Category Archives: Internet Voting

Workshop on source code of Estonian i-voting system in Tartu hackerspace

On Friday Sep 8th from 18:00 we will discuss next generation source code for Estonian e-voting software.

The code was published on GitHub Sep 5th, which leaves us exactly a month to check it out, test it and hack it. To give this new national sports of hacking e-voting a good kickoff we have a) invited coders behind the system to introduce the code to us and we will host b) a brainstorming session on what interesting hacks we can come up with. Let’s see where it goes!

Everybody is welcome, however some tehcnical knowledge about software and coding will help a lot to make the event meaningful for you.

Links:
https://hackest.org/syndmused:2017-09-08_i-voting

RIA is looking for Internet voting penetration testers

According to the terms and conditions of the contract, the subject of audit is: ballot counting software, software for voters, election web site and other technical infrastructure related to e-voting.

Through this, the RIA wants to make sure that there are no vulnerabilities in the system or applications which would make it possible to see or change the voting results or otherwise manipulate the system. The security examiner must draw up a report on security threats in which the potential hazard scenarios are highlighted and suggestions on how to correct the errors are provided.

The testing is organized by the RIA before all elections, using the expertise of various experts. “We can not talk about the results of the earlier security tests, because this information is confidential in terms of security. As far as I can say, the current testing period is around one month, and it also leaves enough time to ensure that if there are any bottlenecks or security problems we will have time to fix them.” said RIA spokeswoman Helen Uldrich.

Indeed, the results of the penetration tests are kept secret. The terms of the procurement stipulate that at the end of the test the reports must be submitted digitally signed and encrypted. Security tests are performed in a test environment and if necessary a secure channel for testers can be created. The i-voting environment is open only to computers with specific IP addresses that are notified to RIA.

Two companies have been chosen to do pentest and two bugs have been found:

Penetration tests were carried out by Clarified Security from Estonia and the worldwide Finnish company Nixu, whose work resulted in detection of two errors in the new system. According to specialists, this is not something tragic, but part of the normal software development.

 

Links:
http://www.err.ee/610258/ria-otsib-e-valimiste-proovihakkijat
http://www.err.ee/634302/pealtnagija-e-valimistele-leidub-endiselt-kriitikuid

ETV “Suud Puhtaks” debate on internet voting security

Is the cyber security in Estonia ensured? Why the government wants to change the period of i-voting and what signal with that we send to the world? Talk show host Urmas Vaino helps to set things straight.

Debating:
Indrek Saar, Minister of Culture, Social Democratic Party
Jaanus Karilaid, Member of Parliament, Center Party
Priidu Pärna, Member of Tallinn City Council, Pro Patria and Res Publica Union
Anto Veldre, RIA analytic
Kristjan Vassil, UT senior researcher
Märt Põder, organizer of journalism hackathon
Arti Zirk, TUT IT faculty student
Tarvi Martens, Electoral Committee, Head of Internet Voting
Kristen Michal, Member of Parliament, Reform Party
Mihkel Slovak, UT senior researcher
Henrik Roonemaa, Geenius.ee editor
Erki Savisaar, Member of Parliament, Center Party
Andres Kutt, RIA, IT architect
Sven Heiberg, Cybernetica AS, Project Manager of Internet Voting System
Jaak Madison, Member of Parliament, Conservative People’s Party
Jaanus Ojangu, Chairman of Free Party
Agu Kivimägi, Stallion cyber security consultant
Jaan Priisalu, TUT researcher
Silver Meikar, Adviser to Minister of Culture
Kalev Pihl, SK ID Solutions, Board Member
Oskar Gross, Head of Cyber Crime Unit of Central Criminal Police
Klaid Mägi, RIA, Head of the department for handling incidents (CERT-EE)
Heiki Kübbar, Founder of ICEfire OÜ
Birgy Lorenz, Board Member of Network of Estonian Teachers of Informatics and Computer Science
Andres Kahar, KAPO Bureau Manager
Sven Sakkov, Director of NATO Cooperative Cyber Defence Centre
Heiki Pikker, TUT Cyber Security MSc student

Links:
http://www.err.ee/587007/suud-puhtaks-kui-turvalised-on-e-valimised
http://etv.err.ee/v/paevakajasaated/suud_puhtaks/saated/8d5babc5-cc33-4ed5-9bc0-927d4293ee21/suud-puhtaks
http://news.err.ee/310788/center-party-wants-to-shorten-e-voting-period

Estonian Voting Verification Mechanism Revisited (Again)


Two papers on the topic. The first:

Abstract: After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was integrated into the i-voting system in order to resist corrupted voting devices [..] However, the verification phase ends by displaying the cast vote in plain form on the verification device. [..] In this respect, we propose an alternative verification mechanism for the Estonian i-voting system to overcome this vulnerability.

The second:

Abstract: Recently, Muş, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification scheme. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. In addition, the proposal would seriously harm usability of the Estonian vote verification scheme.

TL;DR: Turkish researchers see a privacy risk in the verification process which lets voter’s mobile device to learn for whom the vote was given. Estonian researchers in the counter paper argue why the proposed improvements do not solve the issue, instead decreasing the security of the scheme.

Links:
https://eprint.iacr.org/2016/1125
https://eprint.iacr.org/2017/081

E-Vote-ID 2016: Family Voting Patterns in E-vote Log Data: Estonian Electronic Elections 2013-2015

This paper user evidence from anonymized system log data on all Estonian e-votes from 2013-2015 to examine for patterns and combinations indicative of family voting.
[..]
Using logs we identify unique e-voting sessions coming from the same IP address and computer with the same operating system that happen in close proximity to each other, specifically with not more than 10 minutes between the end of one and the beginning of another unique voting act.
[..]
The results show that 7-8% of e-votes are cast in such pairs. The age and gender structure of these evoters also shows a set of distinct combinations. The age differences in these pairs are either very small or large. The largest group is formed by same aged pairs of opposite sexes, indicating same aged partners e-voting together. Another prominent pattern are pairs with large age differences of same or opposite sexes, indicating a parent voting together with a voting aged youth.

The new minister of Ministry of Economic Affairs and Communications (MKM) Kadri Simson sees this as a concern for i-voting:

“The Estonian Constitution says that the Election must be general and uniform. When the old man votes in the polling division, it is not allowed that his young cousin comes with him to polling booth and helps him to vote. However, in the Internet voting it is quite possible, since there is no control over who is assisting in the use of ID card.” said Kadri Simson, the chairman of the Center Party fraction in parliament.

Links:
https://digi.lib.ttu.ee/i/?6967
http://www.pealinn.ee/koik-uudised/kadri-simson-eestis-pole-antud-voimalust-e-valimiste-turvasusteemi-n174077
http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0177864

Book Chapter: E-voting in Estonia by Dylan Clarke and Tarvi Martens

real_world_electronic_voting

“Real-World Electronic Voting: Design, Analysis and Deployment” is a new book about to appear on secure electronic voting. One chapter describes the Internet voting used in Estonia.

In Chapter 6, Dylan Clarke, an ERC research fellow at Newcastle University, and Tarvi Martens, the chief architect of the Estonian remote Internet voting system, describe the Estonian Internet voting system. Since the first pilot in 2005, Internet voting has been used for the whole country in three sets of local elections, two European Parliament elections and three parliamentary elections.

The draft is available in arXiv.org.

Links:
https://www.crcpress.com/Real-World-Electronic-Voting-Design-Analysis-and-Deployment/Hao-Ryan/p/book/9781498714693
https://arxiv.org/pdf/1606.08654v1.pdf

E-Vote-ID 2016: Improving the verifiability of the Estonian Internet Voting scheme

Estonian_internet_voting

Abstract. We describe an update of the Estonian Internet Voting scheme targeted towards adding verification capabilities to the central system. We propose measures to ensure the auditability of the correctness of vote decryption and i-ballot box integrity. The latter will be improved to a level where it would be possible to outsource the vote collection process to an untrusted party and later fully verify the correctness of its operations.

The short summary is that I-voting system used for local municipal elections in October 2017 will use ElGamal cryptosystem that can be plugged into mix-net. Currently it is not clear whether the general public will be allowed to verify mix-net inputs and outputs.

Links:
http://research.cyber.ee/~jan/publ/ivxv-evoteid.pdf

 

Homomorphic Tallying for the Estonian Internet Voting System

Estonian_internet_voting

Abstract. In this paper we study the feasibility of using homomorphic tallying in the Estonian Internet voting system. The paper analyzes the security benefits provided by homomorphic tallying, the costs introduced and the required changes to the voting system. We find that homomorphic tallying has several security benefits, such as improved ballot secrecy, public verifiability of the vote tallying server and the possibility for observers to recalculate the tally without compromising ballot secrecy. The use of modern elliptic curve cryptography allows homomorphic tallying to be implemented without a significant loss of performance.
[..]
The homomorphic tallying scheme described above is not new. The scheme was introduced in 1997 by Cramer et al. [6] and has been used in the Helios open-audit voting system [1] for years. The contribution of this paper is an analysis of the deployment of homomorphic tallying in the context of Estonian Internet voting, where the performance of the protocol is improved by the use of elliptic curve cryptography.

In the new tender specification published by National Electoral Committee (NEC) we can read that there is a plan to use some kind of mix-net-based technology to provide counted-as-cast verifiability for the local government elections in October 2017. While mix-nets cryptographically are more complicated than homomorphic tallying, the mix-nets are more universal and thus can be used also in elections abroad, where the ballot style is not as simple as in Estonia (e.g., elections where the voter can vote for more than one candidate).

Links:
http://eprint.iacr.org/2016/776.pdf

Estonian Internet voting system to be rewritten from scratch

e-voting_estonia

The new system should provide end-to-end verifiability features:

The current software, created in 2004, needs overhaul as the gradual updates (such as adding the Mobile-ID capacity and others) have rendered the grasp on the source code structure challenging. “The new system will be more universal, allowing more possible applications, in addition to using it for Estonian nation-wide elections and referendums – such as internal elections of large corporations, local government polls and also abroad,” said Tarvi Martens, chairman of Estonian Electronic Voting Committee.

The voting procedure will remain the same for the voter and the source code will remain open. “The planned changes will allow the observers to keep an eye on how the stored e-votes will become election results more efficiently, based on mathematical proof,” Martens explained. “In other words, mathematics will prevail over the human factor. Technical proof allows us to control the system with much more efficiency,” he added.

The full cost of the first contract is 236 800 euros (VAT excluded). The bid was open to all EU entities and received bids from three companies. Cybernetica has won the bid for developing the Estonian electronic voting system, entailing a renewal of the system for the local government elections in October 2017.

Links:
http://uudised.err.ee/v/eesti/fe86efd4-9811-48cc-ae2b-234acd4e6c60/vabariigi-valimiskomisjon-soovib-e-haaletamise-susteemi-uuesti-ules-ehitada
https://cyber.ee/en/news/cybernetica-selected-to-renew-estonian-internet-voting-software/

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2015/2016

university_of_tartu_logo

Defense committee: Dominique Unruh (chairman), Siim Karus, Vitaly Skachek, Dirk Oliver Theis, Raimundas Matulevicius.

A Cost-Effective Approach to Key Management in Online Voting Scenarios
Abstract: Since smart cards both offer reasonable prices and expose an API for development, this document evaluates different approaches to implement threshold encryption over smart cards to support an electoral process.
Student: Sergio Andrés Figueroa Santos
Curriculum: NordSecMob (MSc)
Supervisor: Sven Heiberg, Helger Lipmaa, Tuomas Aura
Reviewer: Ivo Kubjas
Defense: 02.06.2016, 09:00, Liivi 2-405

Revision of Security Risk-oriented Patterns for Distributed Systems
Abstract: In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system.
Student: Silver Samarütel
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Alexander Horst Norta
Defense: 02.06.2016, 09:00, Liivi 2-405

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security
Abstract: In order to support and simplify the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them.
Student: Andrey Sergeev
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Henri Lakk
Defense: 02.06.2016, 09:00, Liivi 2-405

Secure and Efficient Mix-Nets
Abstract: This thesis studies a zero-knowledge shuffle argument proposed by J. Furukawa in 2005. Firstly, we provide a more detailed and easily readable description of the shuffle and shuffle-decryption zero-knowledge protocols than in the original paper. Secondly, we provide two new characterizations of a permutation matrix and two simple modifications of the shuffle protocol that reduce the computational complexity.
Student: Janno Siim
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Sven Laur
Defense: 02.06.2016, 09:00, Liivi 2-405

A Comprehensive Protocol Suite for Secure Two-Party Computation
Abstract: In some scenarios, a two-party model is a better fit when no natural third party is involved in the application. In this work, we design and implement a full protocol suite for two-party computations on Sharemind, providing an alternative and viable solution in such cases.
Student: Sander Siim
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Pille Pullonen
Reviewer: Dominique Unruh
Defense: 06.06.2016, 09:00, Liivi 2-405

An improved type system for a privacy-aware programming language and its practical applications
Abstract: he goal of this thesis is to make it easier to add protection domain kinds to the SecreC language by allowing the programmer to define the protection domain kind data types, arithmetic operations and type conversions in the SecreC language without changing the compiler.
Student: Ville Sokk
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Jaak Randmets
Reviewer: Vesal Vojdani
Defense: 06.06.2016, 09:00, Liivi 2-405

Energy Harvesting in Cooperative Communications
Abstract: Energy harvesting (EH) is a crucial technology for a variety of wireless systems that have limited access to a reliable electricity supply or recharging sources. In this thesis, the design of a multiple access relay system (MARS) using EH is considered.
Student: Akashkumar Rajaram
Curriculum: Cyber Security (MSc)
Supervisor: Nalin Jayakody, Vitaly Skachek
Reviewer: Bin Chen
Defense: 06.06.2016, 09:00, Liivi 2-405

Security of Eduroam Passwords
Abstract: The University of Tartu has decided that the university’s eduroam accounts will share the same user credentials as the rest of the university’s services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user’s university account. The aim of this research was to uncover any such weaknesses.
Student: Raul-Martin Rebane
Curriculum: Computer Science (BSc)
Supervisor: Dominique Unruh
Reviewer: Meelis Roos
Defense: 06.06.2016, 09:00, Liivi 2-405

Applying a Security Testing Methodology: a Case Study
Abstract: This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project.
Student: Karin Klooster
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Margus Freudenthal
Reviewer: Kritjan Krips
Defense: 08.06.2016

Word frequency based log analysis
Abstract: The purpose of this bachelor thesis is to explore if you can use word frequency based analysis for log files and find interesting events without knowing the log structure.
Student: Karl Lääts
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos
Reviewer: Artjom Lind
Defense: 08.06.2016

Randomly Distributed PIN Code Input Layout
Abstract: This thesis examines the possibility of reducing the visual security breach of PIN code input by randomising the input field.
Student: Rain Tõugjas
Curriculum: Computer Science (BSc)
Supervisor: Tauno Palts, Kristjan Krips
Reviewer:
Defense: 08.2016

Smart Home Hacking
Abstract: This work investigates the security and privacy issues found at an emerging smart home technology such as the CoSSMic platform.
Student: Suela Kodra
Curriculum: NordSecMob (MSc)
Supervisor: Danilo Gligoroski, Marie Moe, Dominique Unruh
Reviewer: Raimundas Matulevičius
Defense: 18.08.2016, 09:30, Liivi 2-403

Cache-Timing Techniques: Exploiting the DSA Algorithm
Abstract: This work explains some of the cache-timing techniques commonly used to exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA’s sliding window exponentiation algorithm.
Student: Cesar Pereida Garcia
Curriculum: NordSecMob (MSc)
Supervisor: Billy Bob Brumley, Dominique Unruh, N. Asokan
Reviewer: Arnis Paršovs
Defense: 26.08.2016, 11:00, Liivi 2-403

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2016
http://www.cs.ut.ee/sites/default/files/2016/loput88d/Kaitsmiste%20ajakava.pdf