“Democracy Days” is an innovative countywide youth voting ...
Security Analysis of the Democracy Live Online Voting System
Transcript of Security Analysis of the Democracy Live Online Voting System
![Page 1: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/1.jpg)
J. Alex Halderman,
Security Analysis of the Democracy Live Online Voting System
Michael A. Specter,
[email protected] // mspecter@
![Page 2: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/2.jpg)
This is a security analysis of anInternet Voting system used in the 2020
U.S. Federal elections.
2
![Page 3: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/3.jpg)
3
![Page 4: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/4.jpg)
Disclaimer
4
● Nothing in this work indicates that the 2020 presidential election was “hacked”
● To the best of our knowledge, OmniBallot was (thankfully)not used in Pennsylvania, Georgia, or Arizona
● We stand by the letter we signed, along with ~50 other elections security researchers: there is no compelling evidence of computer fraud in the 2020 presidential election outcome
○ mattblaze.org/papers/election2020.pdf
![Page 5: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/5.jpg)
Motivation
5
![Page 6: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/6.jpg)
Last year, USENIX Security ‘20:
6
![Page 7: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/7.jpg)
7
![Page 8: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/8.jpg)
Yet Another Internet Voting System!
● Previously adopted in:○ 7 state governments○ 98 jurisdictions in 11 states
● Planned adoption for 2020 presidential primaries
○ West Virginia■ ~22%
○ Delaware & New Jersey■ 100% of voters
8
![Page 9: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/9.jpg)
Does Democracy Live’s system fare any better than Voatz?
9
![Page 10: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/10.jpg)
Complications
10
![Page 11: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/11.jpg)
Requirements of voting systems are subtle
11
● Correctness & Usability○ Counted as cast, cast as intended, (only) accessible to all eligible voters
● Privacy○ An attacker cannot learn a voter’s selections
● Receipt Freeness○ No voter can prove the way they voted after the fact
● Coercion Resistance○ Voter cannot cooperate with an attacker to prove the way they voted
● End to end verifiability (E2E-V)○ Voters have proof that their vote was counted correctly
![Page 12: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/12.jpg)
Democracy Live’s OmniBallot has Three Modes!
12
1. Electronic Ballot Delivery
Ballot is physically marked, printed, and mailed
2. Remote Accessible Vote By Mail (RAVBM)
Ballot is marked electronically, physically printed, & mailed
3. Full-on Internet Voting
Ballot is marked electronically & returned via email or over Democracy Live’s system
![Page 13: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/13.jpg)
Research Questions
13
1. How well does Democracy Live achieve Correctness, Privacy, Receipt Freeness, and Coercion Resistance?○ Is it End to End Verifiable (E2E-V)?
2. What are the non-ballot privacy properties of the system?3. How well do the other “modes” of Democracy Live fare,
and how does one begin to analyze them?
![Page 14: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/14.jpg)
General Obnoxiousness
14
![Page 15: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/15.jpg)
15
![Page 16: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/16.jpg)
16
![Page 17: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/17.jpg)
17
![Page 18: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/18.jpg)
18
Google’s privacy policy, not DL’s!
There is no OmniBallot privacy policy.
![Page 19: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/19.jpg)
19
![Page 20: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/20.jpg)
20
![Page 21: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/21.jpg)
21
![Page 22: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/22.jpg)
22
![Page 23: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/23.jpg)
23
![Page 24: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/24.jpg)
24
Let’s report a bug!
![Page 25: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/25.jpg)
25
![Page 26: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/26.jpg)
26
![Page 27: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/27.jpg)
Significantly Complicated the Methodology
● Constraints○ Can’t touch server infrastructure (legal & ethical concerns)○ Must make assumptions about the backend
● Solution○ Manually reverse engineer obfuscated client○ Iteratively reimplement the server-side○ Assume the best possible case for the backend in analysis
Analysis of the system as of June 202027
![Page 28: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/28.jpg)
Results
28
![Page 29: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/29.jpg)
29
![Page 30: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/30.jpg)
30
= Client
= Server
= Third Parties (Amazon, Google, Cloudflare)
Attacks:
![Page 31: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/31.jpg)
Privacy
● Collects voter’s name, address, DoB, partial SSN, and browser fingerprint● Uploads the voter’s secret ballot selections
even if the voter prints & physically mails in the ballot● Uses Google Analytics, and Google gets your voter ID & party affiliation● Again, no privacy policy, no public restriction on use of data
31
![Page 32: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/32.jpg)
Conclusions
32
![Page 33: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/33.jpg)
Deployed Internet Voting Systems:
33
Deployed Before Public Analysis
Democracy Live (Specter et al. ‘21) ✓
Voatz (Specter et al. ‘20) ✓
Swiss Post (Teague et al. ‘20) ✓
Moscow (Gaudry et al. ‘19) ✓
Estonia (Springall et al. ‘15) ✓
![Page 34: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/34.jpg)
Deployed Internet Voting Systems:
34
Deployed Before Public Analysis
Democracy Live (Specter et al. ‘21) ✓
Voatz (Specter et al. ‘20) ✓
Swiss Post (Teague et al. ‘20) ✓
Moscow (Gaudry et al. ‘19) ✓
Estonia (Springall et al. ‘15) ✓
![Page 35: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/35.jpg)
Deployed Internet Voting Systems:
35
Deployed Before Public Analysis
Barriers to Analysis & Disclosure
Democracy Live (Specter et al. ‘21) ✓ ✓
Voatz (Specter et al. ‘20) ✓ ✓
Swiss Post (Teague et al. ‘20) ✓ ✓
Moscow (Gaudry et al. ‘19) ✓ ✓
Estonia (Springall et al. ‘15) ✓ ✓
![Page 36: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/36.jpg)
Deployed Internet Voting Systems:
36
Deployed Before Public Analysis
Barriers to Analysis & Disclosure
Poor / Misleading Documentation
Democracy Live (Specter et al. ‘21) ✓ ✓ ✓
Voatz (Specter et al. ‘20) ✓ ✓ ✓
Swiss Post (Teague et al. ‘20) ✓ ✓
Moscow (Gaudry et al. ‘19) ✓ ✓ ✓
Estonia (Springall et al. ‘15) ✓ ✓ ✓
![Page 37: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/37.jpg)
Deployed Internet Voting Systems:
37
Deployed Before Public Analysis
Barriers to Analysis & Disclosure
Poor / Misleading Documentation
Implementation & Design Flaws
Democracy Live (Specter et al. ‘21) ✓ ✓ ✓ ✓
Voatz (Specter et al. ‘20) ✓ ✓ ✓ ✓
Swiss Post (Teague et al. ‘20) ✓ ✓ ✓
Moscow (Gaudry et al. ‘19) ✓ ✓ ✓ ✓
Estonia (Springall et al. ‘15) ✓ ✓ ✓ ✓
![Page 38: Security Analysis of the Democracy Live Online Voting System](https://reader033.fdocuments.us/reader033/viewer/2022042421/6260a8c8afba824e336db6a7/html5/thumbnails/38.jpg)
● Contributions:○ Security analysis of a deployed Internet voting system in U.S. federal elections○ First analysis of an RAVBM system○ Found a number of security & privacy issues
● Impact:○ New Jersey & Delaware halted use of OmniBallot for Internet voting!○ However, still used in West Virginia and Denver in November 2020
Contributions & Impact
[email protected] // mspecter@