Esecurity: secure internet & e-voting

This course is listed in Aachen Campus as Esecurity: secure internet & e-voting and in Bonn Basis as MA-INF 3222 - Esecurity: secure internet & e-voting.

Responsible

Prof. Dr. Joachim von zur Gathen

Lecture

Michael Nüsken

Tutorial

Michael Nüsken

Time & Place

Tuesday, 13³⁰-15⁰⁰, b-it bitmax.
Wednesday, 13³⁰-15⁰⁰, b-it bitmax.
Tutorial: Tuesday, 15¹⁵-16⁴⁵, b-it bitmax.

First meeting: Tuesday, 09 April 2013.

All times subject to agreement in class.

Exam

Pre-exam meeting: Monday, 19 August, 14⁰⁰, b-it 1.25

Exam: Tuesday, 20 August 2013, 14⁰⁰, b-it bitmax.

Post-exam meeting: Tuesday, 27 August 2013, 14⁰⁰, b-it 1.25 (cosec meeting room).

Exam2 (repetitions only): Tuesday, 22 October 2013, 14⁰⁰, b-it Marschallsaal.

Post-exam meeting: Thursday, 7 November 2013, 12⁰⁰, b-it 1.25 (cosec meeting room).

Notes

The screen notes (PDF 21.3MB) contain all handwritten stuff (last updated 11 July 2013, 17:36).

Exercises

Exercise 1 (PDF, last updated 10 April 2013, 15:35).
Exercise 2 (PDF, last updated 17 April 2013, 15:55).
Exercise 3 (PDF, last updated 25 April 2013, 15:41).
Exercise 4 (PDF, last updated 30 April 2013, 19:19).
Exercise 5 (PDF, last updated 08 May 2013, 16:15).
Exercise 6 (PDF, last updated 15 May 2013, 15:51).
Exercise 7 (PDF, last updated 28 May 2013, 16:48).
Exercise 8 (PDF, last updated 05 June 2013, 16:03).
Exercise 9 (PDF, last updated 12 June 2013, 18:45).
Exercise 10 (PDF, last updated 19 June 2013, 22:24).
Exercise 11 (PDF, last updated 26 June 2013, 15:59).
Exercise 12 (PDF, last updated 03 July 2013, 16:11).
Exercise 13 (PDF, last updated 10 July 2013, 15:37).

Allocation

4+2 SWS, 8 credits. Optionally, 3+2 SWS, 6 credits.

Successful completion of the course yields 8 credit points. For students who only want 6 credit points, a breakpoint at about 3/4 of the teaching time will be defined, and only the course material up to that point will be relevant for their exams and grades.

Media Informatics: Computer and Communication Technology.
Recommendation for University of Bonn - Computer Science: A or A1, respectively.

Prerequisites

Basic knowledge in cryptography is needed, as for example the course Cryptography held in the previous winter. Compare our programme.

This course is about various aspects of security in the internet. In the first part we deal with secure connections, whereas the second part considers electronic voting schemes involving further tasks.

Who can read my email?
How do I know that eBay is eBay, or amazon is amazon?
What is the public key of Angela Merkel? Where do I get it and how do I verify that it's really hers?
...

In the internet a large variety of protocols ("chatting programs") are in use to make this or that `secure'. VPN, IPsec, SSL, PKI, PGP are just a few tokens that need explanations. We will try to understand a little of that and how things are used and made available.

Decision finding processes in most democratic societies are guided by the election of representatives. Some smaller states also conduct voting for particular decisions. Apart from political elections, a lot of other voting processes are in use to determine leaderships, opinions, ... Nowadays we require democratic elections to be free and fair. This implies several features, like anonymity and secrecy. (Secret elections only take place since about the middle of the nineteenth century.) German law requires even more:

Die Abgeordneten des Deutschen Bundestages werden in allgemeiner, unmittelbarer, freier, gleicher und geheimer Wahl gewählt. GG Art. 38 Abs. 1 Satz 1 (The members of the German Federal Diet are elected in general, direct, free, fair and secret elections.)

Since the advent of computers and the Internet people have tried to use the new means also in election processes. Major forces driving that are the cost and the election turnout. However, cheaper and faster election processes might have even more, yet unpredictable effects on society and democracy. The topic of the course shall be the treatment of the methods and the one or other solution for electronic elections. This ranges from simple voting machines to complete remote Internet election systems. In the latter, modern cryptographic methods are essential for ensuring major properties.

Literature

J. Klensin (Editor) (2008). Simple Mail Transfer Protocol. RFC 5321.
Phong Nguyen (2004). Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3. EUROCRYPT 2004.
N. Freed (Editor) (1995). SMTP service Extention. RFC 1869.
David Ross (2002-2011). PGP Public Key Servers.
Russ Cox (2008). Lessons from the Debian/OpenSSL Fiasco.
Debian (2008). Debian Security Advisory: DSA-1571-1 openssl -- predictable random number generator.
H. D. Moore (2008). The bug.
Thorsten Kleinjung et al. (2010). Factorization of a 768-bit RSA modulus.
Niels Ferguson and Bruce Schneier (2003). A Cryptographic Evaluation of IPsec.
C. Kaufman et al. (2010). Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996.
IETF (2005-2010). IPsec incl. IKEv2:
- RFC4301 Security Architecture for the Internet Protocol,
- RFC4302 IP Authentication Header,
- RFC4303 IP Encapsulating Security Payload (ESP),
- RFC4304 Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP),
- RFC4835 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH),
- RFC5996 Internet Key Exchange Protocol Version 2 (IKEv2),
- RFC4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2),
- RFC4308 Cryptographic Suites for IPsec,
- RFC4309 Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP).
IETF (2006). SSH.
- The Secure Shell (SSH) Transport Layer Protocol RFC4253
- The Secure Shell (SSH) Protocol Assigned Numbers RFC4250
- The Secure Shell (SSH) Protocol Architecture RFC4251
- The Secure Shell (SSH) Authentication Protocol RFC4252
- The Secure Shell (SSH) Connection Protocol RFC4254
IETF (2004-2011). TLS/SSL.
- The Transport Layer Security (TLS) Protocol Version 1.2 RFC5246
- Transport Layer Security Protocol Compression Methods RFC3749
- Transport Layer Security (TLS) Extensions: Extension Definitions RFC6066
- Using OpenPGP Keys for Transport Layer Security (TLS) Authentication RFC6091
- Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) RFC4279
- Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) RFC4492

Gregory V. Bard (2004). Vulnerability of SSL to Chosen-Plaintext Attack.
P. Rogaway & D. Wagner (2003). A Critique of CCM.
Christopher Soghoian & Sid Stamm (2010). Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL.
M. Stevens, et al. (2009). Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate.
Michael Clarkson, Stephen Chong & Andrew Myers (2008). Civitas, a secure voting system. Webpage.

Mailinglist

We will put each member on the mailing list . You can also subscribe yourself. The list is intented for all participants of the course as a platform for discussions around the topic. Furthermore, announcements regarding the course are made here.