sen-material: comparison slides04.tex

equal deleted inserted replaced

-:be35ff24cccc
+:d1d07f05325a
-\documentclass[dvipsnames,14pt,t]{beamer}
-\usepackage{beamerthemeplainculight}
-\usepackage[T1]{fontenc}
-\usepackage[latin1]{inputenc}
-\usepackage{mathpartir}
-\usepackage[absolute,overlay]{textpos}
-\usepackage{ifthen}
-\usepackage{tikz}
-\usepackage{pgf}
-\usepackage{calc}
-\usepackage{ulem}
-\usepackage{courier}
-\usepackage{listings}
-\renewcommand{\uline}[1]{#1}
-\usetikzlibrary{arrows}
-\usetikzlibrary{automata}
-\usetikzlibrary{shapes}
-\usetikzlibrary{shadows}
-\usetikzlibrary{positioning}
-\usetikzlibrary{calc}
-\usepackage{graphicx}
-\definecolor{javared}{rgb}{0.6,0,0} % for strings
-\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
-\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
-\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc
-\lstset{language=Java,
-	basicstyle=\ttfamily,
-	keywordstyle=\color{javapurple}\bfseries,
-	stringstyle=\color{javagreen},
-	commentstyle=\color{javagreen},
-	morecomment=[s][\color{javadocblue}]{/**}{*/},
-	numbers=left,
-	numberstyle=\tiny\color{black},
-	stepnumber=1,
-	numbersep=10pt,
-	tabsize=2,
-	showspaces=false,
-	showstringspaces=false}
-\lstdefinelanguage{scala}{
-morekeywords={abstract,case,catch,class,def,%
-do,else,extends,false,final,finally,%
-for,if,implicit,import,match,mixin,%
-new,null,object,override,package,%
-private,protected,requires,return,sealed,%
-super,this,throw,trait,true,try,%
-type,val,var,while,with,yield},
-otherkeywords={=>,<-,<\%,<:,>:,\#,@},
-sensitive=true,
-morecomment=[l]{//},
-morecomment=[n]{/*}{*/},
-morestring=[b]",
-morestring=[b]',
-morestring=[b]"""
-}
-\lstset{language=Scala,
-	basicstyle=\ttfamily,
-	keywordstyle=\color{javapurple}\bfseries,
-	stringstyle=\color{javagreen},
-	commentstyle=\color{javagreen},
-	morecomment=[s][\color{javadocblue}]{/**}{*/},
-	numbers=left,
-	numberstyle=\tiny\color{black},
-	stepnumber=1,
-	numbersep=10pt,
-	tabsize=2,
-	showspaces=false,
-	showstringspaces=false}
-% beamer stuff
-\renewcommand{\slidecaption}{APP 04, King's College London, 16 October 2012}
-\begin{document}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}<1>[t]
-\frametitle{%
-\begin{tabular}{@ {}c@ {}}
-\\
-\LARGE Access Control and \\[-3mm]
-\LARGE Privacy Policies (4)\\[-6mm]
-\end{tabular}}\bigskip\bigskip\bigskip
-%\begin{center}
-%\includegraphics[scale=1.3]{pics/barrier.jpg}
-%\end{center}
-\normalsize
-\begin{center}
-\begin{tabular}{ll}
-Email:  & christian.urban at kcl.ac.uk\\
-Of$\!$fice: & S1.27 (1st floor Strand Building)\\
-Slides: & KEATS (also homework is there)\\
-\end{tabular}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Unix-Style Access Control}
-\begin{itemize}
-\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:
-\begin{center}
-\begin{tabular}{l}
-administrators group\\
-\hspace{5mm}(has complete control over the machine)\\
-authenticated users\\
-server operators\\
-power users\\
-network configuration operators\\
-\end{tabular}
-\end{center}\medskip
-\item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but
-have \texttt{runas} (asks for a password).\pause
-\item OS-provided access control can \alert{\bf add} to your
-security.
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
-\begin{center}
-\begin{tikzpicture}[scale=1]
-\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
-\draw (4.7,1) node {Internet};
-\draw (-2.7,1.7) node {\footnotesize Application};
-\draw (0.6,1.7) node {\footnotesize Interface};
-\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
-\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
-\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
-\draw[white] (1.7,1) node (X) {};
-\draw[white] (3.7,1) node (Y) {};
-\draw[red, <->, line width = 2mm] (X) -- (Y);
-\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
-\end{tikzpicture}
-\end{center}
-\begin{itemize}
-\item the idea is make the attack surface smaller and
-mitigate the consequences of an attack
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Shared Access Control}
-\begin{center}
-\includegraphics[scale=0.7]{pics/pointsplane.jpg}
-\end{center}
-\begin{textblock}{11}(10.5,10.5)
-\small
-To take an action you\\[-1mm]
-need at least either:
-\begin{itemize}
-\item 1 CEO\\[-5mm]
-\item 2 MDs, or\\[-5mm]
-\item 3 Ds
-\end{itemize}
-\end{textblock}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{Lessons from Access Control}
-Not just restricted to Unix:
-\begin{itemize}
-\item if you have too many roles (i.e.~too finegrained AC), then
-	hierarchy is too complex\\
-	\textcolor{gray}{you invite situations like\ldots let's be root}\bigskip
-\item you can still abuse the system\ldots
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
-The idea is to trick a privileged person to do something on your behalf:
-\begin{itemize}
-\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
-\footnotesize
-\begin{minipage}{1.1\textwidth}
-\textcolor{gray}{the shell behind the scenes:}\\
-\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
-\textcolor{gray}{this takes time}
-\end{minipage}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
-\begin{enumerate}
-\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
-\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
-\item root \textcolor{gray}{(does the daily cleaning)}\\
-\texttt{rm /tmp/*/*}\medskip\\
-\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
-\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
-\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
-the real passwd file)}\\
-\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
-\item root now deletes  the real passwd file
-\end{enumerate}
-\only<2>{
-\begin{textblock}{11}(2,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize\color{darkgray}
-\begin{minipage}{9cm}\raggedright
-To prevent this kind of attack, you need additional
-policies (don't do such operations as root).
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}}
-\textcolor{gray}{There is no absolutely secure system and security almost never comes for free.}
-\begin{itemize}
-\item What assets are you trying to protect?
-\item What are the risks to these assets?
-\item How well does the security solution mitigate those risks?
-\item What other risks does the security solution cause?
-\item What costs and trade-offs does the security solution impose?
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Credit Cards\end{tabular}}
-You might have the policy of not typing in your credit card online. Worthwhile or not?
-\begin{itemize}
-\item<2->What assets are you trying to protect?\\
-\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}your credit card number\end{tabular}}
-\item<3->What are the risks to these assets?\\
-\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-With credit cards you loose a fixed amount \pounds{50}. Amazon \pounds{50}. \end{tabular}}
-\item<4->How well does the security solution mitigate those risks?\\
-\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Well, hackers steal credit cards from databases. They usually do not attack you individually.\end{tabular}}
-\item<5->What other risks does the security solution cause?
-\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright None (?)\end{tabular}}
-\item<6->What costs and trade-offs does the security solution impose?
-\only<6>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Internet shopping is convenient and sometimes cheaper.\end{tabular}}
-\item<7>[]{\bf\large No!}
-\end{itemize}\pause\pause
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}
-\begin{center}
-\includegraphics[scale=0.5]{pics/firewall.png}
-\end{center}
-A firewall is a piece of software that controls incoming and outgoing traffic according to some rules.
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}
-\begin{itemize}
-\item<1->What assets are you trying to protect?\\
-\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Whatever is behind the firewall
-(credit cards, passwords, blueprints, \ldots)\end{tabular}}
-\item<2->What are the risks to these assets?\\
-\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-With a small online shop you are already at risk. Pentagon, definitely.\end{tabular}}
-\item<3->How well does the security solution mitigate those risks?\\
-\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Well, at home so not much. Everywhere else, if properly configurated then it does.\end{tabular}}
-\item<4->What other risks does the security solution cause?
-\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright There might be backdoors or bugs in the firewall,
-but generally they are secure. You choose to prevent certain traffic.\end{tabular}}
-\item<5->What costs and trade-offs does the security solution impose?
-\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Minimal to modest. Firewalls are part of free software. You need a knowledgeable
-person to set them up.\end{tabular}}
-\item<7>[]{\bf\large Yes!}
-\end{itemize}\pause\pause
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}
-Google uses nowadays two-factor authentication. But it is an old(er)
-idea. It is used for example in Germany and Netherlands for online transactions.
-\begin{center}
-\includegraphics[scale=0.6]{pics/tan1.jpg}\hspace{5mm}
-\includegraphics[scale=0.2]{pics/tan2.jpg}
-\end{center}
-\pause
-Or nowadays by SMS (restricts the validity of the numbers) or with a secure generator
-\begin{center}
-\includegraphics[scale=0.08]{pics/pinsentry.jpg}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}
-\begin{itemize}
-\item<1->What assets are you trying to protect?\\
-\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Your bank account.\end{tabular}}
-\item<2->What are the risks to these assets?\\
-\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Nowadays pretty high risk.\end{tabular}}
-\item<3->How well does the security solution mitigate those risks?\\
-\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-It prevents problems when passwords are stolen. Man-in-the-middle attacks
-still possible.\end{tabular}}
-\item<4->What other risks does the security solution cause?
-\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or credit card/pin might
-be stolen. SIM card becomes more valuable.\end{tabular}}
-\item<5->What costs and trade-offs does the security solution impose?
-\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}}
-\item<7>[]{\bf\large Yes!}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals\end{tabular}}
-According to Ross Anderson: ``\ldots is a tamper-indicating device
-designed to leave non-erasable, unambiguous evidence of unauthorized
-entry or tampering.''
-\begin{center}
-\includegraphics[scale=0.45]{pics/seal.jpg}
-\end{center}\mbox{}\\[-12mm]
-They also need some quite sophisticated policies (seal regiment).
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}}
-\begin{itemize}
-\item at the Argonne National Laboratory they tested 244 different security seals
-\begin{itemize}
-\item meantime to break the seals for a trained person: 100 s
-\item including 19\% that were used for safeguard of nuclear material
-\end{itemize}\bigskip
-\item Andrew Appel defeated all security seals which were supposed to keep
-voting machines safe
-\end{itemize}
-\only<2>{
-\begin{textblock}{11}(1,1)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize
-\begin{minipage}{11cm}\raggedright\small
-\begin{center}
-\includegraphics[scale=0.25]{pics/appelseals.jpg}
-\end{center}
-\begin{center}
-\begin{minipage}{10.5cm}
-\begin{itemize}
-\item The tamper-indicating tape can be lifted using a heat gun.
-\item The security screw cap can be removed using a screwdriver, then the
-serial-numbered top can be replaced (undamaged) onto a fresh (unnumbered) base.
-\item The wire seal can be defeated using a \#4 wood screw.
-\item The plastic strap seal can be picked using a jeweler's screwdriver.
-\end{itemize}
-\end{minipage}
-\end{center}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Example: Security Seals\end{tabular}}
-\begin{itemize}
-\item<1->What assets are you trying to protect?\\
-\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Voting machines, doors.\end{tabular}}
-\item<2->What are the risks to these assets?\\
-\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Casual thieves, insider attacks.\end{tabular}}
-\item<3->How well does the security solution mitigate those risks?\\
-\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Needs a quite complicated security regiment.\end{tabular}}
-\item<4->What other risks does the security solution cause?
-\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You might not notice tampering.\end{tabular}}
-\item<5->What costs and trade-offs does the security solution impose?
-\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}}
-\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airports, swimming pools, \ldots}}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security-by-Obscurity\end{tabular}}
-You might think it is a good idea to keep a security relevant algorithm or
-software secret.
-\begin{itemize}
-\item<1->What assets are you trying to protect?\\
-\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Source code, an algorithm and things that depend on it\end{tabular}}
-\item<2->What are the risks to these assets?\\
-\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Can be pretty high (Oystercards).\end{tabular}}
-\item<3->How well does the security solution mitigate those risks?\\
-\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
-Not really. The source code can be reverse engineered, stolen, coerced \ldots{}\end{tabular}}
-\item<4->What other risks does the security solution cause?
-\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent
-scrutiny and independent advice. You also more likely than not to
-get it wrong.\end{tabular}}
-\item<5>[]{\bf\large No!}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}
-What are the security requirements of a voting system?\bigskip
-\begin{itemize}
-\item<2->Integrity
-\item<3->Ballot Secrecy
-\item<5->Voter Authentication
-\item<6->Enfranchisement
-\item<7->Availability
-\end{itemize}
-\only<2>{
-\begin{textblock}{5.5}(8,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
-{\small
-\begin{minipage}{5cm}\raggedright
-\begin{center}
-\begin{minipage}{4.5cm}
-\begin{itemize}
-\item The outcome matches with the voters' intend.
-\item There might be gigantic sums at stake and need to be defended against.
-\end{itemize}
-\end{minipage}
-\end{center}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\only<4>{
-\begin{textblock}{5.5}(8,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
-{\small
-\begin{minipage}{5cm}\raggedright
-\begin{center}
-\begin{minipage}{4.5cm}
-\begin{itemize}
-\item Nobody can find out how you voted.
-\item (Stronger) Even if you try, you cannot prove how you voted.
-\end{itemize}
-\end{minipage}
-\end{center}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\only<5>{
-\begin{textblock}{5.5}(8,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
-{\small
-\begin{minipage}{5cm}\raggedright
-\begin{center}
-\begin{minipage}{4.5cm}
-\begin{itemize}
-\item Only authorised voters can vote up to the permitted number of votes.
-\end{itemize}
-\end{minipage}
-\end{center}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\only<6>{
-\begin{textblock}{5.5}(8,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
-{\small
-\begin{minipage}{5cm}\raggedright
-\begin{center}
-\begin{minipage}{4.5cm}
-\begin{itemize}
-\item Authorised voters should have the opportunity to vote.
-\end{itemize}
-\end{minipage}
-\end{center}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\only<7>{
-\begin{textblock}{5.5}(8,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
-{\small
-\begin{minipage}{5cm}\raggedright
-\begin{center}
-\begin{minipage}{4.5cm}
-\begin{itemize}
-\item The voting system should accept all authorised votes and produce results in a timely manner.
-\end{itemize}
-\end{minipage}
-\end{center}
-\end{minipage}};
-\end{tikzpicture}
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}
-\begin{center}
-\includegraphics[scale=2.5]{pics/ballotbox.jpg}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}
-\begin{center}\large
-\begin{tabular}{rcl}
-Integrity & vs. & Ballot Secrecy\bigskip\\
-Authentication & vs. &Enfranchisement
-\end{tabular}
-\end{center}\bigskip\bigskip\pause
-Further constraints:
-\begin{itemize}
-\item costs
-\item accessibility
-\item convenience
-\item intelligibility
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
-\begin{itemize}
-\item The Netherlands between 1997 - 2006 had electronic voting machines\\
-\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}
-\item Germany had used them in pilot studies\\
-\textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting
-on the grounds of not being understandable by the general public)}
-\item UK used optical scan voting systems in a few polls
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
-\mbox{}\\[-12mm]
-\begin{itemize}
-\item US used mechanical machines since the 30s, later punch cards, now DREs and
-optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)}
-\item Estonia used in 2007 the Internet for national elections
-\textcolor{gray}{(there were earlier pilot studies in other countries)}
-\item India uses e-voting devices  since at least 2003\\
-\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}
-\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected)
-\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}
-\begin{itemize}
-\item Athenians
-\begin{itemize}
-\item show of hands
-\item ballots on pieces of pottery
-\item different colours of stones
-\item ``facebook''-like authorisation
-\end{itemize}\bigskip
-\textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip
-\item French Revolution and the US Constitution got things ``started'' with
-paper ballots (you first had to bring your own; later they were pre-printed by parties)
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}
-Security policies involved with paper ballots:
-\begin{enumerate}
-\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)
-\item you need to guard the ballot box during the poll until counting
-\item tallied by a team at the end of the poll (independent observers)
-\end{enumerate}
-\begin{center}
-\includegraphics[scale=1.5]{pics/ballotbox.jpg}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}}
-What can go wrong with paper ballots?
-\only<2>{
-\begin{center}
-\includegraphics[scale=0.8]{pics/tweet.jpg}\\
-\footnotesize William M.~Tweed, US Politician in 1860's\\
-``As long as I count the votes, what are you going to do about it?''
-\end{center}}
-\only<3>{
-\medskip
-\begin{center}
-\begin{minipage}{10cm}
-{\bf Chain Voting Attack}
-\begin{enumerate}
-\item you obtain a blank ballot and fill it out as you want
-\item you give it to a voter outside the polling station
-\item voter receives a new blank ballot
-\item voter submits prefilled ballot
-\item voter gives blank ballot to you, you give money
-\item goto 1
-\end{enumerate}
-\end{minipage}
-\end{center}
-}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}}
-\begin{itemize}
-\item<1-> Lever Voting Machines (ca.~1930 - 1990)
-\only<1>{
-\begin{center}
-\includegraphics[scale=0.56]{pics/leavermachine.jpg}
-\end{center}
-}
-\item<2->Punch Cards (ca.~1950 - 2000)
-\only<2>{
-\begin{center}
-\includegraphics[scale=0.5]{pics/punchcard1.jpg}\;\;
-\includegraphics[scale=0.46]{pics/punchcard2.jpg}
-\end{center}
-}
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Electronic Voting Machines\end{tabular}}
-\begin{center}
-\begin{tabular}{c}
-\includegraphics[scale=0.45]{pics/dre1.jpg}\;
-\includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\
-\includegraphics[scale=0.5]{pics/opticalscan.jpg}
-\end{tabular}
-\end{center}
-\only<1->{
-\begin{textblock}{5.5}(1,4)
-DREs
-\end{textblock}}
-\only<1->{
-\begin{textblock}{5.5}(1,11)
-Optical Scan
-\end{textblock}}
-\only<2>{
-\begin{textblock}{5.5}(0.5,14.5)
-all are computers
-\end{textblock}}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}}
-Direct-recording electronic voting machines\\
-(votes are recorded for example memory cards)
-typically touchscreen machines
-usually no papertrail (hard to add: ballot secrecy)
-\begin{center}
-\includegraphics[scale=0.56]{pics/dre1.jpg}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
-The work by J.~Alex Halderman:
-\begin{itemize}
-\item acquired a machine from an anonymous source\medskip
-\item the source code running the machine was tried to keep secret\medskip\pause
-\item first reversed-engineered the machine (extremely tedious)
-\item could completely reboot the machine and even install a virus that infects other Diebold machines
-\item obtained also the source code for other machines
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
-What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pause
-A non-obvious problem:
-\begin{itemize}
-\item you can nowadays get old machines, which still store old polls
-\item the paper ballot box needed to be secured during the voting until counting;
-e-voting machines need to be secured during the entire life-time
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Paper Trail\end{tabular}}
-Conclusion:\\ Any electronic solution should have a paper trail.
-\begin{center}
-\begin{tabular}{c}
-\includegraphics[scale=0.5]{pics/opticalscan.jpg}
-\end{tabular}
-\end{center}\pause
-You still have to solve problems about
-Voter registration, voter authentification, guarding against tampering
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting in India\end{tabular}}
-Their underlying engineering principle is ``keep-it-simple'':
-\begin{center}
-\begin{tabular}{c}
-\includegraphics[scale=1.05]{pics/indiaellection.jpg}\;\;
-\includegraphics[scale=0.40]{pics/india1.jpg}
-\end{tabular}
-\end{center}\medskip\pause
-Official claims: ``perfect'', ``tamperproof'', ``no need for technical improvements'' , ``infallible''
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Lessons to be Learned\end{tabular}}
-\begin{itemize}
-\item keep a paper trail and design your system to keep this secure\medskip
-\item make the software open source (avoid security-by-obscurity))\medskip
-\item have a simple design in order to minimise the attack surface
-\end{itemize}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\begin{center}
-\includegraphics[scale=0.56]{pics/Voting1.png}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\begin{center}
-\includegraphics[scale=0.56]{pics/Voting2.png}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\begin{center}
-\includegraphics[scale=0.56]{pics/Voting3.png}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\begin{center}
-\includegraphics[scale=0.56]{pics/Voting4.png}
-\end{center}
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\end{document}
-%%% Local Variables:
-%%% mode: latex
-%%% TeX-master: t
-%%% End:

changeset 90	d1d07f05325a
parent 89	be35ff24cccc
child 92	af1aeec504cb