The main objective of this work is to check whether the vote verification applications distributed in the app stores can be compiled from the source code that has been made publicly available by Estonian National Electoral Committee. The experiments were performed using the Vote Verification application versions that were distributed in the I-voting period of the Estonian municipal council election held in October 2017.
The report will go through the different steps that were done during this experiment – monitoring the binaries, building the app from the source code, comparing build result with the distributed version and trying to reproduce it based on the differences found.
This is the report for UT course “Research Seminar in Cryptography (MTAT.07.022)”. The work deals with reproducible build problem of vote verification software used in Estonian i-voting held in October 2017.
The TL;DR; is that the source code available in GitHub is outdated and apparently was not the source code which was used to build the applications that were distributed to Android devices in Google Play Store.
The presentation was given in cybersecurity conference “Cyberchess 2017” held on October 5, 2017 in Riga. The presentation touched upon the recent events such as i-voting and the flaw found in the ID card chip.
The last question from the audience was worth a dime:
Is PPA considering any legal action against the vendor, because, as I understand, you have been informed by the researchers, but the vendor has not informed you.
And the second one: in the new procurement, what are are the lessons learned? Are you planing to change or include some clauses on liability?
The question was not answered in full, but the answer would be interesting indeed.
On Friday Sep 8th from 18:00 we will discuss next generation source code for Estonian e-voting software.
The code was published on GitHub Sep 5th, which leaves us exactly a month to check it out, test it and hack it. To give this new national sports of hacking e-voting a good kickoff we have a) invited coders behind the system to introduce the code to us and we will host b) a brainstorming session on what interesting hacks we can come up with. Let’s see where it goes!
Everybody is welcome, however some tehcnical knowledge about software and coding will help a lot to make the event meaningful for you.
According to the terms and conditions of the contract, the subject of audit is: ballot counting software, software for voters, election web site and other technical infrastructure related to e-voting.
Through this, the RIA wants to make sure that there are no vulnerabilities in the system or applications which would make it possible to see or change the voting results or otherwise manipulate the system. The security examiner must draw up a report on security threats in which the potential hazard scenarios are highlighted and suggestions on how to correct the errors are provided.
The testing is organized by the RIA before all elections, using the expertise of various experts. “We can not talk about the results of the earlier security tests, because this information is confidential in terms of security. As far as I can say, the current testing period is around one month, and it also leaves enough time to ensure that if there are any bottlenecks or security problems we will have time to fix them.” said RIA spokeswoman Helen Uldrich.
Indeed, the results of the penetration tests are kept secret. The terms of the procurement stipulate that at the end of the test the reports must be submitted digitally signed and encrypted. Security tests are performed in a test environment and if necessary a secure channel for testers can be created. The i-voting environment is open only to computers with specific IP addresses that are notified to RIA.
Two companies have been chosen to do pentest and two bugs have been found:
Penetration tests were carried out by Clarified Security from Estonia and the worldwide Finnish company Nixu, whose work resulted in detection of two errors in the new system. According to specialists, this is not something tragic, but part of the normal software development.
Is the cyber security in Estonia ensured? Why the government wants to change the period of i-voting and what signal with that we send to the world? Talk show host Urmas Vaino helps to set things straight.
Indrek Saar, Minister of Culture, Social Democratic Party
Jaanus Karilaid, Member of Parliament, Center Party
Priidu Pärna, Member of Tallinn City Council, Pro Patria and Res Publica Union
Anto Veldre, RIA analytic
Kristjan Vassil, UT senior researcher
Märt Põder, organizer of journalism hackathon
Arti Zirk, TUT IT faculty student
Tarvi Martens, Electoral Committee, Head of Internet Voting
Kristen Michal, Member of Parliament, Reform Party
Mihkel Slovak, UT senior researcher
Henrik Roonemaa, Geenius.ee editor
Erki Savisaar, Member of Parliament, Center Party
Andres Kutt, RIA, IT architect
Sven Heiberg, Cybernetica AS, Project Manager of Internet Voting System
Jaak Madison, Member of Parliament, Conservative People’s Party
Jaanus Ojangu, Chairman of Free Party
Agu Kivimägi, Stallion cyber security consultant
Jaan Priisalu, TUT researcher
Silver Meikar, Adviser to Minister of Culture
Kalev Pihl, SK ID Solutions, Board Member
Oskar Gross, Head of Cyber Crime Unit of Central Criminal Police
Klaid Mägi, RIA, Head of the department for handling incidents (CERT-EE)
Heiki Kübbar, Founder of ICEfire OÜ
Birgy Lorenz, Board Member of Network of Estonian Teachers of Informatics and Computer Science
Andres Kahar, KAPO Bureau Manager
Sven Sakkov, Director of NATO Cooperative Cyber Defence Centre
Heiki Pikker, TUT Cyber Security MSc student
Abstract: After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was integrated into the i-voting system in order to resist corrupted voting devices [..] However, the verification phase ends by displaying the cast vote in plain form on the verification device. [..] In this respect, we propose an alternative verification mechanism for the Estonian i-voting system to overcome this vulnerability.
Abstract: Recently, Muş, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification scheme. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. In addition, the proposal would seriously harm usability of the Estonian vote verification scheme.
TL;DR: Turkish researchers see a privacy risk in the verification process which lets voter’s mobile device to learn for whom the vote was given. Estonian researchers in the counter paper argue why the proposed improvements do not solve the issue, instead decreasing the security of the scheme.
This paper user evidence from anonymized system log data on all Estonian e-votes from 2013-2015 to examine for patterns and combinations indicative of family voting.
Using logs we identify unique e-voting sessions coming from the same IP address and computer with the same operating system that happen in close proximity to each other, specifically with not more than 10 minutes between the end of one and the beginning of another unique voting act.
[..] The results show that 7-8% of e-votes are cast in such pairs. The age and gender structure of these evoters also shows a set of distinct combinations. The age differences in these pairs are either very small or large. The largest group is formed by same aged pairs of opposite sexes, indicating same aged partners e-voting together. Another prominent pattern are pairs with large age differences of same or opposite sexes, indicating a parent voting together with a voting aged youth.
The new minister of Ministry of Economic Affairs and Communications (MKM) Kadri Simson sees this as a concern for i-voting:
“The Estonian Constitution says that the Election must be general and uniform. When the old man votes in the polling division, it is not allowed that his young cousin comes with him to polling booth and helps him to vote. However, in the Internet voting it is quite possible, since there is no control over who is assisting in the use of ID card.” said Kadri Simson, the chairman of the Center Party fraction in parliament.
“Real-World Electronic Voting: Design, Analysis and Deployment” is a new book about to appear on secure electronic voting. One chapter describes the Internet voting used in Estonia.
In Chapter 6, Dylan Clarke, an ERC research fellow at Newcastle University, and Tarvi Martens, the chief architect of the Estonian remote Internet voting system, describe the Estonian Internet voting system. Since the first pilot in 2005, Internet voting has been used for the whole country in three sets of local elections, two European Parliament elections and three parliamentary elections.
Abstract. We describe an update of the Estonian Internet Voting scheme targeted towards adding verification capabilities to the central system. We propose measures to ensure the auditability of the correctness of vote decryption and i-ballot box integrity. The latter will be improved to a level where it would be possible to outsource the vote collection process to an untrusted party and later fully verify the correctness of its operations.
The short summary is that I-voting system used for local municipal elections in October 2017 will use ElGamal cryptosystem that can be plugged into mix-net. Currently it is not clear whether the general public will be allowed to verify mix-net inputs and outputs.
Abstract. In this paper we study the feasibility of using homomorphic tallying in the Estonian Internet voting system. The paper analyzes the security benefits provided by homomorphic tallying, the costs introduced and the required changes to the voting system. We find that homomorphic tallying has several security benefits, such as improved ballot secrecy, public verifiability of the vote tallying server and the possibility for observers to recalculate the tally without compromising ballot secrecy. The use of modern elliptic curve cryptography allows homomorphic tallying to be implemented without a significant loss of performance.
The homomorphic tallying scheme described above is not new. The scheme was introduced in 1997 by Cramer et al.  and has been used in the Helios open-audit voting system  for years. The contribution of this paper is an analysis of the deployment of homomorphic tallying in the context of Estonian Internet voting, where the performance of the protocol is improved by the use of elliptic curve cryptography.
In the new tender specification published by National Electoral Committee (NEC) we can read that there is a plan to use some kind of mix-net-based technology to provide counted-as-cast verifiability for the local government elections in October 2017. While mix-nets cryptographically are more complicated than homomorphic tallying, the mix-nets are more universal and thus can be used also in elections abroad, where the ballot style is not as simple as in Estonia (e.g., elections where the voter can vote for more than one candidate).