\documentclass[dvipsnames,14pt,t]{beamer}
\usepackage{proof}
\usepackage{beamerthemeplaincu}
%\usepackage[T1]{fontenc}
%\usepackage[latin1]{inputenc}
\usepackage{mathpartir}
\usepackage{isabelle}
\usepackage{isabellesym}
\usepackage[absolute,overlay]{textpos}
\usepackage{ifthen}
\usepackage{tikz}
\usepackage{courier}
\usepackage{listings}
\usetikzlibrary{arrows}
\usetikzlibrary{positioning}
\usetikzlibrary{calc}
\usepackage{graphicx}
\usetikzlibrary{shapes}
\usetikzlibrary{shadows}
\usetikzlibrary{plotmarks}
\isabellestyle{rm}
\renewcommand{\isastyle}{\rm}%
\renewcommand{\isastyleminor}{\rm}%
\renewcommand{\isastylescript}{\footnotesize\rm\slshape}%
\renewcommand{\isatagproof}{}
\renewcommand{\endisatagproof}{}
\renewcommand{\isamarkupcmt}[1]{#1}
\newcommand{\isaliteral}[1]{}
\newcommand{\isactrlisub}[1]{\emph{\isascriptstyle${}\sb{#1}$}}
% Isabelle characters
\renewcommand{\isacharunderscore}{\_}
\renewcommand{\isacharbar}{\isamath{\mid}}
\renewcommand{\isasymiota}{}
\renewcommand{\isacharbraceleft}{\{}
\renewcommand{\isacharbraceright}{\}}
\renewcommand{\isacharless}{$\langle$}
\renewcommand{\isachargreater}{$\rangle$}
\renewcommand{\isasymsharp}{\isamath{\#}}
\renewcommand{\isasymdots}{\isamath{...}}
\renewcommand{\isasymbullet}{\act}
\definecolor{javared}{rgb}{0.6,0,0} % for strings
\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
\lstset{language=Java,
basicstyle=\ttfamily,
keywordstyle=\color{javapurple}\bfseries,
stringstyle=\color{javagreen},
commentstyle=\color{javagreen},
morecomment=[s][\color{javadocblue}]{/**}{*/},
numbers=left,
numberstyle=\tiny\color{black},
stepnumber=1,
numbersep=10pt,
tabsize=2,
showspaces=false,
showstringspaces=false}
\lstdefinelanguage{scala}{
morekeywords={abstract,case,catch,class,def,%
do,else,extends,false,final,finally,%
for,if,implicit,import,match,mixin,%
new,null,object,override,package,%
private,protected,requires,return,sealed,%
super,this,throw,trait,true,try,%
type,val,var,while,with,yield},
otherkeywords={=>,<-,<\%,<:,>:,\#,@},
sensitive=true,
morecomment=[l]{//},
morecomment=[n]{/*}{*/},
morestring=[b]",
morestring=[b]',
morestring=[b]"""
}
\lstset{language=Scala,
basicstyle=\ttfamily,
keywordstyle=\color{javapurple}\bfseries,
stringstyle=\color{javagreen},
commentstyle=\color{javagreen},
morecomment=[s][\color{javadocblue}]{/**}{*/},
numbers=left,
numberstyle=\tiny\color{black},
stepnumber=1,
numbersep=10pt,
tabsize=2,
showspaces=false,
showstringspaces=false}
% beamer stuff
\renewcommand{\slidecaption}{APP 07, King's College London, 19 November 2013}
\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% for definitions
\newcommand{\bl}[1]{\textcolor{blue}{#1}}
\begin{document}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}<1>[t]
\frametitle{%
\begin{tabular}{@ {}c@ {}}
\\
\LARGE Access Control and \\[-3mm]
\LARGE Privacy Policies (7)\\[-6mm]
\end{tabular}}\bigskip\bigskip\bigskip
%\begin{center}
%\includegraphics[scale=1.3]{pics/barrier.jpg}
%\end{center}
\normalsize
\begin{center}
\begin{tabular}{ll}
Email: & christian.urban at kcl.ac.uk\\
Office: & S1.27 (1st floor Strand Building)\\
Slides: & KEATS (also homework is there)\\
\end{tabular}
\end{center}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{}
Recall the following scenario:
\begin{itemize}
\item If \textcolor{blue}{Admin} says that \textcolor{blue}{\isa{file}}
should be deleted, then this file must be deleted.
\item \textcolor{blue}{Admin} trusts \textcolor{blue}{Bob} to decide whether
\textcolor{blue}{\isa{file}} should be deleted (delegation).
\item \textcolor{blue}{Bob} wants to delete \textcolor{blue}{\isa{file}}.
\end{itemize}\bigskip
\small
\textcolor{blue}{\isa{{\isaliteral{5C3C47616D6D613E}{\isasymGamma}}\ {\isaliteral{3D}{\isacharequal}}}\small\begin{tabular}{l}
\isa{{\isaliteral{28}{\isacharparenleft}}Admin\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}},\\
\isa{{\isaliteral{28}{\isacharparenleft}}Admin\ says\ {\isaliteral{28}{\isacharparenleft}}{\isaliteral{28}{\isacharparenleft}}Bob\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}\ {\isaliteral{5C3C52696768746172726F773E}{\isasymRightarrow}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}{\isaliteral{29}{\isacharparenright}}{\isaliteral{29}{\isacharparenright}}},\\
\isa{Bob\ says\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}}\\
\end{tabular}}\medskip
\textcolor{blue}{\isa{{\isaliteral{5C3C47616D6D613E}{\isasymGamma}}\ {\isaliteral{5C3C7475726E7374696C653E}{\isasymturnstile}}\ del{\isaliteral{5F}{\isacharunderscore}}file\isaliteral{5C3C5E697375623E}{}}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {\hspace{-2mm}}c@ {}}The Access Control Problem\end{tabular}}
\begin{center}
\begin{tikzpicture}[scale=1]
\draw[line width=1mm] (-.3, -0.5) rectangle (1.5,2);
\draw (-2.7,1) node {\begin{tabular}{l}access\\request\\ (\bl{$F$})\end{tabular}};
\draw (4.2,1) node {\begin{tabular}{l}provable/\\not provable\end{tabular}};
\draw (0.6,0.8) node {\footnotesize \begin{tabular}{l}AC-\\ Checker:\\ applies\\ inference\\ rules\end{tabular}};
\draw[red, ->, line width = 2mm] (1.7,1) -- (2.7,1);
\draw[red,<-, line width = 2mm] (-0.6,1) -- (-1.6,1);
\draw[red, <-, line width = 3mm] (0.6,2.2) -- (0.6,3.2);
\draw (0.6,4) node {\begin{tabular}{l}\large Access Policy (\boldmath\bl{$\Gamma$})\end{tabular}};
\end{tikzpicture}
\end{center}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\begin{itemize}
\item \bl{$P \,\text{says}\, F$} means \bl{$P$} can send a ``signal'' \bl{$F$} through a wire, or
can make a ``statement'' \bl{$F$}\bigskip\pause
\item \bl{$P$} is entitled to do \bl{$F$}\smallskip\\
\bl{$P \,\text{controls}\, F \,\dn\, (P\,\text{says}\, F) \Rightarrow F$}\medskip
\begin{center}
\bl{\infer{\Gamma \vdash F}{\Gamma \vdash P\,\text{controls}\, F & \Gamma \vdash P\,\text{says}\,F}}
\end{center}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Security Levels}
\small
\begin{itemize}
\item Top secret (\bl{$T\!S$})
\item Secret (\bl{$S$})
\item Public (\bl{$P$})
\end{itemize}
\begin{center}
\bl{$slev(P) < slev(S) < slev(T\!S)$}\pause
\end{center}
\begin{itemize}
\item Bob has a clearance for ``secret''
\item Bob can read documents that are public or sectret, but not top secret
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Reading a File}
\bl{\begin{center}
\begin{tabular}{c}
\begin{tabular}{@ {}l@ {}}
\only<2->{\textcolor{red}{$slev($File$)$ $<$ $slev($Bob$)$ $\Rightarrow$}}\\
\only<2->{\hspace{3cm}}Bob controls Permitted $($File, read$)$\\
Bob says Permitted $($File, read$)$\only<2->{\\}
\only<2>{\textcolor{red}{$slev($File$)$ $<$ $slev($Bob$)$}}%
\only<3>{\textcolor{red}{$slev($File$)$ $=$ $P$}\\}%
\only<3>{\textcolor{red}{$slev($Bob$)$ $=$ $S$}\\}%
\only<3>{\textcolor{red}{$slev(P)$ $<$ $slev(S)$}\\}%
\end{tabular}\\
\hline
Permitted $($File, read$)$
\end{tabular}
\end{center}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Substitution Rule}
\small
\bl{\begin{center}
\begin{tabular}{c}
$\Gamma \vdash slev(P) = l_1$ \hspace{4mm} $\Gamma \vdash slev(Q) = l_2$
\hspace{4mm} $\Gamma \vdash l_1 < l_2$\\\hline
$\Gamma \vdash slev(P) < slev(Q)$
\end{tabular}
\end{center}}\bigskip\pause
\begin{itemize}
\item \bl{$slev($Bob$)$ $=$ $S$}
\item \bl{$slev($File$)$ $=$ $P$}
\item \bl{$slev(P) < slev(S)$}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Reading a File}
\bl{\begin{center}
\begin{tabular}{c}
\begin{tabular}{@ {}l@ {}}
$slev($File$)$ $<$ $slev($Bob$)$ $\Rightarrow$\\
\hspace{3cm}Bob controls Permitted $($File, read$)$\\
Bob says Permitted $($File, read$)$\\
$slev($File$)$ $=$ $P$\\
$slev($Bob$)$ $=$ $T\!S$\\
\only<1>{\textcolor{red}{$?$}}%
\only<2>{\textcolor{red}{$slev(P) < slev(S)$}\\}%
\only<2>{\textcolor{red}{$slev(S) < slev(T\!S)$}}%
\end{tabular}\\
\hline
Permitted $($File, read$)$
\end{tabular}
\end{center}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Transitivity Rule}
\small
\bl{\begin{center}
\begin{tabular}{c}
$\Gamma \vdash l_1 < l_2$
\hspace{4mm} $\Gamma \vdash l_2 < l_3$\\\hline
$\Gamma \vdash l_1 < l_3$
\end{tabular}
\end{center}}\bigskip
\begin{itemize}
\item \bl{$slev(P) < slev (S)$}
\item \bl{$slev(S) < slev (T\!S)$}
\item[] \bl{$slev(P) < slev (T\!S)$}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Reading Files}
\begin{itemize}
\item Access policy for Bob for reading
\end{itemize}
\bl{\begin{center}
\begin{tabular}{c}
\begin{tabular}{@ {}l@ {}}
$\forall f.\;slev(f)$ \only<1>{$<$}\only<2>{\textcolor{red}{$\le$}} $slev($Bob$)$ $\Rightarrow$\\
\hspace{3cm}Bob controls Permitted $(f$, read$)$\\
Bob says Permitted $($File, read$)$\\
$slev($File$)$ $=$ \only<1>{$P$}\only<2>{\textcolor{red}{$T\!S$}}\\
$slev($Bob$)$ $=$ $T\!S$\\
$slev(P) < slev(S)$\\
$slev(S) < slev(T\!S)$
\end{tabular}\\
\hline
Permitted $($File, read$)$
\end{tabular}
\end{center}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Writing Files}
\begin{itemize}
\item Access policy for Bob for {\bf writing}
\end{itemize}
\bl{\begin{center}
\begin{tabular}{c}
\begin{tabular}{@ {}l@ {}}
$\forall f.\;slev($Bob$)$ $\le$ $slev(f)$ $\Rightarrow$\\
\hspace{3cm}Bob controls Permitted $(f$, write$)$\\
Bob says Permitted $($File, write$)$\\
$slev($File$)$ $=$ $T\!S$\\
$slev($Bob$)$ $=$ $S$\\
$slev(P) < slev(S)$\\
$slev(S) < slev(T\!S)$
\end{tabular}\\
\hline
Permitted $($File, write$)$
\end{tabular}
\end{center}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Encrypted Messages}
\begin{itemize}
\item Alice sends a message \bl{$m$}
\begin{center}
\bl{Alice says $m$}
\end{center}\medskip\pause
\item Alice sends an encrypted message \bl{$m$}\\ (with key \bl{$K$})
\begin{center}
\bl{Alice says $\{m\}_K$}
\end{center}\medskip\pause
\item Decryption of Alice's message\smallskip
\begin{center}
\bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;m}
{\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_K & \Gamma \vdash \text{Alice}\,\text{says}\,K}}}
\end{center}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Encryption}
\begin{itemize}
\item Encryption of a message\smallskip
\begin{center}
\bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_K}
{\Gamma \vdash \text{Alice}\;\text{says}\;m & \Gamma \vdash \text{Alice}\,\text{says}\,K}}}
\end{center}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Trusted Third Party}
Simple protocol for establishing a secure connection via a mutually
trusted 3rd party (server):
\begin{center}
\begin{tabular}{@ {\hspace{-7mm}}l@{\hspace{2mm}}r@ {\hspace{1mm}}l}
Message 1 & \bl{$A \rightarrow S :$} & \bl{$A, B$}\\
Message 2 & \bl{$S \rightarrow A :$} & \bl{$\{K_{AB}\}_{K_{AS}}$} and \bl{$\{\{K_{AB}\}_{K_{BS}} \}_{K_{AS}}$}\\
Message 3 & \bl{$A \rightarrow B :$} & \bl{$\{K_{AB}\}_{K_{BS}} $}\\
Message 4 & \bl{$A \rightarrow B :$} & \bl{$\{m\}_{K_{AB}}$}\\
\end{tabular}
\end{center}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Sending Rule}
\bl{\begin{center}
\mbox{\infer{\Gamma \vdash Q \;\text{says}\; F}
{\Gamma \vdash P \;\text{says}\; F & \Gamma \vdash P \;\text{sends}\; Q : F}}
\end{center}}\bigskip\pause
\bl{$P \,\text{sends}\, Q : F \dn$}\\
\hspace{6mm}\bl{$(P \,\text{says}\, F) \Rightarrow (Q \,\text{says}\, F)$}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Trusted Third Party}
\begin{center}
\bl{\begin{tabular}{l}
$A$ sends $S$ : $\text{Connect}(A,B)$\\
\bl{$S \,\text{says}\, (\text{Connect}(A,B) \Rightarrow$}\\
\hspace{2.5cm}\bl{$\{K_{AB}\}_{K_{AS}} \wedge
\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}})$}\\
$S$ sends $A$ : $\{K_{AB}\}_{K_{AS}}$ \bl{$\wedge$} $\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}}$\\
$A$ sends $B$ : $\{K_{AB}\}_{K_{BS}}$\\
$A$ sends $B$ : $\{m\}_{K_{AB}}$
\end{tabular}}
\end{center}\bigskip\pause
\bl{$\Gamma \vdash B \,\text{says} \, m$}?
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Public/Private Keys}
\begin{itemize}
\item Bob has a private and public key: \bl{$K_{Bob}^{pub}$}, \bl{$K_{Bob}^{priv}$}\bigskip
\begin{center}
\bl{\mbox{\infer{\Gamma \vdash \text{Alice}\;\text{says}\;m}
{\Gamma \vdash \text{Alice}\;\text{says}\;\{m\}_{K_{Bob}^{pub}} &
\Gamma \vdash K_{Bob}^{priv}}}}
\end{center}\bigskip\pause
\item this is {\bf not} a derived rule!
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% \begin{itemize}
% \item Alice calls Sam for a key to communicate with Bob
% \item Sam responds with a key that Alice can read and a key Bob can read (pre-shared)
% \item Alice sends the message encrypted with the key and the second key it recieved
% \end{itemize}\bigskip
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Sending Rule}
\bl{\begin{center}
\mbox{\infer{\Gamma \vdash Q \;\textit{says}\; F}
{\Gamma \vdash P \;\textit{says}\; F & \Gamma \vdash P \;\textit{sends}\; Q : F}}
\end{center}}\bigskip\pause
\bl{$P \,\text{sends}\, Q : F \dn$}\\
\hspace{6mm}\bl{$(P \,\text{says}\, F) \Rightarrow (Q \,\text{says}\, F)$}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Trusted Third Party}
\begin{center}
\bl{\begin{tabular}{l}
$A$ sends $S$ : $\textit{Connect}(A,B)$\\
\bl{$S \,\text{says}\, (\textit{Connect}(A,B) \Rightarrow$}\\
\hspace{2.5cm}\bl{$\{K_{AB}\}_{K_{AS}} \wedge
\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}})$}\\
$S$ sends $A$ : $\{K_{AB}\}_{K_{AS}}$ \bl{$\wedge$} $\{\{K_{AB}\}_{K_{BS}}\}_{K_{AS}}$\\
$A$ sends $B$ : $\{K_{AB}\}_{K_{BS}}$\\
$A$ sends $B$ : $\{m\}_{K_{AB}}$
\end{tabular}}
\end{center}\bigskip\pause
\bl{$\Gamma \vdash B \,\text{says} \, m$}?
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Challenge-Response Protocol}
\begin{itemize}
\item an engine \bl{$E$} and a transponder \bl{$T$} share a key \bl{$K$}\bigskip
\item \bl{$E$} sends out a \alert{nonce} \bl{$N$} (random number) to \bl{$T$}\bigskip
\item \bl{$T$} responds with \bl{$\{N\}_K$}\bigskip
\item if \bl{$E$} receives \bl{$\{N\}_K$} from \bl{$T$}, it starts engine
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Challenge-Response Protocol}
\begin{center}
\bl{\begin{tabular}{l}
$E \;\text{says}\; N$\hfill(start)\\
$E \;\text{sends}\; T : N$\hfill(challenge)\\
$(T \;\text{says}\; N) \Rightarrow (T \;\text{sends}\; E : \{N\}_K \wedge$\\
\hspace{3.5cm} $T \;\text{sends}\; E : \text{Id}(T))$\;\;\;\hfill(response)\\
$T \;\text{says}\; K$\hfill(key)\\
$T \;\text{says}\; \text{Id}(T)$\hfill(identity)\\
$(E \;\text{says}\; \{N\}_K \wedge E \;\text{says}\; \text{Id}(T)) \Rightarrow$\\
\hspace{5cm}$ \text{start\_engine}(T)$\hfill(engine)\\
\end{tabular}}
\end{center}\bigskip
\bl{$\Gamma \vdash \text{start\_engine}(T)$}?
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Exchange of a Fresh Key}
\bl{$A$} and \bl{$B$} share a (``super-secret'') key \bl{$K_{AB}$} and want to share another key
\begin{itemize}
\item assumption \bl{$K_{AB}$} is only known to \bl{$A$} and \bl{$B$}\bigskip
\item \bl{$A \,\text{sends}\, B : A, \{N_A\}_{K_{AB}}$}
\item \bl{$B\,\text{sends}\, A : \{N_A + 1, N_B\}_{K_{AB}}$}
\item \bl{$A \,\text{sends}\, B : \{N_B + 1\}_{K_{AB}}$}
\item \bl{$B \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$}
\item<2> \bl{$A \,\text{sends}\, B : \{msg\}_{K^{new}_{AB}}$}
\end{itemize}\bigskip
Assume \bl{$K^{new}_{AB}$} is compromised by \bl{$I$}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{The Attack}
An intruder \bl{$I$} convinces \bl{$A$} to accept the compromised key \bl{$K^{new}_{AB}$}\medskip
\begin{minipage}{1.1\textwidth}
\begin{itemize}
\item \bl{$A \,\text{sends}\, B : A, \{N_A\}_{K_{AB}}$}
\item \bl{$B\,\text{sends}\, A : \{N_A + 1, N_B\}_{K_{AB}}$}
\item \bl{$A \,\text{sends}\, B : \{N_B + 1\}_{K_{AB}}$}
\item \bl{$B \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$}\;\;recorded by \bl{$I$}\pause
\item \bl{$A \,\text{sends}\, B : A, \{M_A\}_{K_{AB}}$}
\item \bl{$B\,\text{sends}\, A : \{M_A + 1, M_B\}_{K_{AB}}$}
\item \bl{$A \,\text{sends}\, B : \{M_B + 1\}_{K_{AB}}$}
\item \bl{$B \,\text{sends}\, I : \{K^{newer}_{AB}, N^{newer}_B\}_{K_{AB}}$}\;intercepted by \bl{$I$}
\item \bl{$I \,\text{sends}\, A : \{K^{new}_{AB}, N^{new}_B\}_{K_{AB}}$}\pause
\item \bl{$A \,\text{sends}\, B : \{msg\}_{K^{new}_{AB}}$}\;\;\;\;\bl{$I$} can read it also
\end{itemize}
\end{minipage}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
A Man-in-the-middle attack in real life:
\begin{itemize}
\item the card only says yes or no to the terminal if the PIN is correct
\item trick the card in thinking transaction is verified by signature
\item trick the terminal in thinking the transaction was verified by PIN
\end{itemize}
\begin{minipage}{1.1\textwidth}
\begin{center}
\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{pics/chip-attack.png}
\includegraphics[scale=0.3]{pics/chipnpinflaw.png}
\end{center}
\end{minipage}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Problems with EMV}
\begin{itemize}
\item it is a wrapper for many protocols
\item specification by consensus (resulted unmanageable complexity)
\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
further parts are secret
\item other attacks have been found
\item one solution might be to require always online verification of the PIN with the bank
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Problems with WEP (Wifi)\end{tabular}}
\begin{itemize}
\item a standard ratified in 1999
\item the protocol was designed by a committee not including cryptographers
\item it used the RC4 encryption algorithm which is a stream cipher requiring a unique nonce
\item WEP did not allocate enough bits for the nonce
\item for authenticating packets it used CRC checksum which can be easily broken
\item the network password was used to directly encrypt packages (instead of a key negotiation protocol)\bigskip
\item encryption was turned off by default
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Protocols are Difficult}
\begin{itemize}
\item even the systems designed by experts regularly fail\medskip
\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
\item the one who can fix a system should also be liable for the losses\medskip
\item cryptography is often not {\bf the} answer\bigskip\bigskip
\end{itemize}
logic is one way protocols are studied in academia
(you can use computers to search for attacks)
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Public-Key Infrastructure}
\begin{itemize}
\item the idea is to have a certificate authority (CA)
\item you go to the CA to identify yourself
\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
\item CA must be trusted by everybody
\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
explicitly limits liability to \$100.)
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Privacy, Anonymity et al}
Some terminology:
\begin{itemize}
\item \alert{secrecy} is the mechanism used to limit the number of
principals with access to information (eg, cryptography or access controls)
\item \alert{confidentiality} is the obligation to protect the secrets of other people
or organizations (secrecy for the benefit of an organisation)
\item \alert{anonymity} is the ability to leave no evidence of an activity (eg, sharing a secret)
\item \alert{privacy} is the ability or right to protect your personal secrets
(secrecy for the benefit of an individual)
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{Privacy vs Anonymity}
\begin{itemize}
\item everybody agrees that anonymity has its uses (e.g., voting, whistleblowers, peer-review)
\end{itemize}\bigskip\bigskip\pause
But privacy?\bigskip\bigskip
``You have zero privacy anyway. Get over it.''\\
\hfill{}Scott Mcnealy (CEO of Sun)\bigskip\\
If you have nothing to hide, you have nothing to fear.
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{Privacy}
private data can be often used against me
\begin{itemize}
\item if my location data becomes public, thieves will switch off their phones and help themselves in my home
\item if supermarkets can build a profile of what I buy, they can use it to their advantage (banks - mortgages)
\item my employer might not like my opinions\bigskip\pause
\item one the other hand, Freedom-of-Information Act
\item medical data should be private, but medical research needs data
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{Privacy Problems}
\begin{itemize}
\item Apple takes note of every dictation (send over the Internet to Apple)
\item markets often only work, if data is restricted (to build trust)
\item Social network can reveal data about you
\item have you tried the collusion extension for FireFox?
\item I do use Dropbox and store cards\bigskip
\item next week: anonymising data
\end{itemize}
\begin{textblock}{5}(12,9.8)
\includegraphics[scale=0.2]{pics/gattaca.jpg}\\
\small Gattaca (1997)
\end{textblock}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{Privacy}
\begin{minipage}{1.05\textwidth}
\begin{itemize}
\item we \alert{do} want that government data is made public (free maps for example)
\item we \alert{do not} want that medical data becomes public (similarly tax data, school
records, job offers)\bigskip
\item personal information can potentially lead to fraud
(identity theft)
\end{itemize}\pause
{\bf ``The reality'':}
\only<2>{\begin{itemize}
\item London Health Programmes lost in June last year unencrypted details of more than 8 million people
(no names, but postcodes and details such as gender, age and ethnic origin)
\end{itemize}}
\only<3>{\begin{itemize}
\item also in June last year, Sony got hacked: over 1M users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.
\end{itemize}}
\end{minipage}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Privacy and Big Data}
Selected sources of ``Big Data'':\smallskip{}
\begin{itemize}
\item Facebook
\begin{itemize}
\item 40+ Billion photos (100 PB)
\item 6 Billion messages daily (5 - 10 TB)
\item 900 Million users
\end{itemize}
\item Common Crawl
\begin{itemize}
\item covers 3.8 Billion webpages (2012 dataset)
\item 50 TB of data
\end{itemize}
\item Google
\begin{itemize}
\item 20 PB daily (2008)
\end{itemize}
\item Twitter
\begin{itemize}
\item 7 Million users in the UK
\item a company called Datasift is allowed to mine all tweets since 2010
\item they charge 10k per month for other companies to target advertisement
\end{itemize}
\end{itemize}\pause
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Cookies\ldots}
``We have published a new cookie policy. It explains what cookies are
and how we use them on our site. To learn more about cookies and
their benefits, please view our cookie policy.\medskip
If you'd like to disable cookies on this device, please view our information
pages on 'How to manage cookies'. Please be aware that parts of the
site will not function correctly if you disable cookies. \medskip
By closing this
message, you consent to our use of cookies on this device in accordance
with our cookie policy unless you have disabled them.''
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Scare Tactics}
The actual policy reads:\bigskip
``As we explain in our Cookie Policy, cookies help you to get the most
out of our websites.\medskip
If you do disable our cookies you may find that certain sections of our
website do not work. For example, you may have difficulties logging in
or viewing articles.''
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Netflix Prize}
Anonymity is \alert{necessary} for privacy, but \alert{not} enough!\bigskip
\begin{itemize}
\item Netflix offered in 2006 (and every year until 2010) a 1 Mio \$ prize for improving their movie rating algorithm
\item dataset contained 10\% of all Netflix users (appr.~500K)
\item names were removed, but included numerical ratings as well as times of rating
\item some information was \alert{perturbed} (i.e., slightly modified)
\end{itemize}
\hfill{\bf\alert{All OK?}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Re-identification Attack}
Two researchers analysed the data:
\begin{itemize}
\item with 8 ratings (2 of them can be wrong) and corresponding dates that can have a margin 14-day error, 98\% of the
records can be identified
\item for 68\% only two ratings and dates are sufficient (for movie ratings outside the top 500)\bigskip\pause
\item they took 50 samples from IMDb (where people can reveal their identity)
\item 2 of them uniquely identified entries in the Netflix database (either by movie rating or by dates)
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{}
\begin{itemize}
\item Birth data, postcode and gender (unique for\\ 87\% of the US population)
\item Preferences in movies (99\% of 500K for 8 ratings)
\end{itemize}\bigskip
Therefore best practices / or even law (HIPAA, EU):
\begin{itemize}
\item only year dates (age group for 90 years or over),
\item no postcodes (sector data is OK, similarly in the US)\\
\textcolor{gray}{no names, addresses, account numbers, licence plates}
\item disclosure information needs to be retained for 5 years
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}<2>[c]
\frametitle{How to Safely Disclose Information?}
\only<1>{
\begin{itemize}
\item Assume you make a survey of 100 randomly chosen people.
\item Say 99\% of the surveyed people in the 10 - 40 age group have seen the
Gangnam video on youtube.\bigskip
\item What can you infer about the rest of the population?
\end{itemize}}
\only<2>{
\begin{itemize}
\item Is it possible to re-identify data later, if more data is released. \bigskip\bigskip\pause
\item Not even releasing only aggregate information prevents re-identification attacks.
(GWAS was a public database of gene-frequency studies linked to diseases;
you only needed partial DNA information in order
to identify whether an individual was part of the study --- DB closed in 2008)
\end{itemize}}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Differential Privacy}
\begin{center}
User\;\;\;\;
\begin{tabular}{c}
tell me \bl{$f(x)$} $\Rightarrow$\\
$\Leftarrow$ \bl{$f(x) + \text{noise}$}
\end{tabular}
\;\;\;\;\begin{tabular}{@{}c}
Database\\
\bl{$x_1, \ldots, x_n$}
\end{tabular}
\end{center}
\begin{itemize}
\item \bl{$f(x)$} can be released, if \bl{$f$} is insensitive to
individual entries \bl{$x_1, \ldots, x_n$}\\
\item Intuition: whatever is learned from the dataset would be learned regardless of whether
\bl{$x_i$} participates\bigskip\pause
\item Noised needed in order to prevent queries:\\ Christian's salary $=$
\begin{center}
\bl{\large$\Sigma$} all staff $-$ \bl{\large$\Sigma$} all staff $\backslash$ Christian
\end{center}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Adding Noise}
Adding noise is not as trivial as one would wish:
\begin{itemize}
\item If I ask how many of three have seen the Gangnam video and get a result
as follows
\begin{center}
\begin{tabular}{l|c}
Alice & yes\\
Bob & no\\
Charlie & yes\\
\end{tabular}
\end{center}
then I have to add a noise of \bl{$1$}. So answers would be in the
range of \bl{$1$} to \bl{$3$}
\bigskip
\item But if I ask five questions for all the dataset (has seen Gangnam video, is male, below 30, \ldots),
then one individual can change the dataset by \bl{$5$}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@{}c@{}}Take Home Point\end{tabular}}
According to Ross Anderson: \bigskip
\begin{itemize}
\item Privacy in a big hospital is just about doable.\medskip
\item How do you enforce privacy in something as big as Google
or complex as Facebook? No body knows.\bigskip
Similarly, big databases imposed by government
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\end{document}
%%% Local Variables:
%%% mode: latex
%%% TeX-master: t
%%% End: