On the use of Internet Voting on Compromised Computers

Philippe Beaucamps 1 Daniel Reynaud-Plantey 1 Jean-Yves Marion 1
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Internet voting is the process of letting voters cast their vote over the Internet, at home or on public computers. It is a way to reduce the cost associated with elections and to obtain higher participation, but it also raises important security problems. In this paper, we study shortcomings related to this technology, and more particularly shortcomings due to the presence of dedicated malware on the voters' computers. Common literature usually focuses only on designing a secure voting protocol, either discarding the malware issue or proposing prohibitive solutions, such as the use of dedicated hardware. However the purpose of Internet voting is precisely to allow anyone to vote from home, making the use of dedicated hardware a non conceivable solution. Therefore, we analyse the reliability of possibly malware-infected mainstream computers. Specifically, we do not consider the security of the voting protocol but define the data available to the malware and the attacks that can be carried out thereby. We show that current Internet voting implementations are vulnerable to these attacks, due to weak or irrelevant security measures. Thus we describe reasonable solutions that aim at coping with the lack of security of current implementations on general-purpose computers, even though some attacks cannot be prevented but can only be mitigated. For example, it is impossible to prevent the malware from stealing the user credentials with no hardware support, but it is easy to design a system in which user credentials are useless to an attacker: therefore we can prevent more serious attacks such as automatic vote changing and voter impersonation. Among other solutions, we describe and study reliability of hybrid voting mechanisms, using a medium which can not be accessed by the malware, as well as of Human Interaction Proof implementations to prevent automatic vote changing and the election invalidation that could result from this class of attacks.
Type de document :
Communication dans un congrès
4th International conference on i-Warfare & Security - ICIW 2009, Mar 2009, Cape Town, South Africa. 2009
Liste complète des métadonnées

https://hal.inria.fr/hal-00758451
Contributeur : Jean-Yves Marion <>
Soumis le : mercredi 28 novembre 2012 - 17:08:39
Dernière modification le : jeudi 11 janvier 2018 - 06:21:25

Identifiants

  • HAL Id : hal-00758451, version 1

Collections

Citation

Philippe Beaucamps, Daniel Reynaud-Plantey, Jean-Yves Marion. On the use of Internet Voting on Compromised Computers. 4th International conference on i-Warfare & Security - ICIW 2009, Mar 2009, Cape Town, South Africa. 2009. 〈hal-00758451〉

Partager

Métriques

Consultations de la notice

209