diff --git a/modules/03-messaging/Makefile b/modules/03-messaging/Makefile new file mode 100644 index 0000000..b0e0d68 --- /dev/null +++ b/modules/03-messaging/Makefile @@ -0,0 +1,34 @@ +.PHONY: all +all: notes.pdf slides.pdf + +LATEXFLAGS+= -shell-escape + +SRC+= preamble.tex +SRC+= abstract.tex contents.tex + +DEPENDS+= objectives.tex + +notes.pdf: notes.tex +notes.pdf: ${SRC} ${DEPENDS} ${FIGS} + +slides.pdf: slides.tex +slides.pdf: ${SRC} ${DEPENDS} ${FIGS} + +objectives.tex: ../../course-design/objectives.tex + +${DEPENDS}: + ${LN} $< $@ + +${FIGS}: + ${MAKE} -C $(dir $@) $(notdir $@) + + +.PHONY: clean +clean: + ${RM} notes.pdf slides.pdf + ${RM} ${DEPENDS} + ${MAKE} -C fig clean + + +INCLUDE_MAKEFILES=../../makefiles +include ${INCLUDE_MAKEFILES}/tex.mk diff --git a/modules/03-messaging/abstract.tex b/modules/03-messaging/abstract.tex new file mode 100644 index 0000000..5ec87d3 --- /dev/null +++ b/modules/03-messaging/abstract.tex @@ -0,0 +1,33 @@ +% What's the problem? +% Why is it a problem? Research gap left by other approaches? +% Why is it important? Why care? +% What's the approach? How to solve the problem? +% What's the findings? How was it evaluated, what are the results, limitations, +% what remains to be done? + +% XXX Summary +\emph{Summary:} +In this assignment we will focus on security around messaging. +Messaging is difficult as the systems become rather complex. +There are also many different properties that we might want from a messaging +protocol. + +% XXX Motivation and intended learning outcomes +\emph{Intended learning outcomes:} +This assignment focuses on practice to +\begin{itemize} + \item \LOrelate; + \item \LOevaluate; + \item \LOapply; + \item \LOcomm. +\end{itemize} + +% XXX Prerequisites +\emph{Prerequisites:} +We need basic knowledge of security, corresponding to an introductory course in +the subject. +We also need a high-level overview of the breadth of research methods used in +the area of security, corresponding to the overview lecture \enquote{The +Scientific Method} given in the course. +We also need that you have done the first module, \enquote{How do you know it's +secure? Passwords}. diff --git a/modules/03-messaging/bibliography.bib b/modules/03-messaging/bibliography.bib new file mode 100644 index 0000000..b38af6b --- /dev/null +++ b/modules/03-messaging/bibliography.bib @@ -0,0 +1,148 @@ +@article{Estes2017Aug, + author = {Estes, Adam Clark}, + title = {{The Guy Who Invented Those Annoying Password Rules Now Regrets + Wasting Your Time}}, + journal = {Gizmodo}, + year = {2017}, + month = 8, + publisher = {Gizmodo}, + url = + {https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987} +} +@misc{ANUSLR, + title = {{Systematic literature reviews}}, + journal = {ANU}, + year = {2020}, + month = 7, + note = {[Online; accessed 11. Sep. 2023]}, + url = + {https://www.anu.edu.au/students/academic-skills/research-writing/literature-reviews/systematic-literature-reviews} + } +@misc{ElsevierSLR, + title = {{Systematic Literature Review or Literature Review {$\vert$} + Elsevier}}, + journal = {Elsevier Author Services - Articles}, + year = {2023}, + month = 8, + note = {[Online; accessed 11. Sep. 2023]}, + url = + {https://scientific-publishing.webshop.elsevier.com/research-process/systematic-literature-review-or-literature-review} + } +@TechReport{GuessingHumanChosenSecrets2012, + author = {Bonneau, Joseph}, + title = {{Guessing human-chosen secrets}}, + year = 2012, + month = may, + url = {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-819.pdf}, + institution = {University of Cambridge, Computer Laboratory}, + doi = {10.48456/tr-819}, + number = {UCAM-CL-TR-819} +} +@inproceedings{OfPasswordsAndPeople, + author={Komanduri, Saranga and + Shay, Richard and + Kelley, Patrick Gage and + Mazurek, Michelle L. and + Bauer, Lujo and + Christin Nicolas and + Cranor, Lorrie Faith and + Egelman, Serge}, + title={Of passwords and people: + Measuring the effect of password-composition policies}, + booktitle={CHI}, + year={2011}, + URL={http://cups.cs.cmu.edu/rshay/pubs/passwords_and_people2011.pdf}, +} +@inproceedings{CanLongPasswordsBeSecureAndUsable, + title={Can long passwords be secure and usable?}, + author={Shay, Richard and + Komanduri, Saranga and + Durity, Adam L and + Huh, Phillip Seyoung and + Mazurek, Michelle L and + Segreti, Sean M and + Ur, Blase and + Bauer, Lujo and + Christin, Nicolas and + Cranor, Lorrie Faith}, + booktitle={Proceedings of the 32nd annual ACM conference on Human factors + in computing systems}, + pages={2927--2936}, + year={2014}, + organization={ACM}, + URL={http://lorrie.cranor.org/pubs/longpass-chi2014.pdf}, +} +@article{GraphicalPasswordsSurvey, + author = {Biddle, Robert and Chiasson, Sonia and Van Oorschot, P.C.}, + title = {Graphical Passwords: Learning from the First Twelve Years}, + year = {2012}, + issue_date = {August 2012}, + publisher = {Association for Computing Machinery}, + address = {New York, NY, USA}, + volume = {44}, + number = {4}, + issn = {0360-0300}, + doi = {10.1145/2333112.2333114}, + abstract = {Starting around 1999, a great many graphical password schemes + have been proposed as alternatives to text-based password + authentication. We provide a comprehensive overview of published + research in the area, covering both usability and security + aspects as well as system evaluation. The article first + catalogues existing approaches, highlighting novel features of + selected schemes and identifying key usability or security + advantages. We then review usability requirements for + knowledge-based authentication as they apply to graphical + passwords, identify security threats that such systems must + address and review known attacks, discuss methodological issues + related to empirical evaluation, and identify areas for further + research and improved methodology.}, + journal = {ACM Comput. Surv.}, + month = {sep}, + articleno = {19}, + numpages = {41}, + keywords = {Authentication, graphical passwords, usable security} +} +@article{SLRinIS, + title={Achieving rigor in literature reviews: Insights from qualitative + data analysis and tool-support}, + author={Bandara, Wasana and Furtmueller, Elfi and Gorbacheva, Elena and + Miskon, Suraya and Beekhuyzen, Jenine}, + journal={Communications of the Association for Information systems}, + volume={37}, + number={1}, + pages={8}, + year={2015} +} +@inproceedings{WhyPhishingWorks, + author = {Dhamija, Rachna and Tygar, J. D. and Hearst, Marti}, + title = {Why Phishing Works}, + year = {2006}, + isbn = {1595933727}, + publisher = {Association for Computing Machinery}, + address = {New York, NY, USA}, + doi = {10.1145/1124772.1124861}, + abstract = {To build systems shielding users from fraudulent (or phishing) + websites, designers need to know which attack strategies work and + why. This paper provides the first empirical evidence about which + malicious strategies are successful at deceiving general users. + We first analyzed a large set of captured phishing attacks and + developed a set of hypotheses about why these strategies might + work. We then assessed these hypotheses with a usability study in + which 22 participants were shown 20 web sites and asked to + determine which ones were fraudulent. We found that 23\% of the + participants did not look at browser-based cues such as the + address bar, status bar and the security indicators, leading to + incorrect choices 40\% of the time. We also found that some + visual deception attacks can fool even the most sophisticated + users. These results illustrate that standard security indicators + are not effective for a substantial fraction of users, and + suggest that alternative approaches are needed.}, + booktitle = {Proceedings of the SIGCHI Conference on Human Factors in + Computing Systems}, + pages = {581–590}, + numpages = {10}, + keywords = {why phishing works, phishing, security usability, phishing user + study}, + location = {Montr\'{e}al, Qu\'{e}bec, Canada}, + series = {CHI '06} +} diff --git a/modules/03-messaging/contents.tex b/modules/03-messaging/contents.tex new file mode 100644 index 0000000..834a859 --- /dev/null +++ b/modules/03-messaging/contents.tex @@ -0,0 +1,403 @@ +\title{% + How do you know it's secure? + Messaging +} +\author{Daniel Bosk\thanks{% + This material is available under the Creative Commons + Attribution-NonCommercial-ShareAlike (CC-BY-NC-SA) 4.0 international + license. + The material was written with some aid from GitHub Copilot. +}} +\institute{% + KTH EECS +} + +\begin{frame} + \maketitle +\end{frame} + +\mode* + +\begin{abstract} + \input{abstract.tex} +\end{abstract} + +\clearpage + +\section{Introduction} + +\begin{frame} +We've had passwords for about as long as we've had computers. +Unfortunately, we still\footnote{As of \today.} haven't managed to do it right +in practice. +\end{frame} +So here we'll deal with the following question. + +\begin{frame} + \begin{question}\label{RQ} + How can we know how secure our messaging system will be? + \end{question} +\end{frame} + + +\section{How do we know it's secure?} + +\begin{frame} +We have a system where users log in. +We want to authenticate the users securely. +We've decided to use a password-based authentication system\footnote{% + Yes, I know it's a bit of an oxymoron, but humor me. +}. +\end{frame} + +\begin{frame} + \begin{exercise} + What do we need to know to try to answer \cref{RQ}? + \end{exercise} +\end{frame} + + +\section{What do we mean by secure?} + +Well, first of all, we need to define what we mean by \enquote{being secure}. +\Cref{RQ} asks us to estimate how secure a password-based authentication system +is. +That means that there might be several possible levels of security. + +\begin{frame}[fragile] + \begin{exercise} + How do we define security for an authentication system? + \end{exercise} +\end{frame} + +\begin{frame} + \begin{solution} + The first thing to do is to investigate how others have defined this. + So our approach will be to do a literature review. + \end{solution} +\end{frame} + +\subsection{Literature reviews} + +There are several ways to do a literature review, or literature study. +The first, and more rigorous, is to do a systematic literature review. +The second, is a more informal approach. +Which one to use depends on the purpose. + +\paragraph{Systematic literature review} + +Let's start with the systematic literature review. +\blockcquote{ANUSLR}{% +The broad purposes of a systematic literature review are to categorise the +literature systematically, and to make it transparent how the researcher found, +selected and assessed the literature.% +} +If that is important, we should do a systematic literature review. + +In a systematic literature review, we will document the +following\autocite{ElsevierSLR}: +\begin{itemize} + \item Eligibility criteria for included research. + \Eg that the research is peer reviewed, that the abstract makes it + obvious it's about authentication. + \item A description of the systematic research search strategy. + Do we search in Google Scholar, Scopus, Web of Science, or some other + database? + \item An assessment of the validity of reviewed research. + \item Interpretations of the results of research included in the review. + \item Among other details. +\end{itemize} +The main aim is that someone else should be able to do the exact same thing and +arrive at the exact same results. +But perhaps more interestingly, one should be able to redo it later to see the +changes, what has happened since the last time it was done. + +\paragraph{Literature review} + +Sometimes that level of detail and reproducibility is not important. +For instance, if we just want to see a few different common definitions for +inspiration, then we can do a (non-systematic) literature review. + +In the case of a literature review, we still search the scientific literature. +However, we don't need to document systematically how we do it. + +\begin{frame} + \begin{exercise} + We want to investigate the most common definitions of security for + authentication systems and for which types of authentication systems + they're used. + Which type of literature review should we do; systematic or non-systematic? + Why? + \end{exercise} +\end{frame} + +In this case, the goal is to get an overview of the literature. +Since purpose is to research what definitions there are and how they're used, +we must document our method of research. +This means that we should do a systematic literature review. + +\begin{frame} + \begin{exercise} + We want to explore different definitions of security for authentication + systems to find a definition to use for our study. + Which type of literature review should we do; systematic or non-systematic? + Why? + \end{exercise} +\end{frame} + +Well, if we know approximately what we want, then we can just browse parts of +the literature until we've found what we want. +We don't need to document our method of research, since we can choose any +definition of our liking or even make up our own. + +However, it's worth noting that if someone else is using that definition, we +should add a reference to it. +This reference serves two purposes: +\begin{enumerate} + \item It gives attribution to whoever came up with the definition. + Otherwise, we're plagiarizing. + \item It shows that we're not the only ones using this definition. + All works using the same definition can easily be compared. +\end{enumerate} + +\paragraph{Case studies on literature reviews} + +We'll study three papers on this topic in the coming assignments. + +The first\autocite{GraphicalPasswordsSurvey} is a systematic literature review +on the topic of graphical passwords (since that is closely related to our +example case here). + +The second\autocite{OfPasswordsAndPeople} is a normal research paper with a +non-systematic literature review section. +The goal is to how it compares to the systematic literature review. + +The third, and last, is a paper on how to do a systematic literature review in +the area of information systems\autocite{SLRinIS}. +It covers the details of what to think about, but also discusses how to use +tools to aid the process. + +\subsection{A definition of security} + +Let's consider our definition of security for an authentication system. +We know approximately what we want, we just want to explore different +possibilities for the details. + +\begin{frame} +\begin{definition}[Informal definition of security] + The authentication system is \emph{secure} if it is \emph{hard} for an + adversary to authenticate a false claim. + We let the \emph{security level} of an authentication system be the inverse + probability of a successful attack. +\end{definition} +\end{frame} + +Now, that captures the essence of what we want. +However, we just reduced the problem of defining \enquote{being secure} to +defining what \enquote{hard} means. +This leads us down the path of formal security, \eg using complexity theory. + +\begin{exercise} + Search for a suitable formal definition of security for an authentication + system, one that captures what we've laid out above. +\end{exercise} + +When I did this, I first searched for authentication. +Then I tried to look for any definitions among the results. +I didn't find anything. +But it struck me that an authentication system is essentially the same as an +(interactive) proof system in cryptography. +That was my next search and, inspired by the results, I settled on the +following definitions\footnote{% + \Cref{FormalSecurity} I made them up myself. + \Cref{Negligible} is very standard, something with similar phrasing can be + found on Wikipedia even. + Actually GitHub Copilot autocompleted \cref{Negligible} for me. + I had to double check it to make sure it was actually what I intended. + And it brings us into a copyright and plagiarism gray zone. +}. + +\begin{frame} +\begin{definition}[Formal definition of security]\label{FormalSecurity} + We have a prover~\(P\) and a verifier~\(V\). + \begin{description} + \item[Completeness] If the prover~\(P\) knows the secret, then the + verifier~\(V\) will accept with probability \(1\). + \item[Soundness] If the prover~\(P\) does not know the secret, then the + verifier~\(V\) will accept with \emph{negligible} probability. + \end{description} +\end{definition} + +\begin{definition}[Negligible]\label{Negligible} + A function \(f\) is \emph{negligible} if for all positive integers~\(c\) + there exists a positive integer~\(n_0\) such that for all \(n > n_0\) it + holds that \(f(n) < \frac{1}{n^c}\). +\end{definition} +\end{frame} + +The ambition with these definitions is to capture that if we just have a +complex enough password, the adversary will not be able to guess it. + + +\section{Evaluating security} + +\begin{frame} + \begin{exercise} + How can we evaluate the security of our authentication system? + \end{exercise} +\end{frame} + +\begin{frame} + \begin{solution} + We must investigate how difficult the passwords are to guess + (\cref{FormalSecurity}). + We can divide the path forward into two ways: + \begin{enumerate} + \item A deductive proof. + \item An empirical investigation. + \end{enumerate} + \end{solution} +\end{frame} + +\subsection{Deductive evaluation} + +To do a deductive proof\footnote{% + We have many courses dedicated to this: + Introduced in DD2395 Computer Security, + expanded in DD2520 Applied Cryptography, + full immersion in DD2448 Foundations of Cryptography. + And then we have the range of algorithms and complexity courses: + \eg DD2350 Algorithms, Data Structures and Complexity. +}, we need to know something about the password distribution. +If some passwords are more likely than others, then the adversary can guess +them more easily and we will not be able to fulfil \cref{FormalSecurity}. + +\begin{frame} + \begin{assumption}\label{AssumeUniform} + The passwords are uniformly distributed. + \end{assumption} +\end{frame} + +A uniform distribution means that +\begin{frame} + all passwords are equally likely (\(\frac{1}{N^n}\)) +\end{frame} +and that +\begin{frame} + the Shannon entropy is maximized and equal to \(-\log \frac{1}{N^n} = n \log + {N}\), +\end{frame} +where \(N\) is the number of possible characters and \(n\) is the length of the +password. + +\begin{frame} + \begin{proof} + We see that the probability of guessing a password is \(\frac{1}{N^n}\). + This is negligible (\cref{Negligible}), so we have soundness + (\cref{FormalSecurity}). + (Completeness is straight forward, the verifier will accept if the password + is correct.) + \end{proof} +\end{frame} + +\begin{frame} + \begin{exercise} + We've proved it secure. + Is it really secure, why or why not? + How can we answer this question? + \end{exercise} +\end{frame} + +\subsection{Empirical evaluation} + +Turns out people don't pick passwords like they pick cryptographic keys. +So \cref{AssumeUniform} is an assumption that doesn't resemble the real world +particularly well; so any results derived from it, will not say much about the +real world either. +This brings us to the following question. + +\begin{frame} +\begin{question}\label{PasswordDistribution} + What is the password distribution? + How are passwords chosen? +\end{question} +\end{frame} + +Usually there is a \emph{password policy} which affects how users choose +passwords, and consequently affects the password distribution. +So we should change the question into the following. + +\begin{frame} +\begin{question} + How does different password policies affect the password distribution? +\end{question} +\begin{question}\label{Guessability} + How easily can we guess the passwords under different password policies? +\end{question} +\begin{exercise} + How should we try to answer these questions? +\end{exercise} +\end{frame} + +\paragraph{Case studies on empirical evaluation} + +\Textcite{GuessingHumanChosenSecrets2012} spent quite some time exploring these +questions (his PhD thesis). +But we also have the papers by +\textcite{OfPasswordsAndPeople} and +\textcite{CanLongPasswordsBeSecureAndUsable}. +We will explore these papers to see how they tried to answer these questions, +so we'll return to them. + +However, we can do other estimates deductively too. +For instance, we have the very famous \enquote{correct horse battery staple} +from xkcd (\cref{xkcd936}). +If we can estimate the password distribution by knowing the password policy. +However, we still have \cref{AssumeUniform}, it's just distributed uniformly +within the bounds of the password policy. + +\section{But is it even a good model to begin with?} + +\begin{frame} + \begin{exercise} + Is this a good model/definition of security? + What questions should we ask? + How can we answer them? + \end{exercise} +\end{frame} + +Well, our model says that the verifier is benign. +We have no requirement that the verifier should not be able to learn the +password. +So we have to assume that the verifier will never act as an adversary. +This leads us to the following question. + +\begin{frame} + \begin{question} + Can the verifier be an adversary or is the verifier always benign? + \end{question} +\end{frame} + +Now this depends on the users. +Can they tell a benign verifier from an adversary? +Turns out they can't\autocite{WhyPhishingWorks}. +\Citeauthor{WhyPhishingWorks} actually found that users might actually test +whether the verifier is benign or not by entering their password: +the reasoning was that if the is correct it will accept the password, otherwise +it will not (since it doesn't know the password)---which is a fallacy. + +We can also again turn to the wisdom of xkcd for another argument against the +benign verifier assumption, namely password reuse (\cref{xkcd792}). + +\paragraph{Case study} + +We will study the paper by \textcite{WhyPhishingWorks} to explore how they +answered this question. +So we'll return to this paper later. + +%\begin{frame} +% \begin{question} +% Are there more reasons? +% Password re-use, incompetent service, malicious service. +% \end{question} +%\end{frame} diff --git a/modules/03-messaging/notes.tex b/modules/03-messaging/notes.tex new file mode 100644 index 0000000..49b372d --- /dev/null +++ b/modules/03-messaging/notes.tex @@ -0,0 +1,64 @@ +\documentclass[a4paper,10pt,article,oneside]{memoir} +%%% Tufte %%% +\usepackage{marginfix} +%\setlength{\evensidemargin}{\oddsidemargin} +\marginparmargin{outer} +\setlrmarginsandblock{2.5cm}{8cm}{*} + +\footnotesinmargin + +\usepackage{ragged2e} +\renewcommand{\sidefootform}{\RaggedRight} +\renewcommand{\foottextfont}{\footnotesize\RaggedRight} + +\setmpjustification{\RaggedRight}{\RaggedRight} + +% margin figure and caption typeset ragged against text block +\setfloatadjustment{marginfigure}{\mpjustification} +\setmarginfloatcaptionadjustment{figure}{\captionstyle{\mpjustification}} + +% From https://tex.stackexchange.com/a/324757/17418 +% Palatino for main text and math +\usepackage[osf,sc]{mathpazo} + +% Helvetica for sans serif +% (scaled to match size of Palatino) +\usepackage[scaled=0.90]{helvet} + +% Bera Mono for monospaced +% (scaled to match size of Palatino) +\usepackage[scaled=0.85]{beramono} + +\setlxvchars\setxlvchars +\checkandfixthelayout + +\nouppercaseheads +%%% end tufte %%% +\let\subsubsection\subsection +\let\subsection\section +\let\section\chapter + +\input{preamble.tex} + +\usepackage[noamsthm,notheorems]{beamerarticle} +\setjobnamebeamerversion{slides} + +%\usepackage{authblk} +%\let\institute\affil + +\declaretheorem[style=theorem]{theorem} +\declaretheorem[style=definition]{definition} +\declaretheorem[style=definition]{assumption} +\declaretheorem[style=definition]{protocol} +\declaretheorem[style=example]{example} +\declaretheorem[style=remark]{remark} +\declaretheorem[style=remark]{idea} +\declaretheorem[style=exercise]{exercise} +\declaretheorem[style=exercise]{question} +\declaretheorem[style=solution]{solution} + +\begin{document} +\input{contents.tex} + +\printbibliography +\end{document} diff --git a/modules/03-messaging/preamble.tex b/modules/03-messaging/preamble.tex new file mode 100644 index 0000000..dce955a --- /dev/null +++ b/modules/03-messaging/preamble.tex @@ -0,0 +1,55 @@ +\usepackage[utf8]{inputenc} +\usepackage[T1]{fontenc} +\usepackage[british]{babel} +\usepackage{booktabs} + +\usepackage[% + natbib, + citestyle=verbose,singletitle=false, + style=verbose, + maxbibnames=99,% + isbn=false,doi=false,url=true +]{biblatex} +\addbibresource{bibliography.bib} + +\usepackage[all]{foreign} +\renewcommand{\foreignfullfont}{} +\renewcommand{\foreignabbrfont}{} + +\usepackage{import} + +\usepackage[strict]{csquotes} +\SetCiteCommand{\autocite} +\usepackage[single]{acro} +\acsetup{cite/cmd={\autocite}} + +\usepackage[noend]{algpseudocode} +\usepackage{xparse} + +\let\email\texttt + +\usepackage[outputdir=ltxobj]{minted} +\setminted{autogobble} + +\usepackage{pythontex} +\setpythontexoutputdir{.} +\setpythontexworkingdir{..} + +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{mathtools} +\usepackage{amsthm} +\usepackage{thmtools} +%\usepackage[unq]{unique} +\DeclareMathOperator{\powerset}{\mathcal{P}} + +\usepackage[binary-units]{siunitx} + +\usepackage{adjustbox} +\usepackage{lipsum} +\usepackage{multicol} +\usepackage{changepage} + +\usepackage[capitalize]{cleveref} + +\input{objectives.tex} diff --git a/modules/03-messaging/slides.tex b/modules/03-messaging/slides.tex new file mode 100644 index 0000000..2287028 --- /dev/null +++ b/modules/03-messaging/slides.tex @@ -0,0 +1,106 @@ +\documentclass[ignoreframetext]{beamer} +\input{preamble.tex} + +\usetheme{Berlin} +\setbeamertemplate{footline}%{miniframes theme} +{% + \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot} + \end{beamercolorbox} + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}% + \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}% + \hfill% + {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}% + \end{beamercolorbox}% + \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,% + leftskip=.3cm,rightskip=.3cm plus1fil]{title in head/foot}% + {\usebeamerfont{title in head/foot}\insertshorttitle} \hfill \insertframenumber% + \end{beamercolorbox}% + \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot} + \end{beamercolorbox} +} +\setbeamercovered{transparent} +\setbeamertemplate{bibliography item}[text] + +\AtBeginSection[]{% + \begin{frame} + \tableofcontents[currentsection] + \end{frame} +} + +\ProvideDocumentEnvironment{assumption}{o}{% + \IfValueTF{#1}{% + \begin{block}{Assumption: #1} + }{% + \begin{block}{Assumption} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{protocol}{o}{% + \IfValueTF{#1}{% + \begin{block}{Protocol: #1} + }{% + \begin{block}{Protocol} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{remark}{o}{% + \IfValueTF{#1}{% + \begin{alertblock}{Note: #1} + }{% + \begin{alertblock}{Note} + } +}{% + \end{alertblock} +} + +\ProvideDocumentEnvironment{idea}{o}{% + \IfValueTF{#1}{% + \begin{block}{Idea: #1} + }{% + \begin{block}{Idea} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{question}{o}{% + \setbeamercolor{block body}{bg=orange!15,fg=black} + \setbeamercolor{block title}{bg=orange,fg=white} + \setbeamercolor{local structure}{fg=orange} + \IfValueTF{#1}{% + \begin{block}{Question: #1} + }{% + \begin{block}{Question} + } +}{% + \end{block} +} + +\ProvideDocumentEnvironment{exercise}{o}{% + \setbeamercolor{block body}{bg=yellow!10,fg=black} + \setbeamercolor{block title}{bg=yellow,fg=black} + \setbeamercolor{local structure}{fg=yellow} + \IfValueTF{#1}{% + \begin{block}{Exercise: #1} + }{% + \begin{block}{Exercise} + } +}{% + \end{block} +} + + +\begin{document} +\mode +\input{contents.tex} +\mode* + +\begin{frame}[allowframebreaks] + \printbibliography +\end{frame} +\end{document}