Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw02.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Sat, 08 Oct 2016 16:40:16 +0100
changeset 473 0726ae52d72d
parent 466 ddf7315450c9
child 479 f76074ed6c9e
permissions -rw-r--r--
updated

\documentclass{article}
\usepackage{../style}

\begin{document}

\section*{Homework 2}

\HEADER

\begin{enumerate}
\item Another question for thinking like an attacker: Imagine
      you have at home a broadband contract with TalkTalk. You
      do not like their service and want to switch to Virgin,
      say. The procedure between the Internet providers is
      that you contact Virgin and set up a new contract and
      they will automatically inform TalkTalk to terminate the
      old contract. TalkTalk will then send you a letter to
      confirm that you want to terminate. If they do not hear
      from you, they will proceed with terminating the
      contract and will request any outstanding cancellation
      fees. Virgin on the other hand sends you a new router
      and paperwork about the new contract. Obviously this way
      of doing things is meant to make switching as convenient
      as possible. Still can you imagine situations in which
      this way of switching providers can cause you a lot of
      headaches? For this consider that TalkTalk needs
      approximately 14 days to reconnect you and might ask for
      reconnection fees.

\item Often problems in e-voting are due to difficulties with
      authentication. Keep this in mind for what could go
      wrong with the following discount offered by an
      insurance company: John Hancock Insurance is partnering
      with Vitality, which you might know as one of those
      work-related wellness programmes. The programme is
      available in 30 US states. If you sign up for this, John
      Hancock will send you a free Fitbit monitor. That's a
      tiny, pill-shaped device that some people wear in
      sleek-looking bracelets to track how far they walk/run,
      the calories burned, and the quality of sleep. That
      means the insurance company would know exactly when a
      customer does a sit-up, how far she runs -- or when he
      or she has skipped the gym for a few days. For `good'
      customers there will be a discount in their premiums.
      Why is this a problem?


\item Voice voting is the method of casting a vote in the `open air'
  for everyone present to hear. Which of the following security
  requirements do paper ballots satisfy \textbf{better} than voice
  voting? Check all that apply and give a brief explanation for your
  decision.

\begin{itemize}
\item[$\Box$] Integrity
\item[$\Box$] Enfranchisement
\item[$\Box$] Ballot secrecy
\item[$\Box$] Voter authentication
\item[$\Box$] Availability
\end{itemize}

\item Explain how an attacker can use chain voting in order to
  influence the outcome of a poll using paper ballots.

\item Which of the following mechanisms help with defending against
  chain voting? Check all that apply. Give a brief reason for each
  defence that mitigates chain voting attacks.

\begin{itemize}
\item[$\Box$] Using a glass ballot box to make it clear there are no
  ballots in the box before the start of the election.
\item[$\Box$] Distributing ballots publicly before the election.
\item[$\Box$] Checking that a voter's ID (drivers license, passport) matches the voter.
\item[$\Box$] Each ballot has a unique ID. When a voter is given a
  ballot, the ID is recorded. When the voter submits his or her
  ballot, this ID is checked against the record.
\end{itemize}

\item In the Estonian general election, votes can be cast via Internet
  some time before the election day. These votes cast via Internet can
  be changed an unlimited amount of times, the last vote is
  tabulated. You can even change your vote on the polling day in
  person. Which security requirement does this procedure address?

\item Paper ballots boxes ned to be guarded on the voting day, but
  can be unguarded the rest of the year. Why do pure electronic voting
  machines need to be guarded the whole year?
  

\item What is the main difference between online banking and e-voting? 
(Hint: Why is the latter so hard to get secure?)

\item Imagine, hypothetically, you have a perfectly secure Internet
  voting system, by which I mean nobody can tamper with or steal votes
  between your browser and the central server responsible for vote
  tallying. What can still go wrong with such a perfectly secure
  voting system, which is prevented in traditional elections with
  paper-based ballots?

\item \POSTSCRIPT
\end{enumerate}

\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material