\documentclass{article}\usepackage{../style}\begin{document}\section*{Homework 2}\HEADER\begin{enumerate}\item Another question for thinking like an attacker: Imagine you have at home a broadband contract with TalkTalk. You do not like their service and want to switch to Virgin, say. The procedure between the Internet providers is that you contact Virgin and set up a new contract and they will automatically inform TalkTalk to terminate the old contract. TalkTalk will then send you a letter to confirm that you want to terminate. If they do not hear from you, they will proceed with terminating the contract and will request any outstanding cancellation fees. Virgin on the other hand sends you a new router and paperwork about the new contract. Obviously this way of doing things is meant to make switching as convenient as possible. Still can you imagine situations in which this way of switching providers can cause you a lot of headaches? For this consider that TalkTalk needs approximately 14 days to reconnect you and might ask for reconnection fees.\item Often problems in e-voting are due to difficulties with authentication. Keep this in mind for what could go wrong with the following discount offered by an insurance company: John Hancock Insurance is partnering with Vitality, which you might know as one of those work-related wellness programmes. The programme is available in 30 US states. If you sign up for this, John Hancock will send you a free Fitbit monitor. That's a tiny, pill-shaped device that some people wear in sleek-looking bracelets to track how far they walk/run, the calories burned, and the quality of sleep. That means the insurance company would know exactly when a customer does a sit-up, how far she runs -- or when he or she has skipped the gym for a few days. For `good' customers there will be a discount in their premiums. Why is this way of deciding about a discount problematic?\item Voice voting is the method of casting a vote in the `open air' for everyone present to hear. Which of the following security requirements do paper ballots satisfy \textbf{better} than voice voting? Check all that apply and give a brief explanation for your decision in each case.\begin{itemize}\item[$\Box$] Integrity\item[$\Box$] Enfranchisement\item[$\Box$] Ballot secrecy\item[$\Box$] Voter authentication\item[$\Box$] Availability\end{itemize}\item Explain how an attacker can use chain voting in order to influence the outcome of a poll using paper ballots.\item Which of the following mechanisms help with defending against chain voting? Check all that apply. Give a brief reason for each defence that mitigates chain voting attacks.\begin{itemize}\item[$\Box$] Using a glass ballot box to make it clear there are no ballots in the box before the start of the election.\item[$\Box$] Distributing ballots publicly before the election.\item[$\Box$] Checking that a voter's ID (drivers license, passport) matches the voter.\item[$\Box$] Each ballot has a unique ID. When a voter is given a ballot, the ID is recorded. When the voter submits his or her ballot, this ID is checked against the record.\end{itemize}\item In the Estonian general election, votes can be cast via Internet some time before the election day. These votes cast via Internet can be changed an unlimited amount of times, the last vote is tabulated. You can even change your vote on the polling day in person. Which security requirement does this procedure address?\item Paper ballots boxes need to be guarded on the voting day, but can be unguarded the rest of the year. Why do pure electronic voting machines need to be guarded the whole year?\item What is the main difference between online banking and e-voting? (Hint: Why is the latter so hard to get secure?)\item Imagine, hypothetically, you have a perfectly secure Internet voting system, by which I mean nobody can tamper with or steal votes between your browser and the central server responsible for vote tallying. What can still go wrong with such a perfectly secure voting system, which is prevented in traditional elections with paper-based ballots?\item Voter registration can help\ldots\\ Check all that apply and give a brief explanation for your decision in each case.\begin{itemize}\item[$\Box$] poll workers count votes faster\item[$\Box$] prevent chain voting\item[$\Box$] prevent voters from voting multiple times\item[$\Box$] prevent ineligible people from voting\end{itemize}\item What are some advantages of requiring voters to provide a photo identification (drivers license, passport) in order to vote?\\Check all that apply and give a brief explanation when an answer applies.\begin{itemize}\item[$\Box$] Helps to reduce voter fraud, such as voting under a false name\item[$\Box$] Helps to thwart chain voting attacks\item[$\Box$] Helps protect ballot secrecy\end{itemize}\item \POSTSCRIPT\end{enumerate}\end{document}%%% Local Variables: %%% mode: latex%%% TeX-master: t%%% End: