaknesses of the system?
\item What will successful attacks cost us?
\item How likely are the attacks?\medskip

\item Security almost always is {\bf not} free!
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   






%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}The Security Mindset\end{tabular}}

\begin{itemize}
\item How things can go wrong.
\item Think outside the box.
\end{itemize}

The difference between a criminal is to only think about how things can go wrong.
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   



\end{document}

%%% Local Variables:  
%%% mode: latex
%%% TeX-master: t
%%% End: