# HG changeset patch # User Christian Urban # Date 1412040136 -3600 # Node ID 0379bd6f3d21769af2ae80a0242cc1873a48957a # Parent f7aa15984301915b3394188e94990e4673ddbddb updated diff -r f7aa15984301 -r 0379bd6f3d21 slides/slides02.pdf Binary file slides/slides02.pdf has changed diff -r f7aa15984301 -r 0379bd6f3d21 slides/slides02.tex --- a/slides/slides02.tex Mon Sep 29 21:11:06 2014 +0100 +++ b/slides/slides02.tex Tue Sep 30 02:22:16 2014 +0100 @@ -57,7 +57,7 @@ \end{bubble}\\[30mm] \only<2>{ -\begin{textblock}{11}(3,12) +\begin{textblock}{11}(3.5,12) \begin{tabular}{c} \includegraphics[scale=0.12]{pics/ariane.jpg}\\[-2mm] \footnotesize Murphy's computer @@ -76,27 +76,69 @@ \begin{frame}[c] \frametitle{Defence in Depth} -\bgein{center} +\begin{center}\small \pcode{urbanc:$6$3WWbKfr1$4vblknvGr6FcDeF92R5xFn3mskfdnEn...:...} \end{center} \begin{itemize} \item hashes help when password databases are leaked \item salts help with protecting against dictionary attacks + and help people who have the same password on different sites\medskip + +\item but they do not protect against a focused attack against a single + password and also do not make poorly chosen passwords any better +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Subtle Points} + +\begin{itemize} +\item in our web-application the salt needed to remain secret; + in password files the salt is public\bigskip + +\item the NYT has the ``resource'' unlocked at first + and locks it depending on the cookie data +\item our ``web-application'' has the resource locked at first, + and unlocks it depending on the cookie data \end{itemize} \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{How to Salt?} + +\begin{center}\tt\small +\begin{tabular}{lcl} +1salt & $\Rightarrow$ & 8189effef4d4f7411f4153b13ff72546dd682c69\\ +2salt & $\Rightarrow$ & 1528375d5ceb7d71597053e6877cc570067a738f\\ +3salt & $\Rightarrow$ & d646e213d4f87e3971d9dd6d9f435840eb6a1c06\\ +4salt & $\Rightarrow$ & 5b9e85269e4461de0238a6bf463ed3f25778cbba\\ +\end{tabular} +\end{center} + +\begin{itemize} +\item in Unix systems: \texttt{hash(salt + password)}, or even +\texttt{hash$^{\texttt{1500}}$(salt + password)} + +\end{itemize} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[c] \frametitle{Today's Lecture} \begin{center} -\begin{tabular}{cc} -\large online banking & \hspace{6mm}\large e-voting\\ -\textcolor{gray}{solved} & \hspace{6mm}\textcolor{gray}{unsolved}\\ +\begin{tabular}{ccc} +\large online banking & \hspace{3mm}\large{}vs\hspace{3mm} & \large e-voting\\ +\textcolor{gray}{solved} & & \textcolor{gray}{unsolved}\\ \end{tabular} \end{center} @@ -121,10 +163,7 @@ \only<2>{ \begin{textblock}{5.5}(8,5) -\begin{tikzpicture} -\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] -{\small -\begin{minipage}{5cm}\raggedright +\begin{bubble}[5cm]\small \begin{center} \begin{minipage}{4.5cm} \begin{itemize} @@ -133,16 +172,12 @@ \end{itemize} \end{minipage} \end{center} -\end{minipage}}; -\end{tikzpicture} +\end{bubble} \end{textblock}} \only<4>{ \begin{textblock}{5.5}(8,5) -\begin{tikzpicture} -\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] -{\small -\begin{minipage}{5cm}\raggedright +\begin{bubble}[5cm]\small \begin{center} \begin{minipage}{4.5cm} \begin{itemize} @@ -151,16 +186,12 @@ \end{itemize} \end{minipage} \end{center} -\end{minipage}}; -\end{tikzpicture} +\end{bubble} \end{textblock}} \only<5>{ \begin{textblock}{5.5}(8,5) -\begin{tikzpicture} -\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] -{\small -\begin{minipage}{5cm}\raggedright +\begin{bubble}[5cm]\small \begin{center} \begin{minipage}{4.5cm} \begin{itemize} @@ -168,16 +199,12 @@ \end{itemize} \end{minipage} \end{center} -\end{minipage}}; -\end{tikzpicture} +\end{bubble} \end{textblock}} \only<6>{ \begin{textblock}{5.5}(8,5) -\begin{tikzpicture} -\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] -{\small -\begin{minipage}{5cm}\raggedright +\begin{bubble}[5cm]\small \begin{center} \begin{minipage}{4.5cm} \begin{itemize} @@ -185,16 +212,12 @@ \end{itemize} \end{minipage} \end{center} -\end{minipage}}; -\end{tikzpicture} +\end{bubble} \end{textblock}} \only<7>{ \begin{textblock}{5.5}(8,5) -\begin{tikzpicture} -\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm, text centered] -{\small -\begin{minipage}{5cm}\raggedright +\begin{bubble}[5cm]\small \begin{center} \begin{minipage}{4.5cm} \begin{itemize} @@ -202,15 +225,13 @@ \end{itemize} \end{minipage} \end{center} -\end{minipage}}; -\end{tikzpicture} +\end{bubble} \end{textblock}} \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[t] \frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}} @@ -230,66 +251,143 @@ \item convenience \item intelligibility \end{itemize} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[t] -\frametitle{\begin{tabular}{@ {}c@ {}}Traditional Ballot Boxes\end{tabular}} - +\frametitle{Traditional Ballot Boxes} \begin{center} \includegraphics[scale=2.5]{pics/ballotbox.jpg} \end{center}\pause\bigskip -they need a ``protocol'' +mechanical, but they need a ``protocol'' + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame} +\frametitle{Motives for E-Voting} + +\begin{itemize} +\item 76\% of pensioners in the UK vote, but only 44\% of the under-25s\bigskip +\item convenience\bigskip +\item speed +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{E-Voting} -\end{frame}} +\begin{itemize} +\item The Netherlands between 1997 - 2006 had electronic voting + machines\\ \textcolor{gray}{(hacktivists had found: they can be + hacked and also emitted radio signals revealing how you voted)} + +\item Germany had used them in pilot studies\\ \textcolor{gray}{(in + 2007 a law suit has reached the highest court and it rejected + electronic voting on the grounds of not being understandable by the + general public)} + +\item UK used optical scan voting systems in a few test polls, but + abandoned any wide deployment +\end{itemize} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[t] -\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} +\frametitle{E-Voting} - +\mbox{}\\[-12mm] \begin{itemize} -\item The Netherlands between 1997 - 2006 had electronic voting machines\\ -\textcolor{gray}{(hacktivists had found: they can be hacked and also emitted radio signals revealing how you voted)} +\item US used mechanical machines since the 30s, later punch cards, + now DREs and optical scan voting machines + +\item Estonia used in 2007 the Internet for national elections + \textcolor{gray}{(there were earlier pilot studies in other + countries)} -\item Germany had used them in pilot studies\\ -\textcolor{gray}{(in 2007 a law suit has reached the highest court and it rejected electronic voting -on the grounds of not being understandable by the general public)} +\item India uses e-voting devices since at least + 2003\\ \textcolor{gray}{(``keep-it-simple'' machines produced by a + government owned company)} -\item UK used optical scan voting systems in a few polls +\item South Africa used software for its tallying in the 1993 + elections (when Nelson Mandela was elected) \textcolor{gray}{(they + found the tallying software was rigged, but they were able to + tally manually)} \end{itemize} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[t] -\frametitle{\begin{tabular}{@ {}c@ {}}E-Voting\end{tabular}} +\frametitle{E-Voting in Estonia} + +\begin{itemize} +\item worlds first general election that used internet voting (2007) +\item builds on the Estonian ID card (a smartcard like CC) +\item Internet voting can be used before the election (votes can be changed an +unlimited amount of times, last vote is tabulated, you can even change your +vote on the polling day in person) +\item in the 2011 parliamentary election 24\% voted via Internet\bigskip\pause + +\item needs to trust the integrity of voters' computers, + central server components and the election staff +\end{itemize} -\mbox{}\\[-12mm] -\begin{itemize} -\item US used mechanical machines since the 30s, later punch cards, now DREs and -optical scan voting machines +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] + +\footnotesize +\lstinputlisting[language=Python,xleftmargin=0mm]{../progs/estonia.py} + +\begin{textblock}{5.5}(7.8,0.5) +\begin{bubble}[5cm]\small +from \url{https://github.com/vvk-ehk/evalimine/} +\end{bubble} +\end{textblock} -\item Estonia used in 2007 the Internet for national elections -\textcolor{gray}{(there were earlier pilot studies in other countries)} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\item India uses e-voting devices since at least 2003\\ -\textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +E-Voting in \textbf{Theory} +\small +\begin{itemize} +\item Alice prepares and audits a ballot, then casts an encrypted + ballot, which requires her to authenticate to a server. + +\item A bulletin board posts Alice's name and encrypted ballot. + Anyone, including Alice, can check the bulletin board and find her + encrypted vote posted. -\item South Africa used software for its tallying in the 1993 elections (when Nelson Mandela was elected) -\textcolor{gray}{(they found the tallying software was rigged, but they were able to tally manually)} +\item When the election closes, all votes are shuffled and the system produces + a non-interactive proof of a correct shuffling. (zero-knowledge-proofs) + +\item After a reasonable complaint period to let auditors check the + shuffling, all shuffled ballots are decrypted, and the system provides + a decryption proof for each decrypted ballot. (zero-knowledge-proofs) + +\item Perform a tally of the decrypted votes. + +\item An auditor can download the entire election data and verify the + shuffle, decryptions and tally. \end{itemize} -\end{frame}} + +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[t] @@ -319,7 +417,7 @@ \begin{frame}[t] \frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}} -Security policies involved with paper ballots: +Security policies with paper ballots: \begin{enumerate} \item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing) @@ -336,7 +434,6 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] Which security requirements do paper ballots satisfy better than voice voting?\bigskip @@ -349,8 +446,8 @@ \item Availability \end{itemize} -\end{frame}} - +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ @@ -387,11 +484,9 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[t] -\frametitle{\begin{tabular}{@ {}c@ {}}Mechanical Voting Machines\end{tabular}} +\frametitle{\Large Mechanical Voting Machines} \begin{itemize} \item<1-> Lever Voting Machines (ca.~1930 - 1990) @@ -409,9 +504,7 @@ } \end{itemize} - - -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -469,7 +562,7 @@ \begin{frame}[c] \frametitle{\begin{tabular}{@ {}c@ {}}Diebold Machines\end{tabular}} -The work by J.~Alex Halderman: +Alex Halderman: \begin{itemize} \item acquired a machine from an anonymous source\medskip @@ -542,53 +635,73 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ -\begin{frame}<1-3>[c] +\begin{frame}[c] \frametitle{\begin{tabular}{@ {}c@ {}}Lessons Learned\end{tabular}} \begin{itemize} \item keep a paper trail and design your system to keep this secure\medskip -\item make the software open source (avoid security-by-obscurity)\\ -{\small\mbox{}\hfill source code for Estonian e-vote included\\ -\mbox{}\hfill\textcolor{blue}{\url{http://goo.gl/oRMHAI}}}\medskip +\item make the software open source (avoid security-by-obscurity)\medskip \item have a simple design in order to minimise the attack surface -\end{itemize} +\end{itemize}\pause -\only<2>{ -\begin{textblock}{9}(3.4,7) -\begin{tikzpicture} -\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] -{\normalsize\color{darkgray} -\begin{minipage}{9cm}\consolas\small -def analyze(ik, vote, votebox):\\ -\\ - \# TODO: implement security checks\\ - \# such as verifying the correct size\\ - \# of the encrypted vote\\ -\\ - return [] -\end{minipage}}; -\end{tikzpicture} -\end{textblock}} +But overall in times of NSA/state sponsered cyber-crime, e-voting is too +hard with current technology. -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[c] -\frametitle{Online Banking vs.~E-Voting} +\frametitle{\Large Online Banking vs.~E-Voting} \begin{itemize} -\item online banking: if fraud occurred you try to identify who did what (somebody's account got zero)\bigskip -\item e-voting: some parts can be done electronically, but not the actual voting (final year project: online voting) +\item online banking: if fraud occurred you try to identify who did + what (somebody's account got zero)\bigskip +\item e-voting: some parts can be done electronically, but not the + actual voting +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Student In-Lecture Polling} + +\begin{center} +\includegraphics[scale=0.3]{pics/clicker.png} +\end{center} + +\begin{itemize} +\item guaranties anonymity +\item integrity by electronic means\bigskip + +\item how to achieve the same in ``software''? \end{itemize} -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[c] +\frametitle{Anonymity} +\begin{itemize} +\item anonymity through one-time pads +\begin{center} +\includegraphics[scale=0.3]{pics/tan.jpg} +\end{center}\bigskip\pause + +\item solving the problem of distribution +\begin{center} +\includegraphics[scale=0.3]{pics/bulletin.jpg} +\end{center} + +\end{itemize} + +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ @@ -637,6 +750,7 @@ \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c]