Practical Attacks on Cryptographically End-to-end Verifiable Internet Voting Systems

Abstract

Cryptographic end-to-end verifiable voting technologies concern themselves with the provision of a more trustworthy, transparent, and robust elections. To provide voting systems with more transparency and accountability throughout the process while preserving privacy which allows voters to express their true intent. Helios Voting is one of these systems---an online platform where anyone can easily host their own cryptographically end-to-end verifiable election, aiming to bring verifiable voting to the masses. Helios does this by providing explicit cryptographic checks that an election was counted correctly, checks that any member of the public can independently verify. All of this while still protecting one of the essential properties of open democracy, voter privacy. In spite of these cryptographic checks and the strong mathematical assertions of correctness they provide, this thesis discusses the discovery and exploit of three vulnerabilities. The first is the insufficient validation of cryptographic elements in Helios ballots uploaded by users. This allows a disgruntled voter to cast a carefully crafted ballot which will prevent an election from being tallied. The second vulnerability is the insufficient validation of cryptographic parameters used in ElGamal by an election official. This leads to an attack where the election official can upload weak parameters allowing the official to cast arbitrary votes in a single ballot. The final attack is a cross-site scripting attack that would allow anyone to steal or re-cast ballots on behalf of victims. We coordinated disclosure with the Helios developers and provided fixes for all the vulnerabilities outlined in the thesis. Additionally, this thesis adds to the body of work highlighting the fragility of internet voting applications and discusses the unique challenges faced by internet voting applications

    Similar works