Homework #2 (15p)

Deadline for lab tasks: 10th of November
Deadline for written tasks: 22nd of November

Written tasks

1. Read the opinion story by Otto de Voogd, where he argued about the possibility of the state having access to the private keys on the Estonian ID-card. Also read the response to the opinion by Agu Kivimägi, who wrote how private keys are generated in the Estonian ID-cards. Answer the following questions.
   1. Name two different technological reasons why the Estonian government can not access / know the secret key that is on your ID-card. The ID-card vulnerabilities that were described in 2017 are out of scope of this question. The answer must be short and formatted as a list, to make it clear what the two reasons are. (0.5p)
   2. Currently the Estonian ID-cards are believed to be secure. However, due to the advancement of technology new threats could appear. Briefly answer the following questions. The answer must be formatted as a list, so that each list item corresponds to one question. (1.5p)
      1. What is the critical security issue that is predicted to appear sometime in the future (maybe in 10-20 years)?
      2. How would the issue affect the ID-cards that are currently in use?
      3. What would have to be done during the next years to mitigate that risk?

2. Lets assume that a memorandum of understanding is signed by the presidents of Estonia, Latvia, and Lithuania by using the Estonian digital signature system. Answer the following questions. (3p)
   Hint: you can experiment with .bdoc or .asice containers and you can also use the DigiDoc4 software. If you do not have any signed containers, you can download an example file or a protocol signed by the Estonian National Electoral Committee.
   1. When the document is published, it only contains signatures from Latvian and Lithuanian presidents. Estonian president claims that he was actually the first to sign the document and his signature must have been removed from the document by accident. Can this claim be valid? Why?
   2. If the signature was removed, can Estonian president prove his claim? How?
   3. If the signature was removed, did it invalidate the signatures of Latvian and Lithuanian presidents? Why?

3. Read Matthew Green's blog post about Telegram: Is Telegram really an encrypted messaging app?. (2p)
   1. Briefly write why Telegram is not considered as secure as Signal?
   2. What would Telegram have to do to significantly increase its security? Write a short answer using up to two sentences.

4. Blockchain ensures that the contents of the blockchain can not be deleted and modified. Which components of the Estonian i-voting system (see picture for components) provide similar guarantees for the ballots received by the i-voting system? How are these guarantees provided? (1p)

Lab tasks (7p) -- Deadline: 10th of November

There are four lab tasks that have to be solved. The submission forms are available on the lab page. The deadline for the lab tasks is the same as for the written tasks. If you did not attend the lab, you will have to solve these tasks on your own.

1. Task is about TLS and certification information.
2. Task is about using Signal for end-to-end encrypted messaging.
3. Task is about using DigiDoc4 for providing transport encryption.
4. Task is about syncing files with Syncthing.

Submission form for the written tasks

The solution for the written tasks has to be submitted through this website. The solution can be submitted once you have logged in with the university credentials. We accept solutions only in .pdf format if it is not stated otherwise in the homework task.

We would like to get feedback about the difficulty of the homework and therefore we would kindly ask you to write in the comments box an estimate of how much time it took to solve the homework tasks.