sen-material: comparison slides/slides02.tex

equal deleted inserted replaced

-:729b86eae005
+:40c51038c9e4
 \documentclass[dvipsnames,14pt,t]{beamer}
-\usepackage{beamerthemeplainculight}
+\usepackage{beamerthemeplaincu}
-\usepackage[T1]{fontenc}
 \usepackage[latin1]{inputenc}
 \usepackage{mathpartir}
 \usepackage[absolute,overlay]{textpos}
 \usepackage{ifthen}
 \usepackage{tikz}
 	tabsize=2,
 	showspaces=false,
 	showstringspaces=false}
 % beamer stuff
-\renewcommand{\slidecaption}{APP 02, King's College London, 2 October 2012}
+\renewcommand{\slidecaption}{APP 02, King's College London, 1 October 2013}
+%Bank vs Voting
+%http://www.parliament.vic.gov.au/images/stories/committees/emc/2010_Election/submissions/13_VTeague_EMC_Inquiry_No.6.pdf
+% first cyber attack
+%http://investigations.nbcnews.com/_news/2013/03/18/17314818-cyberattack-on-florida-election-is-first-known-case-in-us-experts-say
 \begin{document}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \mode<presentation>{
 \\
 \LARGE Access Control and \\[-3mm]
 \LARGE Privacy Policies (2)\\[-6mm]
 \end{tabular}}\bigskip\bigskip\bigskip
-%\begin{center}
-%\includegraphics[scale=1.3]{pics/barrier.jpg}
-%\end{center}
 \normalsize
 \begin{center}
 \begin{tabular}{ll}
 Email:  & christian.urban at kcl.ac.uk\\
-Of$\!$fice: & S1.27 (1st floor Strand Building)\\
+Office: & S1.27 (1st floor Strand Building)\\
-Slides: & KEATS (also home work is there)
+Slides: & KEATS (also homework is there)\\
 \end{tabular}
 \end{center}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
+\mode<presentation>{
-\frametitle{\begin{tabular}{c}Homework\end{tabular}}
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}This Course is about\\[-2mm]  ``Satan's Computer''\end{tabular}}
-\ldots{} I have a question about the homework.\\[3mm]
+Ross Anderson and Roger Needham wrote:\bigskip
-Is it required to submit the homework before\\
-the next lecture?\\[5mm]
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-Thank you!\\
+{\normalsize\color{darkgray}
-Anonymous
+\begin{minipage}{10cm}\raggedright\small
+``In effect, our task is to program a computer which gives
-\end{frame}}
+answers which are subtly and maliciously wrong at the most
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+inconvenient possible moment\ldots{} we hope that the lessons
+learned from programming Satan's computer may be helpful
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+in tackling the more common problem of programming Murphy's.''
-\mode<presentation>{
+\end{minipage}};
-\begin{frame}[c]
+\end{tikzpicture}\\[30mm]
-\begin{center}
+\only<2>{
-\begin{tabular}[t]{c}
+\begin{textblock}{11}(2,12)
-\includegraphics[scale=1.2]{pics/barrier.jpg}\\
+\begin{tabular}{c}
-future lectures
+\includegraphics[scale=0.12]{pics/ariane.jpg}\\[-2mm]
-\end{tabular}\;\;\;
+\footnotesize Murphy's computer
-\onslide<2>{
-\begin{tabular}[t]{c}
-\includegraphics[scale=0.32]{pics/trainwreck.jpg}\\
-today
 \end{tabular}
-}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}SmartWater\end{tabular}}
-\begin{textblock}{1}(1,3)
 \begin{tabular}{c}
-\includegraphics[scale=0.15]{pics/SmartWater}
+\includegraphics[scale=0.15]{pics/mobile.jpg}\;
+\includegraphics[scale=0.06]{pics/pinsentry.jpg}\\[-2mm]
+\footnotesize Satan's computers
 \end{tabular}
-\end{textblock}
+\end{textblock}}
+\end{frame}}
-\begin{textblock}{8.5}(7,3)
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{itemize}
-\item seems helpful for preventing cable theft\medskip
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\item wouldn't be helpful to make your property safe, because of possible abuse\medskip
+\mode<presentation>{
+\begin{frame}[c]
-\item security is always a tradeoff
+\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}
-\end{itemize}
-\end{textblock}
+Can you track a user {\bf without}:
-\end{frame}}
+\begin{itemize}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\item Cookies
+\item Javascript
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\item LocalStorage/SessionStorage/GlobalStorage
-\mode<presentation>{
+\item Flash, Java or other plugins
-\begin{frame}[c]
+\item Your IP address or user agent string
-\frametitle{\begin{tabular}{@ {}c@ {}}Plain-text Passwords at IEEE\end{tabular}}
+\item Any methods employed by Panopticlick\\
+\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
-\small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:}
+\end{itemize}
+Even when you disabled cookies entirely, have Javascript turned off and use a VPN service.\\\pause
-\begin{itemize}
+And numerous sites already use it (Google).
-\item IEEE is a standards organisation (not-for-profit)
-\item many standards in CS are by IEEE\medskip
+\end{frame}}
-\item 100k plain-text passwords were recorded in logs
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\item the logs were openly accessible on their FTP server
-\end{itemize}\bigskip
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{flushright}\small
+\mode<presentation>{
-\textcolor{gray}{\url{http://ieeelog.com}}
+\begin{frame}[c]
-\end{flushright}
+\frametitle{\begin{tabular}{c}Web-Protocol\end{tabular}}
+\only<1->{
+\begin{textblock}{1}(2,2)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{pics/firefox.jpg}};
+\end{tikzpicture}
+\end{textblock}}
+\only<1->{
+\begin{textblock}{1}(11,2)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{pics/servers.png}};
+\end{tikzpicture}
+\end{textblock}}
+\only<1->{
+\begin{textblock}{1}(5,2.5)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<2->{
+\begin{textblock}{1}(5,6)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, <-, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
+\node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<3->{
+\begin{textblock}{1}(4.2,11)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, ->, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\only<4->{
+\begin{textblock}{1}(4.2,13.9)
+\begin{tikzpicture}[scale=1.3]
+\draw[white] (0,0) node (X) {};
+\draw[white] (3,0) node (Y) {};
+\draw[red, <-, line width = 2mm] (X) -- (Y);
+\node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
+\end{tikzpicture}
+\end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{Today's Lecture}
+\begin{center}
+\begin{tabular}{cc}
+\large online banking  & \hspace{6mm}\large e-voting\\
+\textcolor{gray}{solved} & \hspace{6mm}\textcolor{gray}{unsolved}\\
+\end{tabular}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}
+What are the security requirements of a voting system?\bigskip
+\begin{itemize}
+\item<2->Integrity
+\item<3->Ballot Secrecy
+\item<5->Voter Authentication
+\item<6->Enfranchisement
+\item<7->Availability
+\end{itemize}
 \only<2>{
-\begin{textblock}{11}(3,2)
+\begin{textblock}{5.5}(8,5)
 \begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm]
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
-{\normalsize\color{darkgray}
+{\small
-\begin{minipage}{7.5cm}\raggedright\small
+\begin{minipage}{5cm}\raggedright
-\includegraphics[scale=0.6]{pics/IEEElog.jpg}
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item The outcome matches with the voters' intend.
+\item There might be gigantic sums at stake and need to be defended against.
+\end{itemize}
+\end{minipage}
+\end{center}
 \end{minipage}};
 \end{tikzpicture}
 \end{textblock}}
-\end{frame}}
+\only<4>{
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{textblock}{5.5}(8,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+{\small
-\mode<presentation>{
+\begin{minipage}{5cm}\raggedright
-\begin{frame}[c]
+\begin{center}
-\frametitle{\begin{tabular}{@ {}c@ {}}Virgin Mobile (USA)\end{tabular}}
+\begin{minipage}{4.5cm}
+\begin{itemize}
-\begin{flushright}\small
+\item Nobody can find out how you voted.
-\textcolor{gray}{\url{http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/}}
+\item (Stronger) Even if you try, you cannot prove how you voted.
-\end{flushright}
+\end{itemize}
+\end{minipage}
-\begin{itemize}
+\end{center}
-\item for online accounts passwords must be 6 digits
+\end{minipage}};
-\item you must cycle through 1M combinations (online)\pause\bigskip
+\end{tikzpicture}
+\end{textblock}}
-\item he limited the attack on his own account to 1 guess per second, \alert{\bf and}
-\item wrote a script that cleared the cookie set after each guess\pause
+\only<5>{
-\item has been fixed now
+\begin{textblock}{5.5}(8,5)
-\end{itemize}
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
-\end{frame}}
+\begin{center}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item Only authorised voters can vote up to the permitted number of votes.
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{itemize}
-\mode<presentation>{
+\end{minipage}
-\begin{frame}[c]
+\end{center}
-\frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun \ldots\end{tabular}}
+\end{minipage}};
+\end{tikzpicture}
-\begin{itemize}
+\end{textblock}}
-\item ``smashing the stack attacks'' or ``buffer overflow attacks''
-\item one of the most popular attacks;\\ attack of the (last) decade\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows)
+\only<6>{
-\begin{flushright}\small
+\begin{textblock}{5.5}(8,5)
-\textcolor{gray}{\url{http://www.kb.cert.org/vuls}}
+\begin{tikzpicture}
-\end{flushright}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item Authorised voters should have the opportunity to vote.
+\end{itemize}
+\end{minipage}
+\end{center}
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+\only<7>{
+\begin{textblock}{5.5}(8,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item The voting system should accept all authorised votes and produce results in a timely manner.
+\end{itemize}
+\end{minipage}
+\end{center}
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}
+\begin{center}\large
+\begin{tabular}{rcl}
+Integrity & vs. & Ballot Secrecy\bigskip\\
+Authentication & vs. &Enfranchisement
+\end{tabular}
+\end{center}\bigskip\bigskip\pause
+Further constraints:
+\begin{itemize}
+\item costs
+\item accessibility
+\item convenience
+\item intelligibility
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Traditional Ballot Boxes\end{tabular}}
+\begin{center}
+\includegraphics[scale=2.5]{pics/ballotbox.jpg}
+\end{center}\pause\bigskip
+they need a ``protocol''
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
+\begin{itemize}
+\item The Netherlands between 1997 - 2006 had electronic voting machines\\
+\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}
+\item Germany had used them in pilot studies\\
+\textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting
+on the grounds of not being understandable by the general public)}
+\item UK used optical scan voting systems in a few polls
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
+\mbox{}\\[-12mm]
+\begin{itemize}
+\item US used mechanical machines since the 30s, later punch cards, now DREs and
+optical scan voting machines
+\item Estonia used in 2007 the Internet for national elections
+\textcolor{gray}{(there were earlier pilot studies in other countries)}
+\item India uses e-voting devices  since at least 2003\\
+\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}
+\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected)
+\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}
+\begin{itemize}
+\item Athenians
+\begin{itemize}
+\item show of hands
+\item ballots on pieces of pottery
+\item different colours of stones
+\item ``facebook''-like authorisation
+\end{itemize}\bigskip
+\textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip
+\item French Revolution and the US Constitution got things ``started'' with
+paper ballots (you first had to bring your own; later they were pre-printed by parties)
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}
+Security policies involved with paper ballots:
+\begin{enumerate}
+\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)
+\item you need to guard the ballot box during the poll until counting
+\item tallied by a team at the end of the poll (independent observers)
+\end{enumerate}
+\begin{center}
+\includegraphics[scale=1.5]{pics/ballotbox.jpg}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}}
+What can go wrong with paper ballots?
+\only<2>{
+\begin{center}
+\includegraphics[scale=0.8]{pics/tweet.jpg}\\
+\footnotesize William M.~Tweed, US Politician in 1860's\\
+``As long as I count the votes, what are you going to do about it?''
+\end{center}}
+\only<3>{
 \medskip
-\item made popular in an article by Elias Levy\\ (also known as Aleph One):\\
+\begin{center}
-\begin{center}
+\begin{minipage}{10cm}
-{\bf ``Smashing The Stack For Fun and Profit''}
+{\bf Chain Voting Attack}
-\end{center}\medskip
+\begin{enumerate}
+\item you obtain a blank ballot and fill it out as you want
-\begin{flushright}
+\item you give it to a voter outside the polling station
-\small\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14}
+\item voter receives a new blank ballot
-\end{flushright}
+\item voter submits prefilled ballot
+\item voter gives blank ballot to you, you give money
-\end{itemize}
+\item goto 1
+\end{enumerate}
+\end{minipage}
-\end{frame}}
+\end{center}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{frame}}
-\mode<presentation>{
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Problem\end{tabular}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
-\begin{itemize}
+\begin{frame}[c]
-\item The basic problem is that library routines in C look as follows:
-\begin{center}
+Which security requirements do paper ballots satisfy better than voice voting?\bigskip
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{app5.c}}}
+\begin{itemize}
-\end{center}
+\item Integrity
-\item the resulting problems are often remotely exploitable
+\item Enfranchisement
-\item can be used to circumvents all access control
+\item Ballot secrecy
-(botnets for further attacks)
+\item Voter authentication
-\end{itemize}
+\item Availability
+\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{frame}[c]
+\mode<presentation>{
-\frametitle{\begin{tabular}{c}Variants\end{tabular}}
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}}
-There are many variants:
+\begin{itemize}
-\begin{itemize}
+\item<1-> Lever Voting Machines (ca.~1930 - 1990)
-\item return-to-lib-C attacks
+\only<1>{
-\item heap-smashing attacks\\
+\begin{center}
-\textcolor{gray}{\small(Slammer Worm in 2003 infected 90\% of vulnerable systems within 10 minutes)}\bigskip
+\includegraphics[scale=0.56]{pics/leavermachine.jpg}
+\end{center}
-\item ``zero-days-attacks'' (new unknown vulnerability)
+}
-\end{itemize}
+\item<2->Punch Cards (ca.~1950 - 2000)
+\only<2>{
-\end{frame}}
+\begin{center}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\includegraphics[scale=0.5]{pics/punchcard1.jpg}\;\;
+\includegraphics[scale=0.46]{pics/punchcard2.jpg}
+\end{center}
+}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{itemize}
-\mode<presentation>{
-\begin{frame}[c]
-\small
+\end{frame}}
-\texttt{my\_float} is printed twice:\bigskip
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\texttt{\lstinputlisting{C1.c}}}
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Electronic Voting Machines\end{tabular}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{center}
+\begin{tabular}{c}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\includegraphics[scale=0.45]{pics/dre1.jpg}\;
-\mode<presentation>{
+\includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\
-\begin{frame}[c]
+\includegraphics[scale=0.5]{pics/opticalscan.jpg}
+\end{tabular}
-\begin{center}
+\end{center}
-\only<1>{\includegraphics[scale=0.9]{pics/stack1}\;\;}
-\only<2>{\includegraphics[scale=0.9]{pics/stack2}\;\;}
+\only<1->{
-\only<3>{\includegraphics[scale=0.9]{pics/stack3}\;\;}
+\begin{textblock}{5.5}(1,4)
-\end{center}
+DREs
+\end{textblock}}
+\only<1->{
-\end{frame}}
+\begin{textblock}{5.5}(1,11)
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+Optical Scan
+\end{textblock}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
+\only<2>{
-\begin{frame}[c]
+\begin{textblock}{5.5}(0.5,14.5)
+all are computers
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
+\end{textblock}}
-\texttt{\lstinputlisting{C2.c}}}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
-\mode<presentation>{
+\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}}
-\begin{frame}[c]
+Direct-recording electronic voting machines\\
-\small
+(votes are recorded for example on memory cards)
-A programmer might be careful, but still introduce vulnerabilities:\bigskip
+typically touchscreen machines
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{C2a.c}}}
+usually no papertrail
+\begin{center}
-\end{frame}}
+\includegraphics[scale=0.56]{pics/dre1.jpg}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\end{center}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
+\end{frame}}
-\begin{frame}[c]
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\frametitle{\begin{tabular}{c}Payloads\end{tabular}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{itemize}
+\mode<presentation>{
-\item the idea is you store some code as part to the buffer
+\begin{frame}[c]
-\item you then override the return address to execute this payload\medskip
+\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
-\item normally you start a root-shell\pause
-\item difficulty is to guess the right place where to ``jump''
+The work by J.~Alex Halderman:
-\end{itemize}
+\begin{itemize}
-\end{frame}}
+\item acquired a machine from an anonymous source\medskip
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\item the source code running the machine was tried to be kept secret\medskip\pause
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\item first reversed-engineered the machine (extremely tedious)
-\mode<presentation>{
+\item could completely reboot the machine and even install a virus that infects other Diebold machines
-\begin{frame}[c]
+\item obtained also the source code for other machines
-\frametitle{\begin{tabular}{c}Payloads (2)\end{tabular}}
+\end{itemize}
-\begin{itemize}
+\end{frame}}
-\item another difficulty is that the code is not allowed to contain \texttt{$\backslash$x00}:
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\begin{center}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\texttt{xorl   \%eax, \%eax}
+\mode<presentation>{
-\end{center}
+\begin{frame}[c]
-\end{itemize}\bigskip\bigskip
+\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
+What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pause
-\texttt{\lstinputlisting{app5.c}}}
+A non-obvious problem:
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{itemize}
+\item you can nowadays get old machines, which still store old polls
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\item the paper ballot box needed to be secured during the voting until counting;
-\mode<presentation>{
+e-voting machines need to be secured during the entire life-time
-\begin{frame}[c]
+\end{itemize}
-\frametitle{\begin{tabular}{c}Format String Vulnerability\end{tabular}}
+\end{frame}}
-\small
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\texttt{string} is nowhere used:\bigskip
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
+\mode<presentation>{
-\texttt{\lstinputlisting{programs/C4.c}}}\bigskip
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Paper Trail\end{tabular}}
-this vulnerability can be used to read out the stack
+Conclusion:\\ Any electronic solution should have a paper trail.
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{center}
+\begin{tabular}{c}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\includegraphics[scale=0.5]{pics/opticalscan.jpg}
-\mode<presentation>{
+\end{tabular}
-\begin{frame}[c]
+\end{center}\pause
-\frametitle{\begin{tabular}{c}Protections against BO Attacks\end{tabular}}
+You still have to solve problems about
-\begin{itemize}
+voter registration, voter authentification, guarding against tampering
-\item use safe library functions
-\item ensure stack data is not executable (can be defeated)
+\end{frame}}
-\item address space randomisation (makes one-size-fits-all more difficult)
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\item choice of programming language (one of the selling points of Java)
-\end{itemize}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
-\end{frame}}
+\begin{frame}[c]
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting in India\end{tabular}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+Their underlying engineering principle is ``keep-it-simple'':
-\mode<presentation>{
-\begin{frame}[c]
+\begin{center}
-\frametitle{\begin{tabular}{c}Security Goals\end{tabular}}
+\begin{tabular}{c}
+\includegraphics[scale=1.05]{pics/indiaellection.jpg}\;\;
-\begin{itemize}
+\includegraphics[scale=0.40]{pics/india1.jpg}
-\item Prevent common vulnerabilities from occurring (e.g. buffer overflows)\pause
+\end{tabular}
-\item Recover from attacks (traceability and auditing of security-relevant actions)\pause
+\end{center}\medskip\pause
-\item Monitoring (detect attacks)\pause
-\item Privacy, confidentiality, anonymity (to protect secrets)\pause
+Official claims: ``perfect'', ``tamperproof'', ``no need for technical improvements'' , ``infallible''
-\item Authenticity (needed for access control)\pause
+\end{frame}}
-\item Integrity (prevent unwanted modification or tampering)\pause
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\item Availability and reliability (reduce the risk of DoS attacks)
-\end{itemize}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\end{frame}}
+\mode<presentation>{
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Lessons Learned\end{tabular}}
+\begin{itemize}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\item keep a paper trail and design your system to keep this secure\medskip
-\mode<presentation>{
+\item make the software open source (avoid security-by-obscurity)\medskip
-\begin{frame}[c]
+\item have a simple design in order to minimise the attack surface
-\frametitle{\begin{tabular}{c}Homework\end{tabular}}
+\end{itemize}
-\begin{itemize}
+\end{frame}}
-\item Assume format string attacks allow you to read out the stack. What can you do
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-	with this information?\bigskip
-\item Assume you can crash a program remotely. Why is this a problem?
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\end{itemize}
+\mode<presentation>{
+\begin{frame}[c]
+\begin{center}
+\includegraphics[scale=0.56]{pics/Voting1.png}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\begin{center}
+\includegraphics[scale=0.56]{pics/Voting2.png}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\begin{center}
+\includegraphics[scale=0.56]{pics/Voting3.png}
+\end{center}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\begin{center}
+\includegraphics[scale=0.56]{pics/Voting4.png}
+\end{center}
 \end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \end{document}

changeset 105	40c51038c9e4
parent 90	d1d07f05325a
child 106	9feafc9bbe9f