\documentclass[dvipsnames,14pt,t]{beamer}
\usepackage{../slides}
\usepackage{../langs}
\usepackage{../graphics}
\usepackage{../data}
\usepackage{../grammar}
% beamer stuff
\renewcommand{\slidecaption}{APP 10, King's College London}
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
\begin{document}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{%
\begin{tabular}{@ {}c@ {}}
\\
\LARGE Access Control and \\[-3mm]
\LARGE Privacy Policies (10)\\[-6mm]
\end{tabular}}\bigskip\bigskip\bigskip
\normalsize
\begin{center}
\begin{tabular}{ll}
Email: & christian.urban at kcl.ac.uk\\
Office: & S1.27 (1st floor Strand Building)\\
Slides: & KEATS (also homework is there)\\
\end{tabular}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\begin{tabular}{c}\mbox{}\\[20mm]\Huge Revision\end{tabular}}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Security Engineering}
\begin{center}
\begin{tabular}{cc}
\raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} &
\includegraphics[scale=0.31]{../pics/airbus.jpg}\\
\small Wright brothers, 1901 & \small Airbus, 2005 \\
\end{tabular}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{1st Lecture}
\begin{itemize}
\item chip-and-pin, banks vs.~customers
\begin{quote}\small\rm
the one who can improve security should also be
liable for the losses
\end{quote}\pause\bigskip
\item hashes and salts to guarantee data integrity\medskip
\item storing passwords (you should know the difference between
brute force attacks and dictionary attacks; how do salts help?)
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{1st Lecture: Cookies}
\begin{itemize}
\item good uses of cookies?\medskip
\item bad uses of cookies: snooping, tracking, profiling\ldots
the ``disadvantage'' is that the user is in
\alert{control}, because you can delete them
\begin{center} ``Please track me using cookies.''
\end{center}\bigskip\pause
\item fingerprinting beyond browser cookies
\begin{quote}\small\rm
Pixel Perfect: Fingerprinting Canvas in HTML5\\
(a research paper from 2012)\\
\footnotesize
\url{http://cseweb.ucsd.edu/~hovav/papers/ms12.html}
\end{quote}
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{1st Lecture: Cookies}
\begin{itemize}
\item a bit of JavaScript and HTML5 + canvas\medskip
\begin{center}
\begin{tabular}{cc}
Firefox & Safari\\
\includegraphics[scale=0.31]{../pics/firefox1.png} &
\includegraphics[scale=0.31]{../pics/safari1.png} \\
\tiny
\pcode{55b2257ad0f20ecbf927fb66a15c61981f7ed8fc} &
\tiny
\pcode{17bc79f8111e345f572a4f87d6cd780b445625d3}
\end{tabular}
\end{center}\bigskip
\item\small no actual drawing needed\pause
\item\small in May 2014 a crawl of 100,000 popular
webpages revealed 5.5\% already use canvas
fingerprinting\smallskip
\begin{center}\scriptsize
\url{https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf}
\end{center}
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{1st Lecture: Cookies}
Remember the small web-app I showed where a cookie
protected a counter\bigskip
\begin{itemize}
\item NYT, the cookie looks the ``resource'' - harm\medskip
\item imaginary discount unlocked by cookie - no harm
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{2nd Lecture: E-Voting}
Where are paper ballots better than voice voting?\bigskip
\begin{itemize}
\item Integrity
\item \alert{Ballot Secrecy}
\item Voter Authentication
\item Enfranchisement
\item Availability
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{2nd Lecture: E-Voting}
\begin{itemize}
\item (two weeks ago) an Australian parliamentary committee
found: e-voting is highly vulnerable to hacking and Australia
will not use it any time soon\bigskip\pause
\item Alex Halderman, Washington D.C.~hack
\begin{center}
\scriptsize
\url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf}
\end{center}\medskip
\item PDF-ballot tampering at the wireless router (the modification
is nearly undetectable and leaves no traces; MITM attack with firmware
updating)
\begin{center}
\scriptsize
\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf}
\end{center}
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\tikzset{alt/.code args={<#1>#2#3#4}{%
\alt<#1>{\pgfkeysalso{#2}}{\pgfkeysalso{#3}} % \pgfkeysalso doesn't change the path
}}
\begin{frame}[t]
\frametitle{\begin{tabular}{c}3rd Lecture:\\ Buffer Overflow Attacks\end{tabular}}
\begin{itemize}
\item the problem arises from the way C/C++ organises its function calls\\[-8mm]\mbox{}
\end{itemize}
\begin{center}
\begin{tikzpicture}[scale=1]
%\draw[black!10,step=2mm] (0,0) grid (9,4);
%\draw[black!10,thick,step=10mm] (0,0) grid (9,4);
\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
\draw[line width=0mm, white, alt=<9->{fill=red}{fill=blue}] (0,0.2) rectangle (1,0.5);
\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
\draw[line width=1mm, alt=<6->{fill=red}{fill=blue}] (0,1.0) rectangle (1,2.0);
\draw[line width=1mm, alt=<7->{fill=yellow}{fill=blue}] (0,0.5) rectangle (1,1.0);
\draw[line width=1mm] (0,0) -- (0,4);
\draw[line width=1mm] (1,0) -- (1,4);
\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
\draw[line width=1mm, alt=<{4-5,8}>{fill=red}{fill=blue}] (3,1.0) rectangle (4,3.0);
\onslide<3-4>{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
\onslide<5>{\draw[<-, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {res=24} (3,1);}
\onslide<7-8>{\draw[->, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {n=3} (3,3);}
\onslide<9>{\draw[<-, line width=1mm,red] (1,0.8) to node [above,sloped,midway] {res=6} (3,1);}
\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
\draw[line width=1mm] (7,3.5) -- (7,0.5) -- (8.5,0.5) -- (8.5,3.5);
\onslide<3,4,7,8>{
\node at (7.75, 1.4) {ret};
\draw[line width=1mm] (7,1.1) -- (8.5,1.1);
\node at (7.75, 2.0) {sp};
\draw[line width=1mm] (7,2.3) -- (8.5,2.3);
}
\onslide<3,4>{
\node at (7.75, 0.8) {4};
\draw[line width=1mm] (7,1.7) -- (8.5,1.7);
}
\onslide<7,8>{
\node at (7.75, 0.8) {3};
\draw[line width=1mm] (7,1.7) -- (8.5,1.7);
}
\end{tikzpicture}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\begin{center}
\begin{tikzpicture}[scale=1]
%\draw[black!10,step=2mm] (0,0) grid (9,4);
%\draw[black!10,thick,step=10mm] (0,0) grid (9,4);
\node at (0.5,4.5) {\small\begin{tabular}{l}main\\[-2mm] prog.\end{tabular}};
\draw[line width=0mm, white, alt=<2->{fill=red}{fill=blue}] (0,2.5) rectangle (1,3.8);
\draw[line width=1mm, white, fill=blue] (0,1.0) rectangle (1,2.0);
\draw[line width=1mm, alt=<3->{fill=yellow}{fill=blue}] (0,2.0) rectangle (1,2.5);
\draw[line width=1mm] (0,0) -- (0,4);
\draw[line width=1mm] (1,0) -- (1,4);
\node at (3.5,3.5) {\small\begin{tabular}{l}fact(n)\end{tabular}};
\draw[line width=0mm, alt=<{4-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,3.0);
\draw[line width=0mm, alt=<{5-}>{red, fill=red}{blue, fill=blue}] (3,2.8) rectangle (4,2.0);
\draw[line width=0mm, alt=<{7-}>{red, fill=red}{blue, fill=blue}] (3,2.0) rectangle (4,1.0);
\draw[line width=1mm] (3,1.0) rectangle (4,3.0);
\onslide<3->{\draw[->, line width=1mm,red] (1,2.3) to node [above,sloped,midway] {n=4} (3,3);}
\onslide<5->{\draw[<-, line width=2mm,red] (4,2) to node [above,sloped,midway]
{\begin{tabular}{l}user\\[-1mm] input\end{tabular}} (6,2);}
\onslide<8->{\draw[<-, line width=1mm,red] (1,-2) to (3,1);}
\node at (7.75,3.9) {\small\begin{tabular}{l}stack\end{tabular}};
\draw[line width=1mm] (7,3.5) -- (7,-0.1) -- (8.5,-0.1) -- (8.5,3.5);
\onslide<3->{
\node at (7.75, 0.2) {4};
\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,0.5) rectangle (8.5,1.1);
\node at (7.75, 0.8) {\alt<6->{@a\#}{ret}};
\draw[line width=1mm,alt=<6->{fill=red}{fill=white}] (7,1.1) rectangle (8.5,1.7);
\node at (7.75, 1.4) {\alt<6->{!?w;}sp};
}
\onslide<4->{
\draw[line width=1mm,fill=red] (7,1.7) rectangle (8.5,3.0);
\node[white] at (7.75, 2.4) {buffer};
}
\end{tikzpicture}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{\begin{tabular}{c}3rd Lecture:\\[-3mm]
Buffer Overflow Attacks\end{tabular}}
US National Vulnerability Database\\
\small(636 out of 6675 in 2014)
\begin{center}
\begin{tikzpicture}
\begin{axis}[
xlabel={year},
ylabel={\% of total attacks},
ylabel style={yshift=0em},
enlargelimits=false,
xtick={1997,1998,2000,...,2014},
xmin=1996.5,
xmax=2015,
ymax=21,
ytick={0,5,...,20},
scaled ticks=false,
axis lines=left,
width=11cm,
height=5cm,
ybar,
nodes near coords=
{\footnotesize
$\pgfmathprintnumber[fixed,fixed zerofill,precision=1,use comma]{\pgfkeysvalueof{/data point/y}}$},
x tick label style={font=\scriptsize,/pgf/number format/1000 sep={}}]
\addplot
table [x=Year,y=Percentage] {bufferoverflows.data};
\end{axis}
\end{tikzpicture}
\end{center}
\scriptsize
\url{http://web.nvd.nist.gov/view/vuln/statistics}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{\begin{tabular}{c}4rd Lecture:\\ Unix Access Control\end{tabular}}
\begin{itemize}
\item privileges are specified by file access permissions (``everything is a file'')
\end{itemize}\medskip
\begin{center}
\begin{tikzpicture}[scale=1]
\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
\draw (4.7,1) node {Internet};
\draw (-2.7,1.7) node {\footnotesize Application};
\draw (0.6,1.7) node {\footnotesize Interface};
\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
\draw[white] (1.7,1) node (X) {};
\draw[white] (3.7,1) node (Y) {};
\draw[red, <->, line width = 2mm] (X) -- (Y);
\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
\end{tikzpicture}
\end{center}
\begin{itemize}
\item the idea is to make the attack surface smaller and
mitigate the consequences of an attack
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[fragile,t]
\frametitle{\begin{tabular}{c}4rd Lecture:\\ Unix Access Control\end{tabular}}
\begin{itemize}
\item when a file with setuid is executed, the resulting process will assume the
UID given to the owner of the file
\end{itemize}
\footnotesize\tt
\begin{center}
\begin{verbatim}
$ ls -ld . * */*
drwxr-xr-x 1 ping staff 32768 Apr 2 2010 .
-rw----r-- 1 ping students 31359 Jul 24 2011 manual.txt
-r--rw--w- 1 bob students 4359 Jul 24 2011 report.txt
-rwsr--r-x 1 bob students 141359 Jun 1 2013 microedit
dr--r-xr-x 1 bob staff 32768 Jul 23 2011 src
-rw-r--r-- 1 bob staff 81359 Feb 28 2012 src/code.c
-r--rw---- 1 emma students 959 Jan 23 2012 src/code.h
\end{verbatim}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{\begin{tabular}{c}4rd Lecture:\\ Unix Access Control\end{tabular}}
\begin{itemize}
\item Alice wants to have her files readable,
\alert{except} for her office mates.
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{5rd Lecture: Protocols}
Simple Challenge Response\\
(solving the replay problem):
\begin{center}
\begin{tabular}{lll}
\bl{$A \rightarrow B:$} & \bl{Hi I am A}\\
\bl{$B \rightarrow A:$} & \bl{$N$} & (challenge)\\
\bl{$A \rightarrow B:$} & \bl{$\{N\}_{K_{AB}}$}\\
\end{tabular}
\end{center}\pause
Mutual Challenge Response:
\begin{center}
\begin{tabular}{ll}
\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
\end{tabular}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{5rd Lecture: Protocols}
A car-transponder protocol:
\begin{enumerate}
\item \bl{$C$} generates a random number \bl{$N$}
\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
\item \bl{$C \to T$}: \bl{$N, F$}
\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
\item \bl{$T$} checks that \bl{$F = F'$}
\item \bl{$T \to C$}: \bl{$N, G'$}
\item \bl{$C$} checks that \bl{$G = G'$}
\end{enumerate}
Authentication: \bl{$T \to C$}, \bl{$C \to T$}?
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{5rd Lecture: Protocols}
The interlock protocol (``best bet'' against MITM):
\begin{center}
\begin{tabular}{ll@{\hspace{2mm}}l}
1. & \bl{$A \to B :$} & \bl{$K^{pub}_A$}\\
2. & \bl{$B \to A :$} & \bl{$K^{pub}_B$}\\
3. & & \bl{$\{A,m\}_{K^{pub}_B} \;\mapsto\; H_1,H_2$}\\
& & \bl{$\{B,m'\}_{K^{pub}_A} \;\mapsto\; M_1,M_2$}\\
4. & \bl{$A \to B :$} & \bl{$H_1$}\\
5. & \bl{$B \to A :$} & \bl{$\{H_1, M_1\}_{K^{pub}_A}$}\\
6. & \bl{$A \to B :$} & \bl{$\{H_2, M_1\}_{K^{pub}_B}$}\\
7. & \bl{$B \to A :$} & \bl{$M_2$}
\end{tabular}
\end{center}\pause
\footnotesize
\bl{$m$} = How is your grandmother? \bl{$m'$} = How is the
weather today in London?
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Access Control Logic}
Ross Anderson about the use of Logic:\bigskip
\begin{quote}\rm
``Formal methods can be an excellent way of finding
bugs in security protocol designs as they force the designer
to make everything explicit and thus confront difficult design
choices that might otherwise be fudged.''
\end{quote}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Access Control Logic}
\begin{center}
\begin{tabular}[t]{rcl@ {\hspace{10mm}}l}
\bl{$F$} & \bl{$::=$} & \bl{$\textit{true}$}\\
& \bl{$|$} & \bl{$\textit{false}$}\\
& \bl{$|$} & \bl{$a(t_1,\ldots,t_n)$}\\
& \bl{$|$} & \bl{$F_1 \wedge F_2$}\\
& \bl{$|$} & \bl{$F_1 \vee F_2$}\\
& \bl{$|$} & \bl{$F_1 \Rightarrow F_2$}\\
& \bl{$|$} & \alert{$P\;\textit{says}\; F$}\\
\end{tabular}
\end{center}
where \bl{$P = Alice, Bob, Christian$}
\begin{itemize}
\item \bl{$HoD\;\textit{says}\;\textit{is\_staff}(Christian)$}
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Access Control Logic}
\ldots can be used for answering the following questions:
\begin{itemize}
\item To what conclusions does this protocol come?
\item What assumptions are needed for this protocol?
\item Does the protocol uses unnecessary actions, which can be left out?
\item Does the protocol encrypt anything which could be sent in plain, without
weakening the security?
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{5th Lecture: Protocols}
An article in The Guardian from 2013 reveals how GCHQ and the
NSA at a G20 Summit in 2009 sniffed emails from Internet
cafes, monitored phone calls from delegates and attempted to
listen on phone calls which were made by Russians and which
were transmitted via satellite links:
\begin{center}
\small
\url{http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\begin{tabular}{c}6th Lecture:\\[-2mm] Zero-Knowledge Proofs\end{tabular}}
\begin{center}
\addtolength{\fboxsep}{4mm}
\fbox{\includegraphics[scale=0.3]{../pics/Dismantling_Megamos_Crypto.png}}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{7th Lecture: Privacy}
\begin{itemize}
\item de-anonymisation attacks\\ (Netflix, DNA databases, \ldots)
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{7th Lecture: Privacy}
\begin{itemize}
\item differential privacy for anonymising research data
\begin{center}
User\;\;\;\;
\begin{tabular}{c}
tell me \bl{$f(x)$} $\Rightarrow$\\
$\Leftarrow$ \bl{$f(x) + \text{noise}$}
\end{tabular}
\;\;\;\;\begin{tabular}{@{}c}
Database\\
\bl{$x_1, \ldots, x_n$}
\end{tabular}
\end{center}
\item \bl{$f(x)$} can be released, if \bl{$f$} is insensitive to
individual entries \bl{$x_1, \ldots, x_n$}\\
\item The intuition: whatever is learned from the dataset would be learned regardless of whether
\bl{$x_i$} participates\bigskip\pause
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{8th Lecture: Bitcoins}
\begin{itemize}
\item conclusion: not anonymous, not free from (potential) government
interference\bigskip\bigskip
\item The department has large labs full
of computers that are pretty much idle over night. Why
is it a bad idea to let them mine for Bitcoins?\bigskip\pause
\item other cryptocurrencies (Litecoins,\ldots)
\begin{center}\small
\url{http://en.wikipedia.org/wiki/Cryptocurrency}
\end{center}
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{9th Lecture: Static Analysis}
\begin{itemize}
\item more principled way of writing software
\item testing can show the presence of bugs, but not their
absence\bigskip
\item ``A good attack is one that the engineers never even thought
about.'' ---Bruce Schneier
\end{itemize}
\begin{center}
\includegraphics[scale=1]{../pics/barrier.jpg}
\end{center}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{9th Lecture}
\begin{itemize}
\item model checking\medskip
\item program logics (Hoare logics, separation logic)\medskip
\item specifications / correctness proofs
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Further Reading}
\begin{itemize}
\item Risks mailing list
\begin{center}\small
\url{http://catless.ncl.ac.uk/Risks}
\end{center}
\item Crypto-Gram
\begin{center}\small
\url{https://www.schneier.com/crypto-gram.html}
\end{center}
\item Light blue touchpaper
\begin{center}\small
\url{https://www.lightbluetouchpaper.org}
\end{center}
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\begin{itemize}
\item you can still send me your hws\bigskip
\item projects
\end{itemize}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\end{document}
%%% Local Variables:
%%% mode: latex
%%% TeX-master: t
%%% End: