\documentclass[dvipsnames,14pt,t]{beamer}+ −
\usepackage{beamerthemeplaincu}+ −
\usepackage[latin1]{inputenc}+ −
\usepackage{mathpartir}+ −
\usepackage[absolute,overlay]{textpos}+ −
\usepackage{ifthen}+ −
\usepackage{tikz}+ −
\usepackage{pgf}+ −
\usepackage{calc} + −
\usepackage{ulem}+ −
\usepackage{courier}+ −
\usepackage{listings}+ −
\renewcommand{\uline}[1]{#1}+ −
\usetikzlibrary{arrows}+ −
\usetikzlibrary{automata}+ −
\usetikzlibrary{shapes}+ −
\usetikzlibrary{shadows}Net+ −
\usetikzlibrary{positioning}+ −
\usetikzlibrary{calc}+ −
\usepackage{graphicx} + −
+ − \definecolor{javared}{rgb}{0.6,0,0} % for strings+ −
\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments+ −
\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords+ −
\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc+ −
+ − \lstset{language=Java,+ −
basicstyle=\ttfamily,+ −
keywordstyle=\color{javapurple}\bfseries,+ −
stringstyle=\color{javagreen},+ −
commentstyle=\color{javagreen},+ −
morecomment=[s][\color{javadocblue}]{/**}{*/},+ −
numbers=left,+ −
numberstyle=\tiny\color{black},+ −
stepnumber=1,+ −
numbersep=10pt,+ −
tabsize=2,+ −
showspaces=false,+ −
showstringspaces=false}+ −
+ − \lstdefinelanguage{scala}{+ −
morekeywords={abstract,case,catch,class,def,%+ −
do,else,extends,false,final,finally,%+ −
for,if,implicit,import,match,mixin,%+ −
new,null,object,override,package,%+ −
private,protected,requires,return,sealed,%+ −
super,this,throw,trait,true,try,%+ −
type,val,var,while,with,yield},+ −
otherkeywords={=>,<-,<\%,<:,>:,\#,@},+ −
sensitive=true,+ −
morecomment=[l]{//},+ −
morecomment=[n]{/*}{*/},+ −
morestring=[b]",+ −
morestring=[b]',+ −
morestring=[b]"""+ −
}+ −
+ − \lstset{language=Scala,+ −
basicstyle=\ttfamily,+ −
keywordstyle=\color{javapurple}\bfseries,+ −
stringstyle=\color{javagreen},+ −
commentstyle=\color{javagreen},+ −
morecomment=[s][\color{javadocblue}]{/**}{*/},+ −
numbers=left,+ −
numberstyle=\tiny\color{black},+ −
stepnumber=1,+ −
numbersep=10pt,+ −
tabsize=2,+ −
showspaces=false,+ −
showstringspaces=false}+ −
+ − % beamer stuff + −
\renewcommand{\slidecaption}{APP 02, King's College London, 1 October 2013}+ −
+ − %Bank vs Voting+ −
%http://www.parliament.vic.gov.au/images/stories/committees/emc/2010_Election/submissions/13_VTeague_EMC_Inquiry_No.6.pdf+ −
+ − % first cyber attack+ −
%http://investigations.nbcnews.com/_news/2013/03/18/17314818-cyberattack-on-florida-election-is-first-known-case-in-us-experts-say+ −
+ − \begin{document}+ −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}<1>[t]+ −
\frametitle{%+ −
\begin{tabular}{@ {}c@ {}}+ −
\\+ −
\LARGE Access Control and \\[-3mm] + −
\LARGE Privacy Policies (2)\\[-6mm] + −
\end{tabular}}\bigskip\bigskip\bigskip+ −
+ − \normalsize+ −
\begin{center}+ −
\begin{tabular}{ll}+ −
Email: & christian.urban at kcl.ac.uk\\+ −
Office: & S1.27 (1st floor Strand Building)\\+ −
Slides: & KEATS (also homework is there)\\+ −
\end{tabular}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{c}This Course is about\\[-2mm] ``Satan's Computer''\end{tabular}}+ −
+ − Ross Anderson and Roger Needham wrote:\bigskip+ −
+ − \begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] + −
{\normalsize\color{darkgray}+ −
\begin{minipage}{10cm}\raggedright\small+ −
``In effect, our task is to program a computer which gives + −
answers which are subtly and maliciously wrong at the most + −
inconvenient possible moment\ldots{} we hope that the lessons + −
learned from programming Satan's computer may be helpful + −
in tackling the more common problem of programming Murphy's.''+ −
\end{minipage}};+ −
\end{tikzpicture}\\[30mm]+ −
+ − \only<2>{+ −
\begin{textblock}{11}(2,12)+ −
\begin{tabular}{c}+ −
\includegraphics[scale=0.12]{pics/ariane.jpg}\\[-2mm]+ −
\footnotesize Murphy's computer+ −
\end{tabular}+ −
\begin{tabular}{c}+ −
\includegraphics[scale=0.15]{pics/mobile.jpg}\;+ −
\includegraphics[scale=0.06]{pics/pinsentry.jpg}\\[-2mm]+ −
\footnotesize Satan's computers+ −
\end{tabular}+ −
\end{textblock}}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\Large\begin{tabular}{c}User-Tracking Without Cookies\end{tabular}}+ −
+ − Can you track a user {\bf without}:+ −
+ − \begin{itemize}+ −
\item Cookies+ −
\item Javascript+ −
\item LocalStorage/SessionStorage/GlobalStorage+ −
\item Flash, Java or other plugins+ −
\item Your IP address or user agent string+ −
\item Any methods employed by Panopticlick\\+ −
\mbox{}\hfill $\rightarrow$ \textcolor{blue}{\url{https://panopticlick.eff.org/}}+ −
\end{itemize}+ −
+ − Even when you disabled cookies entirely, have Javascript turned off and use a VPN service.\\\pause+ −
And numerous sites already use it (Google).+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{c}Web-Protocol\end{tabular}}+ −
+ − \only<1->{+ −
\begin{textblock}{1}(2,2)+ −
\begin{tikzpicture}[scale=1.3]+ −
\draw[white] (0,0) node (X) {\includegraphics[scale=0.12]{pics/firefox.jpg}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<1->{+ −
\begin{textblock}{1}(11,2)+ −
\begin{tikzpicture}[scale=1.3]+ −
\draw[white] (0,0) node (X) {\includegraphics[scale=0.15]{pics/servers.png}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<1->{+ −
\begin{textblock}{1}(5,2.5)+ −
\begin{tikzpicture}[scale=1.3]+ −
\draw[white] (0,0) node (X) {};+ −
\draw[white] (3,0) node (Y) {};+ −
\draw[red, ->, line width = 2mm] (X) -- (Y);+ −
\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg}] at ($ (X)!.5!(Y) $) {};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<2->{+ −
\begin{textblock}{1}(5,6)+ −
\begin{tikzpicture}[scale=1.3]+ −
\draw[white] (0,0) node (X) {};+ −
\draw[white] (3,0) node (Y) {};+ −
\draw[red, <-, line width = 2mm] (X) -- (Y);+ −
\node [inner sep=5pt,label=below:\textcolor{black}{\small ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};+ −
\node [inner sep=5pt,label=above:{\includegraphics[scale=0.15]{pics/tvtestscreen.jpg}}] at ($ (X)!.5!(Y) $) {};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<3->{+ −
\begin{textblock}{1}(4.2,11)+ −
\begin{tikzpicture}[scale=1.3]+ −
\draw[white] (0,0) node (X) {};+ −
\draw[white] (3,0) node (Y) {};+ −
\draw[red, ->, line width = 2mm] (X) -- (Y);+ −
\node [inner sep=5pt,label=above:\textcolor{black}{\small GET static.jpg ETag: 7b33de1}] at ($ (X)!.5!(Y) $) {};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<4->{+ −
\begin{textblock}{1}(4.2,13.9)+ −
\begin{tikzpicture}[scale=1.3]+ −
\draw[white] (0,0) node (X) {};+ −
\draw[white] (3,0) node (Y) {};+ −
\draw[red, <-, line width = 2mm] (X) -- (Y);+ −
\node [inner sep=5pt,label=below:\textcolor{black}{\small HTTP/1.1 304 (Not Modified)}] at ($ (X)!.5!(Y) $) {};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{Today's Lecture}+ −
\begin{center}+ −
\begin{tabular}{cc}+ −
\large online banking & \hspace{6mm}\large e-voting\\+ −
\textcolor{gray}{solved} & \hspace{6mm}\textcolor{gray}{unsolved}\\+ −
\end{tabular}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}+ −
+ − What are the security requirements of a voting system?\bigskip+ −
+ − \begin{itemize}+ −
\item<2->Integrity + −
\item<3->Ballot Secrecy+ −
\item<5->Voter Authentication+ −
\item<6->Enfranchisement+ −
\item<7->Availability+ −
\end{itemize}+ −
+ − \only<2>{+ −
\begin{textblock}{5.5}(8,5)+ −
\begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] + −
{\small+ −
\begin{minipage}{5cm}\raggedright+ −
\begin{center}+ −
\begin{minipage}{4.5cm}+ −
\begin{itemize}+ −
\item The outcome matches with the voters' intend.+ −
\item There might be gigantic sums at stake and need to be defended against.+ −
\end{itemize}+ −
\end{minipage}+ −
\end{center}+ −
\end{minipage}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<4>{+ −
\begin{textblock}{5.5}(8,5)+ −
\begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] + −
{\small+ −
\begin{minipage}{5cm}\raggedright+ −
\begin{center}+ −
\begin{minipage}{4.5cm}+ −
\begin{itemize}+ −
\item Nobody can find out how you voted.+ −
\item (Stronger) Even if you try, you cannot prove how you voted.+ −
\end{itemize}+ −
\end{minipage}+ −
\end{center}+ −
\end{minipage}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<5>{+ −
\begin{textblock}{5.5}(8,5)+ −
\begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] + −
{\small+ −
\begin{minipage}{5cm}\raggedright+ −
\begin{center}+ −
\begin{minipage}{4.5cm}+ −
\begin{itemize}+ −
\item Only authorised voters can vote up to the permitted number of votes.+ −
\end{itemize}+ −
\end{minipage}+ −
\end{center}+ −
\end{minipage}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<6>{+ −
\begin{textblock}{5.5}(8,5)+ −
\begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] + −
{\small+ −
\begin{minipage}{5cm}\raggedright+ −
\begin{center}+ −
\begin{minipage}{4.5cm}+ −
\begin{itemize}+ −
\item Authorised voters should have the opportunity to vote.+ −
\end{itemize}+ −
\end{minipage}+ −
\end{center}+ −
\end{minipage}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \only<7>{+ −
\begin{textblock}{5.5}(8,5)+ −
\begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] + −
{\small+ −
\begin{minipage}{5cm}\raggedright+ −
\begin{center}+ −
\begin{minipage}{4.5cm}+ −
\begin{itemize}+ −
\item The voting system should accept all authorised votes and produce results in a timely manner.+ −
\end{itemize}+ −
\end{minipage}+ −
\end{center}+ −
\end{minipage}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}+ −
+ − + − \begin{center}\large+ −
\begin{tabular}{rcl}+ −
Integrity & vs. & Ballot Secrecy\bigskip\\+ −
Authentication & vs. &Enfranchisement + −
\end{tabular}+ −
\end{center}\bigskip\bigskip\pause+ −
+ − Further constraints:+ −
+ − \begin{itemize}+ −
\item costs+ −
\item accessibility+ −
\item convenience+ −
\item intelligibility + −
\end{itemize}+ −
\end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Traditional Ballot Boxes\end{tabular}}+ −
+ − + − \begin{center}+ −
\includegraphics[scale=2.5]{pics/ballotbox.jpg}+ −
\end{center}\pause\bigskip+ −
+ − they need a ``protocol''+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}+ −
+ − + − \begin{itemize}+ −
\item The Netherlands between 1997 - 2006 had electronic voting machines\\+ −
\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}+ −
+ − \item Germany had used them in pilot studies\\ + −
\textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting+ −
on the grounds of not being understandable by the general public)}+ −
+ − \item UK used optical scan voting systems in a few polls+ −
\end{itemize}+ −
\end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}+ −
+ − \mbox{}\\[-12mm]+ −
\begin{itemize}+ −
\item US used mechanical machines since the 30s, later punch cards, now DREs and + −
optical scan voting machines+ −
+ − \item Estonia used in 2007 the Internet for national elections + −
\textcolor{gray}{(there were earlier pilot studies in other countries)}+ −
+ − \item India uses e-voting devices since at least 2003\\+ −
\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}+ −
+ − \item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected)+ −
\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)}+ −
\end{itemize}+ −
\end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}+ −
+ − + − \begin{itemize}+ −
\item Athenians+ −
\begin{itemize}+ −
\item show of hands+ −
\item ballots on pieces of pottery+ −
\item different colours of stones+ −
\item ``facebook''-like authorisation + −
\end{itemize}\bigskip+ −
+ − \textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip+ −
+ − + − \item French Revolution and the US Constitution got things ``started'' with + −
paper ballots (you first had to bring your own; later they were pre-printed by parties)+ −
\end{itemize}+ −
\end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}+ −
+ − Security policies involved with paper ballots:+ −
+ − \begin{enumerate}+ −
\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)+ −
\item you need to guard the ballot box during the poll until counting+ −
\item tallied by a team at the end of the poll (independent observers) + −
\end{enumerate}+ −
+ − \begin{center}+ −
\includegraphics[scale=1.5]{pics/ballotbox.jpg}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
\mode<presentation>{+ −
\begin{frame}[c]+ −
+ − Which security requirements do paper ballots satisfy better than voice voting?\bigskip+ −
+ − \begin{itemize}+ −
\item Integrity+ −
\item Enfranchisement+ −
\item Ballot secrecy+ −
\item Voter authentication+ −
\item Availability+ −
\end{itemize}+ −
+ − \end{frame}}+ −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}}+ −
+ − What can go wrong with paper ballots?+ −
+ − \only<2>{+ −
\begin{center}+ −
\includegraphics[scale=0.8]{pics/tweet.jpg}\\+ −
\footnotesize William M.~Tweed, US Politician in 1860's\\+ −
``As long as I count the votes, what are you going to do about it?''+ −
\end{center}}+ −
+ − \only<3>{+ −
\medskip+ −
\begin{center}+ −
\begin{minipage}{10cm}+ −
{\bf Chain Voting Attack}+ −
\begin{enumerate}+ −
\item you obtain a blank ballot and fill it out as you want+ −
\item you give it to a voter outside the polling station+ −
\item voter receives a new blank ballot+ −
\item voter submits prefilled ballot+ −
\item voter gives blank ballot to you, you give money+ −
\item goto 1+ −
\end{enumerate}+ −
\end{minipage}+ −
\end{center}+ −
}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}}+ −
+ − \begin{itemize}+ −
\item<1-> Lever Voting Machines (ca.~1930 - 1990)+ −
\only<1>{+ −
\begin{center}+ −
\includegraphics[scale=0.56]{pics/leavermachine.jpg}+ −
\end{center}+ −
}+ −
\item<2->Punch Cards (ca.~1950 - 2000)+ −
\only<2>{+ −
\begin{center}+ −
\includegraphics[scale=0.5]{pics/punchcard1.jpg}\;\;+ −
\includegraphics[scale=0.46]{pics/punchcard2.jpg}+ −
\end{center}+ −
}+ −
\end{itemize}+ −
+ − + − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[t]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Electronic Voting Machines\end{tabular}}+ −
+ − \begin{center}+ −
\begin{tabular}{c}+ −
\includegraphics[scale=0.45]{pics/dre1.jpg}\; + −
\includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\+ −
\includegraphics[scale=0.5]{pics/opticalscan.jpg} + −
\end{tabular}+ −
\end{center}+ −
+ − \only<1->{+ −
\begin{textblock}{5.5}(1,4)+ −
DREs+ −
\end{textblock}}+ −
\only<1->{+ −
\begin{textblock}{5.5}(1,11)+ −
Optical Scan+ −
\end{textblock}}+ −
+ − \only<2>{+ −
\begin{textblock}{5.5}(0.5,14.5)+ −
all are computers+ −
\end{textblock}}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}}+ −
+ − Direct-recording electronic voting machines\\ + −
(votes are recorded for example on memory cards)+ −
+ − typically touchscreen machines+ −
+ − usually no papertrail+ −
+ − \begin{center}+ −
\includegraphics[scale=0.56]{pics/dre1.jpg}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}+ −
+ − The work by J.~Alex Halderman:+ −
+ − \begin{itemize}+ −
\item acquired a machine from an anonymous source\medskip+ −
\item they try to keep secret the source code running the machine\medskip\pause+ −
+ − \item first reversed-engineered the machine (extremely tedious)+ −
\item could completely reboot the machine and even install a virus that infects other Diebold machines+ −
\item obtained also the source code for other machines+ −
\end{itemize}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}+ −
+ − What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pause+ −
+ − A non-obvious problem:+ −
+ − \begin{itemize}+ −
\item you can nowadays get old machines, which still store old polls+ −
+ − \item the paper ballot box needed to be secured during the voting until counting;+ −
e-voting machines need to be secured during the entire life-time + −
\end{itemize}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Paper Trail\end{tabular}}+ −
+ − Conclusion:\\ Any electronic solution should have a paper trail.+ −
+ − \begin{center}+ −
\begin{tabular}{c}+ −
\includegraphics[scale=0.5]{pics/opticalscan.jpg} + −
\end{tabular}+ −
\end{center}\pause+ −
+ − You still have to solve problems about+ −
voter registration, voter authentication, guarding against tampering+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting in India\end{tabular}}+ −
+ − Their underlying engineering principle is ``keep-it-simple'':+ −
+ − \begin{center}+ −
\begin{tabular}{c}+ −
\includegraphics[scale=1.05]{pics/indiaellection.jpg}\;\;+ −
\includegraphics[scale=0.40]{pics/india1.jpg}+ −
\end{tabular}+ −
\end{center}\medskip\pause+ −
+ − Official claims: ``perfect'', ``tamperproof'', ``no need for technical improvements'' , ``infallible'' + −
\end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}<1-3>[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}Lessons Learned\end{tabular}}+ −
+ − \begin{itemize}+ −
\item keep a paper trail and design your system to keep this secure\medskip+ −
\item make the software open source (avoid security-by-obscurity)\\+ −
{\small\mbox{}\hfill source code for Estonian e-vote included\\ + −
\mbox{}\hfill\textcolor{blue}{\url{http://goo.gl/oRMHAI}}}\medskip+ −
\item have a simple design in order to minimise the attack surface+ −
\end{itemize}+ −
+ − \only<2>{+ −
\begin{textblock}{9}(3.4,7)+ −
\begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] + −
{\normalsize\color{darkgray}+ −
\begin{minipage}{9cm}\consolas\small+ −
def analyze(ik, vote, votebox):\\+ −
\\+ −
\# TODO: implement security checks\\+ −
\# such as verifying the correct size\\+ −
\# of the encrypted vote\\+ −
\\+ −
return []+ −
\end{minipage}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{Online Banking vs.~E-Voting}+ −
+ − \begin{itemize}+ −
\item online banking: if fraud occurred you try to identify who did what (somebody's account got zero)\bigskip+ −
\item e-voting: some parts can be done electronically, but not the actual voting (final year project: online voting)+ −
\end{itemize}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
+ − \begin{center}+ −
\includegraphics[scale=0.56]{pics/Voting1.png}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
+ − \begin{center}+ −
\includegraphics[scale=0.56]{pics/Voting2.png}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
+ − \begin{center}+ −
\includegraphics[scale=0.56]{pics/Voting3.png}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
+ − \begin{center}+ −
\includegraphics[scale=0.56]{pics/Voting4.png}+ −
\end{center}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{Unix-Style Access Control}+ −
+ − How to do access control? In Unix you have+ −
+ − \begin{itemize}+ −
\item you have users and you have groups/roles:+ −
+ − \item some special roles: root+ −
\end{itemize}+ −
+ − + −
\end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{Unix-Style Access Control}+ −
+ − \begin{itemize}+ −
\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:+ −
+ − \begin{center}+ −
\begin{tabular}{l}+ −
administrators group\\ + −
\hspace{5mm}(has complete control over the machine)\\+ −
authenticated users\\+ −
server operators\\+ −
power users\\+ −
network configuration operators\\+ −
\end{tabular}+ −
\end{center}\medskip+ −
+ − \item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but+ −
have \texttt{runas} (asks for a password).\pause+ −
+ − \item OS-provided access control can \alert{\bf add} to your+ −
security.+ −
\end{itemize}+ −
+ − + −
\end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}+ −
+ − + − \begin{center}+ −
\begin{tikzpicture}[scale=1]+ −
+ −
\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);+ −
\draw (4.7,1) node {Internet};+ −
\draw (-2.7,1.7) node {\footnotesize Application};+ −
\draw (0.6,1.7) node {\footnotesize Interface};+ −
\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};+ −
\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};+ −
+ −
\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);+ −
+ − \draw[white] (1.7,1) node (X) {};+ −
\draw[white] (3.7,1) node (Y) {};+ −
\draw[red, <->, line width = 2mm] (X) -- (Y);+ −
+ −
\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);+ −
\end{tikzpicture}+ −
\end{center}+ −
+ − \begin{itemize}+ −
\item the idea is make the attack surface smaller and + −
mitigate the consequences of an attack+ −
\end{itemize}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{Lessons from Access Control}+ −
+ − Not just restricted to Unix:+ −
+ − \begin{itemize}+ −
\item if you have too many roles (i.e.~too finegrained AC), then + −
hierarchy is too complex\\+ −
\textcolor{gray}{you invite situations like\ldots let's be root}\bigskip+ −
+ − \item you can still abuse the system\ldots+ −
+ − \end{itemize}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}+ −
+ − The idea is to trick a privileged person to do something on your behalf:+ −
+ − \begin{itemize}+ −
\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause+ −
+ − \footnotesize+ −
\begin{minipage}{1.1\textwidth}+ −
\textcolor{gray}{the shell behind the scenes:}\\+ −
\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\+ −
+ − \textcolor{gray}{this takes time}+ −
\end{minipage}+ −
\end{itemize}+ −
+ − + − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%+ −
\mode<presentation>{+ −
\begin{frame}[c]+ −
\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}+ −
+ − \begin{enumerate}+ −
\item attacker \textcolor{gray}{(creates a fake passwd file)}\\ + −
\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip+ −
\item root \textcolor{gray}{(does the daily cleaning)}\\+ −
\texttt{rm /tmp/*/*}\medskip\\+ −
\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\ + −
\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\+ −
+ − \item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to + −
the real passwd file)}\\+ −
\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\+ −
\item root now deletes the real passwd file+ −
\end{enumerate}+ −
+ − \only<2>{+ −
\begin{textblock}{11}(2,5)+ −
\begin{tikzpicture}+ −
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] + −
{\normalsize\color{darkgray}+ −
\begin{minipage}{9cm}\raggedright+ −
To prevent this kind of attack, you need additional+ −
policies (don't do such operations as root).+ −
\end{minipage}};+ −
\end{tikzpicture}+ −
\end{textblock}}+ −
+ − \end{frame}}+ −
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + −
+ − + − \end{document}+ −
+ − %%% Local Variables: + −
%%% mode: latex+ −
%%% TeX-master: t+ −
%%% End: + −
+ −