# HG changeset patch # User Christian Urban # Date 1475597401 -3600 # Node ID ddf7315450c9432b283f3c5d78231c26aa579f21 # Parent 76f9457b8f51f365247600b603c040f371ac4137 updated diff -r 76f9457b8f51 -r ddf7315450c9 handouts/ho02.pdf Binary file handouts/ho02.pdf has changed diff -r 76f9457b8f51 -r ddf7315450c9 handouts/ho02.tex --- a/handouts/ho02.tex Tue Oct 04 13:44:05 2016 +0100 +++ b/handouts/ho02.tex Tue Oct 04 17:10:01 2016 +0100 @@ -3,18 +3,8 @@ \usepackage{../langs} \begin{document} -\fnote{\copyright{} Christian Urban, 2014, 2015} +\fnote{\copyright{} Christian Urban, 2014, 2015, 2016} -%https://www.usenix.org/sites/default/files/conference/protected-files/jets15_slides_epstein.pdf -% -%Jeremy Epstein, SRI International -% -%In April 2015, the US Commonwealth of Virginia decertified the Advanced Voting -%Solutions (AVS) WinVote voting machine, after concluding that it was insecure. -%This talk presents the results of Virginia's analysis of the WinVote, and -%explores how we got to the point where a voting machine using an unpatched -%version of Windows XP from 2004, using hardwired WEP keys and administrator -%passwords, could be used for over a decade in most of Virginia. %% second angle of the problem %Jonathan Zittrain is interested in algorithmic accountability, @@ -103,7 +93,7 @@ scan voting machines are not as secure as they should be. Some states experimented with Internet voting, but all experiments have been security failures. One - exceptional election happened just after hurrican Sandy + exceptional election happened just after hurricane Sandy in 2012 when some states allowed emergency electronic voting. Voters downloaded paper ballots and emailed them back to election officials. @@ -155,14 +145,14 @@ \noindent The abstract says: \begin{quote}\it -In April 2015, the US Commonwealth of Virginia decertified the +``In April 2015, the US Commonwealth of Virginia decertified the Advanced Voting Solutions (AVS) WinVote voting machine, after concluding that it was insecure. This talk presents the results of Virginia's analysis of the WinVote, and explores how we got to the point where a voting machine using an unpatched version of Windows XP from 2004, using hardwired WEP keys and administrator passwords, could be used for over a -decade in most of Virginia. +decade in most of Virginia.'' \end{quote} The reason that e-voting is such a hard problem is that we @@ -372,7 +362,7 @@ for independent review. They also kept their source code secret. This meant Halderman and his group could not obtain a machine through the official channels, but whoever could hope -that revented them from obtaining a machine? Ok, they got one. +that prevented them from obtaining a machine? Ok, they got one. They then had to reverse engineer the source code in order to design an attack. What all this showed is that a shady security design is no match for a determined hacker. @@ -542,7 +532,7 @@ can be made reasonably secure and fraud-safe. That does not mean there are no problems with online banking. But with enough thought, they can usually be overcome with technology -we have currently avialable. This is different with e-voting: +we have currently available. This is different with e-voting: even the best have not come up with something workable yet. diff -r 76f9457b8f51 -r ddf7315450c9 hws/hw02.pdf Binary file hws/hw02.pdf has changed diff -r 76f9457b8f51 -r ddf7315450c9 hws/hw02.tex --- a/hws/hw02.tex Tue Oct 04 13:44:05 2016 +0100 +++ b/hws/hw02.tex Tue Oct 04 17:10:01 2016 +0100 @@ -45,10 +45,11 @@ Why is this a problem? -\item Voice voting is the method of casting a vote in the `open air' for everyone -present to hear. Which of the following security requirements do paper ballots -satisfy \textbf{better} than voice voting? Check all that apply and give a brief explanation -for your decision. +\item Voice voting is the method of casting a vote in the `open air' + for everyone present to hear. Which of the following security + requirements do paper ballots satisfy \textbf{better} than voice + voting? Check all that apply and give a brief explanation for your + decision. \begin{itemize} \item[$\Box$] Integrity @@ -81,6 +82,11 @@ tabulated. You can even change your vote on the polling day in person. Which security requirement does this procedure address? +\item Paper ballots boxes ned to be guarded on the voting day, but + can be unguarded the rest of the year. Why do pure electronic voting + machines need to be guarded the whole year? + + \item What is the main difference between online banking and e-voting? (Hint: Why is the latter so hard to get secure?) diff -r 76f9457b8f51 -r ddf7315450c9 hws/hw03.pdf Binary file hws/hw03.pdf has changed diff -r 76f9457b8f51 -r ddf7315450c9 hws/hw03.tex --- a/hws/hw03.tex Tue Oct 04 13:44:05 2016 +0100 +++ b/hws/hw03.tex Tue Oct 04 17:10:01 2016 +0100 @@ -16,14 +16,17 @@ \item Why is it crucial for a buffer overflow attack that the stack grows from higher addresses to lower ones? -\item If the attacker uses a buffer overflow attack in order to -inject code, why can this code not contain any zero bytes? +\item What does it mean for the stack to be executable and why is this + important for a buffer overflow attack? + +\item If the attacker uses a buffer overflow attack in order to inject + code, why can this code not contain any zero bytes? \item How does a stack canary help with preventing a buffer-overflow attack? -\item Why does randomising the addresses from where programs - are run help defending against buffer overflow attacks? +\item Why does randomising the addresses from where programs are run + help defending against buffer overflow attacks? \item What is a format string attack? @@ -37,9 +40,9 @@ overflow attacks? (Hint: Why are C-programs prone to such attacks, but not Java programs.) -\item When filling the buffer that is attacked with a -payload (starting a shell), what is the purpose of -padding the string at the beginning with NOP-instructions. +\item When filling the buffer that is attacked with a payload + (starting a shell), what is the purpose of padding the string at the + beginning with NOP-instructions. \item \POSTSCRIPT \end{enumerate} diff -r 76f9457b8f51 -r ddf7315450c9 slides/slides02.pdf Binary file slides/slides02.pdf has changed diff -r 76f9457b8f51 -r ddf7315450c9 slides/slides02.tex --- a/slides/slides02.tex Tue Oct 04 13:44:05 2016 +0100 +++ b/slides/slides02.tex Tue Oct 04 17:10:01 2016 +0100 @@ -319,6 +319,22 @@ \textcolor{gray}{(there were earlier pilot studies in other countries)} +\item The Australian parliament ruled in 2014 that e-voting + is highly vulnerable to hacking and will not use it any time soon. + +\item Norway experimented with Internet voting, but e-voting is an incredibly + difficult problem, even in such favourable circumstances\ldots + \textcolor{gray}{(voter turnout did not really increase)} +\end{itemize} +\end{frame} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\begin{frame}[t] +\frametitle{E-Voting} + +\mbox{}\\[-12mm] +\begin{itemize} \item India uses e-voting devices since at least 2003\\ \textcolor{gray}{(``keep-it-simple'' machines produced by a government owned company)} @@ -331,6 +347,8 @@ \end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{frame}[t] \frametitle{E-Voting in Estonia} @@ -416,15 +434,16 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\mode{ \begin{frame}[t] -\frametitle{\begin{tabular}{@ {}c@ {}}Ballot Boxes\end{tabular}} +\frametitle{Ballot Boxes} Security policies with paper ballots: \begin{enumerate} -\item you need to check that the ballot box is empty at the start of the poll / no false bottom (to prevent ballot stuffing) -\item you need to guard the ballot box during the poll until counting +\item you need to check that the ballot box is empty at the start of + the poll / no false bottom (to prevent ballot stuffing) +\item you need to guard the ballot box during the poll until counting\\ + {\footnotesize(\url{https://www.youtube.com/watch?v=uPO1swQVMoc&spfreload=10})} \item tallied by a team at the end of the poll (independent observers) \end{enumerate} @@ -432,8 +451,7 @@ \includegraphics[scale=1.5]{../pics/ballotbox.jpg} \end{center} - -\end{frame}} +\end{frame} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%