\documentclass{article}+ −
\usepackage{../style}+ −
+ −
\begin{document}+ −
+ −
\section*{Homework 2}+ −
+ −
\HEADER+ −
+ −
\begin{enumerate}+ −
\item Another question for thinking like an attacker: Imagine+ −
you have at home a broadband contract with TalkTalk. You+ −
do not like their service and want to switch to Virgin,+ −
say. The procedure between the Internet providers is+ −
that you contact Virgin and set up a new contract and+ −
they will automatically inform TalkTalk to terminate the+ −
old contract. TalkTalk will then send you a letter to+ −
confirm that you want to terminate. If they do not hear+ −
from you, they will proceed with terminating the+ −
contract and will request any outstanding cancellation+ −
fees. Virgin on the other hand sends you a new router+ −
and paperwork about the new contract. Obviously this way+ −
of doing things is meant to make switching as convenient+ −
as possible. Still can you imagine situations in which+ −
this way of switching providers can cause you a lot of+ −
headaches? For this consider that TalkTalk needs+ −
approximately 14 days to reconnect you and might ask for+ −
reconnection fees.+ −
+ −
\item Often problems in e-voting are due to difficulties with+ −
authentication. Keep this in mind for what could go+ −
wrong with the following discount offered by an+ −
insurance company: John Hancock Insurance is partnering+ −
with Vitality, which you might know as one of those+ −
work-related wellness programmes. The programme is+ −
available in 30 US states. If you sign up for this, John+ −
Hancock will send you a free Fitbit monitor. That's a+ −
tiny, pill-shaped device that some people wear in+ −
sleek-looking bracelets to track how far they walk/run,+ −
the calories burned, and the quality of sleep. That+ −
means the insurance company would know exactly when a+ −
customer does a sit-up, how far she runs -- or when he+ −
or she has skipped the gym for a few days. For `good'+ −
customers there will be a discount in their premiums.+ −
Why is this a problem?+ −
+ −
+ −
\item Voice voting is the method of casting a vote in the `open air'+ −
for everyone present to hear. Which of the following security+ −
requirements do paper ballots satisfy \textbf{better} than voice+ −
voting? Check all that apply and give a brief explanation for your+ −
decision in each case.+ −
+ −
\begin{itemize}+ −
\item[$\Box$] Integrity+ −
\item[$\Box$] Enfranchisement+ −
\item[$\Box$] Ballot secrecy+ −
\item[$\Box$] Voter authentication+ −
\item[$\Box$] Availability+ −
\end{itemize}+ −
+ −
\item Explain how an attacker can use chain voting in order to+ −
influence the outcome of a poll using paper ballots.+ −
+ −
\item Which of the following mechanisms help with defending against+ −
chain voting? Check all that apply. Give a brief reason for each+ −
defence that mitigates chain voting attacks.+ −
+ −
\begin{itemize}+ −
\item[$\Box$] Using a glass ballot box to make it clear there are no+ −
ballots in the box before the start of the election.+ −
\item[$\Box$] Distributing ballots publicly before the election.+ −
\item[$\Box$] Checking that a voter's ID (drivers license, passport) matches the voter.+ −
\item[$\Box$] Each ballot has a unique ID. When a voter is given a+ −
ballot, the ID is recorded. When the voter submits his or her+ −
ballot, this ID is checked against the record.+ −
\end{itemize}+ −
+ −
\item In the Estonian general election, votes can be cast via Internet+ −
some time before the election day. These votes cast via Internet can+ −
be changed an unlimited amount of times, the last vote is+ −
tabulated. You can even change your vote on the polling day in+ −
person. Which security requirement does this procedure address?+ −
+ −
\item Paper ballots boxes need to be guarded on the voting day, but+ −
can be unguarded the rest of the year. Why do pure electronic voting+ −
machines need to be guarded the whole year?+ −
+ −
+ −
\item What is the main difference between online banking and e-voting? + −
(Hint: Why is the latter so hard to get secure?)+ −
+ −
\item Imagine, hypothetically, you have a perfectly secure Internet+ −
voting system, by which I mean nobody can tamper with or steal votes+ −
between your browser and the central server responsible for vote+ −
tallying. What can still go wrong with such a perfectly secure+ −
voting system, which is prevented in traditional elections with+ −
paper-based ballots?+ −
+ −
\item \POSTSCRIPT+ −
\end{enumerate}+ −
+ −
\end{document}+ −
+ −
%%% Local Variables: + −
%%% mode: latex+ −
%%% TeX-master: t+ −
%%% End: + −