Binary file handouts/ho01.pdf has changed

--- a/handouts/ho01.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/handouts/ho01.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -30,6 +30,9 @@
 They just can't help it.''
 \end{quote}
 
+\noindent
+and
+
 \begin{quote}
 \it ``Security engineering\ldots requires you to think
 differently. You need to figure out not how something works,
@@ -45,16 +48,16 @@
 \noindent In this module I like to teach you this security
 mindset. This might be a mindset that you think is very
 foreign to you---after all we are all good citizens and not
-hack into things. I beg to differ: You have this mindset
-already when in school you were thinking, at least
+hack into things. However, I beg to differ: You have this
+mindset already when in school you were thinking, at least
 hypothetically, about ways in which you can cheat in an exam
 (whether it is by hiding notes or by looking over the
 shoulders of your fellow pupils). Right? To defend a system,
-you need to have this kind of mindset and be able to think like
-an attacker. This will include understanding techniques that
-can be used to compromise security and privacy in systems.
-This will many times result in insights where well-intended
-security mechanisms made a system actually less
+you need to have this kind of mindset and be able to think
+like an attacker. This will include understanding techniques
+that can be used to compromise security and privacy in
+systems. This will many times result in insights where
+well-intended security mechanisms made a system actually less
 secure.\medskip
 
 \noindent 
@@ -162,7 +165,10 @@
 secure and it must have been the customer's fault, was bogus.
 In 2009 the law changed and the burden of proof went back to
 the banks. They need to prove whether it was really the
-customer who used a card or not.
+customer who used a card or not. The current state of affairs,
+however, is that standing up for your right requires you 
+to be knowledgeable\ldots{}if not, the banks are happy to 
+take advantage of you.
 
 This is a classic example where a security design principle
 was violated: Namely, the one who is in the position to
@@ -225,7 +231,9 @@
 executed whenever a browser initiates such a GET request. You
 can run this program on your computer and then direct a
 browser to the address \pcode{localhost:8000} in order to
-simulate a request over the internet.
+simulate a request over the internet. You are encouraged
+to try this out\ldots{}theory is always good, but practice is 
+better.
 
 
 For our web-application of interest is the feature that the
@@ -302,18 +310,14 @@
 resistance}. Cryptographic hash functions also ensure that
 given a message and a hash, it is computationally infeasible to
 find another message with the same hash. This is called
-\emph{collusion resistance}. Because of these properties hash
+\emph{collusion resistance}. Because of these properties, hash
 functions are often called \emph{one-way functions}: you
 cannot go back from the output to the input (without some
 tricks, see below). 
 
-
-
-
-
-There are several such
-hashing function. For example SHA-1 would hash the string
-\pcode{"hello world"} to produce the hash-value
+There are several such hashing function. For example SHA-1
+would hash the string \pcode{"hello world"} to produce the
+hash-value
 
 \begin{center}
 \pcode{2aae6c35c94fcfb415dbe95f408b9ce91ee846ed}
@@ -342,26 +346,25 @@
 \pcode{1-356a192b7913b04c54574d18c28d46e6395428ab}
 \end{center}
 
-\noindent If we now read back the
-cookie when the client visits our webpage, we can extract the
-counter, hash it again and compare the result to the stored
-hash value inside the cookie. If these hashes disagree, then
-we can deduce that the cookie has been tampered with.
-Unfortunately, if they agree, we can still not be entirely
-sure that not a clever hacker has tampered with the cookie.
-The reason is that the hacker can see the clear text part of
-the cookie, say \pcode{3}, and also its hash. It does not take
-much trial and error to find out that we used the SHA-1
-hashing function and then the hacker can graft a cookie
-accordingly. This is eased by the fact that for SHA-1 many
-strings and corresponding hash-values are precalculated. Type,
-for example, into Google the hash value for \pcode{"hello
-world"} and you will actually pretty quickly find that it was
-generated by input string \pcode{"hello world"}. Similarly for
-the hash-value for \pcode{1}. This defeats the purpose of a
-hashing function and thus would not help us with our
-web-applications and later also not with how to store
-passwords properly. 
+\noindent If we now read back the cookie when the client
+visits our webpage, we can extract the counter, hash it again
+and compare the result to the stored hash value inside the
+cookie. If these hashes disagree, then we can deduce that the
+cookie has been tampered with. Unfortunately, if they agree,
+we can still not be entirely sure that not a clever hacker has
+tampered with the cookie. The reason is that the hacker can
+see the clear text part of the cookie, say \pcode{3}, and also
+its hash. It does not take much trial and error to find out
+that we used the SHA-1 hashing function and then the hacker
+can graft a cookie accordingly. This is eased by the fact that
+for SHA-1 many strings and corresponding hash-values are
+precalculated. Type, for example, into Google the hash value
+for \pcode{"hello world"} and you will actually pretty quickly
+find that it was generated by input string \pcode{"hello
+world"}. Similarly for the hash-value for \pcode{1}. This
+defeats the purpose of a hashing function and thus would not
+help us with our web-applications and later also not with how
+to store passwords properly. 
 
 
 There is one ingredient missing, which happens to be called
@@ -406,10 +409,10 @@
 this can be easily circumvented by just deleting the cookie or
 by switching the browser. This would mean the New York Times
 will lose revenue whenever this kind of tampering occurs. The
-quick fix to require that a cookie must always be present does
-not work, because then this newspaper will cut off any new
-readers, or anyone who gets a new computer. In contrast, our
-web-application has the resource (discount) locked at the
+`quick fix' to require that a cookie must always be present
+does not work, because then this newspaper will cut off any
+new readers, or anyone who gets a new computer. In contrast,
+our web-application has the resource (discount) locked at the
 beginning and only unlocks it if the cookie data says so. If
 the cookie is deleted, well then the resource just does not
 get unlocked. No major harm will result to us. You can see:
@@ -609,6 +612,13 @@
 \end{center}
 
 \noindent
+A recent research paper about surveillance using cookies is
+
+\begin{center}
+\url{http://randomwalker.info/publications/cookie-surveillance-v2.pdf}
+\end{center}
+
+\noindent
 A slightly different point of view about the economies of 
 password cracking:
 
@@ -649,13 +659,6 @@
 passwords\ldots 
 \medskip
 
-\noindent
-A recent research paper about surveillance using cookies is
-
-\begin{center}
-\url{http://randomwalker.info/publications/cookie-surveillance-v2.pdf}
-\end{center}
-
 
 \end{document}
 

Binary file handouts/ho02.pdf has changed

--- a/handouts/ho02.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/handouts/ho02.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -50,8 +50,8 @@
 opinion, but also shared by many security researchers amongst
 them Alex Halderman, who is the world-expert on this subject
 and from whose Coursera course on Securing Digital Democracy I
-have most of my information and inspiration. It is also a
-controversial topic in many countries:
+have most of my information and inspiration on this topic. It
+is also a controversial topic in many countries:
 
 \begin{itemize}
 \item The Netherlands between 1997--2006 had electronic voting
@@ -62,21 +62,24 @@
 
 \item Germany conducted pilot studies with e-voting, but in
       2007 a law suit has reached the highest court and it
-      rejected e-voting on the grounds of not being
-      understandable by the general public.
+      rejected e-voting on the grounds of the mechanisms
+      behind it not being understandable to the general
+      public.
 
 \item UK used optical scan voting systems in a few trail
       polls, but to my knowledge does not use any e-voting in
       elections.
       
-\item The US used mechanical machines since the 1930s, later punch
-  cards, now DREs and optical scan voting machines.  But there is a
-  lot of evidence that DREs and optical scan voting machines are not
-  as secure as they should be. Some states experimented with Internet
-  voting, but all experiments have been security failures. One
-  exceptional election happened just after hurrican Sandy in 2012 when
-  some states allowed emergency electronic voting. Voters downloaded
-  paper ballots and emailed them back to election officials.
+\item The US used mechanical machines since the 1930s, later
+      punch cards, now DREs and optical scan voting machines.
+      But there is a lot of evidence that DREs and optical
+      scan voting machines are not as secure as they should
+      be. Some states experimented with Internet voting, but
+      all experiments have been security failures. One
+      exceptional election happened just after hurrican Sandy
+      in 2012 when some states allowed emergency electronic
+      voting. Voters downloaded paper ballots and emailed them
+      back to election officials.
 
 \item Estonia used since 2007 the Internet for national
       elections. There were earlier pilot studies for voting
@@ -101,6 +104,25 @@
       able to tally manually. 
 \end{itemize}
 
+\noindent If you are interested in the recent state of affairs
+of e-voting machinery, I recommend the talk Jeremy Epstein
+
+\begin{center}
+\url{https://www.usenix.org/sites/default/files/conference/protected-files/jets15_slides_epstein.pdf}
+\end{center}
+
+\noindent The abstract says:
+
+\begin{quote}\it 
+In April 2015, the US Commonwealth of Virginia decertified the
+Advanced Voting Solutions (AVS) WinVote voting machine, after
+concluding that it was insecure. This talk presents the
+results of Virginia's analysis of the WinVote, and explores
+how we got to the point where a voting machine using an
+unpatched version of Windows XP from 2004, using hardwired WEP
+keys and administrator passwords, could be used for over a
+decade in most of Virginia.
+\end{quote}
 
 The reason that e-voting is such a hard problem is that we
 have requirements about the voting process that conflict with
@@ -239,7 +261,7 @@
 One interesting attack against completely anonymous paper
 ballots is called \emph{chain vote attack}. It works if the
 paper ballots are given out to each voter at the polling
-station. Then an attacker can give the prefilled ballot to a
+station. Then an attacker can give a prefilled ballot to a
 voter. The voter uses this prefilled ballot to cast the vote,
 and then returns the empty ballot paper back to the attacker who now
 compensates the voter. The blank ballot can be reused for the
@@ -250,20 +272,22 @@
 To sum up, the point is that paper ballots have evolved over some time 
 and no single best method has emerged for preventing fraud.
 But the involved technology is well understood in order to
-provide good enough security with paper ballots.
+provide good enough security with paper ballots\ldots{}unless
+you lived in Florida at around 2000. 
+
 
 \subsection*{E-Voting}
 
 If one is to replace paper ballots by some electronic
 mechanism, one should always start from simple premise taken
-from an Australian white paper about e-voting:
+from an Australian government white paper about e-voting:
 
 \begin{quote} \it ``Any electronic voting system should
 provide at least the same security, privacy and transparency
 as the system it replaces.''
 \end{quote}
 
-\noindent Whenever people argue in favour of e-voting they
+\noindent Whenever people argue in favour of e-voting, they
 seem to be ignoring this basic premise.\bigskip
 
 \noindent After the debacle of the Florida presidential
@@ -305,11 +329,12 @@
 incompetence and the inferiority of their products by
 requiring that election counties must not give the machines up
 for independent review. They also kept their source code
-secret. This meant Halderman and his group had to obtain a
-machine not through the official channels. They then had to
-reverse engineer the source code in order to design their
-attack. What all this showed is that a shady security design
-is no match for a determined hacker. 
+secret. This meant Halderman and his group could not obtain a
+machine through the official channels, but whoever could hope
+that revented them from obtaining a machine? Ok, they got one.
+They then had to reverse engineer the source code in order to
+design an attack. What all this showed is that a shady
+security design is no match for a determined hacker. 
 
 Apart from the obvious failings (for example no paper trail),
 this story also told another side. While a paper ballot box
@@ -328,8 +353,8 @@
 shown that seals can easily be circumvented. The moral of this
 story is that election officials were incentivised with money
 by the central government to obtain new voting equipment and
-in the process fell prey to pariahs which sold them a
-substandard product. Diebold was not the only pariah in this
+in the process fell prey to pariahs which sold them 
+substandard products. Diebold was not the only pariah in this
 area, but one of the more notorious ones.\footnote{An e-voting 
 researcher recently made a connection between the VW-exhaust
 scandal and e-voting: His argument is that it is very hard
@@ -367,18 +392,19 @@
 
 
 \noindent This brings us to the case of Estonia, which held in
-2007 the worlds first general election that used the Internet.
-Again their solution made some good choices: for example voter
-authentication is done via the Estonian ID card, which
+2007 the World's first general election that used the
+Internet. Their solution made some good choices: for example
+voter authentication is done via the Estonian ID card, which
 contains a chip like on credit cards. They also made most of
-their source code public for independent scrutiny. Of course
-this openness means that people (hackers) will look at your
-fingers and find code such as this snippet.
+their source code public for independent scrutiny---unlike
+pariah companies like Diebold. Of course this openness means
+that people (hackers) will look at your fingers and find code
+such as this snippet:
 
 {\footnotesize\lstinputlisting[language=Python,numbers=none]
 {../progs/estonia.py}}
 
-\noindent If you want to have a look at their code it can be
+\noindent If you want to have a look at their code, it can be
 downloaded from their github
 repository.\footnote{\url{https://github.com/vvk-ehk/evalimine/}}
 Also their system is designed such that Internet voting is
@@ -455,13 +481,14 @@
 with your communication partner. We will look at
 zero-knowledge-proofs in a later lecture in more detail. 
 
-The point of these theoretical/hot-air musings is to show that
-such an e-voting procedure is far from convenient: it takes
-much more time to allow, for example, scrutinising whether the
-votes were cast correctly. Very likely it will also not pass
-the benchmark of being understandable to Joe Average. This was
-a standard, a high court ruled, that needs to be passed in the
-German election process. 
+The point of these theoretical/hot-air musings like above is
+to show that such an e-voting procedure is far from
+convenient: it takes much more time to allow, for example,
+scrutinising whether the votes were cast correctly. Very
+likely it will also not pass the benchmark of being
+understandable to Joe Average. This was a standard, a high
+court ruled, that needs to be passed in the German election
+process, for example. 
 
 The overall conclusion is that an e-voting process involving
 the Internet cannot be made secure with current technology.
@@ -474,8 +501,8 @@
 can be made reasonably secure and fraud-safe. That does not
 mean there are no problems with online banking. But with
 enough thought, they can usually be overcome with technology
-we have currently. This is different with e-voting: even the
-best have not come up with something workable yet.
+we have currently avialable. This is different with e-voting:
+even the best have not come up with something workable yet.
 
 
 This conclusion does not imply that some special cases of

Binary file handouts/ho03.pdf has changed

--- a/handouts/ho03.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/handouts/ho03.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -77,7 +77,7 @@
 arrived around 1977. So nobody of the ``forefathers'' can
 really be blamed, but as mentioned above we should already be
 way beyond the point that buffer overflow attacks are worth a
-thought. Unfortunately, this is far from the truth. I let you
+thought. Unfortunately, this is far from the reality. I let you
 ponder why?
 
 One such ``benign'' design decision is how the memory is laid
@@ -832,7 +832,7 @@
 \end{itemize}
 
  
-\bigskip\bigskip \noindent \end{document}
+\end{document}
 
 %%% Local Variables: 
 %%% mode: latex

Binary file handouts/ho04.pdf has changed

--- a/handouts/ho04.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/handouts/ho04.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -73,12 +73,15 @@
 (Ocaml does not allow buffer overflow attacks, for example).
 If you want to test the security of MirageOS, the 
 developers issued a Bitcoin challenge: if you can break into 
-their system, you can get 10 Bitcoins
+their system at
 
 \begin{center}
 \url{http://ownme.ipredator.se}
 \end{center}
 
+\noindent 
+you can get 10 Bitcoins. This is approximately 
+
 However, sometimes you cannot, or do not want to, get rid of
 the operating system. In such cases it is still a good idea
 to minimise the attack surface. For this it helps if the
@@ -90,30 +93,31 @@
   
   \draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
   \draw (4.7,1) node {Internet};
-  \draw (-2.7,1.7) node {\footnotesize Application};
+  \draw (-2.7,1.5) node {\footnotesize 
+  \begin{tabular}{c}Application\\(dangerous part)\end{tabular}};
   \draw (0.6,1.7) node {\footnotesize Interface};
   \draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
   \draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
   
-  \draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
+  \draw[line width=1mm] (-1.6, 0) rectangle (-3.8,2);
 
   \draw[white] (1.7,1) node (X) {};
   \draw[white] (3.7,1) node (Y) {};
   \draw[<->, line width = 2mm] (X) -- (Y);
  
-  \draw[<->, line width = 1mm] (-0.6,1) -- (-1.6,1);
+  \draw[<->, line width = 1mm] (-0.4,1) -- (-1.5,1);
   \end{tikzpicture}
 \end{center}
 
-\noindent The idea is that all heavy-duty lifting in the
-application (for example database access) is done by a
-privileged process. All user input from the internet is
-received by an \emph{un}privileged process, which is
-restricted to only receive user input from the Internet and
-communicates with the privileged process. This communication,
-however, needs to be sanitised, meaning any unexpected
-user-input needs to be rejected. The idea behind this split is
-that if an attacker can take control of the
+\noindent The idea is that all heavy-duty lifting, or
+dangerous operations, in the application (for example database
+access or writing a file) is done by a privileged process. All user input from
+the internet is received by an \emph{un}privileged process,
+which is restricted to only receive user input from the
+Internet and communicates with the privileged process. This
+communication, however, needs to be sanitised, meaning any
+unexpected user-input needs to be rejected. The idea behind
+this split is that if an attacker can take control of the
 \emph{un}privileged process, then he or she cannot do much
 damage. However, the split into such privileged and
 unprivileged processes requires an operating system that

--- a/handouts/ho05.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/handouts/ho05.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -5,6 +5,9 @@
 \begin{document}
 \fnote{\copyright{} Christian Urban, 2014}
 
+%% the expectation is that anything encrypted today, will be
+%% decrypted in 20 years time
+
 \section*{Handout 5 (Protocols)}
 
 Protocols are the computer science equivalent to fractals and

--- a/handouts/ho07.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/handouts/ho07.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -14,6 +14,33 @@
 %https://fpf.org/wp-content/uploads/Differential-Privacy-as-a-Response-to-the-Reidentification-Threat-Klinefelter-and-Chin.pdf
 %http://research.neustar.biz/2014/09/08/differential-privacy-the-basics/
 
+%=====
+%Tim Greene, Network World, 17 Dec 2015   (via ACM TechNews, 18 Dec 2015)
+%
+%Massachusetts Institute of Technology (MIT) researchers' experimental
+%Vuvuzela messaging system offers more privacy than The Onion Router (Tor) by
+%rendering text messages sent through it untraceable.  MIT Ph.D. student
+%David Lazar says Vuvuzela resists traffic analysis attacks, while Tor
+%cannot.  The researchers say the system functions no matter how many parties
+%are using it to communicate, and it employs encryption and a set of servers
+%to conceal whether or not parties are participating in text-based dialogues.
+%"Vuvuzela prevents an adversary from learning which pairs of users are
+%communicating, as long as just one out of [the] servers is not compromised,
+%even for users who continue to use Vuvuzela for years," they note.  Vuvuzela
+%can support millions of users hosted on commodity servers deployed by a
+%single group of users.  Instead of anonymizing users, Vuvuzela prevents
+%outside observers from differentiating between people sending messages,
+%receiving messages, or neither, according to Lazar.  The system imposes
+%noise on the client-server traffic which cannot be distinguished from actual
+%messages, and all communications are triple-wrapped in encryption by three
+%servers.  "Vuvuzela guarantees privacy as long as one of the servers is
+%uncompromised, so using more servers increases security at the cost of
+%increased message latency," Lazar notes.
+%http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-e70bx2d991x066779&
+
+
+
+
 \section*{Handout 7 (Privacy)}
 
 The first motor car was invented around 1886. For ten years,

Binary file slides/slides01.pdf has changed

--- a/slides/slides01.tex	Tue Jan 05 01:37:31 2016 +0000
+++ b/slides/slides01.tex	Mon Jan 11 02:05:24 2016 +0000
@@ -983,6 +983,11 @@
 \item RISKS mailing list 
 \item Schneier's Crypto newsletter
 \item Google+ Ethical Hacker group
+\item Chaos Computer Club Conferences\\ 
+(every year in December)
+\begin{center}
+\url{https://media.ccc.de/c/camp2015}
+\end{center}
 \end{itemize}
 
 \end{frame}