1 / 16

Nathanael Paul

This article explores the security concerns surrounding electronic voting systems, highlighting potential risks such as vote coercion, vote selling, and privacy issues. It discusses the ease of use and increased voter turnout promised by electronic voting but warns of vulnerabilities in the technology, particularly with Internet-based systems. The text cites various security reports and proposals, including recommendations for secure ballot printing and voter-verifiable receipts. Key considerations for ensuring the integrity and confidentiality in electronic elections are emphasized.

mirabelle
Télécharger la présentation

Nathanael Paul

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nathanael Paul CRyptography Applications Bistro February 3, 2004

  2. Electronic Voting • Convenient • Supposed to increase voter turnout • Quicker counts • Handicapped/disabled • “I wonder where the votes go once you touch the screen and if it's possible to mess with the vote.” Carol Jacobson, Berkeley, CA

  3. Threats • Vote Coercion • Vote Selling • Vote Solicitation • Online Registration • Voter Privacy • Could have a scrawny teenage script kiddy but now a foreign government

  4. Rubin’s “Security Considerations for Remote Electronic Voting over the Internet” • Hosts are assumed to be Windows using IE/Netscape • Internet connection using TCP/IP • Attack the endpoints (user, servers) or communications

  5. Attacking the host • Malicious payloads • Proxy settings • Javascript or Java applets • http://www.securityfocus.com/bid/4228/discussion/ • BackOrifice • PCAnywhere, open source • Chernobyl virus • Activate on certain day • Modified bios

  6. Get the code on their machine • MyDoom • instant messenger, file sharing • Windows Media Player (Java vulnerability) • AOL • Microsoft Office code

  7. DoS/DDoS attacks • Attack servers • Public key encryption • Regular expression attacks • Ping of death • DoS attacks on individual applications • Java (exploit system code)

  8. Social Engineering • SSL • Average user checking a certificate • Even if it’s bad, will some just proceed anyways? • Spoofing • Web site • Poisoning DNS cache

  9. What is needed? • Trusted path between user and election server • Malicious code should not have a way to interfere with normal operation.

  10. Allow citizens outside of the country to vote in an easy manner • Should be at least as secure as current absentee voting ballot designs • SSL connection to a central server • Local Election Official (LEO) precinct computer downloads registration/ballots from central server

  11. SERVE design Ballots <name, Ekv(ballot)> Server <GET BALLOTS> <EkLEO(BALLOTS)> Voter LEO precinct computer

  12. Some Security Considerations • Attack central server, LEO server, host machine, communications (DNS) • Privacy • LEO’s can view entire precinct’s votes • Central server could view everyone’s votes • Windows only • ActiveX and Java used for central server and user • 75 flaws in Java from 1999-2003 according to CVE (not all are actual entries)

  13. DoS/DDoS in SERVE • Central server provides a single point of attack • LEO • Election spans longer period of time (month) • DDoS excess of 150 Gbps • E-commerce sites with 10 Gbps link

  14. Measuring it all up • Vote Coercion • Impossible to detect • Vote Selling • Buyers outside of US? • Vote Solicitation • AOL and Pop-ups will go crazy • Online Registration • Man-in-the-middle • Voter Privacy • Not possible with this scheme

  15. Proposed Alternatives • Remote ballot printer recommended with the voter mailing in the printed ballot • Chaum’s SureVote scheme with voter-verifiable receipts using Visual Cryptography • VoteHere (covered by Richard) with a threshold cryptography scheme

  16. Additional Reading • IEEE Security & Privacy, Jan/Feb 2004 special issue on E-voting • SureVote, VoteHere DRE schemes • David Dill’s http://www.verifiedvoting.org “The fact that 50 votes were cast in Florida using VOI, and that a change of 269 votes in the official tally of that state would have resulted in Al Gore becoming President.” SERVE report, Jan. 21, 2004

More Related