Adds messaging

modules/03-messaging/Makefile

@@ -0,0 +1,34 @@
+.PHONY: all
+all: notes.pdf slides.pdf
+
+LATEXFLAGS+=	-shell-escape
+
+SRC+=		preamble.tex
+SRC+=		abstract.tex contents.tex
+
+DEPENDS+=	objectives.tex
+
+notes.pdf: notes.tex
+notes.pdf: ${SRC} ${DEPENDS} ${FIGS}
+
+slides.pdf: slides.tex
+slides.pdf: ${SRC} ${DEPENDS} ${FIGS}
+
+objectives.tex: ../../course-design/objectives.tex
+
+${DEPENDS}:
+	${LN} $< $@
+
+${FIGS}:
+	${MAKE} -C $(dir $@) $(notdir $@)
+
+
+.PHONY: clean
+clean:
+	${RM} notes.pdf slides.pdf
+	${RM} ${DEPENDS}
+	${MAKE} -C fig clean
+
+
+INCLUDE_MAKEFILES=../../makefiles
+include ${INCLUDE_MAKEFILES}/tex.mk

modules/03-messaging/abstract.tex

@@ -0,0 +1,33 @@
+% What's the problem?
+% Why is it a problem? Research gap left by other approaches?
+% Why is it important? Why care?
+% What's the approach? How to solve the problem?
+% What's the findings? How was it evaluated, what are the results, limitations, 
+% what remains to be done?
+
+% XXX Summary
+\emph{Summary:}
+In this assignment we will focus on security around messaging.
+Messaging is difficult as the systems become rather complex.
+There are also many different properties that we might want from a messaging 
+protocol.
+
+% XXX Motivation and intended learning outcomes
+\emph{Intended learning outcomes:}
+This assignment focuses on practice to
+\begin{itemize}
+  \item \LOrelate;
+  \item \LOevaluate;
+  \item \LOapply;
+  \item \LOcomm.
+\end{itemize}
+
+% XXX Prerequisites
+\emph{Prerequisites:}
+We need basic knowledge of security, corresponding to an introductory course in 
+the subject.
+We also need a high-level overview of the breadth of research methods used in 
+the area of security, corresponding to the overview lecture \enquote{The 
+Scientific Method} given in the course.
+We also need that you have done the first module, \enquote{How do you know it's 
+secure? Passwords}.

modules/03-messaging/bibliography.bib

@@ -0,0 +1,148 @@
+@article{Estes2017Aug,
+  author = {Estes, Adam Clark},
+  title = {{The Guy Who Invented Those Annoying Password Rules Now Regrets 
+           Wasting Your Time}},
+  journal = {Gizmodo},
+  year = {2017},
+  month = 8,
+  publisher = {Gizmodo},
+  url = 
+  {https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987}
+}
+@misc{ANUSLR,
+  title = {{Systematic literature reviews}},
+  journal = {ANU},
+  year = {2020},
+  month = 7,
+  note = {[Online; accessed 11. Sep. 2023]},
+  url = 
+  {https://www.anu.edu.au/students/academic-skills/research-writing/literature-reviews/systematic-literature-reviews}
+  }
+@misc{ElsevierSLR,
+  title = {{Systematic Literature Review or Literature Review {$\vert$} 
+           Elsevier}},
+  journal = {Elsevier Author Services - Articles},
+  year = {2023},
+  month = 8,
+  note = {[Online; accessed 11. Sep. 2023]},
+  url = 
+  {https://scientific-publishing.webshop.elsevier.com/research-process/systematic-literature-review-or-literature-review}
+  }
+@TechReport{GuessingHumanChosenSecrets2012,
+  author =   {Bonneau, Joseph},
+  title =    {{Guessing human-chosen secrets}},
+  year =   2012,
+  month =    may,
+  url =    {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-819.pdf},
+  institution =  {University of Cambridge, Computer Laboratory},
+  doi =    {10.48456/tr-819},
+  number =   {UCAM-CL-TR-819}
+}
+@inproceedings{OfPasswordsAndPeople,
+  author={Komanduri, Saranga and
+          Shay, Richard and
+          Kelley, Patrick Gage and
+          Mazurek, Michelle L. and
+          Bauer, Lujo and
+          Christin Nicolas and
+          Cranor, Lorrie Faith and
+          Egelman, Serge},
+  title={Of passwords and people:
+         Measuring the effect of password-composition policies},
+  booktitle={CHI},
+  year={2011},
+  URL={http://cups.cs.cmu.edu/rshay/pubs/passwords_and_people2011.pdf},
+}
+@inproceedings{CanLongPasswordsBeSecureAndUsable,
+  title={Can long passwords be secure and usable?},
+  author={Shay, Richard and
+          Komanduri, Saranga and
+          Durity, Adam L and
+          Huh, Phillip Seyoung and
+          Mazurek, Michelle L and
+          Segreti, Sean M and
+          Ur, Blase and
+          Bauer, Lujo and
+          Christin, Nicolas and
+          Cranor, Lorrie Faith},
+  booktitle={Proceedings of the 32nd annual ACM conference on Human factors 
+             in computing systems},
+  pages={2927--2936},
+  year={2014},
+  organization={ACM},
+  URL={http://lorrie.cranor.org/pubs/longpass-chi2014.pdf},
+}
+@article{GraphicalPasswordsSurvey,
+  author = {Biddle, Robert and Chiasson, Sonia and Van Oorschot, P.C.},
+  title = {Graphical Passwords: Learning from the First Twelve Years},
+  year = {2012},
+  issue_date = {August 2012},
+  publisher = {Association for Computing Machinery},
+  address = {New York, NY, USA},
+  volume = {44},
+  number = {4},
+  issn = {0360-0300},
+  doi = {10.1145/2333112.2333114},
+  abstract = {Starting around 1999, a great many graphical password schemes 
+              have been proposed as alternatives to text-based password 
+              authentication. We provide a comprehensive overview of published 
+              research in the area, covering both usability and security 
+              aspects as well as system evaluation. The article first 
+              catalogues existing approaches, highlighting novel features of 
+              selected schemes and identifying key usability or security 
+              advantages. We then review usability requirements for 
+              knowledge-based authentication as they apply to graphical 
+              passwords, identify security threats that such systems must 
+              address and review known attacks, discuss methodological issues 
+              related to empirical evaluation, and identify areas for further 
+              research and improved methodology.},
+  journal = {ACM Comput. Surv.},
+  month = {sep},
+  articleno = {19},
+  numpages = {41},
+  keywords = {Authentication, graphical passwords, usable security}
+}
+@article{SLRinIS,
+  title={Achieving rigor in literature reviews: Insights from qualitative 
+         data analysis and tool-support},
+  author={Bandara, Wasana and Furtmueller, Elfi and Gorbacheva, Elena and 
+          Miskon, Suraya and Beekhuyzen, Jenine},
+  journal={Communications of the Association for Information systems},
+  volume={37},
+  number={1},
+  pages={8},
+  year={2015}
+}
+@inproceedings{WhyPhishingWorks,
+  author = {Dhamija, Rachna and Tygar, J. D. and Hearst, Marti},
+  title = {Why Phishing Works},
+  year = {2006},
+  isbn = {1595933727},
+  publisher = {Association for Computing Machinery},
+  address = {New York, NY, USA},
+  doi = {10.1145/1124772.1124861},
+  abstract = {To build systems shielding users from fraudulent (or phishing) 
+              websites, designers need to know which attack strategies work and 
+              why. This paper provides the first empirical evidence about which 
+              malicious strategies are successful at deceiving general users. 
+              We first analyzed a large set of captured phishing attacks and 
+              developed a set of hypotheses about why these strategies might 
+              work. We then assessed these hypotheses with a usability study in 
+              which 22 participants were shown 20 web sites and asked to 
+              determine which ones were fraudulent. We found that 23\% of the 
+              participants did not look at browser-based cues such as the 
+              address bar, status bar and the security indicators, leading to 
+              incorrect choices 40\% of the time. We also found that some 
+              visual deception attacks can fool even the most sophisticated 
+              users. These results illustrate that standard security indicators 
+              are not effective for a substantial fraction of users, and 
+              suggest that alternative approaches are needed.},
+  booktitle = {Proceedings of the SIGCHI Conference on Human Factors in 
+               Computing Systems},
+  pages = {581–590},
+  numpages = {10},
+  keywords = {why phishing works, phishing, security usability, phishing user 
+              study},
+  location = {Montr\'{e}al, Qu\'{e}bec, Canada},
+  series = {CHI '06}
+}