\documentclass[dvipsnames,14pt,t]{beamer}\usepackage{beamerthemeplaincu}\usepackage[latin1]{inputenc}\usepackage{mathpartir}\usepackage[absolute,overlay]{textpos}\usepackage{ifthen}\usepackage{tikz}\usepackage{pgf}\usepackage{calc} \usepackage{ulem}\usepackage{courier}\usepackage{listings}\renewcommand{\uline}[1]{#1}\usetikzlibrary{arrows}\usetikzlibrary{automata}\usetikzlibrary{shapes}\usetikzlibrary{shadows}Net\usetikzlibrary{positioning}\usetikzlibrary{calc}\usepackage{graphicx} \definecolor{javared}{rgb}{0.6,0,0} % for strings\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc\lstset{language=Java, basicstyle=\ttfamily, keywordstyle=\color{javapurple}\bfseries, stringstyle=\color{javagreen}, commentstyle=\color{javagreen}, morecomment=[s][\color{javadocblue}]{/**}{*/}, numbers=left, numberstyle=\tiny\color{black}, stepnumber=1, numbersep=10pt, tabsize=2, showspaces=false, showstringspaces=false}\lstdefinelanguage{scala}{ morekeywords={abstract,case,catch,class,def,% do,else,extends,false,final,finally,% for,if,implicit,import,match,mixin,% new,null,object,override,package,% private,protected,requires,return,sealed,% super,this,throw,trait,true,try,% type,val,var,while,with,yield}, otherkeywords={=>,<-,<\%,<:,>:,\#,@}, sensitive=true, morecomment=[l]{//}, morecomment=[n]{/*}{*/}, morestring=[b]", morestring=[b]', morestring=[b]"""}\lstset{language=Scala, basicstyle=\ttfamily, keywordstyle=\color{javapurple}\bfseries, stringstyle=\color{javagreen}, commentstyle=\color{javagreen}, morecomment=[s][\color{javadocblue}]{/**}{*/}, numbers=left, numberstyle=\tiny\color{black}, stepnumber=1, numbersep=10pt, tabsize=2, showspaces=false, showstringspaces=false}% beamer stuff \renewcommand{\slidecaption}{APP 02, King's College London, 1 October 2013}%Bank vs Voting%http://www.parliament.vic.gov.au/images/stories/committees/emc/2010_Election/submissions/13_VTeague_EMC_Inquiry_No.6.pdf% first cyber attack%http://investigations.nbcnews.com/_news/2013/03/18/17314818-cyberattack-on-florida-election-is-first-known-case-in-us-experts-say\begin{document}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}<1>[t]\frametitle{% \begin{tabular}{@ {}c@ {}} \\ \LARGE Access Control and \\[-3mm] \LARGE Privacy Policies (2)\\[-6mm] \end{tabular}}\bigskip\bigskip\bigskip\normalsize \begin{center} \begin{tabular}{ll} Email: & christian.urban at kcl.ac.uk\\ Office: & S1.27 (1st floor Strand Building)\\ Slides: & KEATS (also homework is there)\\ \end{tabular} \end{center}\end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{c}This Course is about\\[-2mm] ``Satan's Computer''\end{tabular}}Ross Anderson and Roger Needham wrote:\bigskip\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] {\normalsize\color{darkgray}\begin{minipage}{10cm}\raggedright\small``In effect, our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment\ldots{} we hope that the lessons learned from programming Satan's computer may be helpful in tackling the more common problem of programming Murphy's.''\end{minipage}};\end{tikzpicture}\\[30mm]\only<2>{\begin{textblock}{11}(2,12)\begin{tabular}{c}\includegraphics[scale=0.12]{pics/ariane.jpg}\\[-2mm]\footnotesize Murphy's computer\end{tabular}\begin{tabular}{c}\includegraphics[scale=0.15]{pics/mobile.jpg}\;\includegraphics[scale=0.06]{pics/pinsentry.jpg}\\[-2mm]\footnotesize Satan's computers\end{tabular}\end{textblock}}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}Can you track a user {\bf without}:\begin{itemize}\item Cookies\item Javascript\item LocalStorage/SessionStorage/GlobalStorage\item Flash, Java or other plugins\item Your IP address or user agent string\item Any methods employed by Panopticlick\\\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}\end{itemize}Even when you disabled cookies entirely, have Javascript turned off and use a VPN service.\\\pauseAnd numerous sites already use it (Google).\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{c}Web-Protocol\end{tabular}}\only<1->{\begin{textblock}{1}(2,2) \begin{tikzpicture}[scale=1.3] \draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{pics/firefox.jpg}}; \end{tikzpicture}\end{textblock}}\only<1->{\begin{textblock}{1}(11,2) \begin{tikzpicture}[scale=1.3] \draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{pics/servers.png}}; \end{tikzpicture}\end{textblock}}\only<1->{\begin{textblock}{1}(5,2.5) \begin{tikzpicture}[scale=1.3] \draw[white] (0,0) node (X) {}; \draw[white] (3,0) node (Y) {}; \draw[red, ->, line width = 2mm] (X) -- (Y); \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {}; \end{tikzpicture}\end{textblock}}\only<2->{\begin{textblock}{1}(5,6) \begin{tikzpicture}[scale=1.3] \draw[white] (0,0) node (X) {}; \draw[white] (3,0) node (Y) {}; \draw[red, <-, line width = 2mm] (X) -- (Y); \node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {}; \node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {}; \end{tikzpicture}\end{textblock}}\only<3->{\begin{textblock}{1}(4.2,11) \begin{tikzpicture}[scale=1.3] \draw[white] (0,0) node (X) {}; \draw[white] (3,0) node (Y) {}; \draw[red, ->, line width = 2mm] (X) -- (Y); \node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {}; \end{tikzpicture}\end{textblock}}\only<4->{\begin{textblock}{1}(4.2,13.9) \begin{tikzpicture}[scale=1.3] \draw[white] (0,0) node (X) {}; \draw[white] (3,0) node (Y) {}; \draw[red, <-, line width = 2mm] (X) -- (Y); \node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {}; \end{tikzpicture}\end{textblock}}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{Today's Lecture}\begin{center}\begin{tabular}{cc}\large online banking & \hspace{6mm}\large e-voting\\\textcolor{gray}{solved} & \hspace{6mm}\textcolor{gray}{unsolved}\\\end{tabular}\end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}What are the security requirements of a voting system?\bigskip\begin{itemize}\item<2->Integrity \item<3->Ballot Secrecy\item<5->Voter Authentication\item<6->Enfranchisement\item<7->Availability\end{itemize}\only<2>{\begin{textblock}{5.5}(8,5)\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] {\small\begin{minipage}{5cm}\raggedright\begin{center}\begin{minipage}{4.5cm}\begin{itemize}\item The outcome matches with the voters' intend.\item There might be gigantic sums at stake and need to be defended against.\end{itemize}\end{minipage}\end{center}\end{minipage}};\end{tikzpicture}\end{textblock}}\only<4>{\begin{textblock}{5.5}(8,5)\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] {\small\begin{minipage}{5cm}\raggedright\begin{center}\begin{minipage}{4.5cm}\begin{itemize}\item Nobody can find out how you voted.\item (Stronger) Even if you try, you cannot prove how you voted.\end{itemize}\end{minipage}\end{center}\end{minipage}};\end{tikzpicture}\end{textblock}}\only<5>{\begin{textblock}{5.5}(8,5)\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] {\small\begin{minipage}{5cm}\raggedright\begin{center}\begin{minipage}{4.5cm}\begin{itemize}\item Only authorised voters can vote up to the permitted number of votes.\end{itemize}\end{minipage}\end{center}\end{minipage}};\end{tikzpicture}\end{textblock}}\only<6>{\begin{textblock}{5.5}(8,5)\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] {\small\begin{minipage}{5cm}\raggedright\begin{center}\begin{minipage}{4.5cm}\begin{itemize}\item Authorised voters should have the opportunity to vote.\end{itemize}\end{minipage}\end{center}\end{minipage}};\end{tikzpicture}\end{textblock}}\only<7>{\begin{textblock}{5.5}(8,5)\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] {\small\begin{minipage}{5cm}\raggedright\begin{center}\begin{minipage}{4.5cm}\begin{itemize}\item The voting system should accept all authorised votes and produce results in a timely manner.\end{itemize}\end{minipage}\end{center}\end{minipage}};\end{tikzpicture}\end{textblock}}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}\begin{center}\large\begin{tabular}{rcl}Integrity & vs. & Ballot Secrecy\bigskip\\Authentication & vs. &Enfranchisement \end{tabular}\end{center}\bigskip\bigskip\pauseFurther constraints:\begin{itemize}\item costs\item accessibility\item convenience\item intelligibility \end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}Traditional Ballot Boxes\end{tabular}}\begin{center}\includegraphics[scale=2.5]{pics/ballotbox.jpg}\end{center}\pause\bigskipthey need a ``protocol''\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}\begin{itemize}\item The Netherlands between 1997 - 2006 had electronic voting machines\\\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}\item Germany had used them in pilot studies\\ \textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic votingon the grounds of not being understandable by the general public)}\item UK used optical scan voting systems in a few polls\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}\mbox{}\\[-12mm]\begin{itemize}\item US used mechanical machines since the 30s, later punch cards, now DREs and optical scan voting machines\item Estonia used in 2007 the Internet for national elections \textcolor{gray}{(there were earlier pilot studies in other countries)}\item India uses e-voting devices since at least 2003\\\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected)\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)}\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}\begin{itemize}\item Athenians\begin{itemize}\item show of hands\item ballots on pieces of pottery\item different colours of stones\item ``facebook''-like authorisation \end{itemize}\bigskip\textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip\item French Revolution and the US Constitution got things ``started'' with paper ballots (you first had to bring your own; later they were pre-printed by parties)\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}Security policies involved with paper ballots:\begin{enumerate}\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)\item you need to guard the ballot box during the poll until counting\item tallied by a team at the end of the poll (independent observers) \end{enumerate}\begin{center}\includegraphics[scale=1.5]{pics/ballotbox.jpg}\end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode<presentation>{\begin{frame}[c]Which security requirements do paper ballots satisfy better than voice voting?\bigskip\begin{itemize}\item Integrity\item Enfranchisement\item Ballot secrecy\item Voter authentication\item Availability\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}}What can go wrong with paper ballots?\only<2>{\begin{center}\includegraphics[scale=0.8]{pics/tweet.jpg}\\\footnotesize William M.~Tweed, US Politician in 1860's\\``As long as I count the votes, what are you going to do about it?''\end{center}}\only<3>{\medskip\begin{center}\begin{minipage}{10cm}{\bf Chain Voting Attack}\begin{enumerate}\item you obtain a blank ballot and fill it out as you want\item you give it to a voter outside the polling station\item voter receives a new blank ballot\item voter submits prefilled ballot\item voter gives blank ballot to you, you give money\item goto 1\end{enumerate}\end{minipage}\end{center}}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}}\begin{itemize}\item<1-> Lever Voting Machines (ca.~1930 - 1990)\only<1>{\begin{center}\includegraphics[scale=0.56]{pics/leavermachine.jpg}\end{center}}\item<2->Punch Cards (ca.~1950 - 2000)\only<2>{\begin{center}\includegraphics[scale=0.5]{pics/punchcard1.jpg}\;\;\includegraphics[scale=0.46]{pics/punchcard2.jpg}\end{center}}\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[t]\frametitle{\begin{tabular}{@ {}c@ {}}Electronic Voting Machines\end{tabular}}\begin{center}\begin{tabular}{c}\includegraphics[scale=0.45]{pics/dre1.jpg}\; \includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\\includegraphics[scale=0.5]{pics/opticalscan.jpg} \end{tabular}\end{center}\only<1->{\begin{textblock}{5.5}(1,4)DREs\end{textblock}}\only<1->{\begin{textblock}{5.5}(1,11)Optical Scan\end{textblock}}\only<2>{\begin{textblock}{5.5}(0.5,14.5)all are computers\end{textblock}}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}}Direct-recording electronic voting machines\\ (votes are recorded for example on memory cards)typically touchscreen machinesusually no papertrail\begin{center}\includegraphics[scale=0.56]{pics/dre1.jpg}\end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}The work by J.~Alex Halderman:\begin{itemize}\item acquired a machine from an anonymous source\medskip\item they try to keep secret the source code running the machine\medskip\pause\item first reversed-engineered the machine (extremely tedious)\item could completely reboot the machine and even install a virus that infects other Diebold machines\item obtained also the source code for other machines\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pauseA non-obvious problem:\begin{itemize}\item you can nowadays get old machines, which still store old polls\item the paper ballot box needed to be secured during the voting until counting;e-voting machines need to be secured during the entire life-time \end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{@ {}c@ {}}Paper Trail\end{tabular}}Conclusion:\\ Any electronic solution should have a paper trail.\begin{center}\begin{tabular}{c}\includegraphics[scale=0.5]{pics/opticalscan.jpg} \end{tabular}\end{center}\pauseYou still have to solve problems aboutvoter registration, voter authentication, guarding against tampering\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting in India\end{tabular}}Their underlying engineering principle is ``keep-it-simple'':\begin{center}\begin{tabular}{c}\includegraphics[scale=1.05]{pics/indiaellection.jpg}\;\;\includegraphics[scale=0.40]{pics/india1.jpg}\end{tabular}\end{center}\medskip\pauseOfficial claims: ``perfect'', ``tamperproof'', ``no need for technical improvements'' , ``infallible'' \end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}<1-3>[c]\frametitle{\begin{tabular}{@ {}c@ {}}Lessons Learned\end{tabular}}\begin{itemize}\item keep a paper trail and design your system to keep this secure\medskip\item make the software open source (avoid security-by-obscurity)\\{\small\mbox{}\hfill source code for Estonian e-vote included\\ \mbox{}\hfill\textcolor{blue}{\url{http://goo.gl/oRMHAI}}}\medskip\item have a simple design in order to minimise the attack surface\end{itemize}\only<2>{\begin{textblock}{9}(3.4,7)\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] {\normalsize\color{darkgray}\begin{minipage}{9cm}\consolas\smalldef analyze(ik, vote, votebox):\\\\ \# TODO: implement security checks\\ \# such as verifying the correct size\\ \# of the encrypted vote\\\\ return []\end{minipage}};\end{tikzpicture}\end{textblock}}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{Online Banking vs.~E-Voting}\begin{itemize}\item online banking: if fraud occurred you try to identify who did what (somebody's account got zero)\bigskip\item e-voting: some parts can be done electronically, but not the actual voting (final year project: online voting)\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\begin{center}\includegraphics[scale=0.56]{pics/Voting1.png}\end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\begin{center}\includegraphics[scale=0.56]{pics/Voting2.png}\end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\begin{center}\includegraphics[scale=0.56]{pics/Voting3.png}\end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\begin{center}\includegraphics[scale=0.56]{pics/Voting4.png}\end{center}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{Unix-Style Access Control}How to do access control? In Unix you have\begin{itemize}\item you have users and you have groups/roles:\item some special roles: root\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{Unix-Style Access Control}\begin{itemize}\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:\begin{center}\begin{tabular}{l}administrators group\\ \hspace{5mm}(has complete control over the machine)\\authenticated users\\server operators\\power users\\network configuration operators\\\end{tabular}\end{center}\medskip\item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, buthave \texttt{runas} (asks for a password).\pause\item OS-provided access control can \alert{\bf add} to yoursecurity.\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}\begin{center} \begin{tikzpicture}[scale=1] \draw[line width=1mm] (-.3, 0) rectangle (1.5,2); \draw (4.7,1) node {Internet}; \draw (-2.7,1.7) node {\footnotesize Application}; \draw (0.6,1.7) node {\footnotesize Interface}; \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}}; \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}}; \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2); \draw[white] (1.7,1) node (X) {}; \draw[white] (3.7,1) node (Y) {}; \draw[red, <->, line width = 2mm] (X) -- (Y); \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1); \end{tikzpicture}\end{center}\begin{itemize}\item the idea is make the attack surface smaller and mitigate the consequences of an attack\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{Lessons from Access Control}Not just restricted to Unix:\begin{itemize}\item if you have too many roles (i.e.~too finegrained AC), then hierarchy is too complex\\ \textcolor{gray}{you invite situations like\ldots let's be root}\bigskip\item you can still abuse the system\ldots\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}The idea is to trick a privileged person to do something on your behalf:\begin{itemize}\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause\footnotesize\begin{minipage}{1.1\textwidth}\textcolor{gray}{the shell behind the scenes:}\\\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\\textcolor{gray}{this takes time}\end{minipage}\end{itemize}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\mode<presentation>{\begin{frame}[c]\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}\begin{enumerate}\item attacker \textcolor{gray}{(creates a fake passwd file)}\\ \texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip\item root \textcolor{gray}{(does the daily cleaning)}\\\texttt{rm /tmp/*/*}\medskip\\\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\ \hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to the real passwd file)}\\\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\\item root now deletes the real passwd file\end{enumerate}\only<2>{\begin{textblock}{11}(2,5)\begin{tikzpicture}\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] {\normalsize\color{darkgray}\begin{minipage}{9cm}\raggedrightTo prevent this kind of attack, you need additionalpolicies (don't do such operations as root).\end{minipage}};\end{tikzpicture}\end{textblock}}\end{frame}}%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document}%%% Local Variables: %%% mode: latex%%% TeX-master: t%%% End: