Binary file handouts/ho01.pdf has changed
--- a/handouts/ho01.tex Fri Nov 21 14:40:11 2014 +0000
+++ b/handouts/ho01.tex Fri Nov 21 22:21:30 2014 +0000
@@ -205,8 +205,8 @@
GET request for a particular page to a server. The server
answers this request with a webpage in HTML (for our purposes
we can ignore the details about HTML). A simple JavaScript
-program that realises a server answering with a ``hello
-world'' webpage is as follows:
+program that realises a server answering with a ``Hello
+World'' webpage is as follows:
\begin{center}
\lstinputlisting{../progs/ap0.js}
@@ -593,7 +593,7 @@
password cracking:
\begin{center}
-http://xkcd.com/538/
+\url{http://xkcd.com/538/}
\end{center}
\noindent
Binary file handouts/ho02.pdf has changed
--- a/handouts/ho02.tex Fri Nov 21 14:40:11 2014 +0000
+++ b/handouts/ho02.tex Fri Nov 21 22:21:30 2014 +0000
@@ -238,7 +238,7 @@
seem to be ignoring this basic premise.\bigskip
\noindent After the debacle of the Florida presidential
-election in 2000, many voting precincts in the US used
+election in 2000, many voting pre\-cincts in the US used
Direct-Recording Electronic voting machines (DREs) or optical
scan machines. One popular model of DREs was sold by a
company called Diebold. In hindsight they were a complete
@@ -250,7 +250,7 @@
it does not give any guaranty about what is recorded on
the memory card.
-The machines behind these DREs were ``normal'' windows
+The machines behind these DREs were ``normal'' Windows
computers, which could be used for anything, for example for
changing votes. Why did nobody at Diebold think of that? I
have no idea. But that this was eventually done undetectably
@@ -273,16 +273,16 @@
\end{figure}
What made matters worse was that Diebold tried to hide their
-incompetency and the inferiority of their products, by
+incompetence and the inferiority of their products by
requiring that election counties must not give the machines up
-for independent review. They also kept their source secret.
-This meant Halderman and his group had to obtain a machine not
-through the official channels. They then had to reverse
-engineer the source code in order to design their attack. What
-this all showed is that a shady security design is no match to
-a determined hacker.
+for independent review. They also kept their source code
+secret. This meant Halderman and his group had to obtain a
+machine not through the official channels. They then had to
+reverse engineer the source code in order to design their
+attack. What all this showed is that a shady security design
+is no match for a determined hacker.
-Apart from the obvious failings (for example no papertrail),
+Apart from the obvious failings (for example no paper trail),
this story also told another side. While a paper ballot box
need to be kept secure from the beginning of the election
(when it needs to be ensured it is empty) until the end of the
@@ -290,18 +290,18 @@
whole year. The reason is of course that one cannot see
whether somebody has tampered with the program a computer is
running. Such a 24/7 security is costly and often even
-impossible, because voting machines need to be distributed
-usually the day before the election to the polling stations.
-These are often schools where the voting machines are kept
-unsecured overnight. The obvious solution of putting seals on
-computers did not work: in the process of getting these DREs
-discredited (involving court cases) it was shown that seals
-can easily be circumvented. The moral of this story is that
-election officials were incentivised with money by the central
-government to obtain new voting equipment and in the process
-fell prey to pariahs which sold them a substandard product.
-Diebold was not the only pariah in this area, but one of the
-more notorious ones.
+impossible, because voting machines need to be
+distributed---usually the day before the election---to the
+polling stations. These are often schools where the voting
+machines are kept unsecured overnight. The obvious solution of
+putting seals on computers did not work: in the process of
+getting these DREs discredited (involving court cases) it was
+shown that seals can easily be circumvented. The moral of this
+story is that election officials were incentivised with money
+by the central government to obtain new voting equipment and
+in the process fell prey to pariahs which sold them a
+substandard product. Diebold was not the only pariah in this
+area, but one of the more notorious ones.
Optical scan machines are slightly better from a security
point of view but by no means good enough. Their main idea
@@ -319,8 +319,8 @@
which could not be used for anything else. Having a bespoke
device is a good security engineering decision because it
makes the attack surface much smaller. If you have a
-full-fledged computer behind your system, then you can do
-everything a computer can do\ldots{}and that is a lot,
+full-fledged computer behind your voting system, then you can
+do everything a computer can do\ldots{}and that is a lot,
including a lot of abuse. What was bad about the devices in
India was that these machines did not have the important paper
trail: that means if an election was tampered with, nobody
@@ -332,7 +332,7 @@
\noindent This brings us to the case of Estonia, which held in
-2007 the worlds first general election that used Internet.
+2007 the worlds first general election that used the Internet.
Again their solution made some good choices: for example voter
authentication is done via the Estonian ID card, which
contains a chip like on credit cards. They also made most of
@@ -343,12 +343,12 @@
{\footnotesize\lstinputlisting[language=Python,numbers=none]
{../progs/estonia.py}}
-\noindent If you want to have a look their code can be
+\noindent If you want to have a look at their code it can be
downloaded from their github
repository.\footnote{\url{https://github.com/vvk-ehk/evalimine/}}
Also their system is designed such that Internet voting is
used before the election: votes can be changed an unlimited
-amount of times, always the last vote is tabulated, you can
+amount of times; always the last vote is tabulated. You can
even change your vote on the polling day in person. This is an
important security mechanism guarding against vote coercion,
which of course is an important problem if you are allowed to
@@ -408,7 +408,7 @@
data and verify the shuffle, decryptions and tally.
\end{enumerate}
-\noindent As you can see the whole process is not trivial at
+\noindent As you can see, the whole process is not trivial at
all and leaves out a number of crucial details (such as how to
best distribute public keys for encryption). It even depends
on a highly sophisticated process called
@@ -422,11 +422,11 @@
The point of these theoretical/hot-air musings is to show that
such an e-voting procedure is far from convenient: it takes
-much more time to allow, for example, for scrutinising whether
-the votes were cast correctly. Very likely it will also not
-pass the benchmark of being understandable to Joe Average.
-This was a standard a court rules that needs to be passed in
-the German election process.
+much more time to allow, for example, scrutinising whether the
+votes were cast correctly. Very likely it will also not pass
+the benchmark of being understandable to Joe Average. This was
+a standard, a high court ruled, that needs to be passed in the
+German election process.
The overall conclusion is that an e-voting process involving
the Internet cannot be made secure with current technology.
--- a/handouts/ho07.tex Fri Nov 21 14:40:11 2014 +0000
+++ b/handouts/ho07.tex Fri Nov 21 22:21:30 2014 +0000
@@ -392,6 +392,7 @@
https://www.cs.purdue.edu/homes/ctask/pdfs/CERIAS_Presentation.pdf
http://www.futureofprivacy.org/wp-content/uploads/Differential-Privacy-as-a-Response-to-the-Reidentification-Threat-Klinefelter-and-Chin.pdf
http://www.cis.upenn.edu/~aaroth/courses/slides/Overview.pdf
+http://www.cl.cam.ac.uk/~sjm217/papers/tor14design.pdf
%%% Local Variables:
%%% mode: latex
Binary file handouts/ho08.pdf has changed