--- a/slides/slides02.tex Tue Sep 24 12:29:24 2013 +0100
+++ b/slides/slides02.tex Mon Sep 30 23:57:44 2013 +0100
@@ -1,6 +1,5 @@
\documentclass[dvipsnames,14pt,t]{beamer}
-\usepackage{beamerthemeplainculight}
-\usepackage[T1]{fontenc}
+\usepackage{beamerthemeplaincu}
\usepackage[latin1]{inputenc}
\usepackage{mathpartir}
\usepackage[absolute,overlay]{textpos}
@@ -71,8 +70,13 @@
showstringspaces=false}
% beamer stuff
-\renewcommand{\slidecaption}{APP 02, King's College London, 2 October 2012}
+\renewcommand{\slidecaption}{APP 02, King's College London, 1 October 2013}
+%Bank vs Voting
+%http://www.parliament.vic.gov.au/images/stories/committees/emc/2010_Election/submissions/13_VTeague_EMC_Inquiry_No.6.pdf
+
+% first cyber attack
+%http://investigations.nbcnews.com/_news/2013/03/18/17314818-cyberattack-on-florida-election-is-first-known-case-in-us-experts-say
\begin{document}
@@ -86,16 +90,12 @@
\LARGE Privacy Policies (2)\\[-6mm]
\end{tabular}}\bigskip\bigskip\bigskip
- %\begin{center}
- %\includegraphics[scale=1.3]{pics/barrier.jpg}
- %\end{center}
-
\normalsize
\begin{center}
\begin{tabular}{ll}
Email: & christian.urban at kcl.ac.uk\\
- Of$\!$fice: & S1.27 (1st floor Strand Building)\\
- Slides: & KEATS (also home work is there)
+ Office: & S1.27 (1st floor Strand Building)\\
+ Slides: & KEATS (also homework is there)\\
\end{tabular}
\end{center}
@@ -103,94 +103,244 @@
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Homework\end{tabular}}
-
-
-\ldots{} I have a question about the homework.\\[3mm]
-Is it required to submit the homework before\\
-the next lecture?\\[5mm]
-
-Thank you!\\
-Anonymous
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
+\frametitle{\begin{tabular}{c}This Course is about\\[-2mm] ``Satan's Computer''\end{tabular}}
-\begin{center}
-\begin{tabular}[t]{c}
-\includegraphics[scale=1.2]{pics/barrier.jpg}\\
-future lectures
-\end{tabular}\;\;\;
-\onslide<2>{
-\begin{tabular}[t]{c}
-\includegraphics[scale=0.32]{pics/trainwreck.jpg}\\
-today
+Ross Anderson and Roger Needham wrote:\bigskip
+
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
+{\normalsize\color{darkgray}
+\begin{minipage}{10cm}\raggedright\small
+``In effect, our task is to program a computer which gives
+answers which are subtly and maliciously wrong at the most
+inconvenient possible moment\ldots{} we hope that the lessons
+learned from programming Satan's computer may be helpful
+in tackling the more common problem of programming Murphy's.''
+\end{minipage}};
+\end{tikzpicture}\\[30mm]
+
+\only<2>{
+\begin{textblock}{11}(2,12)
+\begin{tabular}{c}
+\includegraphics[scale=0.12]{pics/ariane.jpg}\\[-2mm]
+\footnotesize Murphy's computer
\end{tabular}
-}
-\end{center}
+\begin{tabular}{c}
+\includegraphics[scale=0.15]{pics/mobile.jpg}\;
+\includegraphics[scale=0.06]{pics/pinsentry.jpg}\\[-2mm]
+\footnotesize Satan's computers
+\end{tabular}
+\end{textblock}}
-
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}
+
+Can you track a user {\bf without}:
+
+\begin{itemize}
+\item Cookies
+\item Javascript
+\item LocalStorage/SessionStorage/GlobalStorage
+\item Flash, Java or other plugins
+\item Your IP address or user agent string
+\item Any methods employed by Panopticlick\\
+\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}
+\end{itemize}
+
+Even when you disabled cookies entirely, have Javascript turned off and use a VPN service.\\\pause
+And numerous sites already use it (Google).
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{c}Web-Protocol\end{tabular}}
+
+\only<1->{
+\begin{textblock}{1}(2,2)
+ \begin{tikzpicture}[scale=1.3]
+ \draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{pics/firefox.jpg}};
+ \end{tikzpicture}
+\end{textblock}}
+
+\only<1->{
+\begin{textblock}{1}(11,2)
+ \begin{tikzpicture}[scale=1.3]
+ \draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{pics/servers.png}};
+ \end{tikzpicture}
+\end{textblock}}
+
+\only<1->{
+\begin{textblock}{1}(5,2.5)
+ \begin{tikzpicture}[scale=1.3]
+ \draw[white] (0,0) node (X) {};
+ \draw[white] (3,0) node (Y) {};
+ \draw[red, ->, line width = 2mm] (X) -- (Y);
+ \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};
+ \end{tikzpicture}
+\end{textblock}}
+
+\only<2->{
+\begin{textblock}{1}(5,6)
+ \begin{tikzpicture}[scale=1.3]
+ \draw[white] (0,0) node (X) {};
+ \draw[white] (3,0) node (Y) {};
+ \draw[red, <-, line width = 2mm] (X) -- (Y);
+ \node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
+ \node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};
+ \end{tikzpicture}
+\end{textblock}}
+
+\only<3->{
+\begin{textblock}{1}(4.2,11)
+ \begin{tikzpicture}[scale=1.3]
+ \draw[white] (0,0) node (X) {};
+ \draw[white] (3,0) node (Y) {};
+ \draw[red, ->, line width = 2mm] (X) -- (Y);
+ \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};
+ \end{tikzpicture}
+\end{textblock}}
+
+\only<4->{
+\begin{textblock}{1}(4.2,13.9)
+ \begin{tikzpicture}[scale=1.3]
+ \draw[white] (0,0) node (X) {};
+ \draw[white] (3,0) node (Y) {};
+ \draw[red, <-, line width = 2mm] (X) -- (Y);
+ \node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};
+ \end{tikzpicture}
+\end{textblock}}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}SmartWater\end{tabular}}
-
-\begin{textblock}{1}(1,3)
-\begin{tabular}{c}
-\includegraphics[scale=0.15]{pics/SmartWater}
+\frametitle{Today's Lecture}
+\begin{center}
+\begin{tabular}{cc}
+\large online banking & \hspace{6mm}\large e-voting\\
+\textcolor{gray}{solved} & \hspace{6mm}\textcolor{gray}{unsolved}\\
\end{tabular}
-\end{textblock}
+\end{center}
-\begin{textblock}{8.5}(7,3)
-\begin{itemize}
-\item seems helpful for preventing cable theft\medskip
-\item wouldn't be helpful to make your property safe, because of possible abuse\medskip
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\item security is always a tradeoff
-\end{itemize}
-\end{textblock}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Plain-text Passwords at IEEE\end{tabular}}
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}
-\small\textcolor{gray}{On 25 September 2012, a report on a data breach at IEEE:}
-
+What are the security requirements of a voting system?\bigskip
\begin{itemize}
-\item IEEE is a standards organisation (not-for-profit)
-\item many standards in CS are by IEEE\medskip
-\item 100k plain-text passwords were recorded in logs
-\item the logs were openly accessible on their FTP server
-\end{itemize}\bigskip
-
-\begin{flushright}\small
-\textcolor{gray}{\url{http://ieeelog.com}}
-\end{flushright}
+\item<2->Integrity
+\item<3->Ballot Secrecy
+\item<5->Voter Authentication
+\item<6->Enfranchisement
+\item<7->Availability
+\end{itemize}
\only<2>{
-\begin{textblock}{11}(3,2)
+\begin{textblock}{5.5}(8,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item The outcome matches with the voters' intend.
+\item There might be gigantic sums at stake and need to be defended against.
+\end{itemize}
+\end{minipage}
+\end{center}
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+
+\only<4>{
+\begin{textblock}{5.5}(8,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item Nobody can find out how you voted.
+\item (Stronger) Even if you try, you cannot prove how you voted.
+\end{itemize}
+\end{minipage}
+\end{center}
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+
+\only<5>{
+\begin{textblock}{5.5}(8,5)
\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=white, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize\color{darkgray}
-\begin{minipage}{7.5cm}\raggedright\small
-\includegraphics[scale=0.6]{pics/IEEElog.jpg}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item Only authorised voters can vote up to the permitted number of votes.
+\end{itemize}
+\end{minipage}
+\end{center}
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+
+\only<6>{
+\begin{textblock}{5.5}(8,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item Authorised voters should have the opportunity to vote.
+\end{itemize}
+\end{minipage}
+\end{center}
+\end{minipage}};
+\end{tikzpicture}
+\end{textblock}}
+
+\only<7>{
+\begin{textblock}{5.5}(8,5)
+\begin{tikzpicture}
+\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered]
+{\small
+\begin{minipage}{5cm}\raggedright
+\begin{center}
+\begin{minipage}{4.5cm}
+\begin{itemize}
+\item The voting system should accept all authorised votes and produce results in a timely manner.
+\end{itemize}
+\end{minipage}
+\end{center}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}
@@ -198,23 +348,202 @@
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}
+
+
+\begin{center}\large
+\begin{tabular}{rcl}
+Integrity & vs. & Ballot Secrecy\bigskip\\
+Authentication & vs. &Enfranchisement
+\end{tabular}
+\end{center}\bigskip\bigskip\pause
+
+Further constraints:
+
+\begin{itemize}
+\item costs
+\item accessibility
+\item convenience
+\item intelligibility
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Traditional Ballot Boxes\end{tabular}}
+
+
+\begin{center}
+\includegraphics[scale=2.5]{pics/ballotbox.jpg}
+\end{center}\pause\bigskip
+
+they need a ``protocol''
+
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
+
+
+\begin{itemize}
+\item The Netherlands between 1997 - 2006 had electronic voting machines\\
+\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}
+
+\item Germany had used them in pilot studies\\
+\textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting
+on the grounds of not being understandable by the general public)}
+
+\item UK used optical scan voting systems in a few polls
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}
+
+\mbox{}\\[-12mm]
+\begin{itemize}
+\item US used mechanical machines since the 30s, later punch cards, now DREs and
+optical scan voting machines
+
+\item Estonia used in 2007 the Internet for national elections
+\textcolor{gray}{(there were earlier pilot studies in other countries)}
+
+\item India uses e-voting devices since at least 2003\\
+\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}
+
+\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected)
+\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)}
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Virgin Mobile (USA)\end{tabular}}
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}
-\begin{flushright}\small
-\textcolor{gray}{\url{http://arstechnica.com/security/2012/09/virgin-mobile-password-crack-risk/}}
-\end{flushright}
\begin{itemize}
-\item for online accounts passwords must be 6 digits
-\item you must cycle through 1M combinations (online)\pause\bigskip
+\item Athenians
+\begin{itemize}
+\item show of hands
+\item ballots on pieces of pottery
+\item different colours of stones
+\item ``facebook''-like authorisation
+\end{itemize}\bigskip
+
+\textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip
+
+
+\item French Revolution and the US Constitution got things ``started'' with
+paper ballots (you first had to bring your own; later they were pre-printed by parties)
+\end{itemize}
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}
+
+Security policies involved with paper ballots:
+
+\begin{enumerate}
+\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)
+\item you need to guard the ballot box during the poll until counting
+\item tallied by a team at the end of the poll (independent observers)
+\end{enumerate}
+
+\begin{center}
+\includegraphics[scale=1.5]{pics/ballotbox.jpg}
+\end{center}
+
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}}
+
+What can go wrong with paper ballots?
+
+\only<2>{
+\begin{center}
+\includegraphics[scale=0.8]{pics/tweet.jpg}\\
+\footnotesize William M.~Tweed, US Politician in 1860's\\
+``As long as I count the votes, what are you going to do about it?''
+\end{center}}
-\item he limited the attack on his own account to 1 guess per second, \alert{\bf and}
-\item wrote a script that cleared the cookie set after each guess\pause
-\item has been fixed now
+\only<3>{
+\medskip
+\begin{center}
+\begin{minipage}{10cm}
+{\bf Chain Voting Attack}
+\begin{enumerate}
+\item you obtain a blank ballot and fill it out as you want
+\item you give it to a voter outside the polling station
+\item voter receives a new blank ballot
+\item voter submits prefilled ballot
+\item voter gives blank ballot to you, you give money
+\item goto 1
+\end{enumerate}
+\end{minipage}
+\end{center}
+}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+
+Which security requirements do paper ballots satisfy better than voice voting?\bigskip
+
+\begin{itemize}
+\item Integrity
+\item Enfranchisement
+\item Ballot secrecy
+\item Voter authentication
+\item Availability
+\end{itemize}
+
+\end{frame}}
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}}
+
+\begin{itemize}
+\item<1-> Lever Voting Machines (ca.~1930 - 1990)
+\only<1>{
+\begin{center}
+\includegraphics[scale=0.56]{pics/leavermachine.jpg}
+\end{center}
+}
+\item<2->Punch Cards (ca.~1950 - 2000)
+\only<2>{
+\begin{center}
+\includegraphics[scale=0.5]{pics/punchcard1.jpg}\;\;
+\includegraphics[scale=0.46]{pics/punchcard2.jpg}
+\end{center}
+}
\end{itemize}
@@ -222,29 +551,51 @@
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[t]
+\frametitle{\begin{tabular}{@ {}c@ {}}Electronic Voting Machines\end{tabular}}
+
+\begin{center}
+\begin{tabular}{c}
+\includegraphics[scale=0.45]{pics/dre1.jpg}\;
+\includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\
+\includegraphics[scale=0.5]{pics/opticalscan.jpg}
+\end{tabular}
+\end{center}
+
+\only<1->{
+\begin{textblock}{5.5}(1,4)
+DREs
+\end{textblock}}
+\only<1->{
+\begin{textblock}{5.5}(1,11)
+Optical Scan
+\end{textblock}}
+
+\only<2>{
+\begin{textblock}{5.5}(0.5,14.5)
+all are computers
+\end{textblock}}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun \ldots\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}}
+
+Direct-recording electronic voting machines\\
+(votes are recorded for example on memory cards)
-\begin{itemize}
-\item ``smashing the stack attacks'' or ``buffer overflow attacks''
-\item one of the most popular attacks;\\ attack of the (last) decade\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows)
-\begin{flushright}\small
-\textcolor{gray}{\url{http://www.kb.cert.org/vuls}}
-\end{flushright}
-\medskip
-\item made popular in an article by Elias Levy\\ (also known as Aleph One):\\
+typically touchscreen machines
+
+usually no papertrail
+
\begin{center}
-{\bf ``Smashing The Stack For Fun and Profit''}
-\end{center}\medskip
-
-\begin{flushright}
-\small\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14}
-\end{flushright}
-
-\end{itemize}
+\includegraphics[scale=0.56]{pics/dre1.jpg}
+\end{center}
\end{frame}}
@@ -253,53 +604,104 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{c}The Problem\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
+
+The work by J.~Alex Halderman:
\begin{itemize}
-\item The basic problem is that library routines in C look as follows:
-\begin{center}
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{app5.c}}}
-\end{center}
-\item the resulting problems are often remotely exploitable
-\item can be used to circumvents all access control
-(botnets for further attacks)
+\item acquired a machine from an anonymous source\medskip
+\item the source code running the machine was tried to be kept secret\medskip\pause
+
+\item first reversed-engineered the machine (extremely tedious)
+\item could completely reboot the machine and even install a virus that infects other Diebold machines
+\item obtained also the source code for other machines
\end{itemize}
-
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}
+
+What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pause
+
+A non-obvious problem:
+
+\begin{itemize}
+\item you can nowadays get old machines, which still store old polls
+
+\item the paper ballot box needed to be secured during the voting until counting;
+e-voting machines need to be secured during the entire life-time
+\end{itemize}
+
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Variants\end{tabular}}
+\frametitle{\begin{tabular}{@ {}c@ {}}Paper Trail\end{tabular}}
-There are many variants:
+Conclusion:\\ Any electronic solution should have a paper trail.
-\begin{itemize}
-\item return-to-lib-C attacks
-\item heap-smashing attacks\\
-\textcolor{gray}{\small(Slammer Worm in 2003 infected 90\% of vulnerable systems within 10 minutes)}\bigskip
+\begin{center}
+\begin{tabular}{c}
+\includegraphics[scale=0.5]{pics/opticalscan.jpg}
+\end{tabular}
+\end{center}\pause
-\item ``zero-days-attacks'' (new unknown vulnerability)
-\end{itemize}
-
+You still have to solve problems about
+voter registration, voter authentification, guarding against tampering
+
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting in India\end{tabular}}
+
+Their underlying engineering principle is ``keep-it-simple'':
+
+\begin{center}
+\begin{tabular}{c}
+\includegraphics[scale=1.05]{pics/indiaellection.jpg}\;\;
+\includegraphics[scale=0.40]{pics/india1.jpg}
+\end{tabular}
+\end{center}\medskip\pause
+
+Official claims: ``perfect'', ``tamperproof'', ``no need for technical improvements'' , ``infallible''
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\mode<presentation>{
+\begin{frame}[c]
+\frametitle{\begin{tabular}{@ {}c@ {}}Lessons Learned\end{tabular}}
+
+\begin{itemize}
+\item keep a paper trail and design your system to keep this secure\medskip
+\item make the software open source (avoid security-by-obscurity)\medskip
+\item have a simple design in order to minimise the attack surface
+\end{itemize}
+
+\end{frame}}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\small
-\texttt{my\_float} is printed twice:\bigskip
+\begin{center}
+\includegraphics[scale=0.56]{pics/Voting1.png}
+\end{center}
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{C1.c}}}
-
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -308,23 +710,10 @@
\begin{frame}[c]
\begin{center}
-\only<1>{\includegraphics[scale=0.9]{pics/stack1}\;\;}
-\only<2>{\includegraphics[scale=0.9]{pics/stack2}\;\;}
-\only<3>{\includegraphics[scale=0.9]{pics/stack3}\;\;}
+\includegraphics[scale=0.56]{pics/Voting2.png}
\end{center}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{C2.c}}}
-
-
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -332,115 +721,23 @@
\mode<presentation>{
\begin{frame}[c]
-\small
-A programmer might be careful, but still introduce vulnerabilities:\bigskip
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{C2a.c}}}
-
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{center}
+\includegraphics[scale=0.56]{pics/Voting3.png}
+\end{center}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Payloads\end{tabular}}
-\begin{itemize}
-\item the idea is you store some code as part to the buffer
-\item you then override the return address to execute this payload\medskip
-\item normally you start a root-shell\pause
-\item difficulty is to guess the right place where to ``jump''
-\end{itemize}
-
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Payloads (2)\end{tabular}}
-
-\begin{itemize}
-\item another difficulty is that the code is not allowed to contain \texttt{$\backslash$x00}:
\begin{center}
-\texttt{xorl \%eax, \%eax}
+\includegraphics[scale=0.56]{pics/Voting4.png}
\end{center}
-\end{itemize}\bigskip\bigskip
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{app5.c}}}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Format String Vulnerability\end{tabular}}
-
-\small
-\texttt{string} is nowhere used:\bigskip
-
-{\lstset{language=Java}\fontsize{8}{10}\selectfont%
-\texttt{\lstinputlisting{programs/C4.c}}}\bigskip
-
-this vulnerability can be used to read out the stack
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Protections against BO Attacks\end{tabular}}
-
-\begin{itemize}
-\item use safe library functions
-\item ensure stack data is not executable (can be defeated)
-\item address space randomisation (makes one-size-fits-all more difficult)
-\item choice of programming language (one of the selling points of Java)
-
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Security Goals\end{tabular}}
-
-\begin{itemize}
-\item Prevent common vulnerabilities from occurring (e.g. buffer overflows)\pause
-\item Recover from attacks (traceability and auditing of security-relevant actions)\pause
-\item Monitoring (detect attacks)\pause
-\item Privacy, confidentiality, anonymity (to protect secrets)\pause
-\item Authenticity (needed for access control)\pause
-\item Integrity (prevent unwanted modification or tampering)\pause
-\item Availability and reliability (reduce the risk of DoS attacks)
-\end{itemize}
-
-\end{frame}}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
-\begin{frame}[c]
-\frametitle{\begin{tabular}{c}Homework\end{tabular}}
-
-\begin{itemize}
-\item Assume format string attacks allow you to read out the stack. What can you do
- with this information?\bigskip
-
-\item Assume you can crash a program remotely. Why is this a problem?
-\end{itemize}
-
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%