--- a/slides09.tex Tue Nov 27 08:58:55 2012 +0000
+++ b/slides09.tex Tue Nov 27 13:41:31 2012 +0000
@@ -148,7 +148,7 @@
\begin{minipage}{1.1\textwidth}
\begin{center}
\begin{tabular}{@{\hspace{-2mm}}r@ {\hspace{1mm}}l@{}}
-\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
+\bl{$S \rightarrow A :$} & \bl{$\{B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\
\end{tabular}
\end{center}
@@ -160,15 +160,15 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
-\frametitle{Denning-Sacco Protocol}
+\frametitle{Denning-Sacco Fix}
Denning-Sacco (1981) suggested to add the timestamp, but omit the handshake:\bigskip
\begin{minipage}{1.1\textwidth}
\begin{center}
\begin{tabular}{@{\hspace{-2mm}}r@ {\hspace{1mm}}l@{}}
-\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
-\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
+\bl{$A \rightarrow S :$} & \bl{$A, B$}\\
+\bl{$S \rightarrow A :$} & \bl{$\{B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\
\textcolor{lightgray}{$B \rightarrow A :$} & \textcolor{lightgray}{$\{N_B\}_{K_{AB}}$}\\
\textcolor{lightgray}{$A \rightarrow B :$} & \textcolor{lightgray}{$\{N_B-1\}_{K_{AB}}$}\\
@@ -177,14 +177,14 @@
\end{minipage}\bigskip
they argue \bl{$A$} and \bl{$B$} can check that the messages are not replays of earlier
-runs, by checking the time difference when the protocol is last used
+runs, by checking the time difference with when the protocol is last used
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
-\frametitle{Denning-Sacco-Lowe Protocol}
+\frametitle{\begin{tabular}{@{}c@{}}Denning-Sacco-Lowe Fix of Fix\end{tabular}}
Lowe (1997) disagreed and said the handshake should be kept,
otherwise:\bigskip
@@ -192,8 +192,8 @@
\begin{minipage}{1.1\textwidth}
\begin{center}
\begin{tabular}{@{\hspace{-7mm}}r@ {\hspace{1mm}}l@{}}
-\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
-\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
+\bl{$A \rightarrow S :$} & \bl{$A, B$}\\
+\bl{$S \rightarrow A :$} & \bl{$\{B, K_{\!AB}, T_S, \!\{K_{\!AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\
\bl{$I(A) \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\hspace{5mm}\textcolor{black}{replay}\\
\end{tabular}
@@ -227,7 +227,7 @@
(no names, but postcodes and details such as gender, age and ethnic origin)
\end{itemize}}
\only<3>{\begin{itemize}
-\item also in June Sony got hacked: over 1M users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.
+\item also in June Sony, got hacked: over 1M users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.
\end{itemize}}
\end{minipage}
@@ -240,7 +240,7 @@
\begin{frame}[c]
\frametitle{Privacy and Big Data}
-Selected sources of ``Big Data'':
+Selected sources of ``Big Data'':\smallskip{}
\begin{itemize}
\item Facebook
@@ -274,7 +274,7 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{Cookies}
+\frametitle{Cookies\ldots}
``We have published a new cookie policy. It explains what cookies are
and how we use them on our site. To learn more about cookies and
@@ -297,6 +297,8 @@
\begin{frame}[c]
\frametitle{Scare Tactics}
+The actual policy reads:\bigskip
+
``As we explain in our Cookie Policy, cookies help you to get the most
out of our websites.\medskip
@@ -321,7 +323,6 @@
\item Netflix offered in 2006 (and every year until 2010) a 1 Mio \$ prize for improving their movie rating algorithm
\item dataset contained 10\% of all Netflix users (appr.~500K)
\item names were removed, but included numerical ratings as well as times of rating
-\item average user rated 200 movies
\item some information was \alert{perturbed} (i.e., slightly modified)
\end{itemize}
@@ -338,7 +339,7 @@
Two researchers analysed the data:
\begin{itemize}
-\item with 8 ratings (2 of them can be wrong) and dates that have a 14-day error, 98\% of the
+\item with 8 ratings (2 of them can be wrong) and corresponding dates that can have a margin 14-day error, 98\% of the
records can be identified
\item for 68\% only two ratings and dates are sufficient (for movie ratings outside the top 500)\bigskip\pause
\item they took 50 samples from IMDb (where people can reveal their identity)
@@ -359,10 +360,10 @@
\item Preferences in movies (99\% of 500K for 8 ratings)
\end{itemize}\bigskip
-Therefore best practices / or even law:
+Therefore best practices / or even law (HIPAA, EU):
\begin{itemize}
-\item only year dates (age: 90 years or over),
+\item only year dates (age group for 90 years or over),
\item no postcodes (sector data is OK, similarly in the US)\\
\textcolor{gray}{no names, addresses, account numbers, licence plates}
\item disclosure information needs to be retained for 5 years
@@ -379,7 +380,7 @@
\only<1>{
\begin{itemize}
\item Assume you make a survey of 100 randomly chosen people.
-\item Say 99\% of the people in the 10 - 40 age group have seen the
+\item Say 99\% of the surveyed people in the 10 - 40 age group have seen the
Gangnam video on youtube.\bigskip
\item What can you infer about the rest of the population?
@@ -390,7 +391,7 @@
\item Not even releasing only aggregate information prevents re-identification attacks.
(GWAS was a public database of gene-frequency studies linked to diseases;
-you only needed enough data about phenotype (hair, eyes, skin colour...) in order
+you only needed partial DNA information in order
to identify whether an individual was part of the study --- DB closed in 2008)
\end{itemize}}