# HG changeset patch # User Christian Urban # Date 1416756872 0 # Node ID 7ae9a893b76f8eb2cb397d4ac3b054d2f285b476 # Parent 03da67991ff08a7ee263b3833f737a588822ac9c updated diff -r 03da67991ff0 -r 7ae9a893b76f handouts/ho02.pdf Binary file handouts/ho02.pdf has changed diff -r 03da67991ff0 -r 7ae9a893b76f handouts/ho02.tex --- a/handouts/ho02.tex Sat Nov 22 00:46:18 2014 +0000 +++ b/handouts/ho02.tex Sun Nov 23 15:34:32 2014 +0000 @@ -58,12 +58,19 @@ punch cards, now DREs and optical scan voting machines. But there is a lot of evidence that DREs and optical scan voting machines are not as secure as they should - be. + be. Some states experiment with Internet voting, but + all experiments have been security failures. \item Estonia used since 2007 the Internet for national elections. There were earlier pilot studies for voting via Internet in other countries. +\item The Australian parliament ruled in 2014 that e-voting is + highly vulnerable to hacking and will not use it any time + soon. That is because it is still not as secret and + secure as paper ballots, the parliamentary committee + in charge concluded. + \item India uses e-voting devices since at least 2003. They use ``keep-it-simple'' machines produced by a government owned company. @@ -470,13 +477,23 @@ \noindent At the beginning she describes the complete break-in by the group of Alex Halderman at the try-out voting at -Washington D.C. Halderman's amusing paper including pictures -is at +Washington D.C. Halderman's amusing paper about this break in +including pictures is at \begin{center} \url{https://jhalderm.com/pub/papers/dcvoting-fc12.pdf} \end{center} +\noindent +Two researchers from Galois, Inc., present an interesting +attack against home routers which silently alters pdf-based +voting ballots. This shows that the vote submission via +an unencrypted pdf-file is highly unsafe. + +\begin{center} +\url{http://galois.com/wp-content/uploads/2014/11/technical-hack-a-pdf.pdf} +\end{center} + \end{document} %%% Local Variables: diff -r 03da67991ff0 -r 7ae9a893b76f hws/hw01.pdf Binary file hws/hw01.pdf has changed diff -r 03da67991ff0 -r 7ae9a893b76f hws/hw01.tex --- a/hws/hw01.tex Sat Nov 22 00:46:18 2014 +0000 +++ b/hws/hw01.tex Sun Nov 23 15:34:32 2014 +0000 @@ -32,6 +32,14 @@ Think of ways how you can cheat in this exam? How would you defend against such cheats. +\item Here is another puzzle where you can practice thinking like an + attacker: Consider modern car keys. They wirelessly open and close + the central locking system of the car. Whenever you lock the car, + the car ``responds'' by flashing the indicator lights. Can you think + of a security relevant purpose for that? (Hint: Imagine you are in + the business of stealing cars. What attack would be easier to + perform if the lights do not flash?) + \item Explain what hashes and salts are. Describe how they can be used for ensuring data integrity and storing password information.