Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Fri, 03 Oct 2014 06:17:25 +0100
changeset 191 f675aa15b6d0
parent 190 4ee6812ab436
child 192 2cb42412f3fd
updated
handouts/ho02.pdf file | annotate | diff | comparison | revisions
handouts/ho02.tex file | annotate | diff | comparison | revisions
handouts/ho03.pdf file | annotate | diff | comparison | revisions
handouts/ho03.tex file | annotate | diff | comparison | revisions 
Binary file handouts/ho02.pdf has changed
--- a/handouts/ho02.tex	Wed Oct 01 16:18:51 2014 +0100
+++ b/handouts/ho02.tex	Fri Oct 03 06:17:25 2014 +0100
@@ -62,7 +62,7 @@
       via Internet in other countries.
 
 \item India uses e-voting devices since at least 2003. They
-      used ``keep-it-simple'' machines produced by a
+      use ``keep-it-simple'' machines produced by a
       government owned company.
 
 \item South Africa used software for its tallying in the 1993
@@ -97,7 +97,8 @@
         available, then maybe it is feasible to mount a DoS
         attack agains voting server and by bringing the
         system to its knees, change the outcome of an
-        election.                
+        election. Not to mention to hack the complete
+        system with malware and change votes undetectably.                
   \end{itemize}
 
 \item {\bf Ballot Secrecy}
@@ -106,13 +107,12 @@
         that voters can be coerced to vote in a certain way
         (for example by relatives, employers etc).
          
-  \item (Stronger) Even if you try, you cannot prove how you
-        voted. The reason is that you want to avoid vote
-        coercion but also vote selling. That this is a problem
-        is proved by the fact that some jokers in the recent
-        Scottish referendum tried to make money out of their
-        vote. 
-  \end{itemize}
+     \item (Stronger) Even if you try, you cannot prove how
+           you voted. The reason for this is that you want to
+           avoid vote coercion, but also vote selling. That
+           this can be a problem is proved by the fact that
+           some jokers in the recent Scottish referendum tried
+           to make money out of their vote. \end{itemize}
 
 \item {\bf Voter Authentication}
   \begin{itemize}
@@ -125,22 +125,22 @@
   \begin{itemize}
   \item Authorised voters should have the opportunity to vote.
         This can, for example, be a problem if you make the
-        authorisation dependent on an ID card, say a
-        driving license: then everybody who does not have a
-        license cannot vote. While this sounds an innocent
-        requirement, in fact some parts of the population 
-        for one reason or the other just do not have 
-        driving licenses. They are now excluded. Also if
-        you insist on paper ballots you have to have special
-        provisions for them.  
-  \end{itemize}
+        authorisation dependent on an ID card, say a driving
+        license. Then everybody who does not have a license
+        cannot vote. While this sounds an innocent
+        requirement, in fact some parts of the population for
+        one reason or another just do not have driving
+        licenses. They are now excluded. Also if you insist on
+        paper ballots you have to have special provisions for
+        blind people. Otherwise they cannot vote.
+ \end{itemize}
   
 \item {\bf Availability}
   \begin{itemize}
   \item The voting system should accept all authorised votes
         and produce results in a timely manner. If you move
         an election online, you have to guard agains DoS 
-        attacks.
+        attacks for example.
    \end{itemize}
 \end{itemize}
 
@@ -155,24 +155,81 @@
 \noindent If we had ballots with complete voter
 identification, then we can improve integrity because we can
 trace back the votes to the voters. This would be good when
-verifying the results. But such an identification would
-violate ballot secrecy (you can prove to somebody else how you
-voted). In contrast if we remove all identification for
-ensuring ballot secrecy, then we have to ensure that no
-``vote-stuffing'' occurs.
+verifying the results or recounting. But such an
+identification would violate ballot secrecy (you can prove to
+somebody else how you voted). In contrast, if we remove all
+identification for ensuring ballot secrecy, then we have to
+ensure that no ``vote-stuffing'' occurs. Similarly, if we
+improve authentication by requiring a to be present at the
+polling station with an ID card, then we exclude absentee
+voting.
 
-Similarly, if we improve authentication, \ldots
+To tackle the problem of e-voting, we should first have a look
+into the history of voting and how paper-based ballots
+evolved. Because also good-old-fashioned paper ballot voting
+is not entirely trivial and immune from being hacked. We know
+for sure that elections were held in Athens as early as 600
+BC, but might even date to the time of Mesopotamia and also in
+India some kind of ``republics'' might have existed before the
+Alexander the Great invaded it. Have a look at Wikipedia about
+the history of democracy for more information. These elections
+were mainly based on voting by show of hands. While this
+method of voting satisfies many of the requirements stipulated
+above, the main problem with hand voting is that it does not
+guaranty ballot secrecy. As far as I know the old greeks and
+romans did not perceive this as a problem, but the result was
+that their elections favoured rich, famous people who had
+enough resources to swing votes. Even using small coloured
+stones did not really mitigate the problem with ballot
+secrecy. The problem of authorisation was solved by friends or
+neighbours vouching for you to prove you are elegible to vote
+(there were no ID cards in ancient Greece and Rome).
 
-To tackle the problem of e-voting, we must first have a look
-into the history of voting and how paper-based ballots 
-evolved. We know for sure that elections were held in Athens
-as early as 600 BC, but might even date to the time of
-Mesopotamia and also in India some kind of ``republics'' might 
-have existed before the Alexander the Great invaded it.
-Have a look at Wikipedia about the history of democracy for 
-more information.
+Starting with the French Revolution and the US constitution,
+people started to value a more egalitarian approach to voting
+and electing officials. This was also the time where paper
+ballots started to become the prevailing form of casting
+votes. While more resistant against voter intimidation, paper
+ballots need a number of security mechanisms to avoid fraud.
+For example you need voting booths to fill out the ballot in
+secret. Also transparent ballot boxes are often used in order
+to easily detect and prevent vote stuffing (prefilling the
+ballot box with false votes). 
+
+\begin{center}
+\includegraphics[scale=2.5]{../slides/pics/ballotbox.jpg}
+\end{center}
 
+\noindent Another security mechanism is to guard the ballot
+box against any tampering during the election until counting.
+The counting needs to be done by a team potentially involving
+also independent observers. One interesting attack against
+completely anonymous paper ballots is called \emph{chain vote
+attack}. It works if the paper ballots are given out to each
+voter at the polling station. Then an attacker can give the
+prefilled ballot to a voter. The voter uses this prefilled
+ballot to cast the vote, and then returns the empty ballot
+back to the attacker who now compensates the voter. The blank
+ballot can be reused for the next voter. 
 
+The point is that paper ballots have evolved over some time 
+and no single best method has emerged for preventing fraud.
+But the involved technology is well understood in order to
+provide good enough security with paper ballots.
+
+\subsection*{E-Voting}
+
+If one is to replace paper ballots by some electronic
+mechanism, one should always start from simple premise taken
+from an Australian white paper about e-voting:
+
+\begin{quote} \it ``Any electronic voting system should
+provide at least the same security, privacy and transparency
+as the system it replaces.''
+\end{quote}
+
+\noindent Whenever people argue in favour of e-voting they
+seem to be ignore this basic premise.
 
 %\subsubsection*{Questions}
 
Binary file handouts/ho03.pdf has changed
--- a/handouts/ho03.tex	Wed Oct 01 16:18:51 2014 +0100
+++ b/handouts/ho03.tex	Fri Oct 03 06:17:25 2014 +0100
@@ -7,11 +7,12 @@
 \section*{Handout 3 (Buffer Overflow Attacks)}
 
 By far the most popular attack method on computers are buffer
-overflow attacks. The popularity is unfortunate since we now
-have technology to prevent them. But these kind of attacks are
-still very relevant even today since there are many legacy
-systems out there and also many modern embedded systems
-do not take any precautions to prevent such attacks.
+overflow attacks or variations thereof. The popularity is
+unfortunate because we now have technology to prevent them
+effectively. But these kind of attacks are still very relevant
+even today since there are many legacy systems out there and
+also many modern embedded systems do not take any precautions
+to prevent such attacks.
 
 To understand how buffer overflow attacks work we have to have
 a look at how computers work ``under the hood'' (on the
sen-material