\documentclass[dvipsnames,14pt,t, xelatex]{beamer}
\usepackage{beamerthemeplaincu}
\usepackage{fontenc,xltxtra,xunicode}
\defaultfontfeatures{Mapping=tex-text}
\usepackage{mathpartir}
\usepackage[absolute,overlay]{textpos}
\usepackage{ifthen}
\usepackage{tikz}
\usepackage{pgf}
\usepackage{calc} 
\usepackage{ulem}
\usepackage{listings}
\renewcommand{\uline}[1]{#1}
\usetikzlibrary{arrows}
\usetikzlibrary{automata}
\usetikzlibrary{shapes}
\usetikzlibrary{shadows}
\usetikzlibrary{positioning}
\usetikzlibrary{calc}
\usepackage{upquote}
\usetikzlibrary{plotmarks}
\usepackage{graphicx} 
\usepackage{pgfplots}
\usepackage{../langs}


\makeatletter
\lst@CCPutMacro\lst@ProcessOther {"2D}{\lst@ttfamily{-{}}{-{}}}
\@empty\z@\@empty
\makeatother


% beamer stuff 
\renewcommand{\slidecaption}{APP 01, King's College London, 24.~September 2013}


\begin{document}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{%
  \begin{tabular}{@ {}c@ {}}
  \LARGE Access Control and \\[-3mm] 
  \LARGE Privacy Policies (1)\\[-6mm] 
  \end{tabular}}

  \begin{center}
  \includegraphics[scale=1.3]{pics/barrier.jpg}
  \end{center}

  \normalsize
  \begin{center}
  \begin{tabular}{ll}  
  Email:  & christian.urban at kcl.ac.uk\\
  Office: & S1.27 (1st floor Strand Building)\\
  Slides: & KEATS
  \end{tabular}
  \end{center}
\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}

\begin{center}
\includegraphics[scale=2.1]{pics/barrier.jpg}
\end{center}

\end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}

\begin{center}
\includegraphics[scale=0.1]{pics/snowden.jpg}
\end{center}

\begin{textblock}{1}(3.5,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {\includegraphics[scale=0.1]{pics/rman.png}};
  \draw[white] (6,0) node (Y) {\includegraphics[scale=0.1]{pics/gman.png}};
  \draw[red, ->, line width = 3mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{communication}] at ($ (X)!.5!(Y) $) {};

  \draw[white] (1.3, -1) node (NSA) {\includegraphics[scale=0.05]{pics/nsa.png}};
  \draw[white] (2.7, -1) node (GCHQ) {\includegraphics[scale=0.3]{pics/gchq.jpg}};
  \draw[black] (2, -2) node (OTHER) {\huge\ldots};

  \end{tikzpicture}
\end{textblock}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}

\begin{center}
\includegraphics[scale=0.45]{pics/lavabit-email.jpg}
\end{center}
\small{}\mbox{}\hfill{}
Lavabit email service closed down on 8 August 2013. \\
\mbox{}\hfill{}\textcolor{blue}{\url{goo.gl/bgSrVp}}


\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}
\frametitle{Also Bad Guys}

\only<1->{
\begin{textblock}{1}(4,2.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {\includegraphics[scale=0.1]{pics/rman.png}};
  \draw[white] (4,0) node (Y) {\includegraphics[scale=0.1]{pics/gman.png}};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<1->{
\begin{textblock}{1}(1,6)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{11cm}\raggedright\footnotesize
Annonymous Hacker operating a 10k bonnet using the ZeuS hacking tool wrote:\medskip\\
``FYI I do not cash out the bank accounts or credit cards, I just sell the information 
(I know, its just as bad, hur dur...), there isn't even a law against such in most countries, 
dealing with stolen information is most of the time a legaly greyzone (I was just as surprised 
when I looked it up), I'm not talking about 3rd world countries, but about European like Spain 
(The Mariposa botnet owner never got charged, because a botnet isn't illegal, only abusing 
CC information is, but that did other guys).''\\
\hfill{}\textcolor{blue}{\url{goo.gl/UWluh0}}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}


\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}
\frametitle{\begin{tabular}{@ {}c@ {}}This is a Misconception!\end{tabular}}


\begin{center}
\includegraphics[scale=0.6]{pics/cryptographic-small.png}
\end{center}

Though, the NSA can probably not brute-force magically better than the ``public''.
\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Security Engineers\end{tabular}}

\small\alert{\bf Security engineers} require a particular \alert{\bf mindset}:\bigskip

\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{10cm}\raggedright\small
``Security engineers --- at least the good ones --- see the world differently. 
They can't walk into a store without noticing how they might shoplift. They can't 
use a computer without wondering about the security vulnerabilities. They can't 
vote without trying to figure out how to vote twice. They just can't help it.''\\
\hfill{}---Bruce Schneier
\end{minipage}};
\end{tikzpicture}

\begin{flushright}
\includegraphics[scale=0.0087]{pics/schneierbook1.jpg}\;
\includegraphics[scale=0.0087]{pics/schneierbook2.jpg}\;
\includegraphics[scale=0.23]{pics/schneierbook3.jpg}\;
\includegraphics[scale=0.85]{pics/schneier.png}
\end{flushright}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Breaking Things\end{tabular}}

For example:

\begin{center}
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{10cm}\raggedright\small
Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip

\noindent
\begin{tabular}{@ {}l}
Write the first 100 digits of $\pi$:\\
3.\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_\,\_
\end{tabular}
\end{minipage}};
\end{tikzpicture}
\end{center}

How can you cheat in this exam and how can you defend against such cheating?

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Chip-and-PIN\end{tabular}}

\begin{center}
\includegraphics[scale=0.3]{pics/creditcard1.jpg}\;
\includegraphics[scale=0.3]{pics/creditcard2.jpg}
\end{center}

\begin{itemize}
\item Chip-and-PIN was introduced in the UK in 2004
\item before that customers had to sign a receipt\medskip
\item Is Chip-and-PIN a more secure system?
\end{itemize}

\begin{flushright}
\small\textcolor{gray}{(Some other countries still use the old method.)}
\end{flushright}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Yes \ldots\end{tabular}}

\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{10cm}\raggedright\small
``Chip-and-PIN is so effective in this country [UK] that fraudsters are starting to move their activities overseas,'' 
said Emile Abu-Shakra, spokesman for Lloyds TSB (in the Guardian, 2006).
\end{minipage}};
\end{tikzpicture}\bigskip


\begin{itemize}
\item mag-stripe cards cannot be cloned anymore
\item stolen or cloned cards need to be used abroad 
\item fraud on lost, stolen and counterfeit credit cards was down \pounds{}60m (24\%) on 2004's figure
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}But let's see \ldots\end{tabular}}


\begin{textblock}{1}(3,4)
\begin{tabular}{c}
\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
\small Bank
\end{tabular}
\end{textblock}

\begin{textblock}{1}(7,4.5)
\begin{tabular}{c}
\includegraphics[scale=3]{pics/store.png}\\[-2mm]
\end{tabular}
\end{textblock}

\begin{textblock}{1}(4.5,9.9)
\begin{tabular}{c}
\includegraphics[scale=0.16]{pics/rman.png}\\[-1mm]
\small costumer / you
\end{tabular}
\end{textblock}  

\only<2->{
\begin{textblock}{1}(4.5,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,-1) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<3->{
\begin{textblock}{1}(6.8,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,1) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(4.8,5.9)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1.4,0) node (Y) {};
  \draw[red, <->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<4->{  
\begin{textblock}{1}(12,6.5)
\begin{tabular}{c}
\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
\small card\\[-2mm]\small terminal\\[-2mm] \small producer
\end{tabular}
\end{textblock}
  
\begin{textblock}{1}(10,7)
  \begin{tikzpicture}[scale=1.6]
  \draw[white] (0,0) node (X) {};
  \draw[white] (-1,0.6) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}  
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}


\begin{itemize}
\item A ``tamperesitant'' terminal playing Tetris on 
\textcolor{blue}{\href{http://www.youtube.com/watch?v=wWTzkD9M0sU}{youtube}}.\\
\textcolor{lightgray}{\footnotesize(\url{http://www.youtube.com/watch?v=wWTzkD9M0sU})}
\end{itemize}
 
  
\includegraphics[scale=0.2]{pics/tetris.jpg}
  
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Chip-and-PIN\end{tabular}}


\begin{itemize}
\item in 2006, Shell petrol stations stopped accepting Chip-and-PIN after \pounds{}1m had been stolen from customer accounts\smallskip 
\item in 2008, hundreds of card readers for use in Britain, Ireland, the Netherlands, Denmark, and Belgium had been 
expertly tampered with shortly after manufacture so that details and PINs of credit cards were sent during the 9 months 
before over mobile phone networks to criminals in Lahore, Pakistan
\end{itemize}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Chip-and-PIN is Broken\end{tabular}}

\begin{flushright}
\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
\includegraphics[scale=1.5]{pics/anderson.jpg}
\end{flushright}

\begin{itemize}
\item man-in-the-middle attacks by the group around Ross Anderson\medskip
\end{itemize}

\begin{center}
\mbox{}\hspace{-20mm}\includegraphics[scale=0.5]{pics/chip-attack.png}
\end{center}


\begin{textblock}{1}(11.5,13.7)
\begin{tabular}{l}
\footnotesize on BBC Newsnight\\[-2mm] 
\footnotesize in 2010 or \textcolor{blue}{\href{http://www.youtube.com/watch?v=JPAX32lgkrw}{youtube}}
\end{tabular}
\end{textblock}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\Large\begin{tabular}{@ {}c@ {}}Chip-and-PIN is Really Broken\end{tabular}}

\begin{flushright}
\includegraphics[scale=0.01]{pics/andersonbook1.jpg}\;
\includegraphics[scale=1.5]{pics/anderson.jpg}
\end{flushright}

\begin{itemize}
\item same group successfully attacked in 2012 card readers and ATM machines
\item the problem: several types of ATMs generate poor random numbers, which are used as nonces
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}The Real Problem \ldots\end{tabular}}


\begin{textblock}{1}(3,4)
\begin{tabular}{c}
\includegraphics[scale=0.3]{pics/bank.png}\\[-2mm]
\small Bank
\end{tabular}
\end{textblock}

\begin{textblock}{1}(7,4.5)
\begin{tabular}{c}
\includegraphics[scale=3]{pics/store.png}\\[-2mm]
\end{tabular}
\end{textblock}

\begin{textblock}{1}(12,6.5)
\begin{tabular}{c}
\includegraphics[scale=0.8]{pics/factory.png}\\[-1mm]
\small terminal\\[-2mm] \small producer
\end{tabular}
\end{textblock}

\begin{textblock}{1}(4.5,9.9)
\begin{tabular}{c}
\includegraphics[scale=0.13]{pics/rman.png}\\[-1mm]
\small costumer / you
\end{tabular}
\end{textblock}  
  
\begin{textblock}{1}(4.5,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,-1) node (Y) {};
  \draw[gray, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(6.8,7.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,1) node (Y) {};
  \draw[gray, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(4.8,5.9)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1.4,0) node (Y) {};
  \draw[gray, <->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(10,7)
  \begin{tikzpicture}[scale=1.6]
  \draw[white] (0,0) node (X) {};
  \draw[white] (-1,0.6) node (Y) {};
  \draw[gray, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}  
  
\begin{textblock}{14}(1,13.5)
\begin{itemize}
\item the burden of proof for fraud and financial liability was shifted to the costumer (until approx.~2009/10)
\end {itemize} 
\end{textblock}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}
\frametitle{\begin{tabular}{@ {}c@ {}}The Bad Guy Again\end{tabular}}


\only<1->{
\begin{textblock}{1}(1,4)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{11cm}\raggedright\footnotesize
The Annonymous Hacker from earlier:\medskip\\
``Try to use `Verified-By-Visa' and `Mastercard-Securecode' as rarely as possible. If only your CVV2 code is getting sniffed, you are not liable for any damage, because the code is physically printed and could have been stolen while you payed with your card at a store. Same applies if someone cloned your CC reading the magnetic stripe or sniffing RFID. Only losing your VBV or MCSC password can cause serious trouble.''\\
\hfill{}\textcolor{blue}{\url{goo.gl/UWluh0}}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}


\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Being Screwed Again\end{tabular}}


\begin{flushright}
\includegraphics[scale=0.3]{pics/rbssecure.jpg}
\end{flushright}

\begin{itemize}
\item {\bf Responsibility}\\
``You understand that you are financially responsible for all uses of RBS Secure.''\\
\textcolor{lightgray}{\footnotesize\url{https://www.rbssecure.co.uk/rbs/tdsecure/terms_of_use.jsp}}
\end{itemize}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Web Applications\end{tabular}}


\begin{textblock}{1}(2,5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{pics/servers.png}\\[-2mm]
\small Servers from\\[-2mm] 
\small Dot.com Inc.
\end{tabular}
\end{textblock}

\begin{textblock}{1}(5.6,6)
  \begin{tikzpicture}[scale=2.5]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,0) node (Y) {};
  \only<2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
  \only<3>{\draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
  \only<4>{\draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=7pt,label=above:\textcolor{black}{POST data}] at ($ (X)!.5!(Y) $) {};}
  \end{tikzpicture}
\end{textblock}


\begin{textblock}{1}(9,5.5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
\small Client(s)
\end{tabular}
\end{textblock}
  
\begin{textblock}{13}(1,13)  
\begin{itemize}
\item What are pitfalls and best practices?
\end{itemize}  
\end{textblock}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Why Scala?\end{tabular}}

\begin{textblock}{6}(1,3)
\begin{tabular}{l}
\mbox{}\hspace{-1mm}\includegraphics[scale=0.36]{pics/twitter.png}\\[-1mm]
\includegraphics[scale=0.30]{pics/linked.png}\\
\includegraphics[scale=0.30]{pics/guardian.jpg}\\[-3mm]
\mbox{}\hspace{-2mm}\includegraphics[scale=0.38]{pics/morgan.png}\\[-3mm]
\includegraphics[scale=0.30]{pics/suisse.png}\\
\includegraphics[scale=0.20]{pics/edf.png}\\[-1mm]
\includegraphics[scale=0.08]{pics/novell.png}\\[-1mm]
\includegraphics[scale=0.30]{pics/foursquare.png}\\
\includegraphics[scale=0.30]{pics/hsbc.png}\\
{\large\bf ...}
\end{tabular}
\end{textblock}
 
\only<2->{  
\begin{textblock}{6}(6,3)
\includegraphics[scale=0.35]{pics/jobgraph.png}\\
\end{textblock}}  
  
\only<3->{  
\begin{textblock}{6}(7.3,9.2)
\begin{tabular}{l}
\footnotesize 2013: 1$\%$\\[-2mm]
\footnotesize 2014: 3$\%$\\[-2mm]
\footnotesize 2015: 9$\%$\\[-2mm]
\footnotesize 2016: 27$\%$\\[-2mm]
\footnotesize 2017: 81$\%$\\[-2mm]
\footnotesize 2018: 243$\%$ \raisebox{-1mm}{\includegraphics[scale=0.02]{pics/smiley.jpg}}
\end{tabular}
\end{textblock}} 
  
\only<3->{  
\begin{textblock}{6}(6,9.5)
\footnotesize 5 yrs $\begin{cases}\mbox{}\\[1.4cm]\end{cases}$
\end{textblock}}

\only<4->{  
\begin{textblock}{11}(5,14.1)
\textcolor{gray}{
\footnotesize {\bf in London today:} 1 Scala job for every 30 Java jobs;\\[-2mm]
Scala programmers seem to get up to 20\% better salary}
\end{textblock}}


\only<5->{
\begin{textblock}{1}(3,6)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{8.5cm}\raggedright\normalsize
Scala is a functional and object-oriented programming language; compiles to the JVM; does not 
need null-pointer exceptions; a course on Coursera\\
\mbox{}\hfill\textcolor{blue}{\url{http://www.scala-lang.org}}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Scala + Play\end{tabular}}

\small a simple response from the server:


{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinputlisting{../progs/app0.scala}}}\bigskip

\small
alternative response:\\

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinline{Ok("<H1>Hello world!</H1>").as(HTML)}}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinputlisting{../progs/app1.scala}}}

  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Cookies\end{tabular}}


\begin{textblock}{1}(1.5,5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{pics/servers.png}\\[-2mm]
\small Servers from\\[-2mm] 
\small Dot.com Inc.
\end{tabular}
\end{textblock}

\begin{textblock}{1}(5.6,5.6)
  \begin{tikzpicture}[scale=2.5]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,0) node (Y) {};
  \draw[white] (0.05,-0.3) node (X1) {};
  \draw[white] (0.95,-0.3) node (Y1) {};
  \only<1-2>{\draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{GET request}] at ($ (X)!.5!(Y) $) {};}
  \only<1>{\draw[white, <-, line width = 1mm] (X1) -- (Y1);
  \node [inner sep=2pt,label=below:\textcolor{white}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
  \only<2>{\draw[red, <-, line width = 1mm] (X1) -- (Y1);
  \node [inner sep=2pt,label=below:\textcolor{black}{read a cookie}] at ($ (X1)!.5!(Y1) $) {};}
  \only<3->{\draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{webpage}] at ($ (X)!.5!(Y) $) {};}
  \only<3->{\draw[red, ->, line width = 1mm] (X1) -- (Y1);
  \node [inner sep=2pt,label=below:\textcolor{black}{write a cookie}] at ($ (X1)!.5!(Y1) $) {};}
  \end{tikzpicture}
\end{textblock}


\begin{textblock}{1}(9.5,5.5)
\begin{tabular}{c}
\includegraphics[scale=0.15]{pics/laptop.png}\\[-2mm]
\small Client
\end{tabular}
\end{textblock}
  
\only<4->{  
\begin{textblock}{13}(1,11)  
\small\begin{itemize}
\item cookies: max 4KB data\\[-2mm]
\item cookie theft, cross-site scripting attacks\\[-2mm]
\item session cookies, persistent cookies, HttpOnly cookies, third-party cookies, zombie cookies 
\end{itemize}  
\end{textblock}}

\only<5>{
\begin{textblock}{11}(1,3)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{10cm}\raggedright\small
{\bf EU Privacy Directive about Cookies:}\smallskip\\
``In May 2011, a European Union law was passed stating that websites that leave non-essential cookies on visitors' devices have to alert the visitor and get acceptance from them. This law applies to both individuals and businesses based in the EU regardless of the nationality of their website's visitors or the location of their web host. It is not enough to simply update a website's terms and conditions or privacy policy. The deadline to comply with the new EU cookie law was 26th May 2012 and failure to do so could mean a fine of up to \pounds{}500,000.''
\hfill\small\textcolor{gray}{$\rightarrow$BBC News}, \textcolor{blue}{\url{goo.gl/RI4qhh}}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\begin{itemize}
\item While cookies are per web-page, this can be easily circumvented.
\end{itemize}

\begin{textblock}{1}(1.5,4.5)
\begin{tabular}{c}
\includegraphics[scale=0.07]{pics/servers.png}\\[-2mm]
\small Pet Store\\[-2mm] 
\small Dot.com\\[-2mm] 
\end{tabular}
\end{textblock}
  
\begin{textblock}{1}(1.5,8)
\begin{tabular}{c}
\includegraphics[scale=0.07]{pics/servers.png}\\[-2mm]
\small Dating.com
\end{tabular}
\end{textblock}  

\begin{textblock}{1}(10.5,7.5)
\begin{tabular}{c}
\includegraphics[scale=0.07]{pics/servers.png}\\[-2mm]
\small Evil-Ad-No\\[-2mm]
\small Privacy.com
\end{tabular}
\end{textblock}  

\begin{textblock}{1}(6,10.5)
\begin{tabular}{c}
\includegraphics[scale=0.16]{pics/rman.png}\\[-1mm]
\small you
\end{tabular}
\end{textblock}  

\begin{textblock}{1}(4,5)
  \begin{tikzpicture}[scale=1]
  \draw[white] (0,0.5) node (X) {};
  \draw[white] (5.7,-1) node (Y) {};
  \draw[red, ->, line width = 0.5mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(4,7.9)
  \begin{tikzpicture}[scale=1]
  \draw[white] (0,0) node (X) {};
  \draw[white] (5.7,0) node (Y) {};
  \draw[red, ->, line width = 0.5mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(3.3,9.3)
  \begin{tikzpicture}[scale=1.2]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1.5,-1) node (Y) {};
  \draw[red, <->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \draw[white] (0.9,0.3) node (X1) {};
  \draw[white] (1.9,-1) node (Y1) {};
  \draw[red, <->, line width = 2mm] (X1) -- (Y1);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X1)!.5!(Y1) $) {};
  \end{tikzpicture}
\end{textblock}  

\begin{textblock}{1}(8.6,10.1)
  \begin{tikzpicture}[scale=0.9]
  \draw[white] (0,0) node (X) {};
  \draw[white] (-2,-1) node (Y) {};
  \draw[red, <->, line width = 0.5mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}



\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}My First Webapp\end{tabular}}

{\bf GET request:}\smallskip
\begin{enumerate}
\item read the cookie from client
\item if none is present, set \texttt{visits} to \textcolor{blue}{$0$}
\item if cookie is present, extract \texttt{visits} counter
\item if \texttt{visits} is greater or equal \textcolor{blue}{$10$}, \\
print a valued customer message\\
otherwise just a normal message
\item increase \texttt{visits} by \textcolor{blue}{$1$} and store new cookie with client
\end{enumerate}

  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\mbox{}\\[-9mm]

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinputlisting{../progs/app2.scala}}}

\footnotesize
\begin{itemize}
\item cookie value encoded as hash
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]

\begin{center}
\includegraphics[scale=1.8]{pics/barrier.jpg}
\end{center}

\begin{itemize}
\item data integrity needs to be ensured
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\mbox{}\\[-7mm]

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinputlisting{../progs/app3.scala}}}

\small
\begin{itemize}
\item the counter/hash pair is intended to prevent tampering
\end{itemize}  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}SHA-1\end{tabular}}
  
\begin{itemize}
\item SHA-1 is a cryptographic hash function\\
(MD5, SHA-256, SHA-512, \ldots) 
\item message $\rightarrow$ digest
\item attacks exist: $2^{80} \rightarrow 2^{61}$ \bigskip\pause
\item but dictionary attacks are much more effective for extracting passwords (later)
\end{itemize}  
  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\mbox{}\\[-9mm]

{\lstset{language=Scala}\fontsize{8}{10}\selectfont
\texttt{\lstinputlisting{../progs/app4.scala}}}

\begin{textblock}{1}(9,1)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{\small should be random}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\begin{textblock}{1}(6.6,5.1)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (1,-1) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:{}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Unix Passwords\end{tabular}}

\begin{itemize}
\item passwords must \alert{\bf not} be stored in clear text
\item instead \texttt{/etc/shadow} contains
\end{itemize}

{\small
\texttt{name:\$1\$QIGCa\$/ruJs8AvmrknzKTzM2TYE.:other\_info}
}

\begin{itemize}
\item \texttt{\$} is separator
\item \texttt{1} is MD5 (actually SHA-512 is used nowadays, \texttt{6})
\item \texttt{QIGCa} is salt
\item \texttt{ruJs8AvmrknzKTzM2TYE} $\rightarrow$ password + salt
\end{itemize}

\textcolor{gray}{\small
(\texttt{openssl passwd -1 -salt QIGCa pippo})
}
% Unix password
% http://ubuntuforums.org/showthread.php?p=5318038

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Plain-Text Passwords\end{tabular}}

\pause
\small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:}


\begin{itemize}
\item IEEE is a standards organisation (not-for-profit) 
\item many standards in CS are by IEEE\medskip
\item 100k plain-text passwords were recorded in logs
\item the logs were openly accessible on their FTP server
\end{itemize}\bigskip

\begin{flushright}\small
\textcolor{gray}{\url{http://ieeelog.com}}
\end{flushright}

\only<3->{
\begin{textblock}{11}(3,2)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{7.5cm}\raggedright\small
\includegraphics[scale=0.6]{pics/IEEElog.jpg}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Other Password Blunders\end{tabular}}


\begin{itemize}
\item in late 2009, when an SQL injection attack against online games 
service RockYou.com exposed 32 million \alert{plaintext} passwords

\item  1.3 million Gawker credentials exposed in December 2010 containing 
unsalted(?) \alert{MD5} hashes

\item June 6th, 2012, 6 million unsalted SHA-1 passwords were leaked from linkedIn
% linkedIn password
% http://erratasec.blogspot.co.uk/2012/06/confirmed-linkedin-6mil-password-dump.html
\end{itemize}\medskip

\small
(web user maintains 25 separate accounts but uses just 6.5 passwords.)

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%For instance, SHA512crypt, which is included in Mac OS X and most Unix-based operating systems, passes text through 5,000 iterations, a %hurdle that would have limited Gosney to slightly less than 2,600 guesses per second. The Bcrypt algorithm is even more computationally %expensive, in large part because it subjects text to multiple iterations of the Blowfish cipher that was deliberately modified to increase the %time required to generate a hash. PBKDF2, a function built into Microsoft's .Net software developer framework, offers similar benefits.


% rainbow tables
% http://en.wikipedia.org/wiki/Rainbow_table



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Brute Forcing Passwords\end{tabular}}

\begin{itemize}
\item How fast can hackers crack SHA-1 passwords? \pause

\item The answer is 2 billion attempts per second\\ 
using a Radeon HD 7970
\end{itemize}

\begin{center}
\begin{tabular}{@ {\hspace{-12mm}}rl}
password length & time\smallskip\\\hline
5 letters & 5 secs\\
6 letters & 500 secs\\
7 letters & 13 hours\\
8 letters & 57 days\\
9 letters & 15 years\\
\end{tabular}
\end{center}

\small
5 letters $\approx$ 100$^5$ $=$ 10 billion combinations\\ 
(1 letter - upper case, lower case, digits, symbols $\approx$ 100)

\only<2->{
\begin{textblock}{1}(12,5)
\begin{tabular}{c}
\includegraphics[scale=0.3]{pics/radeon.jpg}\\[-6mm]
\footnotesize graphics card\\[-1mm]
\footnotesize ca.~\pounds{}300
\end{tabular}
\end{textblock}}



\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Passwords\end{tabular}}

How to recover from a breakin?\pause\medskip

\begin{itemize}
\item Do not send passwords in plain text.
\item Security questions are tricky to get right.
\item QQ (Chinese Skype) authenticates you via contacts.
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}This Course\end{tabular}}

\begin{itemize}
\item break-ins (buffer overflows)
\item access control\\ (role based, data security / data integrity)
\item electronic voting
\item protocols (specification)
\item access control logic
\item privacy
\begin{quote}
Scott McNealy: \\``You have zero privacy anyway. Get over it.''
\end{quote}
\item zero-knowledge proofs
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}

Can you track a user {\bf without}:

\begin{itemize}
\item Cookies
\item Javascript
\item LocalStorage/SessionStorage/GlobalStorage
\item Flash, Java or other plugins
\item Your IP address or user agent string
\item Any methods employed by Panopticlick\\
\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
\end{itemize}

Even when you disabled cookies entirely, have Javascript turned off and use a VPN service.\\\pause
And numerous sites already use it.

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Web-Protocol\end{tabular}}

\only<1->{
\begin{textblock}{1}(2,2)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{pics/firefox.jpg}};
  \end{tikzpicture}
\end{textblock}}

\only<1->{
\begin{textblock}{1}(11,2)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{pics/servers.png}};
  \end{tikzpicture}
\end{textblock}}

\only<1->{
\begin{textblock}{1}(5,2.5)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<2->{
\begin{textblock}{1}(5,6)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
   \node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<3->{
\begin{textblock}{1}(4.2,11)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, ->, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\only<4->{
\begin{textblock}{1}(4.2,13.9)
  \begin{tikzpicture}[scale=1.3]
  \draw[white] (0,0) node (X) {};
  \draw[white] (3,0) node (Y) {};
  \draw[red, <-, line width = 2mm] (X) -- (Y);
  \node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
  \end{tikzpicture}
\end{textblock}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Books + Homework\end{tabular}}

\begin{itemize}
\item There is no single book I am following
\begin{center}
\includegraphics[scale=0.012]{pics/andersonbook1.jpg}
\includegraphics[scale=0.23]{pics/accesscontrolbook.jpg}
\end{center}\medskip\pause

\item The question ``Is this relevant for the exams'' is not appreciated!\medskip\\

Whatever is in the homework sheets (and is not marked optional) is relevant for the
exam. No code needs to be written.
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Take-Home Points\end{tabular}}

\begin{itemize}
\item Never store passwords in plain text.\medskip
\item Always salt your hashes!\medskip
\item Use an existing crypto algorithm; do not write your own!\medskip
\item Make the party responsible for losses, who is in the position to improve things.
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


\end{document}

%%% Local Variables:  
%%% mode: xelatex
%%% TeX-master: t
%%% End: