Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

E-voting

Technical challenges and solutions for remote electronic voting

  • Login to see the comments

E-voting

  1. 1. E-voting Bozhidar Bozhanov
  2. 2. Vanity slide • Still a developer • http://blog.bozho.net • http://techblog.bozho.net • http://twitter.com/bozhobg • E-government adviser to the deputy prime minister of Bulgaria
  3. 3. E-voting • e-voting / i-voting / machine voting / remote e-voting • a.k.a. “let’s vote from home” • sounds tempting • ...and risky
  4. 4. Complicated task • uncontrolled environment • single vote AND vote secrecy • coercion prevention • verifiability • independent observers • results should not be replaceable • defence against attacks and viruses
  5. 5. Before technology A fundamental question: • Is it required that every voter understands the whole voting process? • Does every voter understand fully the current process?
  6. 6. Identification • necessary precondition • e-id (“chip in the ID card”) • other practices • preliminary registration • scratch-cards • TAN
  7. 7. Who would develop it? • companies with e-voting expertise • Cybernetica AS (Estonia) • Scytle (Switzerland, France, Norway) • ... • it’s “how” that’s important
  8. 8. How • open source from day 1 • peer-reviewed • audited • with pilots • in-person at first • 7 days before paper election day
  9. 9. Wait, wait... There are unanswered questions. There are problems to be solved. There is a lot of noise...
  10. 10. Invalid arguments “for” • if e-banking works, then e-voting should also work • breaches and fraud • different task • if anyone can hack voting, why doesn’t he hack banks instead? • why not both?
  11. 11. Invalid arguments “for” • “what can happen” • everything • we have many good software specialists • the task is complicated and niche • it will solve the problems of our democracy • no, it won’t (bit it can help)
  12. 12. Invalid arguments “against” • someone will buy your IP • it’s a devil’s creation • it must be 100% secure • paper voting is not 100% secure • someone can change something • there is no guarnatee for ballot secrecy • there is no guarantee for one voter-one vote
  13. 13. Invalid arguments “against” • “It’s not being used in big countries” • “Germany banned it” • “The Estonian system doesn’t work” • mainly OpSec problems • client malware • Press-conference a week prior to the elections saying “it doesn’t work”? • “It will be developed by incompetent people”
  14. 14. Questions • vote secrecy and one voter = one vote • verifiability of the validity of the result • access for observers • coercion prevention • usability
  15. 15. Vote secrecy • double-envelope method • identity is separated from the vote before counting • votes are encrypted with the public key of the counting server • anonymized votes are sent to the counting server on a CD • the private key is activated by multiple owners
  16. 16. Vote secrect • blind signature • e.g. carbon paper envelope with your name used for blind stamping • confirms the vote without knowledge of it • requires trust in the client software
  17. 17. Vote secrecy • Mixnets • layers of decryption • receiver doesn’t know who the sender is • Tor-like
  18. 18. Revoting • е-voting before the paper voting • manual removal of the e-vote • automatically guarantees 1 man = 1 vote • with double envelope • the unanonymized (encrypted) ballot is replaced • with blind signature and mixnet • using a receipt code?
  19. 19. Verifiability • E2E verifiable • “stored as cast”, “counted as stored” • receipt, incl. a mobile phone • checking the vote for a limited period of time (risks the secrecy) • checking if receipt codes are matching
  20. 20. Validity of the result • individual checks • independent counting • public bulletin board • public ledger (blockchain, votecoin?) • push to registered observers?
  21. 21. Observers • monitoring public logs (or blockchain transactions) • on-site in the server room • live streaming
  22. 22. Coercion prevention • panic/tamper PIN • PIN written backwards :) • hard to implement • webcam with face recognition • partial guarantee that nobody else is in front of the monitor • cooldown period • against multiple voting from a single machine
  23. 23. Usability • if paper voting is removed from polling stations as well • touch-screen is very intuitive • everyone can use it, even uneducated voters • UX-tests
  24. 24. Problems • client-side malware • DDoS attacks • network attacks (dropping packets) • remote penetration attacks • OpSec • insider attacks • 0-day vulnerabilities
  25. 25. Client-side malware • desktop client vs browser • vote changing, not sending votes, compromising secrecy before encryption • solutions: • 2 factor (sms, app) • biometric confirmation • card reader with hardware keypad and display • voting from a virtualized environment
  26. 26. DDoS attacks
  27. 27. DDoS attacks • DDoS prevention: • preparedness and adequate procedures • tier 1 providers, telecoms • blocking of command & control servers • scrubbing centers • cutting external traffic
  28. 28. Network attacks • packet analysis => dropping the vote • solutions: • retry • detectable (no receipt/confirmation sent) • Tor / mixnets • paper voting if e-voting doesn’t work for you
  29. 29. OpSec • operational security • passwords • DMZ • HSM • intrusion detection, netflow anaylsis • audit trail • main criticism against Estonia • verifiability of results exposes intrusions
  30. 30. Insider attacks • OpSec, audit trail • verifiable using “virtual paper trail” (e.g. blockchain) • Security agencies should catch it 
  31. 31. 0-day vulnerabilities • ...well, crap • general procedures for cancelling or postponing elections • if intrusions are detectable => patch
  32. 32. General procedures • annulling online results • notification of online voters • postponing the eleciton (not as hard and expensive as they are in paper voting)
  33. 33. Paper voting? • some of the problems above are valid for paper voting as well • results of paper voting are ultimately aggregated on a computer • with checks and paper trail • …but what if it doesn’t match?
  34. 34. We must be paranoid • everything can go wrong • viruses are real • state-level attacks are real • manipulation attempts are real • “it just works” doesn’t work • “election security is national security”
  35. 35. The way forward? • not all problems are addressed 100% • there is no 100% secure solution • we are looking for a solution that doesn’t allow large-scale manipulations • looks like such a solution is possible • need for more R&D • dynamic/direct democracy • we are obligated to do it, sooner or later
  36. 36. Sources https://eprint.iacr.org/2015/809.pdf https://www.usvotefoundation.org/sites/default/files/E2EVIV_full_report.pdf http://static.usenix.org/legacy/events/evtwote11/tech/slides/haenni.pdf http://www.e-voting.cc/wp-content/uploads/Proceedings%202010/8.1.Spycher_2010.pdf http://www.chaum.com/publications/Remotegrity-Design-and-Use-of-an-End-to-End-Verifiable-Remote-Voting-System.pdf http://www.scytl.com/wp-content/uploads/2014/11/IDC-report_Implementing-End-to-End-Verifiable-Online-Voting_Enabling-Secure-Transparent-and-Tamper-Proof-Elections.pdf https://www.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_SECUSO/Papers/GI_Workshop_2014.pdf http://download.springer.com/static/pdf/730/chp%253A10.1007%252F3-540-45961-8_15.pdf?originUrl=http%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F3-540- 45961-8_15&token2=exp=1446764746~acl=%2Fstatic%2Fpdf%2F730%2Fchp%25253A10.1007%25252F3-540-45961- 8_15.pdf%3ForiginUrl%3Dhttp%253A%252F%252Flink.springer.com%252Fchapter%252F10.1007%252F3-540-45961- 8_15*~hmac=a7540fc29317746377a541091e07619a274e2048dbbfeb46f2abf76a58bf9918 https://vote.heliosvoting.org/ http://e-collection.library.ethz.ch/eserv/eth:3046/eth-3046-01.pdf http://followmyvote.com http://www.scytl.com/wp-content/uploads/2014/11/IDC-report_Implementing-End-to-End-Verifiable-Online-Voting_Enabling-Secure-Transparent-and-Tamper-Proof-Elections.pdf http://www.bitcongress.org https://bitcoinmagazine.com/21031/blockchain-technology-key-secure-online-voting/ https://people.csail.mit.edu/rivest/voting/papers/JakobssonJuelsRivest-MakingMixNetsRobustForElectronicVotingByRandomizedPartialChecking.pdf http://arxiv.org/abs/1401.4151 https://www.regjeringen.no/globalassets/upload/krd/kampanjer/valgportal/valgobservatorer/2013/rapport_cartersenteret2013.pdf http://techblog.bozho.net/why-all-the-fear-in-electronic-voting/
  37. 37. Thank you

×