Commit 1c165306 authored by JindraZPrahy's avatar JindraZPrahy
Browse files

phone p a s update

parent ddd1f34d
...@@ -65,6 +65,21 @@ ...@@ -65,6 +65,21 @@
\graphicspath{{fig/}} \graphicspath{{fig/}}
%%%% Macros
\makeatletter
\newcommand*{\shifttext}[2]{%
\settowidth{\@tempdima}{#2}%
\makebox[\@tempdima]{\hspace*{#1}#2}%
}
\makeatother
\newcommand{\cheatbox}[3]{%
\shifttext{#1}{\raisebox{#2}[0pt][0pt]{%
#3%
}}%
}
\begin{document} \begin{document}
{ {
...@@ -100,6 +115,16 @@ discussion will also be possible. ...@@ -100,6 +115,16 @@ discussion will also be possible.
\end{frame} \end{frame}
} }
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
\begin{frame}[plain]
\centering
\vspace*{4cm}
\Huge
Threat models
\end{frame}
}
{ {
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain] \begin{frame}[plain]
...@@ -110,17 +135,42 @@ Privacy vs. Security ...@@ -110,17 +135,42 @@ Privacy vs. Security
\begin{itemize} \begin{itemize}
\item Privacy: only people you trust have access \item Privacy: only people you trust have access
\item Security: you can trust the implementation \item Security: you can trust the implementation
\pause \end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Privacy vs. Security
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\only<+>{
\item Example 1: A piece of paper wih passwords you have at home: private \item Example 1: A piece of paper wih passwords you have at home: private
(only you can see it), but not secure (thieves can easily steal it). (only you can see it), but not secure (thieves can easily steal it).
\pause \begin{figure}[h]
\centering
\includegraphics[width=6cm]{./fig/password.jpeg}
\end{figure}
}
\only<+>{
\item Example 2: Passwords stored on a server of a password manager: secure \item Example 2: Passwords stored on a server of a password manager: secure
(they probably have security experts), but not private (if not e2e encrypted). (they probably have security experts), but not private (if not e2e encrypted).
\begin{figure}[h]
\centering
\includegraphics[width=8cm]{./fig/data-centre.jpeg}
\end{figure}
}
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}
\end{frame} \end{frame}
} }
{ {
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain] \begin{frame}[plain]
...@@ -133,34 +183,63 @@ Threat models ...@@ -133,34 +183,63 @@ Threat models
\begin{itemize} \begin{itemize}
\item The most private \& secure option after all is to not have a~phone at all. \item The most private \& secure option after all is to not have a~phone at all.
\end{itemize} \end{itemize}
\begin{figure}[h]
\centering
\includegraphics[width=10cm]{trade-offer.jpeg}
\end{figure}
\end{itemize}
\end{slidecontent}
\end{frame}
}
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain]
\begin{slidetitle}
Threat models
\end{slidetitle}
\begin{slidecontent}
\begin{itemize}
\item To determine if the tradeoff is worth it you have to consider your \item To determine if the tradeoff is worth it you have to consider your
specific situation. specific situation.
\item The model which helps you determine this is called a {\color{red}threat model}. \item The model which helps you determine this is called a {\color{red}threat model}.
\pause \begin{figure}[h]
\item Threat model: you need to determine \centering
\begin{itemize} \includegraphics[width=8cm]{hacker-threat.jpeg}
\item who you can trust \end{figure}
\item who you have to defend against (who is your threat)
\end{itemize}
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}
\end{frame} \end{frame}
} }
{ {
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain] \begin{frame}[plain]
\begin{slidetitle} \begin{slidetitle}
Threat models Definition
%\shifttext{3cm}{\raisebox{-1.5cm}[0pt][0pt]{
%\includegraphics[height=3cm]{math-definition.jpeg}
%}}
\cheatbox{3cm}{-1.5cm}{
\includegraphics[height=3cm]{math-definition.jpeg}
}
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\item Threat models are THE most important aspect of (cyber)security. \item Threat modelling is a structured approach of identifying and prioritizing
\item Without a proper threat model the info you read online will seem potential threats to a system, and determining the value that potential
contradictory. mitigations would have in reducing or neutralizing those threats.
\item It {\color{red}is} possible to improve your (cyber)security: only you are \pause
probably going to have to do it {\color{red}gradually}. \item The process:
\begin{itemize}
\item[{\color{black}1.}] Who do you have to defend against (who is your threat)?
\pause
\item[{\color{black}2.}] What can you do to mitigate the threats and how difficult it is to do it?
\pause
\item[{\color{black}3.}] What combination of measures to choose so that they synergise well and are feasible to accomplish?
\end{itemize}
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}
\end{frame} \end{frame}
...@@ -171,24 +250,62 @@ probably going to have to do it {\color{red}gradually}. ...@@ -171,24 +250,62 @@ probably going to have to do it {\color{red}gradually}.
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain] \begin{frame}[plain]
\begin{slidetitle} \begin{slidetitle}
Example threat models Example threats
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\only<+->{
\item I am afraid someone might start stalking me due to X. \item I am afraid someone might start stalking me due to X.
\only<.>{\vspace{6cm}}
}
\only<.>{
{\centering
\cheatbox{0cm}{-6cm}{
\includegraphics[width=8cm]{stalker.jpeg}}
}
}
%
\only<+->{
\item I am afraid the government might go after me due to X. \item I am afraid the government might go after me due to X.
\begin{itemize} \begin{itemize}
\item i.\,e. if you are considering an abortion in Poland, or are sans-papier. \item i.\,e. if you are considering an abortion in Poland, or are sans-papier.
\end{itemize} \end{itemize}
\only<.>{\vspace{4cm}}
}
\only<.>{
{\centering
\cheatbox{2cm}{-1cm}{
\includegraphics[width=6cm]{mcafee.jpeg}}
}
}
%
\only<+->{
\item I am afraid big corporations might exploit me due to X. \item I am afraid big corporations might exploit me due to X.
\begin{itemize} \begin{itemize}
\item i.\,e. they might collect my medical data and make my insurance more \item i.\,e. they might collect my medical data and make my insurance more
expensive. expensive.
\end{itemize} \end{itemize}
\pause }
\only<.>{
{\centering
\cheatbox{12cm}{2cm}{
\includegraphics[width=5cm]{evil-corp.jpeg}}
}
}
%
\only<+->{
\item You can also endanger your friends by using insecure services. \item You can also endanger your friends by using insecure services.
\pause }
\only<.>{
{\centering
\cheatbox{6cm}{-3cm}{
\includegraphics[width=4cm]{endanger-friends.png}}
}
}
%
\only<+->{
\item Rule of thumb: ask yourself, If I were my adversary, what strategy would I use? \item Rule of thumb: ask yourself, If I were my adversary, what strategy would I use?
}
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}
\end{frame} \end{frame}
...@@ -198,48 +315,93 @@ expensive. ...@@ -198,48 +315,93 @@ expensive.
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain] \begin{frame}[plain]
\begin{slidetitle} \begin{slidetitle}
Threat models What to do?
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\only<+->{
\item Ultimately, you have to create your own threat model by at least thinking about \item Ultimately, you have to create your own threat model by at least thinking about
it. You can also discuss it with your friends or write it down. it. You can also discuss it with your friends or write it down.
\item I am going to list the most common security threats and then try }
to say how to mitigate them. \only<.>{
\end{itemize} \cheatbox{4cm}{-3cm}{
\end{slidecontent} \includegraphics[width=4cm]{thinking.jpeg}}
\end{frame} }
%
\only<+->{
\item Develop a threat mitigation strategy and start applying it.
} }
\only<.>{
{
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
\begin{frame}[plain]
\centering \centering
\vspace*{4cm} \cheatbox{0cm}{-2.5cm}{
\Huge \includegraphics[width=4cm]{jenga.jpeg}}
Apps \& services overview }
\end{itemize}
\end{slidecontent}
\end{frame} \end{frame}
} }
{ {
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_blue.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_green.png}}
\begin{frame}[plain] \begin{frame}[plain]
\begin{slidetitle} \begin{slidetitle}
Communication Disclaimer
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\item E-mail \item Threat models are THE most important aspect of (cyber)security.
\item Social media \item Without a proper threat model the info you read online will seem
\item Instant messaging applications contradictory.
\item Phone \& SMS \item It {\color{red}is} possible to improve your (cyber)security: only you are
probably going to have to do it {\color{red}gradually}.
\only<+>{
\centering
\cheatbox{0cm}{-2.5cm}{
\includegraphics[width=4cm]{zen.jpeg}}
}
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}
\end{frame} \end{frame}
} }
%{
%\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background2.png}}
%\begin{frame}[plain]
%\centering
%\vspace*{4cm}
%\Huge
%Apps \& services overview
%\end{frame}
%}
%
%{
%\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_blue.png}}
%\begin{frame}[plain]
%\begin{slidetitle}
%Communication
%\end{slidetitle}
%\begin{slidecontent}
%\begin{itemize}
%\item E-mail
%\item Social media
%\item Instant messaging applications
%\item Phone \& SMS
%
%\only<+>{
%\cheatbox{14cm}{-3cm}{
%\includegraphics[width=2.2cm]{communication.jpeg}}
%}
%
%\end{itemize}
%\end{slidecontent}
%\end{frame}
%}
{ {
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_blue.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_blue.png}}
\begin{frame}[plain] \begin{frame}[plain]
...@@ -248,21 +410,33 @@ E-mail ...@@ -248,21 +410,33 @@ E-mail
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\only<+->{
\item It is possible to have end to end encrypted (e2e) e-mail with PGP, but \item It is possible to have end to end encrypted (e2e) e-mail with PGP, but
you need to exchange keys with everyone separately. you need to exchange keys with everyone separately. :(
\pause \only<.>{\vspace{0cm}}
}
\only<.>{\rotatebox{-25}{\Large More like pretty bad privacy amirite}}
\only<+->{
\item e2e can be automated if you exchange messages under one provider \item e2e can be automated if you exchange messages under one provider
who supports it who supports it
\begin{itemize} \begin{itemize}
\item Sending e-mails from address1@protonmail.ch to address2@protonmail.ch is e2e. \item Sending e-mails from address1@protonmail.ch to address2@protonmail.ch is e2e.
\item But sending e-mails from address1@protonmail.ch to address1@gmail.com isn't. \item But sending e-mails from address1@protonmail.ch to address1@gmail.com isn't.
\end{itemize} \end{itemize}
\pause }
\only<.>{
\centering
\cheatbox{4cm}{3.5cm}{
\includegraphics[width=4cm]{automation.jpeg}}
}
%
\only<+->{
\item My recommendation: always treat e-mail as inherently unsafe; always \item My recommendation: always treat e-mail as inherently unsafe; always
assume what you send through e-mail can be read by the government and/or big assume what you send through e-mail can be read by the government and/or big
corporations and then leaked corporations and then leaked
\item Note: having a @gmail.com address can make you less easily \item Note: having a @gmail.com address can make you less easily
fingerprintable because you don't stand out that much. fingerprintable because you don't stand out that much.
}
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}
\end{frame} \end{frame}
...@@ -287,12 +461,16 @@ determined through your contacts. ...@@ -287,12 +461,16 @@ determined through your contacts.
\begin{itemize} \begin{itemize}
\item Set hard limits on what kind of information you are willing to disclose \item Set hard limits on what kind of information you are willing to disclose
(e.\,g. I won't talk about my romantic relationships online). (e.\,g. I won't talk about my romantic relationships online).
\pause
\item Delete your posts after some time delay (they are probably going \item Delete your posts after some time delay (they are probably going
to stay archived, but won't be publicly seen). to stay archived, but won't be publicly seen).
\pause
\item Periodically delete your account and start a new one. \item Periodically delete your account and start a new one.
\pause
\item Use specialised add blockers (you can use Firefox add-ons which work on \item Use specialised add blockers (you can use Firefox add-ons which work on
mobile). mobile).
\end{itemize} \end{itemize}
\pause
\item Always assume that the U. S. government can read your every message and \item Always assume that the U. S. government can read your every message and
conduct data analysis on your behaviour. (this has already happened, see the conduct data analysis on your behaviour. (this has already happened, see the
story of Edward Snowden) story of Edward Snowden)
...@@ -394,6 +572,8 @@ Data harvesting ...@@ -394,6 +572,8 @@ Data harvesting
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\item Definition: Massive collection of data about you and their analysis.
\pause
\item Why it is a problem at all: \item Why it is a problem at all:
\begin{itemize} \begin{itemize}
\item John Oliver: \url{https://www.youtube.com/watch?v=wqn3gR1WTcA} \item John Oliver: \url{https://www.youtube.com/watch?v=wqn3gR1WTcA}
...@@ -404,9 +584,10 @@ Data harvesting ...@@ -404,9 +584,10 @@ Data harvesting
\pause \pause
\item Rising authoritarian tendencies (even in Europe) \item Rising authoritarian tendencies (even in Europe)
\begin{itemize} \begin{itemize}
\item You can endanger your friends without even knowing it.
\item E.\,g. violence against queer people in Hungary, genocide on trans people \item E.\,g. violence against queer people in Hungary, genocide on trans people
in Texas, or abortion bans in Poland. in Texas, or abortion bans in Poland (and the U.S.!).
\item You can endanger your friends without even knowing it: 1/4 women in the
U.S. have had an abortion: $(3/4)^n$ chance of not knowing one.
\end{itemize} \end{itemize}
\pause \pause
\item Even if it's OK now, the data remains stored for posterity $\Rightarrow$ \item Even if it's OK now, the data remains stored for posterity $\Rightarrow$
...@@ -417,20 +598,32 @@ future regimes can exploit it. ...@@ -417,20 +598,32 @@ future regimes can exploit it.
\end{frame} \end{frame}
} }
{ {
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_pink.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_pink.png}}
\begin{frame}[plain] \begin{frame}[plain]
\begin{slidetitle} \begin{slidetitle}
Data harvesting Types of harvestable data
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\item By individual applications \item What apps you are using, when and for how long.
\item By the OS
\pause \pause
\item You will hear Google or Apple talking about how secure their latest phones are. \item Your location (can be determined precisely through wi-fi, or through 5G).
In reality, they are creating a monopoly on surveillance. Secure $\neq$ private! \pause
\item Microphone recordings
\begin{itemize}
\item It is in practice possible for an application with permissions to
listen to what is happening around you and understand what you are saying.
\url{https://www.makeuseof.com/tag/your-smartphone-listening-or-coincidence/}
\item Cross-device tracking
\url{https://tinyurl.com/2f3pyuh3}
\end{itemize}
\pause
\item Analysis of files you use (for example photos in Google Cloud).
\pause
\item Analysis of your behaviour in apps.
\pause
\item ??? (we don't know the full extent of data harvesting)
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}
\end{frame} \end{frame}
...@@ -441,30 +634,24 @@ In reality, they are creating a monopoly on surveillance. Secure $\neq$ private! ...@@ -441,30 +634,24 @@ In reality, they are creating a monopoly on surveillance. Secure $\neq$ private!
\usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_pink.png}} \usebackgroundtemplate{\includegraphics[width=\paperwidth,height=\paperheight]{Background_pink.png}}
\begin{frame}[plain] \begin{frame}[plain]
\begin{slidetitle} \begin{slidetitle}
Types of harvestable data Data harvesting
\end{slidetitle} \end{slidetitle}
\begin{slidecontent} \begin{slidecontent}
\begin{itemize} \begin{itemize}
\item What apps you are using and for how long. \item By individual applications
\pause \item By the OS
\item Your location (can be determined precisely through wi-fi, or through 5G).
\pause
\item Microphone recordings
\begin{itemize}
\item It is in practice possible for an application with permissions to
listen to what is happening around you and understand what you are saying.
\url{https://www.makeuseof.com/tag/your-smartphone-listening-or-coincidence/}
\item Cross-device tracking
\url{https://tinyurl.com/2f3pyuh3}
\end{itemize}
\pause \pause
\item ??? (we don't know the full extent of data harvesting) \item You will hear Google or Apple talking about how secure their latest phones are.
In reality, they are creating a monopoly on surveillance. Secure $\neq$ private!
\end{itemize} \end{itemize}
\end{slidecontent} \end{slidecontent}