Tag Archives: Helger Lipmaa

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2018/2019 (August)

The defences took place on the last week of August.

Student: Aleksandr Tsõganov (Software Engineering MSc)
Title: Integrating User Identity with Ethereum Smart Contract Wallet
Supervisor: Orlenys López Pintado, Aivo Kalu, Kristjan Kuhi
Reviewer: Fredrik Payman Milani

Student: Rahul Puniani (Innovation and Technology Management MSc)
Title: Conceptualization of a Blockchain Based Voting Ecosystem in Estonia
Supervisor: Fredrik Payman Milani, Mihkel Solvak
Reviewer: Orlenys López Pintado

Student: Indrek Purga (Conversion Master in IT)
Title: Detection of forged PDF documents
Supervisor: Kristjan Krips
Reviewer: Alo Peets

Student: Shahla Atapoor (Computer Science MSc)
Title: On Privacy Preserving Blockchains and zk-SNARKs
Supervisor: Helger Lipmaa, Janno Siim, Karim Baghery
Reviewer: Ivo Kubjas

Student: Mart Simisker (Computer Science MSc)
Title: Security of Health Information Databases
Supervisor: Jan Willemson, Dominique Unruh
Reviewer: Meelis Roos

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2019
https://www.cs.ut.ee/sites/default/files/www_ut/augusti_kaitsmiste_ajakava_28-08-2019.pdf

Estonian cryptographer rejects claims of being Bitcoin’s creator

Los Angeles lawyer Justin Sobaje is convinced that Helger Lipmaa, senior researcher of the University of Tartu’s computer science institute, is Satoshi Nakamoto – the creator of bitcoin, and says he has analyses and studies that prove it.

Sobaje writes that he is convinced – based on an article in which Nakamoto first describes the nature of bitcoin – that the author or authors of the piece had to have been experts of timestamping technology and hash trees. That is the focus of Helger Lipmaa’s doctoral thesis and scientific papers published in the late 1990s. Lipmaa has cited another two articles the original creator of the bitcoin also cites on his homepage. Conclusion: Lipmaa knows five out of eight articles.

Sobaje continues: “Satoshi was an experienced C++ programmer. Lipmaa created timestamping software while working at Cybernetica.” He lists the years Lipmaa spent working for the company until two years before the birth of bitcoin. How was the name Satoshi Nakamoto created? Sobaje has found three Japanese cryptographers mentioned on Lipmaa’s website – Satoshi Obana, Junko Nakajima, Takeshi Okamoto – and concludes that the name of the world’s most wanted man is a combination of the three.

Helger Lipmaa, commenting on the matter to Postimees, rejects the idea. “I’m certainly not Satoshi and I don’t understand how he got to my name of all things,” he said, adding that bitcoin’s original creator wasn’t a cryptographer.

Professor of software science at the Tallinn University of Technology Ahto Buldas, who worked with Lipmaa on timestamping technology in the late 1990s, laughs out loud when told an American lawyer believes Lipmaa to be Nakamoto. “The number of scientists that worked on it at the time was not great, while there are other candidates for Nakamoto. I don’t want to say that Lipmaa is not Satoshi Nakamoto; even though I don’t really believe it, it cannot be ruled out either,” he says. “We could all have been Nakamotos.

This could be a potential topic for BSc/MSc thesis, to use open source intelligence to verify if there is some correlation between public activities of Satoshi and Helger/Ahto.

Links:
https://news.err.ee/652328/estonian-cryptographer-rejects-claims-alleging-he-created-bitcoin
https://news.postimees.ee/4365547/hunt-for-the-world-s-most-wanted-man-reaches-estonia
http://novaator.err.ee/648962/tartu-ulikooli-vorguteenused-sattusid-pahatahtliku-runnaku-alla

 

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2016/2017

Managing Security Risks Using Attack-Defense Trees
Abstract: The In this thesis, we have addressed risk management using Attack Tree. The contribution to resolve the problem in this thesis includes three steps. Obtaining an alignment from Attack-Defense trees to ISSRM. Measurement of the metrics of the nodes of tree using historical data.
Student: Salman Lashkarara
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Meelis Roos
Defense: 01.06.2017, Tartu, J.Liivi 2-404

On Secure Bulletin Boards for E-Voting
Abstract: In this thesis, we propose a formal model for analysis of security and functionality of a bulletin board system motivated by the security requirements Culnane and Schneider introduced in Computer Security Foundations Symposium 2014.
Student: Annabell Kuldmaa
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Ahto Buldas
Defense: 01.06.2017, Tartu, J.Liivi 2-404

Research and Proof of Concept of Selected ISKE Highest Level Integrity Requirements
Abstract: This work takes integrity domain under detail research to meet ISKE requirements and security objectives demanded for data with highest integrity needs.
Student: Deivis Treier
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Andrey Sergeev
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Method for Effective PDF Files Manipulation Detection
Abstract: The aim of this thesis is to ease the process of detecting manipulations in PDF files by addressing its source code, before having to use other methods such as image processing or text-line examination.  The result is the construction of a solid and effective method for PDF file investigation and analysis to determine its integrity.
Student: Gema Fernández Bascuñana
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Inna Ivask, Raimundas Matulevičius
Reviewer: Hayretdin Bahsi
Defense: 02.06.2017, Tartu, J.Liivi 2-404

Establishing, Implementing and Auditing Linux Operating System Hardening Standard for Security Compliance
Abstract: This paper provides a proof-of-concept solution for being compliant with operating system hardening requirements of the company by establishing, implementing and auditing Linux (Debian) operating system hardening standard.
Student: Martin Jõgi
Curriculum: Cyber Security (MSc)
Supervisor: Truls Tuxen Ringkjob, Raimundas Matulevičius
Reviewer: Marko Kääramees
Defense: 02.06.2017, Tartu, J.Liivi 2-404

A Prototype For Learning Privacy-Preserving Data Publising
Abstract:  This master thesis will discuss different threats to privacy, discuss and compare different privacy-preserving methods to mitigate these threats. The thesis will give an overview of different possible implementations for these privacy-preserving methods. The other output of this thesis is educational purpose software that allows students to learn and practice privacy-preserving methods.
Student: Rain Oksvort
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevičius
Reviewer: Benson Muite
Defense: 05.06.2017, Tartu, J.Liivi 2-404

Filesystem Fuzz Testing Framework
Abstract: In the present thesis a fuzz testing framework was built, which can be used for finding time-of-check-to-time-of-use type bugs in Linux filesystems.
Student: Vladislav Alenitsev
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Kristjan Krips
Reviewer: Karl Tarbe
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Performance Testing Bulletin Board Implementations for Online Voting
Abstract: This work takes a look at two software solutions that can be used for such purpose and analyses their performance in testing environment imitating real election workload.
Student: Marek Pagel
Curriculum: Computer Science (BSc)
Supervisor: Sven Heiberg, Janno Siim
Reviewer: Ivo Kubjas
Defense: 07.06.2017, Tartu, J.Liivi 2-404

Cybersecurity theses defence on June 9, 2017 in Tartu J. Liivi 2-403 at 10.00 AM.
Defence Committee: Raimundas Matulevičius (chairman), Olaf Manuel Maennel, Vitaly Skachek, Meelis Roos, Hayretdin Bahsi.
Grades received (random order): A, B, C, C, D.

Improving and Measuring Learning at Cyber Defence Exercises
Abstract:  This thesis takes a fresh look at learning in Cyber Defence Exercises (CDXs) and focuses on measuring learning outcomes. As such exercises come in a variety of formats, this thesis focuses on technical CDXs with Red and Blue teaming elements.
Student: Kaie Maennel
Curriculum: Cyber Security (MSc)
Supervisor: Rain Ottis, Liina Randmann, Raimundas Matulevičius
Reviewer: Sten Mäses
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Federation of Cyber Ranges
Abstract: This study compares two cyber ranges and looks into possibilities of pooling and sharing of national facilities and to the establishment of a logical federation of interconnected cyber ranges. The thesis gives recommendations on information flow, proof of concept, guide-lines and prerequisites to achieve an initial interconnection with pooling and sharing capabilities.
Student: Allar Vallaots
Curriculum: Cyber Security (MSc)
Supervisor: Jaan Priisalu, Uko Valtenberg, Raimundas Matulevičius
Reviewer: Rain Ottis
Defense: 09.06.2017, Tartu, J.Liivi 2-403

A New Heuristic Based Phishing Detection Approach Utilizing Selenium Webdriver
Abstract: In this paper, we focus on detecting login phishing pages, pages that contain forms with email and password fields to allow for authorization to personal/restricted content. We present the design, implementation, and evaluation of our phishing detection tool “SeleniumPhishGuard”, a novel heuristic-based approach to detect phishing login pages.
Student: Ahmed Nafies Okasha Mohamed
Curriculum: Cyber Security (MSc)
Supervisor: Olaf Manuel Maennel, Raimundas Matulevicius
Reviewer: Hayretdin Bahsi
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Analysis of Exploit-kit Incidents and Campaigns Through a Graph Database Framework
Abstract: A great deal of automation can be achieved here by using public APIs such as VirusTotal, whois databases, IP blacklists, etc during the analysis and a first part of our work is dedicated to that. We will then show that this approach reveals patterns and clusters from which decisions can be made from a defensive perspective.
Student: Guillaume Brodar
Curriculum: Cyber Security (MSc)
Supervisor: Toomas Lepik, Raimundas Matulevicius
Reviewer: Arnis Paršovs
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Investigation of JTAG and ISP Techniques for Forensic Procedures
Abstract: This thesis is focusing on JTAG and ISP physical acquisitions techniques. The aim is to give an overview of these techniques from a forensic point of view and in addition to some other tests will try to prove that are forensically equivalent to any other method.
Student: Stefanos Pappas
Curriculum: Cyber Security (MSc)
Supervisor: Pavel Laptev, Raimundas Matulevičius
Reviewer: Emin Caliskan
Defense: 09.06.2017, Tartu, J.Liivi 2-403

Links:
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_1_2_5_06.pdf
https://www.cs.ut.ee/sites/default/files/cs/kaitsmiste_ajakava_6_7_8_9_06_.pdf

Cybersecurity related bachelor’s and master’s theses in University of Tartu 2015/2016

university_of_tartu_logo

Defense committee: Dominique Unruh (chairman), Siim Karus, Vitaly Skachek, Dirk Oliver Theis, Raimundas Matulevicius.

A Cost-Effective Approach to Key Management in Online Voting Scenarios
Abstract: Since smart cards both offer reasonable prices and expose an API for development, this document evaluates different approaches to implement threshold encryption over smart cards to support an electoral process.
Student: Sergio Andrés Figueroa Santos
Curriculum: NordSecMob (MSc)
Supervisor: Sven Heiberg, Helger Lipmaa, Tuomas Aura
Reviewer: Ivo Kubjas
Defense: 02.06.2016, 09:00, Liivi 2-405

Revision of Security Risk-oriented Patterns for Distributed Systems
Abstract: In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system.
Student: Silver Samarütel
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Alexander Horst Norta
Defense: 02.06.2016, 09:00, Liivi 2-405

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security
Abstract: In order to support and simplify the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them.
Student: Andrey Sergeev
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Henri Lakk
Defense: 02.06.2016, 09:00, Liivi 2-405

Secure and Efficient Mix-Nets
Abstract: This thesis studies a zero-knowledge shuffle argument proposed by J. Furukawa in 2005. Firstly, we provide a more detailed and easily readable description of the shuffle and shuffle-decryption zero-knowledge protocols than in the original paper. Secondly, we provide two new characterizations of a permutation matrix and two simple modifications of the shuffle protocol that reduce the computational complexity.
Student: Janno Siim
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Sven Laur
Defense: 02.06.2016, 09:00, Liivi 2-405

A Comprehensive Protocol Suite for Secure Two-Party Computation
Abstract: In some scenarios, a two-party model is a better fit when no natural third party is involved in the application. In this work, we design and implement a full protocol suite for two-party computations on Sharemind, providing an alternative and viable solution in such cases.
Student: Sander Siim
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Pille Pullonen
Reviewer: Dominique Unruh
Defense: 06.06.2016, 09:00, Liivi 2-405

An improved type system for a privacy-aware programming language and its practical applications
Abstract: he goal of this thesis is to make it easier to add protection domain kinds to the SecreC language by allowing the programmer to define the protection domain kind data types, arithmetic operations and type conversions in the SecreC language without changing the compiler.
Student: Ville Sokk
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Jaak Randmets
Reviewer: Vesal Vojdani
Defense: 06.06.2016, 09:00, Liivi 2-405

Energy Harvesting in Cooperative Communications
Abstract: Energy harvesting (EH) is a crucial technology for a variety of wireless systems that have limited access to a reliable electricity supply or recharging sources. In this thesis, the design of a multiple access relay system (MARS) using EH is considered.
Student: Akashkumar Rajaram
Curriculum: Cyber Security (MSc)
Supervisor: Nalin Jayakody, Vitaly Skachek
Reviewer: Bin Chen
Defense: 06.06.2016, 09:00, Liivi 2-405

Security of Eduroam Passwords
Abstract: The University of Tartu has decided that the university’s eduroam accounts will share the same user credentials as the rest of the university’s services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user’s university account. The aim of this research was to uncover any such weaknesses.
Student: Raul-Martin Rebane
Curriculum: Computer Science (BSc)
Supervisor: Dominique Unruh
Reviewer: Meelis Roos
Defense: 06.06.2016, 09:00, Liivi 2-405

Applying a Security Testing Methodology: a Case Study
Abstract: This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project.
Student: Karin Klooster
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Margus Freudenthal
Reviewer: Kritjan Krips
Defense: 08.06.2016

Word frequency based log analysis
Abstract: The purpose of this bachelor thesis is to explore if you can use word frequency based analysis for log files and find interesting events without knowing the log structure.
Student: Karl Lääts
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos
Reviewer: Artjom Lind
Defense: 08.06.2016

Randomly Distributed PIN Code Input Layout
Abstract: This thesis examines the possibility of reducing the visual security breach of PIN code input by randomising the input field.
Student: Rain Tõugjas
Curriculum: Computer Science (BSc)
Supervisor: Tauno Palts, Kristjan Krips
Reviewer:
Defense: 08.2016

Smart Home Hacking
Abstract: This work investigates the security and privacy issues found at an emerging smart home technology such as the CoSSMic platform.
Student: Suela Kodra
Curriculum: NordSecMob (MSc)
Supervisor: Danilo Gligoroski, Marie Moe, Dominique Unruh
Reviewer: Raimundas Matulevičius
Defense: 18.08.2016, 09:30, Liivi 2-403

Cache-Timing Techniques: Exploiting the DSA Algorithm
Abstract: This work explains some of the cache-timing techniques commonly used to exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA’s sliding window exponentiation algorithm.
Student: Cesar Pereida Garcia
Curriculum: NordSecMob (MSc)
Supervisor: Billy Bob Brumley, Dominique Unruh, N. Asokan
Reviewer: Arnis Paršovs
Defense: 26.08.2016, 11:00, Liivi 2-403

Links:
https://comserv.cs.ut.ee/ati_thesis/index.php?year=2016
http://www.cs.ut.ee/sites/default/files/2016/loput88d/Kaitsmiste%20ajakava.pdf

E-enabled elections in Estonia: Forum on research and development in 2015

Estonian_internet_voting

During the first half day, Estonian researchers will present the results of a 3-year scientific project that studied the Estonian flavour of verifiable Internet voting from both technical and social aspects. The second half of the first day will be devoted to the presentation of the development ideas of the Estonian solution. The second day holds additional interventions on the topic of remote online voting and offers brainstorming activity where feedback to the ideas of the first day will be gathered interactively.

Thursday (05.11.2015)
09:00 – 09:30 Registration
09:30 – 09:45 Opening keynote
09:45 – 10:30 Kristjan Vassil “Diffusion of Internet Voting in Estonia”
10:30 – 11:15 Mihkel Solvak “Impact of Verification on Trust toward Internet Voting”
11:15 – 11:45 Coffee break
11:45 – 12:15 Taavi Unt “Usage Patterns in Internet Voting Log Files”
12:15 – 13:45 Jan Willemson, Sven Heiberg and Arnis Paršovs “Log analysis of Estonian Internet
voting 2013-2015”
14:00 – 15:00 Lunch
16:00 – Coffee break
15:00 – 17:30 Tarvi Martens, Sven Heiberg and Jan Willemson “Estonian Internet voting 2017+”

Friday (06.11.2015)
10:00 – 10:30 Bingsheng Zhang “How to Achieve Unconditional Integrity in an End-to-end Verifiable E
voting System”
10:30 – 11:00 Kristjan Gjøsteen “A security usability study on the Norwegian e-voting system”
11:00 – 11:30 Carsten Schürmann “Creating Credible Elections”
11:30 – 12:00 Coffee break
12:00 – 12:30 Jurlind Budurushi “An Investigation into the Usability of Electronic Voting Systems with
Paper Audit Trails in the Context of Complex Elections”
12:30 – 13:00 Helger Lipmaa “Privacy and Accountability in Networks via Optimized Randomized Mixnets”
13:00 – 13:30 Filip Zagorski “Improving security of remote voting”
13:30 – 14:30 Lunch
15:00 – Coffee break
14:30 – 17:00 Argument game

Links:
http://cyber.ee/en/news/e-enabled-elections-in-estonia-forum-on-research-and-development-in-2015/

Evaluation of Research in ICT in Estonia 2009–2014: Evaluation Report 5/2015

ETAG_logo
Tallinn University of Technology:

4.4.15. Research Group: Faculty of Information Technology: Cyber Security
The group is led by Prof. Olaf Maennel. It is a very young and active group, started around 2013. The main interests of the group are in intrusion detection, testing security policies, and security simulation exercises. They have gained a European FP7 project on E-Crime. The group is still establishing itself in research and its activities are promising. The number and quality of publications is still limited and should be increased. This can be done since the leader of the group is well cited. Assessment: The panel judges the research to be of high international level. The overall evaluation of the group is good.

University of Tartu:

4.6.10. Research Group: Institute of Computer Science: Cryptography and Theoretical Computer Science
This group represents a number of subunits, with 6 topics led by 5 lead PIs (Sven Laur, Helger Lipmaa, Vitaly Skachek, Dirk Oliver Theis, Dominique Unruh). The group was restructured in 2011 with the recruitment of Unruh and Lipmaa. The group addresses six key research topics, namely classical cryptography, quantum cryptography, coding theory, combinatorics and algorithms, security, and verification of cryptography. All topics are related to computer security.
The research highlights include quantum proofs of knowledge, privacy-preserving data-mining, efficient non-interactive zero-knowledge proofs, communication complexity and the rank of matrices, and permutation codes. The group claims 8 level 1.1 publications, which seems a bit low. However, it is also a bit misleading since their list of 30 best papers includes 11 articles in top or at least internationally well recognized journals (J Cryptology, European J Combinatorics, IEEE Tr Information Theory, IEEE J selected areas in communication, Theoretical Computer Science, Journal of Computer Security, Bioinformatics, European J. Operations Research), besides 7 papers in the very best conferences (FOCS, Crypto, Eurocrypt, ICALP). Remaining top 30 items are papers in more specialized cryptography and security venues like ACM CCS, PKC, SCN, CSF, Eurocomb. Publication rate of top level papers has increased significantly over the evaluation period.
Many of the students (10+) are working in related industrial SMEs such as Cybernetica. They are contributing to several practical applications such as e-voting. The group is recommended to keep its current high quality and volume of output, and to develop some additional internationally financed projects. Based on the evidence, panel judges the research to be of high international level. Because of the strong upward trend the overall evaluation of the group is excellent.

Links:
http://www.etag.ee/wp-content/uploads/2012/05/Evaluation_raport2015veeb.pdf

CCS’14: Security Analysis of the Estonian Internet Voting System

haldermans_team

Estonian Internet Voting security report published in May, 2014 has been submitted to ACM Conference on Computer and Communications Security (CCS’14).
Here is a list of changes made into CCS’14 article:

  •  Author list reordered moving PhD students to the beginning.
  • Additional author “Zakir Durumeric” added (he was mentioned in acknowledgements section before).
  • Abstract added.
  • Added to introduction:
    “People around the world look to Estonia’s example, and some wonder why they can’t vote online too [54].”
  • Added to introduction:
    “Despite these concerns, the system has not previously been subjected to a detailed independent security analysis.”
  • Removed from introduction:
    “The weakness of the Estonian system stems from its basic design”.
  • Added to introduction:
    “As recently as May 2014, attackers linked to Russia targeted election infrastructure in Ukraine and briefly delayed vote counting [10].”
  • Added to introduction:
    “We returned to Estonia in May 2014 and shared these findings with election officials and the public. Unfortunately, government responses ranged from dismissive to absurd. The National Electoral Committee stated that the threat vectors we consider have already been adequately accounted for in the design, and that the attacks we describe are infeasible [26]. We disagree on both counts, but readers can review the evidence and reach their own conclusions. Prime Minister Taavi Rõivas and President Toomas Hendrik Ilves insinuated to the media that we had been bought off by a rival political party seeking to disparage the system. This we vehemently deny, but it illustrates how the Estonian public discourse concerning election technology has become dominated by partisanship. We hope that the country can separate technical reality from political rhetoric in time to avert a major attack.”
  • Added paragraph:
    “Estonians can also use mobile phones with special SIM cards for authentication and signing, through a system called Mobile-ID [14]. In the 2013 election, 9% of online votes were cast using this method [19]. We exclude Mobile-ID from our analysis because we did not have access to the external infrastructure that would be needed to test it.”
  • Added footnote:
    “Estonia used the system again, shortly after we made our findings public, for May 2014 European Parliament elections. There were only minor changes to the software and procedures. The fraction of votes cast online increased to 31%.”
  • “Instead, officials decided to use a worker’s personal USB stick to transfer the files to an Internet-connected Windows laptop” now additional clause follows: “, where the results were officially signed.”
  • The first paragraph of “Insufficient Transparency” subsection rephrased removing “we have been impressed by the initial steps towards transparency…”
  • Two paragraphs added to the section “Vulnerabilities in Published Code”:
    “Nonetheless, we discovered some minor bugs and vulnerabilities while examining the code in order to conduct our other experiments. We disclosed these issues to the Internet Voting Committee in May 2014.
    One of the problems we found allows a denial-of-service attack against the voting process. If a client sends an HTTP request containing unexpected header fields, the server logs the field names to disk. By sending many specially crafted requests containing fields with very long names, an attacker can exhaust the server’s log storage, after which it will fail to accept any new votes. In the 2013 election, the size of the log partition was 20 GB. We estimate that an attacker could fill it and disable further voting in about 75 minutes. Curiously, the vulnerable code is only a few lines from the comment, “Don’t write to disk; we don’t know how large the value is.” This indicates that the developers were aware of similar attacks but failed to account for all variants.
    A second problem we discovered is a shell-injection vulnerability in a server-side user interface that is intended to allow operators to perform pre-determined administrative tasks. The vulnerability would allow such an operator to execute arbitrary shell commands on the election servers with root privileges. Under current procedures, this is moot, since the same workers perform other administrative tasks at the command line as root. However, shell injection vulnerabilities can be exceedingly dangerous [67], and the fact that the issue was not detected in advance of the election is a reminder that open source cannot guarantee the absence of vulnerabilities [44].”
  • Added paragraph:
    “Virtual machines we used to reproduce the election, together with source code for our demonstration attacks, are available online at https://www.estoniaevoting.org.”
  • Added to “Threat Model” section:
    “More recently, in May 2014, attackers linked to Russia targeted election infrastructure in Ukraine, which uses a computerized system to aggregate results from around the country. The attackers reportedly attempted to discredit the election process by disrupting tallying and causing the system to report incorrect results [10].”
  • Removed paragraph:
    “It took less than two man-weeks to devise, implement, and test this server-side vote-stealing attack. The majority of this time was spent finding an appropriate and sufficiently silent way to insert the trojan into the OS installation procedures, due to unfamiliarity with the Debian package system and installation process.”
  • Added paragraph:
    “In fact, during the pre-election server setup process in 2013, workers used an incorrect version of the evote_post.sh script that failed to install the evote_analyzer package on the VFS. Administrators later had to manually install this package during the voting period, after they realized that the server was not reporting all expected log data [56]. This provides a case-in-point example of a failure of the procedural protections to ensure that only the correct software gets installed on the server machines.”
  • Added paragraph:
    “Zero-day exploits are yet another potential attack vector, and a source of many “known unknowns.” One illustration of this is the OpenSSL Heartbleed bug [34], which was not disclosed until April 2014. The front-end server used during the 2013 election was vulnerable to Heartbleed, and an attacker who knew about the bug likely could have exploited it to extract the server’s TLS private key. Then, using a man-in-the-middle attack on connections from voters, they could have selectively prevented certain voters’ ballots from being received by the real server.”
  • Added completely new subsection:
    “5.3 Attacking Ballot Secrecy
    While our experiments focused on attacks against the integrity of election results, we also considered ballot secrecy issues, since the secrecy of the voter’s ballot is a critical defense against voter coercion and vote buying. The I-voting system implements a relatively strong protection against in-person, individual coercion by allowing voters to cast replacement votes online or to cancel their electronic ballots entirely and vote in person on election day. More sophisticated attacks remain possible, however, including spyware on the voter’s PC or smartphone, as well as server-side attacks.
    Server-side attacks on ballot secrecy are particularly troubling, since preserving ballot secrecy is a main goal of the system’s cryptographic double-envelope architecture. The voting design attempts to ensure that votes remain private by breaking the association between voters’ digital signatures from their plaintext votes. The encrypted ballots are separated from the signatures and copied to an isolated machine before being decrypted and counted. Note that this machine, the counting server, has access to the complete association between the encrypted ballots and the plaintext votes. An attacker who can smuggle this information out through a covert channel can compromise every voter’s secret ballot.
    Unfortunately, the tabulation procedures offer multiple possibilities for exfiltrating this information. When tabulation is complete, officials use the counting server to burn a DVD containing both vote totals and log files. Suppose for simplicity that the attacker is a dishonest insider with access to this DVD and to the complete set of signed, encrypted ballots (e.g. from a backup disk) and some mechanism for infecting the counting server with malicious code, such as the routes discussed above. The counting server malware can sort the encrypted ballots and leak the voter choices corresponding to each as a sequence of integers in the same order. Since there is typically only one race, only a few bits per ballot are needed to determine the choices of all voters. The malware could steganographically encode this data into the log files through the order of entries, or it could simply write this information to unallocated sectors of the disc. The attacker can then decode this information and use it to associate every voter’s digital signature (and hence, their identity) with their vote.”
  • Bibliography reference added to conclusion sentence:
    “Certainly, additional protections could be addded in order to mitigate specific attacks (e.g. [48])”
    [48] points to: “H. Lipmaa. A simple cast-as-intended e-voting protocol by using secure smart cards, May 2014.”
  • Removed the section “About the Authors”.
  • Added “supported by Google/ATAP” in aknowledgements.
  • Added picture of authors (without Hursti) made in Tallinn May 2014.

Links:
https://estoniaevoting.org/wp-content/uploads/2014/05/IVotingReport.pdf
https://jhalderm.com/pub/papers/ivoting-ccs14.pdf
https://aaspring.com/ccs2014/ivoting-slides.pdf