The Threat of SSL/TLS Stripping to Online Voting

Cardillo, Anthony; Essex, Aleksander

doi:10.1007/978-3-030-00419-4_3

Cited by 5 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ballot secrecy in online elections has been studied in the context of active attacks, such as subverting TLS [2,8], exploiting implementation vulnerabilities [11,13], or by unacknowledged privileged access [4]. Little related-work has evidently explored passive attacks that focus on the lengths of exchanged messages.…”

Section: Background and Related Workmentioning

confidence: 99%

“…1 And over 650,000 online voters participated in the 2021 State election in New South Wales (Australia). 2 Despite this rapid growth, few countries have developed adequate legislation or standards for online voting systems. In this under-regulated environment, online voting providers largely set their own security requirements, which has led to mixed outcomes.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Review Your Choices: When Confirmation Pages Break Ballot Secrecy in Online Elections

2022

Self Cite

View full text Add to dashboard Cite

Online voting systems typically display a confirmation screen allowing voters to confirm their selections before casting. This paper considers whether a network-based observer can extract information about voter selections from the length of the exchanged network data.We conducted a detailed analysis of the Simply Voting implementation, which had randomly varying lengths of exchanged data due to dynamic page content and gzip compression. We demonstrated that we could correctly guess a voter’s selection with accuracy values ranging up to 100% in some instances. Even on more complex ballots, we generally could still rule out some combinations of candidates. We conducted a coordinated disclosure with the vendor and worked with them to roll out a mitigation.To their credit, this discovery (and therefore its fix) was made possible by their willingness to provide a publicly accessible demo, which, as we will show, remains a rarity in the industry.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Review Your Choices: When Confirmation Pages Break Ballot Secrecy in Online Elections

2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…(Helios) Use the Helios verifiable online voting system, which is available through a web interface [1,2,22]. Helios is a free, open-source electronic voting system that offers voter verifiability with quite strong security properties [7,8,12,17].…”

Section: Alternativesmentioning

confidence: 99%

Phrase-verified voting: Verifiable low-tech remote boardroom voting

Blanchard¹,

Robucci²,

Selker³

et al. 2021

Cryptologia

View full text Add to dashboard Cite

We present Phrase-Verified Voting, a voter-verifiable remote voting system assembled from commercial off-the-shelf software for small private elections. The system is transparent and enables each voter to verify that the tally includes their ballot selection without requiring any understanding of cryptography. This paper describes the system and its use in fall 2020, to vote remotely in promotion committees in a university.Each voter fills out a form in the cloud with their vote V (YES, NO, ABSTAIN) and a passphrase P-two words entered by the voter. The system generates a verification prompt of the (P,V ) pairs and a tally of the votes, organized to help visualize how the votes add up. After the polls close, each voter verifies that this table lists their (P,V ) pair and that the tally is computed correctly.The system is especially appropriate for any small group making sensitive decisions. Because the system would not prevent a coercer from demanding that their victim use a specified passphrase, it is not designed for applications where such malfeasance would be likely or go undetected.Results from 43 voters show that the system was wellaccepted, performed effectively for its intended purpose, and introduced users to the concept of voter-verified elections. Compared to the commonly-used alternatives of paper ballots or voting by email, voters found the system easier to use, and that it provided greater privacy and outcome integrity.

show abstract

“…Furthermore, unpredictable attacks (TLS attack and/or man in the middle attack [100]) can occur due to undetected vulnerabilities of software and hardware. Untrusted client devices (phones, PCs and laptops) can be infected.…”

Section: Rq1: What Are the Current E-voting Systems Gaps?mentioning

confidence: 99%

A Systematic Review of Challenges and Opportunities of Blockchain for E-Voting

2020

View full text Add to dashboard Cite

A blockchain is a distributed, digitized and consensus-based secure information storage mechanism. The present article provides an overview of blockchain based e-voting systems. The primary purpose of this review is to study the up-to-date state of blockchain-based voting research along with associated possible challenges while aiming to forecast future directions. The methodology applied in the review is a systematic review approach. Following an introduction to the basic structure and features of the blockchain in relation to e-voting, we provide a conceptual description of the desired blockchain-based e-voting application. Symmetrical and asymmetrical cryptography improvements play a key role in developing blockchain systems. We have extracted and reviewed 63 research papers from scientific databases that have advised the adoption of the blockchain framework to voting systems. These articles indicate that blockchain-supported voting systems may provide different solutions than traditional e-voting. We classified the main prevailing issues into the five following categories: general, integrity, coin-based, privacy and consensus. As a result of this research, it was determined that blockchain systems can provide solutions to certain problems that prevail in current election systems. On the other hand, privacy protection and transaction speed are most frequently emphasized problems in blockchain applications. Security of remote participation and scalability should be improved for sustainable blockchain based e-voting. It was concluded that frameworks needed enhancements in order to be used in voting systems due to these reservations.

show abstract

The Threat of SSL/TLS Stripping to Online Voting

Cited by 5 publications

References 20 publications

Review Your Choices: When Confirmation Pages Break Ballot Secrecy in Online Elections

Review Your Choices: When Confirmation Pages Break Ballot Secrecy in Online Elections

Phrase-verified voting: Verifiable low-tech remote boardroom voting

A Systematic Review of Challenges and Opportunities of Blockchain for E-Voting

Contact Info

Product

Resources

About