328 |
328 |
329 |
329 |
330 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
330 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
331 \mode<presentation>{ |
331 \mode<presentation>{ |
332 \begin{frame}[t] |
332 \begin{frame}[t] |
333 \frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewall\end{tabular}} |
333 \frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}} |
334 |
334 |
335 \begin{itemize} |
335 \begin{itemize} |
336 \item<1->What assets are you trying to protect?\\ |
336 \item<1->What assets are you trying to protect?\\ |
337 \only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Whatever is behind the firewall |
337 \only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Whatever is behind the firewall |
338 (credit cards, passwords, blueprints, \ldots)\end{tabular}} |
338 (credit cards, passwords, blueprints, \ldots)\end{tabular}} |
395 \only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
395 \only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
396 It prevents problems when passwords are stolen. Man-in-the-middle attacks |
396 It prevents problems when passwords are stolen. Man-in-the-middle attacks |
397 still possible.\end{tabular}} |
397 still possible.\end{tabular}} |
398 \item<4->What other risks does the security solution cause? |
398 \item<4->What other risks does the security solution cause? |
399 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or credit card/pin might |
399 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or credit card/pin might |
400 be stolen. SIM card become valuable.\end{tabular}} |
400 be stolen. SIM card becomes more valuable.\end{tabular}} |
401 \item<5->What costs and trade-offs does the security solution impose? |
401 \item<5->What costs and trade-offs does the security solution impose? |
402 \only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
402 \only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
403 Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}} |
403 Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}} |
404 \item<7>[]{\bf\large Yes!} |
404 \item<7>[]{\bf\large Yes!} |
405 \end{itemize} |
405 \end{itemize} |
487 \item<4->What other risks does the security solution cause? |
487 \item<4->What other risks does the security solution cause? |
488 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You might not notice tampering.\end{tabular}} |
488 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You might not notice tampering.\end{tabular}} |
489 \item<5->What costs and trade-offs does the security solution impose? |
489 \item<5->What costs and trade-offs does the security solution impose? |
490 \only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
490 \only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
491 The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}} |
491 The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}} |
492 \item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airport, swimming pool}} |
492 \item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airports, swimming pools, \ldots}} |
493 \end{itemize} |
493 \end{itemize} |
494 |
494 |
495 |
495 |
496 \end{frame}} |
496 \end{frame}} |
497 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
497 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
498 |
498 |
499 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
499 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
500 \mode<presentation>{ |
500 \mode<presentation>{ |
501 \begin{frame}[t] |
501 \begin{frame}[t] |
502 \frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security by Obscurity\end{tabular}} |
502 \frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security-by-Obscurity\end{tabular}} |
503 |
503 |
504 You might think it is a good idea to keep a security relevant algorithm or |
504 You might think it is a good idea to keep a security relevant algorithm or |
505 software secret. |
505 software secret. |
506 |
506 |
507 \begin{itemize} |
507 \begin{itemize} |
508 \item<1->What assets are you trying to protect?\\ |
508 \item<1->What assets are you trying to protect?\\ |
509 \only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}source code, an algorithm\end{tabular}} |
509 \only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Source code, an algorithm and things that depend on it\end{tabular}} |
510 \item<2->What are the risks to these assets?\\ |
510 \item<2->What are the risks to these assets?\\ |
511 \only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
511 \only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
512 Can be pretty high (Oystercards).\end{tabular}} |
512 Can be pretty high (Oystercards).\end{tabular}} |
513 \item<3->How well does the security solution mitigate those risks?\\ |
513 \item<3->How well does the security solution mitigate those risks?\\ |
514 \only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
514 \only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright |
515 Not really. The source code can be reverse engineered, stolen\ldots{}\end{tabular}} |
515 Not really. The source code can be reverse engineered, stolen, coerced \ldots{}\end{tabular}} |
516 \item<4->What other risks does the security solution cause? |
516 \item<4->What other risks does the security solution cause? |
517 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent |
517 \only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent |
518 scrutiny and independent advice. You also more likely than not |
518 scrutiny and independent advice. You also more likely than not to |
519 get it wrong.\end{tabular}} |
519 get it wrong.\end{tabular}} |
520 \item<5>[]{\bf\large No!} |
520 \item<5>[]{\bf\large No!} |
521 \end{itemize} |
521 \end{itemize} |
522 |
522 |
523 |
523 |
625 \end{center} |
625 \end{center} |
626 \end{minipage}}; |
626 \end{minipage}}; |
627 \end{tikzpicture} |
627 \end{tikzpicture} |
628 \end{textblock}} |
628 \end{textblock}} |
629 |
629 |
630 \only<6>{ |
|
631 \begin{textblock}{5.5}(8,5) |
|
632 \begin{tikzpicture} |
|
633 \draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] |
|
634 {\small |
|
635 \begin{minipage}{5cm}\raggedright |
|
636 \begin{center} |
|
637 \begin{minipage}{4.5cm} |
|
638 \begin{itemize} |
|
639 \item Only authorised voters should be able to vote up to the permitted number of votes. |
|
640 \end{itemize} |
|
641 \end{minipage} |
|
642 \end{center} |
|
643 \end{minipage}}; |
|
644 \end{tikzpicture} |
|
645 \end{textblock}} |
|
646 |
|
647 \end{frame}} |
630 \end{frame}} |
648 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
631 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
649 |
632 |
650 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
633 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
651 \mode<presentation>{ |
634 \mode<presentation>{ |
691 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
674 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
692 |
675 |
693 |
676 |
694 \begin{itemize} |
677 \begin{itemize} |
695 \item The Netherlands between 1997 - 2006 had electronic voting machines\\ |
678 \item The Netherlands between 1997 - 2006 had electronic voting machines\\ |
696 \textcolor{gray}{(hacktivists had found that they could be hacked and emitted radio signals revealing how you voted)} |
679 \textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)} |
697 |
680 |
698 \item Germany had used them in pilot studies\\ |
681 \item Germany had used them in pilot studies\\ |
699 \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting |
682 \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting |
700 on the grounds of not being understandable by the general public)} |
683 on the grounds of not being understandable by the general public)} |
701 |
684 |
709 \begin{frame}[t] |
692 \begin{frame}[t] |
710 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
693 \frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} |
711 |
694 |
712 \mbox{}\\[-12mm] |
695 \mbox{}\\[-12mm] |
713 \begin{itemize} |
696 \begin{itemize} |
714 \item US used mechanical machines since the 50s, later punch cards, now DREs and |
697 \item US used mechanical machines since the 30s, later punch cards, now DREs and |
715 optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)} |
698 optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)} |
716 |
699 |
717 \item Estonia used in 2007 the world's first Internet vote in national elections (there are earlier pilot studies) |
700 \item Estonia used in 2007 the Internet for national elections |
|
701 \textcolor{gray}{(there were earlier pilot studies in other countries)} |
718 |
702 |
719 \item India uses e-voting devices since at least 2003\\ |
703 \item India uses e-voting devices since at least 2003\\ |
720 \textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)} |
704 \textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)} |
721 |
705 |
722 \item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected) |
706 \item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected) |
742 |
726 |
743 \textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip |
727 \textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip |
744 |
728 |
745 |
729 |
746 \item French Revolution and the US Constitution got things ``started'' with |
730 \item French Revolution and the US Constitution got things ``started'' with |
747 paper ballots (you first had to bring your own, or later were pre-printed by the parties) |
731 paper ballots (you first had to bring your own; later they were pre-printed by parties) |
748 \end{itemize} |
732 \end{itemize} |
749 \end{frame}} |
733 \end{frame}} |
750 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
734 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
751 |
735 |
752 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
736 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |
755 \frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}} |
739 \frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}} |
756 |
740 |
757 Security policies involved with paper ballots: |
741 Security policies involved with paper ballots: |
758 |
742 |
759 \begin{enumerate} |
743 \begin{enumerate} |
760 \item you need to check that the ballot box is empty at the start of the poll / no false bottom (ballot stuffing) |
744 \item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing) |
761 \item you need guard the ballot box during the poll |
745 \item you need to guard the ballot box during the poll until counting |
762 \item tallied by a team at the end of the poll (you can have observers) |
746 \item tallied by a team at the end of the poll (independent observers) |
763 \end{enumerate} |
747 \end{enumerate} |
764 |
748 |
765 \begin{center} |
749 \begin{center} |
766 \includegraphics[scale=1.5]{pics/ballotbox.jpg} |
750 \includegraphics[scale=1.5]{pics/ballotbox.jpg} |
767 \end{center} |
751 \end{center} |