\documentclass{article}

\usepackage{../style}

\begin{document}

\section*{Homework 2}

\HEADER

\begin{enumerate}

\item Another question for thinking like an attacker: Imagine

      you have at home a broadband contract with TalkTalk. You

      do not like their service and want to switch to Virgin,

      say. The procedure between the Internet providers is

      that you contact Virgin and set up a new contract and

      they will automatically inform TalkTalk to terminate the

      old contract. TalkTalk will then send you a letter to

      confirm that you want to terminate. If they do not hear

      from you, they will proceed with terminating the

      contract and will request any outstanding cancellation

      fees. Virgin on the other hand sends you a new router

      and paperwork about the new contract. Obviously this way

      of doing things is meant to make switching as convenient

      as possible. Still can you imagine situations in which

      this way of switching providers can cause you a lot of

      headaches? For this consider that TalkTalk needs

      approximately 14 days to reconnect you and might ask for

      reconnection fees.

\item Often problems in e-voting are due to difficulties with

      authentication. Keep this in mind for what could go

      wrong with the following discount offered by an

      insurance company: John Hancock Insurance is partnering

      with Vitality, which you might know as one of those

      work-related wellness programmes. The programme is

      available in 30 US states. If you sign up for this, John

      Hancock will send you a free Fitbit monitor. That's a

      tiny, pill-shaped device that some people wear in

      sleek-looking bracelets to track how far they walk/run,

      the calories burned, and the quality of sleep. That

      means the insurance company would know exactly when a

      customer does a sit-up, how far she runs -- or when he

      or she has skipped the gym for a few days. For `good'

      customers there will be a discount in their premiums.

      Why is this a problem?

\item Voice voting is the method of casting a vote in the `open air'

  for everyone present to hear. Which of the following security

  requirements do paper ballots satisfy \textbf{better} than voice

  voting? Check all that apply and give a brief explanation for your

  decision in each case.

\begin{itemize}

\item[$\Box$] Integrity

\item[$\Box$] Enfranchisement

\item[$\Box$] Ballot secrecy

\item[$\Box$] Voter authentication

\item[$\Box$] Availability

\end{itemize}

\item Explain how an attacker can use chain voting in order to

  influence the outcome of a poll using paper ballots.

\item Which of the following mechanisms help with defending against

  chain voting? Check all that apply. Give a brief reason for each

  defence that mitigates chain voting attacks.

\begin{itemize}

\item[$\Box$] Using a glass ballot box to make it clear there are no

  ballots in the box before the start of the election.

\item[$\Box$] Distributing ballots publicly before the election.

\item[$\Box$] Checking that a voter's ID (drivers license, passport) matches the voter.

\item[$\Box$] Each ballot has a unique ID. When a voter is given a

  ballot, the ID is recorded. When the voter submits his or her

  ballot, this ID is checked against the record.

\end{itemize}

\item In the Estonian general election, votes can be cast via Internet

  some time before the election day. These votes cast via Internet can

  be changed an unlimited amount of times, the last vote is

  tabulated. You can even change your vote on the polling day in

  person. Which security requirement does this procedure address?

\item Paper ballots boxes need to be guarded on the voting day, but

  can be unguarded the rest of the year. Why do pure electronic voting

  machines need to be guarded the whole year?

\item What is the main difference between online banking and e-voting? 

(Hint: Why is the latter so hard to get secure?)

\item Imagine, hypothetically, you have a perfectly secure Internet

  voting system, by which I mean nobody can tamper with or steal votes

  between your browser and the central server responsible for vote

  tallying. What can still go wrong with such a perfectly secure

  voting system, which is prevented in traditional elections with

  paper-based ballots?

\item \POSTSCRIPT

\end{enumerate}

\end{document}

%%% Local Variables: 

%%% mode: latex

%%% TeX-master: t

%%% End: