Yossi Oren and Avishai Wool httpeprintiacrorg2009422 snipurlcomevoting IEEE RFID2010 Orlando FL Agenda Whats the Israeli eVoting Scheme How can we break it cheaply and completely ID: 269155
Download Presentation The PPT/PDF document "Attacks on RFID-Based Electronic Voting ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Attacks on RFID-Based Electronic Voting Systems
Yossi Oren and Avishai Wool,
http://eprint.iacr.org/2009/422
snipurl.com/e-voting
IEEE RFID’2010, Orlando FLSlide2
Agenda
What’s the Israeli e-Voting Scheme?How can we break it cheaply and completely?Slide3
Not on the Agenda
Why the new scheme is legally unsoundWhy the scheme is discriminatory against… [insert underprivileged group here]…The
biometric databaseSlide4
Preliminaries
Definition: An election E
is an NP election, if…
N
P
Conjecture: An election is only secure if it is
NP
-secure
Claim: The Israeli Scheme is
NP
-insecureSlide5
How Do We Vote Today?
Israel votes by national list proportional representationSlide6
How Do We Vote Today?
N
PSlide7
N
How Do We
Vote Today?
N
PSlide8
How Do We
Vote Today?
N
P
72.1% participation rate
Less than 1.3% disqualified votes
(including protest “blank ballot” votes)
99% final results 6 hours after poll closes
Public Trust Slide9
How Will We Vote Tomorrow?Slide10
Tomorrow’s BallotSlide11
How Will We Vote Tomorrow?Slide12
How Will We Vote Tomorrow?Slide13
How Will We Vote Tomorrow?
N
P
NSlide14
How Will We Vote Tomorrow?
N
P
NSlide15
At the end of the day
Voting terminal has an immediate countThis is considered the “preliminary count”Can be transmitted to center immediatelyThen the election committee scan the ballots on the verification terminal and count
This is the official binding countIf there is a discrepancy between the 2 counts“small” difference – alert election security officer
“large” discrepancy (30%) – voting station disqualifiedSlide16
Attacks on the Voting System
Relay AttacksBallot SniffingSingle DissidentBallot Stuffing
Non-Relay AttacksZapperRemote JammingImplementation Attacks
Relay Attacks
Ballot Sniffing
Single Dissident
Ballot Stuffing
Non-Relay Attacks
Zapper
Remote Jamming
Implementation AttacksSlide17
The Zapper Attack
P
P
P
P
P
P
P
P
Variant: take zapper into booth and zap my own ballot
… after registering a vote
Collusion of N voters create a discrepancy of +N
… disqualify everyone’s voteSlide18Slide19
Relay AttacksSlide20
The Ballot Sniffing Attack
P
N
N
N
P
P
N
N
N
P
N
P
N
N
N
P
P
N
NSlide21
The Ballot Stuffing Attack
P
N
N
N
P
P
N
N
N
P
P
P
P
N
P
P
PSlide22
Implementation Attacks
Session HijackingReplay AttacksSemantic Insecurity…Slide23
Conclusion
Is the new e-voting scheme a good scheme?GeneralFreeEqual
Fair
Is the new e-voting scheme a good scheme?
General
Free
Equal
FairSlide24
Thank You!
http://eprint.iacr.org/2009/422
snipurl.com/e-voting