|
41
|
1 |
\documentclass[dvipsnames,14pt,t]{beamer}
|
|
|
2 |
\usepackage{beamerthemeplainculight}
|
|
|
3 |
\usepackage[T1]{fontenc}
|
|
|
4 |
\usepackage[latin1]{inputenc}
|
|
|
5 |
\usepackage{mathpartir}
|
|
|
6 |
\usepackage[absolute,overlay]{textpos}
|
|
|
7 |
\usepackage{ifthen}
|
|
|
8 |
\usepackage{tikz}
|
|
|
9 |
\usepackage{pgf}
|
|
|
10 |
\usepackage{calc}
|
|
|
11 |
\usepackage{ulem}
|
|
|
12 |
\usepackage{courier}
|
|
|
13 |
\usepackage{listings}
|
|
|
14 |
\renewcommand{\uline}[1]{#1}
|
|
|
15 |
\usetikzlibrary{arrows}
|
|
|
16 |
\usetikzlibrary{automata}
|
|
|
17 |
\usetikzlibrary{shapes}
|
|
|
18 |
\usetikzlibrary{shadows}
|
|
|
19 |
\usetikzlibrary{positioning}
|
|
|
20 |
\usetikzlibrary{calc}
|
|
|
21 |
\usepackage{graphicx}
|
|
|
22 |
|
|
|
23 |
\definecolor{javared}{rgb}{0.6,0,0} % for strings
|
|
|
24 |
\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
|
|
|
25 |
\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
|
|
|
26 |
\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
|
|
|
27 |
|
|
|
28 |
\lstset{language=Java,
|
|
|
29 |
basicstyle=\ttfamily,
|
|
|
30 |
keywordstyle=\color{javapurple}\bfseries,
|
|
|
31 |
stringstyle=\color{javagreen},
|
|
|
32 |
commentstyle=\color{javagreen},
|
|
|
33 |
morecomment=[s][\color{javadocblue}]{/**}{*/},
|
|
|
34 |
numbers=left,
|
|
|
35 |
numberstyle=\tiny\color{black},
|
|
|
36 |
stepnumber=1,
|
|
|
37 |
numbersep=10pt,
|
|
|
38 |
tabsize=2,
|
|
|
39 |
showspaces=false,
|
|
|
40 |
showstringspaces=false}
|
|
|
41 |
|
|
|
42 |
\lstdefinelanguage{scala}{
|
|
|
43 |
morekeywords={abstract,case,catch,class,def,%
|
|
|
44 |
do,else,extends,false,final,finally,%
|
|
|
45 |
for,if,implicit,import,match,mixin,%
|
|
|
46 |
new,null,object,override,package,%
|
|
|
47 |
private,protected,requires,return,sealed,%
|
|
|
48 |
super,this,throw,trait,true,try,%
|
|
|
49 |
type,val,var,while,with,yield},
|
|
|
50 |
otherkeywords={=>,<-,<\%,<:,>:,\#,@},
|
|
|
51 |
sensitive=true,
|
|
|
52 |
morecomment=[l]{//},
|
|
|
53 |
morecomment=[n]{/*}{*/},
|
|
|
54 |
morestring=[b]",
|
|
|
55 |
morestring=[b]',
|
|
|
56 |
morestring=[b]"""
|
|
|
57 |
}
|
|
|
58 |
|
|
|
59 |
\lstset{language=Scala,
|
|
|
60 |
basicstyle=\ttfamily,
|
|
|
61 |
keywordstyle=\color{javapurple}\bfseries,
|
|
|
62 |
stringstyle=\color{javagreen},
|
|
|
63 |
commentstyle=\color{javagreen},
|
|
|
64 |
morecomment=[s][\color{javadocblue}]{/**}{*/},
|
|
|
65 |
numbers=left,
|
|
|
66 |
numberstyle=\tiny\color{black},
|
|
|
67 |
stepnumber=1,
|
|
|
68 |
numbersep=10pt,
|
|
|
69 |
tabsize=2,
|
|
|
70 |
showspaces=false,
|
|
|
71 |
showstringspaces=false}
|
|
|
72 |
|
|
|
73 |
% beamer stuff
|
|
|
74 |
\renewcommand{\slidecaption}{APP 04, King's College London, 16 October 2012}
|
|
|
75 |
|
|
|
76 |
|
|
|
77 |
\begin{document}
|
|
|
78 |
|
|
|
79 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
80 |
\mode<presentation>{
|
|
|
81 |
\begin{frame}<1>[t]
|
|
|
82 |
\frametitle{%
|
|
|
83 |
\begin{tabular}{@ {}c@ {}}
|
|
|
84 |
\\
|
|
|
85 |
\LARGE Access Control and \\[-3mm]
|
|
|
86 |
\LARGE Privacy Policies (4)\\[-6mm]
|
|
|
87 |
\end{tabular}}\bigskip\bigskip\bigskip
|
|
|
88 |
|
|
|
89 |
%\begin{center}
|
|
|
90 |
%\includegraphics[scale=1.3]{pics/barrier.jpg}
|
|
|
91 |
%\end{center}
|
|
|
92 |
|
|
|
93 |
\normalsize
|
|
|
94 |
\begin{center}
|
|
|
95 |
\begin{tabular}{ll}
|
|
|
96 |
Email: & christian.urban at kcl.ac.uk\\
|
|
|
97 |
Of$\!$fice: & S1.27 (1st floor Strand Building)\\
|
|
|
98 |
Slides: & KEATS (also homework is there)\\
|
|
|
99 |
\end{tabular}
|
|
|
100 |
\end{center}
|
|
|
101 |
|
|
|
102 |
|
|
|
103 |
\end{frame}}
|
|
|
104 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
105 |
|
|
|
106 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
107 |
\mode<presentation>{
|
|
|
108 |
\begin{frame}[c]
|
|
|
109 |
\frametitle{Unix-Style Access Control}
|
|
|
110 |
|
|
|
111 |
\begin{itemize}
|
|
45
|
112 |
\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar groups:
|
|
41
|
113 |
|
|
|
114 |
\begin{center}
|
|
|
115 |
\begin{tabular}{l}
|
|
|
116 |
administrators group\\
|
|
|
117 |
\hspace{5mm}(has complete control over the machine)\\
|
|
|
118 |
authenticated users\\
|
|
|
119 |
server operators\\
|
|
|
120 |
power users\\
|
|
|
121 |
network configuration operators\\
|
|
|
122 |
\end{tabular}
|
|
|
123 |
\end{center}\medskip
|
|
|
124 |
|
|
45
|
125 |
\item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but
|
|
41
|
126 |
have \texttt{runas} (asks for a password).\pause
|
|
|
127 |
|
|
|
128 |
\item OS provided access control can \alert{add} to your
|
|
|
129 |
security.
|
|
|
130 |
\end{itemize}
|
|
|
131 |
|
|
|
132 |
|
|
|
133 |
\end{frame}}
|
|
|
134 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
135 |
|
|
|
136 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
137 |
\mode<presentation>{
|
|
|
138 |
\begin{frame}[c]
|
|
|
139 |
\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
|
|
|
140 |
|
|
|
141 |
|
|
|
142 |
\begin{center}
|
|
|
143 |
\begin{tikzpicture}[scale=1]
|
|
|
144 |
|
|
|
145 |
\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
|
|
|
146 |
\draw (4.7,1) node {Internet};
|
|
45
|
147 |
\draw (-2.7,1.7) node {\footnotesize Application};
|
|
41
|
148 |
\draw (0.6,1.7) node {\footnotesize Interface};
|
|
|
149 |
\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
|
|
|
150 |
\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
|
|
|
151 |
|
|
|
152 |
\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
|
|
|
153 |
|
|
|
154 |
\draw[white] (1.7,1) node (X) {};
|
|
|
155 |
\draw[white] (3.7,1) node (Y) {};
|
|
|
156 |
\draw[red, <->, line width = 2mm] (X) -- (Y);
|
|
|
157 |
|
|
|
158 |
\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
|
|
|
159 |
\end{tikzpicture}
|
|
|
160 |
\end{center}
|
|
|
161 |
|
|
|
162 |
\begin{itemize}
|
|
|
163 |
\item the idea is make the attack surface smaller and
|
|
|
164 |
mitigate the consequences of an attack
|
|
|
165 |
\end{itemize}
|
|
|
166 |
|
|
|
167 |
|
|
|
168 |
\end{frame}}
|
|
|
169 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
170 |
|
|
|
171 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
172 |
\mode<presentation>{
|
|
|
173 |
\begin{frame}[c]
|
|
|
174 |
\frametitle{Shared Access Control}
|
|
|
175 |
|
|
|
176 |
\begin{center}
|
|
|
177 |
\includegraphics[scale=0.7]{pics/pointsplane.jpg}
|
|
|
178 |
\end{center}
|
|
|
179 |
|
|
|
180 |
\begin{textblock}{11}(10.5,10.5)
|
|
|
181 |
\small
|
|
|
182 |
To take an action you\\[-1mm]
|
|
45
|
183 |
need at least either:
|
|
41
|
184 |
\begin{itemize}
|
|
|
185 |
\item 1 CEO\\[-5mm]
|
|
45
|
186 |
\item 2 MDs, or\\[-5mm]
|
|
41
|
187 |
\item 3 Ds
|
|
|
188 |
\end{itemize}
|
|
|
189 |
\end{textblock}
|
|
|
190 |
|
|
|
191 |
\end{frame}}
|
|
|
192 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
193 |
|
|
|
194 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
195 |
\mode<presentation>{
|
|
|
196 |
\begin{frame}[c]
|
|
|
197 |
\frametitle{Lessons from Access Control}
|
|
|
198 |
|
|
45
|
199 |
Not just restricted to Unix:
|
|
|
200 |
|
|
41
|
201 |
\begin{itemize}
|
|
|
202 |
\item if you have too many roles (i.e.~too finegrained AC), then
|
|
|
203 |
hierarchy is too complex\\
|
|
|
204 |
\textcolor{gray}{you invite situations like\ldots let's be root}\bigskip
|
|
|
205 |
|
|
|
206 |
\item you can still abuse the system\ldots
|
|
|
207 |
|
|
|
208 |
\end{itemize}
|
|
|
209 |
|
|
|
210 |
\end{frame}}
|
|
|
211 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
212 |
|
|
|
213 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
214 |
\mode<presentation>{
|
|
|
215 |
\begin{frame}[c]
|
|
|
216 |
\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
|
|
|
217 |
|
|
|
218 |
The idea is to trick a privileged person to do something on your behalf:
|
|
|
219 |
|
|
|
220 |
\begin{itemize}
|
|
|
221 |
\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
|
|
|
222 |
|
|
|
223 |
\footnotesize
|
|
|
224 |
\begin{minipage}{1.1\textwidth}
|
|
|
225 |
\textcolor{gray}{the shell behind the scenes:}\\
|
|
|
226 |
\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
|
|
|
227 |
|
|
|
228 |
\textcolor{gray}{this takes time}
|
|
|
229 |
\end{minipage}
|
|
|
230 |
\end{itemize}
|
|
|
231 |
|
|
|
232 |
|
|
|
233 |
\end{frame}}
|
|
|
234 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
235 |
|
|
|
236 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
237 |
\mode<presentation>{
|
|
|
238 |
\begin{frame}[c]
|
|
|
239 |
\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
|
|
|
240 |
|
|
|
241 |
\begin{enumerate}
|
|
|
242 |
\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
|
|
|
243 |
\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
|
|
|
244 |
\item root \textcolor{gray}{(does the daily cleaning)}\\
|
|
|
245 |
\texttt{rm /tmp/*/*}\medskip\\
|
|
|
246 |
\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
|
|
|
247 |
\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
|
|
|
248 |
|
|
|
249 |
\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
|
|
|
250 |
the real passwd file)}\\
|
|
|
251 |
\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
|
|
|
252 |
\item root now deletes the real passwd file
|
|
|
253 |
\end{enumerate}
|
|
|
254 |
|
|
|
255 |
\only<2>{
|
|
|
256 |
\begin{textblock}{11}(2,5)
|
|
|
257 |
\begin{tikzpicture}
|
|
|
258 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
|
|
|
259 |
{\normalsize\color{darkgray}
|
|
|
260 |
\begin{minipage}{9cm}\raggedright
|
|
|
261 |
To prevent this kind of attack, you need additional
|
|
45
|
262 |
policies (don't do such operations as root).
|
|
41
|
263 |
\end{minipage}};
|
|
|
264 |
\end{tikzpicture}
|
|
|
265 |
\end{textblock}}
|
|
|
266 |
|
|
|
267 |
\end{frame}}
|
|
|
268 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
269 |
|
|
|
270 |
|
|
|
271 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
272 |
\mode<presentation>{
|
|
|
273 |
\begin{frame}[c]
|
|
|
274 |
\frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}}
|
|
|
275 |
|
|
45
|
276 |
\textcolor{gray}{There is no absolutely secure system and security almost never comes for free.}
|
|
|
277 |
|
|
41
|
278 |
\begin{itemize}
|
|
|
279 |
\item What assets are you trying to protect?
|
|
|
280 |
\item What are the risks to these assets?
|
|
|
281 |
\item How well does the security solution mitigate those risks?
|
|
|
282 |
\item What other risks does the security solution cause?
|
|
|
283 |
\item What costs and trade-offs does the security solution impose?
|
|
|
284 |
\end{itemize}
|
|
|
285 |
|
|
|
286 |
|
|
|
287 |
\end{frame}}
|
|
|
288 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
289 |
|
|
|
290 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
291 |
\mode<presentation>{
|
|
|
292 |
\begin{frame}[t]
|
|
|
293 |
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Credit Cards\end{tabular}}
|
|
|
294 |
|
|
|
295 |
You might have the policy of not typing in your credit card online. Worthwhile or not?
|
|
|
296 |
\begin{itemize}
|
|
|
297 |
\item<2->What assets are you trying to protect?\\
|
|
|
298 |
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}your credit card number\end{tabular}}
|
|
|
299 |
\item<3->What are the risks to these assets?\\
|
|
|
300 |
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
301 |
With credit cards you loose a fixed amount \pounds{50}. Amazon \pounds{50}. \end{tabular}}
|
|
|
302 |
\item<4->How well does the security solution mitigate those risks?\\
|
|
|
303 |
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
304 |
Well, hackers steal credit cards from databases. They usually do not attack you individually.\end{tabular}}
|
|
|
305 |
\item<5->What other risks does the security solution cause?
|
|
|
306 |
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright None (?)\end{tabular}}
|
|
|
307 |
\item<6->What costs and trade-offs does the security solution impose?
|
|
|
308 |
\only<6>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Internet shopping is convenient and sometimes cheaper.\end{tabular}}
|
|
|
309 |
\item<7>[]{\bf\large No!}
|
|
|
310 |
\end{itemize}\pause\pause
|
|
|
311 |
|
|
|
312 |
|
|
|
313 |
\end{frame}}
|
|
|
314 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
315 |
|
|
|
316 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
317 |
\mode<presentation>{
|
|
|
318 |
\begin{frame}[c]
|
|
|
319 |
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
|
|
|
320 |
|
|
|
321 |
\begin{center}
|
|
|
322 |
\includegraphics[scale=0.5]{pics/firewall.png}
|
|
|
323 |
\end{center}
|
|
|
324 |
|
|
|
325 |
A firewall is a piece of software that controls incoming and outgoing traffic according to some rules.
|
|
|
326 |
\end{frame}}
|
|
|
327 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
328 |
|
|
|
329 |
|
|
|
330 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
331 |
\mode<presentation>{
|
|
|
332 |
\begin{frame}[t]
|
|
|
333 |
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}}
|
|
|
334 |
|
|
|
335 |
\begin{itemize}
|
|
|
336 |
\item<1->What assets are you trying to protect?\\
|
|
|
337 |
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Whatever is behind the firewall
|
|
|
338 |
(credit cards, passwords, blueprints, \ldots)\end{tabular}}
|
|
|
339 |
\item<2->What are the risks to these assets?\\
|
|
|
340 |
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
341 |
With a small online shop you are already at risk. Pentagon, definitely.\end{tabular}}
|
|
|
342 |
\item<3->How well does the security solution mitigate those risks?\\
|
|
|
343 |
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
344 |
Well, at home so not much. Everywhere else, if properly configurated then it does.\end{tabular}}
|
|
|
345 |
\item<4->What other risks does the security solution cause?
|
|
|
346 |
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright There might be backdoors or bugs in the firewall,
|
|
|
347 |
but generally they are secure. You choose to prevent certain traffic.\end{tabular}}
|
|
|
348 |
\item<5->What costs and trade-offs does the security solution impose?
|
|
|
349 |
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
350 |
Minimal to modest. Firewalls are part of free software. You need a knowledgeable
|
|
|
351 |
person to set them up.\end{tabular}}
|
|
|
352 |
\item<7>[]{\bf\large Yes!}
|
|
|
353 |
\end{itemize}\pause\pause
|
|
|
354 |
|
|
|
355 |
|
|
|
356 |
\end{frame}}
|
|
|
357 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
358 |
|
|
|
359 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
360 |
\mode<presentation>{
|
|
|
361 |
\begin{frame}[t]
|
|
|
362 |
\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}
|
|
|
363 |
|
|
|
364 |
Google uses nowadays two-factor authentication. But it is an old(er)
|
|
|
365 |
idea. It is used for example in Germany and Netherlands for online transactions.
|
|
|
366 |
|
|
|
367 |
\begin{center}
|
|
|
368 |
\includegraphics[scale=0.6]{pics/tan1.jpg}\hspace{5mm}
|
|
|
369 |
\includegraphics[scale=0.2]{pics/tan2.jpg}
|
|
|
370 |
\end{center}
|
|
|
371 |
|
|
|
372 |
\pause
|
|
|
373 |
Or nowadays by SMS (restricts the validity of the numbers) or with a secure generator
|
|
|
374 |
|
|
|
375 |
\begin{center}
|
|
|
376 |
\includegraphics[scale=0.08]{pics/pinsentry.jpg}
|
|
|
377 |
\end{center}
|
|
|
378 |
|
|
|
379 |
\end{frame}}
|
|
|
380 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
381 |
|
|
|
382 |
|
|
|
383 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
384 |
\mode<presentation>{
|
|
|
385 |
\begin{frame}[t]
|
|
|
386 |
\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}
|
|
|
387 |
|
|
|
388 |
\begin{itemize}
|
|
|
389 |
\item<1->What assets are you trying to protect?\\
|
|
|
390 |
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Your bank account.\end{tabular}}
|
|
|
391 |
\item<2->What are the risks to these assets?\\
|
|
|
392 |
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
393 |
Nowadays pretty high risk.\end{tabular}}
|
|
|
394 |
\item<3->How well does the security solution mitigate those risks?\\
|
|
|
395 |
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
396 |
It prevents problems when passwords are stolen. Man-in-the-middle attacks
|
|
|
397 |
still possible.\end{tabular}}
|
|
|
398 |
\item<4->What other risks does the security solution cause?
|
|
43
|
399 |
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or credit card/pin might
|
|
41
|
400 |
be stolen. SIM card become valuable.\end{tabular}}
|
|
|
401 |
\item<5->What costs and trade-offs does the security solution impose?
|
|
|
402 |
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
403 |
Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}}
|
|
|
404 |
\item<7>[]{\bf\large Yes!}
|
|
|
405 |
\end{itemize}
|
|
|
406 |
|
|
|
407 |
|
|
|
408 |
\end{frame}}
|
|
|
409 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
410 |
|
|
|
411 |
|
|
|
412 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
413 |
\mode<presentation>{
|
|
|
414 |
\begin{frame}[t]
|
|
|
415 |
\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals\end{tabular}}
|
|
|
416 |
|
|
|
417 |
According to Ross Anderson: ``\ldots is a tamper-indicating device
|
|
|
418 |
designed to leave non-erasable, unambiguous evidence of unauthorized
|
|
|
419 |
entry or tampering.''
|
|
|
420 |
|
|
|
421 |
\begin{center}
|
|
|
422 |
\includegraphics[scale=0.45]{pics/seal.jpg}
|
|
|
423 |
\end{center}\mbox{}\\[-12mm]
|
|
|
424 |
|
|
|
425 |
They also need some quite sophisticated policies (seal regiment).
|
|
|
426 |
\end{frame}}
|
|
|
427 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
428 |
|
|
|
429 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
430 |
\mode<presentation>{
|
|
|
431 |
\begin{frame}[t]
|
|
|
432 |
\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}}
|
|
|
433 |
|
|
|
434 |
\begin{itemize}
|
|
45
|
435 |
\item at the Argonne National Laboratory they tested 244 different security seals
|
|
41
|
436 |
\begin{itemize}
|
|
45
|
437 |
\item meantime to break the seals for a trained person: 100 s
|
|
|
438 |
\item including 19\% that were used for safeguard of nuclear material
|
|
41
|
439 |
\end{itemize}\bigskip
|
|
|
440 |
|
|
|
441 |
\item Andrew Appel defeated all security seals which were supposed to keep
|
|
43
|
442 |
voting machines safe
|
|
41
|
443 |
\end{itemize}
|
|
|
444 |
|
|
|
445 |
|
|
|
446 |
\only<2>{
|
|
|
447 |
\begin{textblock}{11}(1,1)
|
|
|
448 |
\begin{tikzpicture}
|
|
|
449 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
|
|
|
450 |
{\normalsize
|
|
|
451 |
\begin{minipage}{11cm}\raggedright\small
|
|
|
452 |
\begin{center}
|
|
|
453 |
\includegraphics[scale=0.25]{pics/appelseals.jpg}
|
|
|
454 |
\end{center}
|
|
|
455 |
\begin{center}
|
|
|
456 |
\begin{minipage}{10.5cm}
|
|
|
457 |
\begin{itemize}
|
|
|
458 |
\item The tamper-indicating tape can be lifted using a heat gun.
|
|
|
459 |
\item The security screw cap can be removed using a screwdriver, then the
|
|
|
460 |
serial-numbered top can be replaced (undamaged) onto a fresh (unnumbered) base.
|
|
|
461 |
\item The wire seal can be defeated using a \#4 wood screw.
|
|
|
462 |
\item The plastic strap seal can be picked using a jeweler's screwdriver.
|
|
|
463 |
\end{itemize}
|
|
|
464 |
\end{minipage}
|
|
|
465 |
\end{center}
|
|
|
466 |
\end{minipage}};
|
|
|
467 |
\end{tikzpicture}
|
|
|
468 |
\end{textblock}}
|
|
|
469 |
|
|
|
470 |
\end{frame}}
|
|
|
471 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
472 |
|
|
|
473 |
|
|
|
474 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
475 |
\mode<presentation>{
|
|
|
476 |
\begin{frame}[t]
|
|
45
|
477 |
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Security Seals\end{tabular}}
|
|
41
|
478 |
|
|
|
479 |
\begin{itemize}
|
|
|
480 |
\item<1->What assets are you trying to protect?\\
|
|
|
481 |
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Voting machines, doors.\end{tabular}}
|
|
|
482 |
\item<2->What are the risks to these assets?\\
|
|
43
|
483 |
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Casual thieves, insider attacks.\end{tabular}}
|
|
41
|
484 |
\item<3->How well does the security solution mitigate those risks?\\
|
|
|
485 |
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
486 |
Needs a quite complicated security regiment.\end{tabular}}
|
|
|
487 |
\item<4->What other risks does the security solution cause?
|
|
|
488 |
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You might not notice tampering.\end{tabular}}
|
|
|
489 |
\item<5->What costs and trade-offs does the security solution impose?
|
|
|
490 |
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
491 |
The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}}
|
|
43
|
492 |
\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airport, swimming pool}}
|
|
|
493 |
\end{itemize}
|
|
|
494 |
|
|
|
495 |
|
|
|
496 |
\end{frame}}
|
|
|
497 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
498 |
|
|
|
499 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
500 |
\mode<presentation>{
|
|
|
501 |
\begin{frame}[t]
|
|
|
502 |
\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security by Obscurity\end{tabular}}
|
|
|
503 |
|
|
|
504 |
You might think it is a good idea to keep a security relevant algorithm or
|
|
|
505 |
software secret.
|
|
|
506 |
|
|
|
507 |
\begin{itemize}
|
|
|
508 |
\item<1->What assets are you trying to protect?\\
|
|
|
509 |
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}source code, an algorithm\end{tabular}}
|
|
|
510 |
\item<2->What are the risks to these assets?\\
|
|
|
511 |
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
512 |
Can be pretty high (Oystercards).\end{tabular}}
|
|
|
513 |
\item<3->How well does the security solution mitigate those risks?\\
|
|
|
514 |
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
|
|
|
515 |
Not really. The source code can be reverse engineered, stolen\ldots{}\end{tabular}}
|
|
|
516 |
\item<4->What other risks does the security solution cause?
|
|
|
517 |
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent
|
|
45
|
518 |
scrutiny and independent advice. You also more likely than not
|
|
43
|
519 |
get it wrong.\end{tabular}}
|
|
|
520 |
\item<5>[]{\bf\large No!}
|
|
|
521 |
\end{itemize}
|
|
|
522 |
|
|
|
523 |
|
|
|
524 |
\end{frame}}
|
|
|
525 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
526 |
|
|
|
527 |
|
|
|
528 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
529 |
\mode<presentation>{
|
|
|
530 |
\begin{frame}[t]
|
|
|
531 |
\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}
|
|
|
532 |
|
|
|
533 |
What are the security requirements of a voting system?\bigskip
|
|
|
534 |
|
|
|
535 |
\begin{itemize}
|
|
|
536 |
\item<2->Integrity
|
|
|
537 |
\item<3->Ballot Secrecy
|
|
|
538 |
\item<5->Voter Authentication
|
|
|
539 |
\item<6->Enfranchisement
|
|
|
540 |
\item<7->Availability
|
|
|
541 |
\end{itemize}
|
|
|
542 |
|
|
|
543 |
\only<2>{
|
|
|
544 |
\begin{textblock}{5.5}(8,5)
|
|
|
545 |
\begin{tikzpicture}
|
|
|
546 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
|
|
|
547 |
{\small
|
|
|
548 |
\begin{minipage}{5cm}\raggedright
|
|
|
549 |
\begin{center}
|
|
|
550 |
\begin{minipage}{4.5cm}
|
|
|
551 |
\begin{itemize}
|
|
|
552 |
\item The outcome matches with the voter intend.
|
|
|
553 |
\item There might be gigantic sums at stake.
|
|
|
554 |
\end{itemize}
|
|
|
555 |
\end{minipage}
|
|
|
556 |
\end{center}
|
|
|
557 |
\end{minipage}};
|
|
|
558 |
\end{tikzpicture}
|
|
|
559 |
\end{textblock}}
|
|
|
560 |
|
|
|
561 |
\only<4>{
|
|
|
562 |
\begin{textblock}{5.5}(8,5)
|
|
|
563 |
\begin{tikzpicture}
|
|
|
564 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
|
|
|
565 |
{\small
|
|
|
566 |
\begin{minipage}{5cm}\raggedright
|
|
|
567 |
\begin{center}
|
|
|
568 |
\begin{minipage}{4.5cm}
|
|
|
569 |
\begin{itemize}
|
|
|
570 |
\item Nobody can find out how you voted.
|
|
|
571 |
\item (Stronger) Even if you try, you cannot prove how you voted.
|
|
|
572 |
\end{itemize}
|
|
|
573 |
\end{minipage}
|
|
|
574 |
\end{center}
|
|
|
575 |
\end{minipage}};
|
|
|
576 |
\end{tikzpicture}
|
|
|
577 |
\end{textblock}}
|
|
|
578 |
|
|
|
579 |
\only<5>{
|
|
|
580 |
\begin{textblock}{5.5}(8,5)
|
|
|
581 |
\begin{tikzpicture}
|
|
|
582 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
|
|
|
583 |
{\small
|
|
|
584 |
\begin{minipage}{5cm}\raggedright
|
|
|
585 |
\begin{center}
|
|
|
586 |
\begin{minipage}{4.5cm}
|
|
|
587 |
\begin{itemize}
|
|
|
588 |
\item Only authorised voters can vote up to the permitted number of votes.
|
|
|
589 |
\end{itemize}
|
|
|
590 |
\end{minipage}
|
|
|
591 |
\end{center}
|
|
|
592 |
\end{minipage}};
|
|
|
593 |
\end{tikzpicture}
|
|
|
594 |
\end{textblock}}
|
|
|
595 |
|
|
|
596 |
\only<6>{
|
|
|
597 |
\begin{textblock}{5.5}(8,5)
|
|
|
598 |
\begin{tikzpicture}
|
|
|
599 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
|
|
|
600 |
{\small
|
|
|
601 |
\begin{minipage}{5cm}\raggedright
|
|
|
602 |
\begin{center}
|
|
|
603 |
\begin{minipage}{4.5cm}
|
|
|
604 |
\begin{itemize}
|
|
|
605 |
\item Only authorised voters should be able to vote up to the permitted number of votes.
|
|
|
606 |
\end{itemize}
|
|
|
607 |
\end{minipage}
|
|
|
608 |
\end{center}
|
|
|
609 |
\end{minipage}};
|
|
|
610 |
\end{tikzpicture}
|
|
|
611 |
\end{textblock}}
|
|
|
612 |
|
|
|
613 |
\only<7>{
|
|
|
614 |
\begin{textblock}{5.5}(8,5)
|
|
|
615 |
\begin{tikzpicture}
|
|
|
616 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
|
|
|
617 |
{\small
|
|
|
618 |
\begin{minipage}{5cm}\raggedright
|
|
|
619 |
\begin{center}
|
|
|
620 |
\begin{minipage}{4.5cm}
|
|
|
621 |
\begin{itemize}
|
|
|
622 |
\item The voting system should accept all authorised votes and produce results in a timely manner.
|
|
|
623 |
\end{itemize}
|
|
|
624 |
\end{minipage}
|
|
|
625 |
\end{center}
|
|
|
626 |
\end{minipage}};
|
|
|
627 |
\end{tikzpicture}
|
|
|
628 |
\end{textblock}}
|
|
|
629 |
|
|
|
630 |
\only<6>{
|
|
|
631 |
\begin{textblock}{5.5}(8,5)
|
|
|
632 |
\begin{tikzpicture}
|
|
|
633 |
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
|
|
|
634 |
{\small
|
|
|
635 |
\begin{minipage}{5cm}\raggedright
|
|
|
636 |
\begin{center}
|
|
|
637 |
\begin{minipage}{4.5cm}
|
|
|
638 |
\begin{itemize}
|
|
|
639 |
\item Only authorised voters should be able to vote up to the permitted number of votes.
|
|
41
|
640 |
\end{itemize}
|
|
43
|
641 |
\end{minipage}
|
|
|
642 |
\end{center}
|
|
|
643 |
\end{minipage}};
|
|
|
644 |
\end{tikzpicture}
|
|
|
645 |
\end{textblock}}
|
|
|
646 |
|
|
|
647 |
\end{frame}}
|
|
|
648 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
649 |
|
|
|
650 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
651 |
\mode<presentation>{
|
|
|
652 |
\begin{frame}[t]
|
|
|
653 |
\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}
|
|
|
654 |
|
|
|
655 |
|
|
|
656 |
\begin{center}
|
|
|
657 |
\includegraphics[scale=2.5]{pics/ballotbox.jpg}
|
|
|
658 |
\end{center}
|
|
|
659 |
|
|
|
660 |
|
|
|
661 |
\end{frame}}
|
|
|
662 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
663 |
|
|
|
664 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
665 |
\mode<presentation>{
|
|
|
666 |
\begin{frame}[t]
|
|
|
667 |
\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}
|
|
|
668 |
|
|
|
669 |
|
|
|
670 |
\begin{center}\large
|
|
|
671 |
\begin{tabular}{rcl}
|
|
|
672 |
Integrity & vs. & Ballot Secrecy\bigskip\\
|
|
|
673 |
Authentication & vs. &Enfranchisement
|
|
|
674 |
\end{tabular}
|
|
|
675 |
\end{center}\bigskip\bigskip\pause
|
|
|
676 |
|
|
|
677 |
Further constraints:
|
|
|
678 |
|
|
|
679 |
\begin{itemize}
|
|
|
680 |
\item costs
|
|
|
681 |
\item accessibility
|
|
|
682 |
\item convenience
|
|
|
683 |
\item intelligibility
|
|
|
684 |
\end{itemize}
|
|
|
685 |
\end{frame}}
|
|
|
686 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
687 |
|
|
|
688 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
689 |
\mode<presentation>{
|
|
|
690 |
\begin{frame}[t]
|
|
|
691 |
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
|
|
|
692 |
|
|
|
693 |
|
|
|
694 |
\begin{itemize}
|
|
45
|
695 |
\item The Netherlands between 1997 - 2006 had electronic voting machines\\
|
|
|
696 |
\textcolor{gray}{(hacktivists had found that they could be hacked and emitted radio signals revealing how you voted)}
|
|
43
|
697 |
|
|
45
|
698 |
\item Germany had used them in pilot studies\\
|
|
43
|
699 |
\textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting
|
|
|
700 |
on the grounds of not being understandable by the general public)}
|
|
|
701 |
|
|
45
|
702 |
\item UK used optical scan voting systems in a few polls
|
|
43
|
703 |
\end{itemize}
|
|
|
704 |
\end{frame}}
|
|
|
705 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
706 |
|
|
|
707 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
708 |
\mode<presentation>{
|
|
|
709 |
\begin{frame}[t]
|
|
|
710 |
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
|
|
|
711 |
|
|
|
712 |
\mbox{}\\[-12mm]
|
|
|
713 |
\begin{itemize}
|
|
45
|
714 |
\item US used mechanical machines since the 50s, later punch cards, now DREs and
|
|
|
715 |
optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)}
|
|
43
|
716 |
|
|
|
717 |
\item Estonia used in 2007 the world's first Internet vote in national elections (there are earlier pilot studies)
|
|
|
718 |
|
|
45
|
719 |
\item India uses e-voting devices since at least 2003\\
|
|
|
720 |
\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}
|
|
43
|
721 |
|
|
45
|
722 |
\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected)
|
|
|
723 |
\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)}
|
|
43
|
724 |
\end{itemize}
|
|
|
725 |
\end{frame}}
|
|
|
726 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
727 |
|
|
|
728 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
729 |
\mode<presentation>{
|
|
|
730 |
\begin{frame}[t]
|
|
|
731 |
\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}
|
|
|
732 |
|
|
|
733 |
|
|
|
734 |
\begin{itemize}
|
|
|
735 |
\item Athenians
|
|
|
736 |
\begin{itemize}
|
|
|
737 |
\item show of hands
|
|
|
738 |
\item ballots on pieces of pottery
|
|
|
739 |
\item different colours of stones
|
|
45
|
740 |
\item ``facebook''-like authorisation
|
|
43
|
741 |
\end{itemize}\bigskip
|
|
|
742 |
|
|
45
|
743 |
\textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip
|
|
|
744 |
|
|
|
745 |
|
|
43
|
746 |
\item French Revolution and the US Constitution got things ``started'' with
|
|
|
747 |
paper ballots (you first had to bring your own, or later were pre-printed by the parties)
|
|
|
748 |
\end{itemize}
|
|
|
749 |
\end{frame}}
|
|
|
750 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
751 |
|
|
|
752 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
753 |
\mode<presentation>{
|
|
|
754 |
\begin{frame}[t]
|
|
45
|
755 |
\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}
|
|
|
756 |
|
|
|
757 |
Security policies involved with paper ballots:
|
|
|
758 |
|
|
|
759 |
\begin{enumerate}
|
|
|
760 |
\item you need to check that the ballot box is empty at the start of the poll / no false bottom (ballot stuffing)
|
|
|
761 |
\item you need guard the ballot box during the poll
|
|
|
762 |
\item tallied by a team at the end of the poll (you can have observers)
|
|
|
763 |
\end{enumerate}
|
|
|
764 |
|
|
|
765 |
\begin{center}
|
|
|
766 |
\includegraphics[scale=1.5]{pics/ballotbox.jpg}
|
|
|
767 |
\end{center}
|
|
|
768 |
|
|
|
769 |
|
|
|
770 |
\end{frame}}
|
|
|
771 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
772 |
|
|
|
773 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
774 |
\mode<presentation>{
|
|
|
775 |
\begin{frame}[t]
|
|
43
|
776 |
\frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}}
|
|
|
777 |
|
|
|
778 |
What can go wrong with paper ballots?
|
|
|
779 |
|
|
|
780 |
\only<2>{
|
|
|
781 |
\begin{center}
|
|
|
782 |
\includegraphics[scale=0.8]{pics/tweet.jpg}\\
|
|
|
783 |
\footnotesize William M.~Tweed, US Politician in 1860's\\
|
|
|
784 |
``As long as I count the votes, what are you going to do about it?''
|
|
|
785 |
\end{center}}
|
|
|
786 |
|
|
|
787 |
\only<3>{
|
|
|
788 |
\medskip
|
|
|
789 |
\begin{center}
|
|
|
790 |
\begin{minipage}{10cm}
|
|
|
791 |
{\bf Chain Voting Attack}
|
|
|
792 |
\begin{enumerate}
|
|
|
793 |
\item you obtain a blank ballot and fill it out as you want
|
|
|
794 |
\item you give it to a voter outside the polling station
|
|
|
795 |
\item voter receives a new blank ballot
|
|
|
796 |
\item voter submits prefilled ballot
|
|
|
797 |
\item voter gives blank ballot to you, you give money
|
|
|
798 |
\item goto 1
|
|
|
799 |
\end{enumerate}
|
|
|
800 |
\end{minipage}
|
|
|
801 |
\end{center}
|
|
|
802 |
}
|
|
|
803 |
|
|
|
804 |
\end{frame}}
|
|
|
805 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
806 |
|
|
|
807 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
808 |
\mode<presentation>{
|
|
|
809 |
\begin{frame}[t]
|
|
|
810 |
\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}}
|
|
|
811 |
|
|
|
812 |
\begin{itemize}
|
|
|
813 |
\item<1-> Lever Voting Machines (ca.~1930 - 1990)
|
|
|
814 |
\only<1>{
|
|
|
815 |
\begin{center}
|
|
|
816 |
\includegraphics[scale=0.56]{pics/leavermachine.jpg}
|
|
|
817 |
\end{center}
|
|
|
818 |
}
|
|
|
819 |
\item<2->Punch Cards (ca.~1950 - 2000)
|
|
|
820 |
\only<2>{
|
|
|
821 |
\begin{center}
|
|
|
822 |
\includegraphics[scale=0.5]{pics/punchcard1.jpg}\;\;
|
|
|
823 |
\includegraphics[scale=0.46]{pics/punchcard2.jpg}
|
|
|
824 |
\end{center}
|
|
|
825 |
}
|
|
|
826 |
\end{itemize}
|
|
|
827 |
|
|
45
|
828 |
|
|
|
829 |
|
|
43
|
830 |
\end{frame}}
|
|
|
831 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
832 |
|
|
44
|
833 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
834 |
\mode<presentation>{
|
|
|
835 |
\begin{frame}[t]
|
|
|
836 |
\frametitle{\begin{tabular}{@ {}c@ {}}Electronic Voting Machines\end{tabular}}
|
|
|
837 |
|
|
|
838 |
\begin{center}
|
|
|
839 |
\begin{tabular}{c}
|
|
|
840 |
\includegraphics[scale=0.45]{pics/dre1.jpg}\;
|
|
|
841 |
\includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\
|
|
|
842 |
\includegraphics[scale=0.5]{pics/opticalscan.jpg}
|
|
|
843 |
\end{tabular}
|
|
|
844 |
\end{center}
|
|
|
845 |
|
|
45
|
846 |
\only<1->{
|
|
|
847 |
\begin{textblock}{5.5}(1,4)
|
|
|
848 |
DREs
|
|
|
849 |
\end{textblock}}
|
|
|
850 |
\only<1->{
|
|
|
851 |
\begin{textblock}{5.5}(1,11)
|
|
|
852 |
Optical Scan
|
|
|
853 |
\end{textblock}}
|
|
|
854 |
|
|
|
855 |
\only<2>{
|
|
|
856 |
\begin{textblock}{5.5}(0.5,14.5)
|
|
|
857 |
all are computers
|
|
|
858 |
\end{textblock}}
|
|
|
859 |
|
|
|
860 |
\end{frame}}
|
|
|
861 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
862 |
|
|
|
863 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
864 |
\mode<presentation>{
|
|
|
865 |
\begin{frame}[c]
|
|
|
866 |
\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}}
|
|
|
867 |
|
|
|
868 |
Direct-recording electronic voting machines\\
|
|
|
869 |
(votes are recorded for example memory cards)
|
|
|
870 |
|
|
|
871 |
typically touchscreen machines
|
|
|
872 |
|
|
|
873 |
usually no papertrail (hard to add: ballot secrecy)
|
|
|
874 |
|
|
|
875 |
\begin{center}
|
|
|
876 |
\includegraphics[scale=0.56]{pics/dre1.jpg}
|
|
|
877 |
\end{center}
|
|
|
878 |
|
|
|
879 |
|
|
|
880 |
\end{frame}}
|
|
|
881 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
882 |
|
|
|
883 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
884 |
\mode<presentation>{
|
|
|
885 |
\begin{frame}[c]
|
|
|
886 |
\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
|
|
|
887 |
|
|
|
888 |
The work by J.~Alex Halderman:
|
|
|
889 |
|
|
|
890 |
\begin{itemize}
|
|
|
891 |
\item acquired a machine from an anonymous source\medskip
|
|
|
892 |
\item the source code running the machine was tried to keep secret\medskip\pause
|
|
|
893 |
|
|
|
894 |
\item first reversed-engineered the machine (extremely tedious)
|
|
|
895 |
\item could completely reboot the machine and even install a virus that infects other Diebold machines
|
|
|
896 |
\item obtained also the source code for other machines
|
|
|
897 |
\end{itemize}
|
|
|
898 |
|
|
|
899 |
|
|
|
900 |
\end{frame}}
|
|
|
901 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
902 |
|
|
|
903 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
904 |
\mode<presentation>{
|
|
|
905 |
\begin{frame}[c]
|
|
|
906 |
\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
|
|
|
907 |
|
|
|
908 |
The work by J.~Alex Halderman:
|
|
|
909 |
|
|
|
910 |
\begin{itemize}
|
|
|
911 |
\item acquired a machine from an anonymous source\medskip
|
|
|
912 |
\item the source code running the machine was tried to keep secret\medskip\pause
|
|
|
913 |
|
|
|
914 |
\item first reversed-engineered the machine (extremely tedious)
|
|
|
915 |
\item could completely reboot the machine and even install a virus that infects other Diebold machines
|
|
|
916 |
\item obtained also the source code for other machines
|
|
|
917 |
\end{itemize}
|
|
|
918 |
|
|
|
919 |
|
|
44
|
920 |
\end{frame}}
|
|
|
921 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
922 |
|
|
43
|
923 |
|
|
|
924 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
925 |
\mode<presentation>{
|
|
|
926 |
\begin{frame}[c]
|
|
|
927 |
|
|
|
928 |
\begin{center}
|
|
|
929 |
\includegraphics[scale=0.56]{pics/Voting1.png}
|
|
|
930 |
\end{center}
|
|
|
931 |
|
|
|
932 |
|
|
|
933 |
\end{frame}}
|
|
|
934 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
935 |
|
|
|
936 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
937 |
\mode<presentation>{
|
|
|
938 |
\begin{frame}[c]
|
|
|
939 |
|
|
|
940 |
\begin{center}
|
|
|
941 |
\includegraphics[scale=0.56]{pics/Voting2.png}
|
|
|
942 |
\end{center}
|
|
|
943 |
|
|
|
944 |
|
|
|
945 |
\end{frame}}
|
|
|
946 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
947 |
|
|
|
948 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
949 |
\mode<presentation>{
|
|
|
950 |
\begin{frame}[c]
|
|
|
951 |
|
|
|
952 |
\begin{center}
|
|
|
953 |
\includegraphics[scale=0.56]{pics/Voting3.png}
|
|
|
954 |
\end{center}
|
|
|
955 |
|
|
|
956 |
|
|
|
957 |
\end{frame}}
|
|
|
958 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
959 |
|
|
|
960 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
961 |
\mode<presentation>{
|
|
|
962 |
\begin{frame}[c]
|
|
|
963 |
|
|
|
964 |
\begin{center}
|
|
|
965 |
\includegraphics[scale=0.56]{pics/Voting4.png}
|
|
|
966 |
\end{center}
|
|
41
|
967 |
|
|
|
968 |
|
|
|
969 |
\end{frame}}
|
|
|
970 |
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
|
971 |
|
|
|
972 |
|
|
|
973 |
\end{document}
|
|
|
974 |
|
|
|
975 |
%%% Local Variables:
|
|
|
976 |
%%% mode: latex
|
|
|
977 |
%%% TeX-master: t
|
|
|
978 |
%%% End:
|
|
|
979 |
|