\documentclass[dvipsnames,14pt,t]{beamer}
\usepackage{beamerthemeplainculight}
\usepackage[T1]{fontenc}
\usepackage[latin1]{inputenc}
\usepackage{mathpartir}
\usepackage[absolute,overlay]{textpos}
\usepackage{ifthen}
\usepackage{tikz}
\usepackage{pgf}
\usepackage{calc} 
\usepackage{ulem}
\usepackage{courier}
\usepackage{listings}
\renewcommand{\uline}[1]{#1}
\usetikzlibrary{arrows}
\usetikzlibrary{automata}
\usetikzlibrary{shapes}
\usetikzlibrary{shadows}
\usetikzlibrary{positioning}
\usetikzlibrary{calc}
\usepackage{graphicx} 

\definecolor{javared}{rgb}{0.6,0,0} % for strings
\definecolor{javagreen}{rgb}{0.25,0.5,0.35} % comments
\definecolor{javapurple}{rgb}{0.5,0,0.35} % keywords
\definecolor{javadocblue}{rgb}{0.25,0.35,0.75} % javadoc

\lstset{language=Java,
	basicstyle=\ttfamily,
	keywordstyle=\color{javapurple}\bfseries,
	stringstyle=\color{javagreen},
	commentstyle=\color{javagreen},
	morecomment=[s][\color{javadocblue}]{/**}{*/},
	numbers=left,
	numberstyle=\tiny\color{black},
	stepnumber=1,
	numbersep=10pt,
	tabsize=2,
	showspaces=false,
	showstringspaces=false}

\lstdefinelanguage{scala}{
  morekeywords={abstract,case,catch,class,def,%
    do,else,extends,false,final,finally,%
    for,if,implicit,import,match,mixin,%
    new,null,object,override,package,%
    private,protected,requires,return,sealed,%
    super,this,throw,trait,true,try,%
    type,val,var,while,with,yield},
  otherkeywords={=>,<-,<\%,<:,>:,\#,@},
  sensitive=true,
  morecomment=[l]{//},
  morecomment=[n]{/*}{*/},
  morestring=[b]",
  morestring=[b]',
  morestring=[b]"""
}

\lstset{language=Scala,
	basicstyle=\ttfamily,
	keywordstyle=\color{javapurple}\bfseries,
	stringstyle=\color{javagreen},
	commentstyle=\color{javagreen},
	morecomment=[s][\color{javadocblue}]{/**}{*/},
	numbers=left,
	numberstyle=\tiny\color{black},
	stepnumber=1,
	numbersep=10pt,
	tabsize=2,
	showspaces=false,
	showstringspaces=false}

% beamer stuff 
\renewcommand{\slidecaption}{APP 04, King's College London, 16 October 2012}


\begin{document}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}<1>[t]
\frametitle{%
  \begin{tabular}{@ {}c@ {}}
  \\
  \LARGE Access Control and \\[-3mm] 
  \LARGE Privacy Policies (4)\\[-6mm] 
  \end{tabular}}\bigskip\bigskip\bigskip

  %\begin{center}
  %\includegraphics[scale=1.3]{pics/barrier.jpg}
  %\end{center}

\normalsize
  \begin{center}
  \begin{tabular}{ll}
  Email:  & christian.urban at kcl.ac.uk\\
  Of$\!$fice: & S1.27 (1st floor Strand Building)\\
  Slides: & KEATS (also homework is there)\\
  \end{tabular}
  \end{center}


\end{frame}}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Unix-Style Access Control}

\begin{itemize}
\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:

\begin{center}
\begin{tabular}{l}
administrators group\\ 
\hspace{5mm}(has complete control over the machine)\\
authenticated users\\
server operators\\
power users\\
network configuration operators\\
\end{tabular}
\end{center}\medskip

\item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but
have \texttt{runas} (asks for a password).\pause

\item OS-provided access control can \alert{\bf add} to your
security.
\end{itemize}

  
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}


\begin{center}
  \begin{tikzpicture}[scale=1]
  
  \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
  \draw (4.7,1) node {Internet};
  \draw (-2.7,1.7) node {\footnotesize Application};
  \draw (0.6,1.7) node {\footnotesize Interface};
  \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
  \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
  
  \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);

  \draw[white] (1.7,1) node (X) {};
  \draw[white] (3.7,1) node (Y) {};
  \draw[red, <->, line width = 2mm] (X) -- (Y);
 
  \draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
  \end{tikzpicture}
\end{center}

\begin{itemize}
\item the idea is make the attack surface smaller and 
mitigate the consequences of an attack
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Shared Access Control}

\begin{center}
\includegraphics[scale=0.7]{pics/pointsplane.jpg}
\end{center}

\begin{textblock}{11}(10.5,10.5)
\small
To take an action you\\[-1mm] 
need at least either:
\begin{itemize}
\item 1 CEO\\[-5mm]
\item 2 MDs, or\\[-5mm]
\item 3 Ds
\end{itemize}
\end{textblock}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Lessons from Access Control}

Not just restricted to Unix:

\begin{itemize}
\item if you have too many roles (i.e.~too finegrained AC), then 
	hierarchy is too complex\\
	\textcolor{gray}{you invite situations like\ldots let's be root}\bigskip

\item you can still abuse the system\ldots

\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}

The idea is to trick a privileged person to do something on your behalf:

\begin{itemize}
\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause

\footnotesize
\begin{minipage}{1.1\textwidth}
\textcolor{gray}{the shell behind the scenes:}\\
\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\

\textcolor{gray}{this takes time}
\end{minipage}
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}

\begin{enumerate}
\item attacker \textcolor{gray}{(creates a fake passwd file)}\\ 
\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
\item root \textcolor{gray}{(does the daily cleaning)}\\
\texttt{rm /tmp/*/*}\medskip\\
\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\ 
\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\

\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to 
the real passwd file)}\\
\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
\item root now deletes  the real passwd file
\end{enumerate}

\only<2>{
\begin{textblock}{11}(2,5)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize\color{darkgray}
\begin{minipage}{9cm}\raggedright
To prevent this kind of attack, you need additional
policies (don't do such operations as root).
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Schneier Analysis\end{tabular}}

\textcolor{gray}{There is no absolutely secure system and security almost never comes for free.}

\begin{itemize}
\item What assets are you trying to protect?
\item What are the risks to these assets?
\item How well does the security solution mitigate those risks?
\item What other risks does the security solution cause?
\item What costs and trade-offs does the security solution impose?
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Credit Cards\end{tabular}}

You might have the policy of not typing in your credit card online. Worthwhile or not?
\begin{itemize}
\item<2->What assets are you trying to protect?\\
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}your credit card number\end{tabular}}
\item<3->What are the risks to these assets?\\
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
With credit cards you loose a fixed amount \pounds{50}. Amazon \pounds{50}. \end{tabular}}
\item<4->How well does the security solution mitigate those risks?\\
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
Well, hackers steal credit cards from databases. They usually do not attack you individually.\end{tabular}}
\item<5->What other risks does the security solution cause?
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright None (?)\end{tabular}}
\item<6->What costs and trade-offs does the security solution impose?
\only<6>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Internet shopping is convenient and sometimes cheaper.\end{tabular}}
\item<7>[]{\bf\large No!}
\end{itemize}\pause\pause


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}

\begin{center}
\includegraphics[scale=0.5]{pics/firewall.png}
\end{center}

A firewall is a piece of software that controls incoming and outgoing traffic according to some rules. 
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Firewalls\end{tabular}}

\begin{itemize}
\item<1->What assets are you trying to protect?\\
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Whatever is behind the firewall 
(credit cards, passwords, blueprints, \ldots)\end{tabular}}
\item<2->What are the risks to these assets?\\
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
With a small online shop you are already at risk. Pentagon, definitely.\end{tabular}}
\item<3->How well does the security solution mitigate those risks?\\
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
Well, at home so not much. Everywhere else, if properly configurated then it does.\end{tabular}}
\item<4->What other risks does the security solution cause?
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright There might be backdoors or bugs in the firewall,
but generally they are secure. You choose to prevent certain traffic.\end{tabular}}
\item<5->What costs and trade-offs does the security solution impose?
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 
Minimal to modest. Firewalls are part of free software. You need a knowledgeable 
person to set them up.\end{tabular}}
\item<7>[]{\bf\large Yes!}
\end{itemize}\pause\pause


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}

Google uses nowadays two-factor authentication. But it is an old(er)
idea. It is used for example in Germany and Netherlands for online transactions.

\begin{center}
\includegraphics[scale=0.6]{pics/tan1.jpg}\hspace{5mm}
\includegraphics[scale=0.2]{pics/tan2.jpg}
\end{center}

\pause
Or nowadays by SMS (restricts the validity of the numbers) or with a secure generator

\begin{center}
\includegraphics[scale=0.08]{pics/pinsentry.jpg}
\end{center}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Two-Factor Authentication\end{tabular}}

\begin{itemize}
\item<1->What assets are you trying to protect?\\
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Your bank account.\end{tabular}}
\item<2->What are the risks to these assets?\\
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
Nowadays pretty high risk.\end{tabular}}
\item<3->How well does the security solution mitigate those risks?\\
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
It prevents problems when passwords are stolen. Man-in-the-middle attacks 
still possible.\end{tabular}}
\item<4->What other risks does the security solution cause?
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Your mobile phone or credit card/pin might 
be stolen. SIM card becomes more valuable.\end{tabular}}
\item<5->What costs and trade-offs does the security solution impose?
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 
Banks need to establish an infrastructure. For you it might be inconvenient.\end{tabular}}
\item<7>[]{\bf\large Yes!}
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals\end{tabular}}

According to Ross Anderson: ``\ldots is a tamper-indicating device 
designed to leave non-erasable, unambiguous evidence of unauthorized 
entry or tampering.''

\begin{center}
\includegraphics[scale=0.45]{pics/seal.jpg}
\end{center}\mbox{}\\[-12mm]

They also need some quite sophisticated policies (seal regiment).
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Security Seals (2)\end{tabular}}

\begin{itemize}
\item at the Argonne National Laboratory they tested 244 different security seals
\begin{itemize}
\item meantime to break the seals for a trained person: 100 s 
\item including 19\% that were used for safeguard of nuclear material
\end{itemize}\bigskip

\item Andrew Appel defeated all security seals which were supposed to keep 
voting machines safe
\end{itemize}


\only<2>{
\begin{textblock}{11}(1,1)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
{\normalsize
\begin{minipage}{11cm}\raggedright\small
\begin{center}
\includegraphics[scale=0.25]{pics/appelseals.jpg}
\end{center}
\begin{center}
\begin{minipage}{10.5cm}
\begin{itemize}
\item The tamper-indicating tape can be lifted using a heat gun.
\item The security screw cap can be removed using a screwdriver, then the
serial-numbered top can be replaced (undamaged) onto a fresh (unnumbered) base.
\item The wire seal can be defeated using a \#4 wood screw.
\item The plastic strap seal can be picked using a jeweler's screwdriver.
\end{itemize}
\end{minipage}
\end{center}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Example: Security Seals\end{tabular}}

\begin{itemize}
\item<1->What assets are you trying to protect?\\
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Voting machines, doors.\end{tabular}}
\item<2->What are the risks to these assets?\\
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright Casual thieves, insider attacks.\end{tabular}}
\item<3->How well does the security solution mitigate those risks?\\
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
Needs a quite complicated security regiment.\end{tabular}}
\item<4->What other risks does the security solution cause?
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You might not notice tampering.\end{tabular}}
\item<5->What costs and trade-offs does the security solution impose?
\only<5>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright 
The ``hardware'' is cheap, but indirect costs can be quite high.\end{tabular}}
\item<7>[]{\bf\large No!} {\textcolor{gray}{Though in some areas they work: airports, swimming pools, \ldots}}
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Ex: Security-by-Obscurity\end{tabular}}

You might think it is a good idea to keep a security relevant algorithm or 
software secret.

\begin{itemize}
\item<1->What assets are you trying to protect?\\
\only<1>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}Source code, an algorithm and things that depend on it\end{tabular}}
\item<2->What are the risks to these assets?\\
\only<2>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
Can be pretty high (Oystercards).\end{tabular}}
\item<3->How well does the security solution mitigate those risks?\\
\only<3>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright
Not really. The source code can be reverse engineered, stolen, coerced \ldots{}\end{tabular}}
\item<4->What other risks does the security solution cause?
\only<4>{\begin{tabular}{@{\hspace{1cm}}p{9cm}}\raggedright You prevent
scrutiny and independent advice. You also more likely than not to
get it wrong.\end{tabular}}
\item<5>[]{\bf\large No!}
\end{itemize}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}

What are the security requirements of a voting system?\bigskip

\begin{itemize}
\item<2->Integrity 
\item<3->Ballot Secrecy
\item<5->Voter Authentication
\item<6->Enfranchisement
\item<7->Availability
\end{itemize}

\only<2>{
\begin{textblock}{5.5}(8,5)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] 
{\small
\begin{minipage}{5cm}\raggedright
\begin{center}
\begin{minipage}{4.5cm}
\begin{itemize}
\item The outcome matches with the voters' intend.
\item There might be gigantic sums at stake and need to be defended against.
\end{itemize}
\end{minipage}
\end{center}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\only<4>{
\begin{textblock}{5.5}(8,5)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] 
{\small
\begin{minipage}{5cm}\raggedright
\begin{center}
\begin{minipage}{4.5cm}
\begin{itemize}
\item Nobody can find out how you voted.
\item (Stronger) Even if you try, you cannot prove how you voted.
\end{itemize}
\end{minipage}
\end{center}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\only<5>{
\begin{textblock}{5.5}(8,5)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] 
{\small
\begin{minipage}{5cm}\raggedright
\begin{center}
\begin{minipage}{4.5cm}
\begin{itemize}
\item Only authorised voters can vote up to the permitted number of votes.
\end{itemize}
\end{minipage}
\end{center}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\only<6>{
\begin{textblock}{5.5}(8,5)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] 
{\small
\begin{minipage}{5cm}\raggedright
\begin{center}
\begin{minipage}{4.5cm}
\begin{itemize}
\item Authorised voters should have the opportunity to vote.
\end{itemize}
\end{minipage}
\end{center}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\only<7>{
\begin{textblock}{5.5}(8,5)
\begin{tikzpicture}
\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] 
{\small
\begin{minipage}{5cm}\raggedright
\begin{center}
\begin{minipage}{4.5cm}
\begin{itemize}
\item The voting system should accept all authorised votes and produce results in a timely manner.
\end{itemize}
\end{minipage}
\end{center}
\end{minipage}};
\end{tikzpicture}
\end{textblock}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}


\begin{center}
\includegraphics[scale=2.5]{pics/ballotbox.jpg}
\end{center}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}


\begin{center}\large
\begin{tabular}{rcl}
Integrity & vs. & Ballot Secrecy\bigskip\\
Authentication & vs. &Enfranchisement   
\end{tabular}
\end{center}\bigskip\bigskip\pause

Further constraints:

\begin{itemize}
\item costs
\item accessibility
\item convenience
\item intelligibility 
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}


\begin{itemize}
\item The Netherlands between 1997 - 2006 had electronic voting machines\\
\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)}

\item Germany had used them in pilot studies\\ 
\textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting
on the grounds of not being understandable by the general public)}

\item UK used optical scan voting systems in a few polls
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}}

\mbox{}\\[-12mm]
\begin{itemize}
\item US used mechanical machines since the 30s, later punch cards, now DREs and 
optical scan voting machines \textcolor{gray}{(fantastic ``ecosystem'' for study)}

\item Estonia used in 2007 the Internet for national elections 
\textcolor{gray}{(there were earlier pilot studies in other countries)}

\item India uses e-voting devices  since at least 2003\\
\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)}

\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected)
\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)}
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}


\begin{itemize}
\item Athenians
\begin{itemize}
\item show of hands
\item ballots on pieces of pottery
\item different colours of stones
\item ``facebook''-like authorisation 
\end{itemize}\bigskip

\textcolor{gray}{problems with vote buying / no ballot privacy}\bigskip


\item French Revolution and the US Constitution got things ``started'' with 
paper ballots (you first had to bring your own; later they were pre-printed by parties)
\end{itemize}
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}}

Security policies involved with paper ballots:

\begin{enumerate}
\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing)
\item you need to guard the ballot box during the poll until counting
\item tallied by a team at the end of the poll (independent observers) 
\end{enumerate}

\begin{center}
\includegraphics[scale=1.5]{pics/ballotbox.jpg}
\end{center}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Paper Ballots\end{tabular}}

What can go wrong with paper ballots?

\only<2>{
\begin{center}
\includegraphics[scale=0.8]{pics/tweet.jpg}\\
\footnotesize William M.~Tweed, US Politician in 1860's\\
``As long as I count the votes, what are you going to do about it?''
\end{center}}

\only<3>{
\medskip
\begin{center}
\begin{minipage}{10cm}
{\bf Chain Voting Attack}
\begin{enumerate}
\item you obtain a blank ballot and fill it out as you want
\item you give it to a voter outside the polling station
\item voter receives a new blank ballot
\item voter submits prefilled ballot
\item voter gives blank ballot to you, you give money
\item goto 1
\end{enumerate}
\end{minipage}
\end{center}
}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}}

\begin{itemize}
\item<1-> Lever Voting Machines (ca.~1930 - 1990)
\only<1>{
\begin{center}
\includegraphics[scale=0.56]{pics/leavermachine.jpg}
\end{center}
}
\item<2->Punch Cards (ca.~1950 - 2000)
\only<2>{
\begin{center}
\includegraphics[scale=0.5]{pics/punchcard1.jpg}\;\;
\includegraphics[scale=0.46]{pics/punchcard2.jpg}
\end{center}
}
\end{itemize}



\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[t]
\frametitle{\begin{tabular}{@ {}c@ {}}Electronic Voting Machines\end{tabular}}

\begin{center}
\begin{tabular}{c}
\includegraphics[scale=0.45]{pics/dre1.jpg}\; 
\includegraphics[scale=0.40]{pics/dre2.jpg}\\\hline\\
\includegraphics[scale=0.5]{pics/opticalscan.jpg} 
\end{tabular}
\end{center}

\only<1->{
\begin{textblock}{5.5}(1,4)
DREs
\end{textblock}}
\only<1->{
\begin{textblock}{5.5}(1,11)
Optical Scan
\end{textblock}}

\only<2>{
\begin{textblock}{5.5}(0.5,14.5)
all are computers
\end{textblock}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}DREs\end{tabular}}

Direct-recording electronic voting machines\\ 
(votes are recorded for example memory cards)

typically touchscreen machines

usually no papertrail (hard to add: ballot secrecy)

\begin{center}
\includegraphics[scale=0.56]{pics/dre1.jpg}
\end{center}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}

The work by J.~Alex Halderman:

\begin{itemize}
\item acquired a machine from an anonymous source\medskip
\item the source code running the machine was tried to keep secret\medskip\pause

\item first reversed-engineered the machine (extremely tedious)
\item could completely reboot the machine and even install a virus that infects other Diebold machines
\item obtained also the source code for other machines
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}}

What could go wrong?\pause \;\;Failure-in-depth.\bigskip\pause

A non-obvious problem:

\begin{itemize}
\item you can nowadays get old machines, which still store old polls

\item the paper ballot box needed to be secured during the voting until counting;
e-voting machines need to be secured during the entire life-time  
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Paper Trail\end{tabular}}

Conclusion:\\ Any electronic solution should have a paper trail.

\begin{center}
\begin{tabular}{c}
\includegraphics[scale=0.5]{pics/opticalscan.jpg} 
\end{tabular}
\end{center}\pause

You still have to solve problems about
Voter registration, voter authentification, guarding against tampering

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting in India\end{tabular}}

Their underlying engineering principle is ``keep-it-simple'':

\begin{center}
\begin{tabular}{c}
\includegraphics[scale=1.05]{pics/indiaellection.jpg}\;\;
\includegraphics[scale=0.40]{pics/india1.jpg}
\end{tabular}
\end{center}\medskip\pause

Official claims: ``perfect'', ``tamperproof'', ``no need for technical improvements'' , ``infallible'' 
\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{@ {}c@ {}}Lessons to be Learned\end{tabular}}

\begin{itemize}
\item keep a paper trail and design your system to keep this secure\medskip
\item make the software open source (avoid security-by-obscurity))\medskip
\item have a simple design in order to minimise the attack surface
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]

\begin{center}
\includegraphics[scale=0.56]{pics/Voting1.png}
\end{center}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]

\begin{center}
\includegraphics[scale=0.56]{pics/Voting2.png}
\end{center}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]

\begin{center}
\includegraphics[scale=0.56]{pics/Voting3.png}
\end{center}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]

\begin{center}
\includegraphics[scale=0.56]{pics/Voting4.png}
\end{center}


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%   


\end{document}

%%% Local Variables:  
%%% mode: latex
%%% TeX-master: t
%%% End: