An election is a process through which citizens in liberal democracies select their governing bodies, usually through voting. For elections to be truly honest, people must be able to vote freely without being subject to coercion; that is why voting is usually done in a private manner. In this concise talk we will describe the elections process concentrating on the adversarial point of view - what (and a bit of how) things can be attacked, corrupted, or manipulated.

Elections are the centrepiece of democracy, but the process of depositing the votes, tallying them and finally declaring the winners is surprisingly old-fashioned. If implemented properly, a system where votes can be cast electronically could allow voters to express their opinions much more often, potentially leading the way to an unprecedented level of voter participation and confidence in the government process. A proper implementation, however, is very hard to produce, due to the unique peculiarities of elections, which simultaneously need to be simple, confidential, verifiable and fair.

This attack-centric talk will first present the unique threat model of electronic voting systems, where adversaries range from vote buyers to disgruntled poll workers to corrupt governments, and where desirable malicious outcomes range from vote corruption, disenfranchisement, or even a loss of faith in the democratic process, which can severely limit a government’s ability to function. Next, the talk will show various ways for attackers to achieve their objectives in today’s and tomorrow’s electronic voting systems.

This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, multiple serious vulnerabilities (hard-coded cryptographic keys and insufficient integrity checks, among others) were detected in the voting software, which, when combined, compromised the main security properties of the equipment, namely ballot secrecy and software integrity. We trace the history of the vulnerabilities to a previous security analysis, providing some perspective about how the system evolved in the past 6 years. As far as we know, this was the most in-depth compromise of an official large-scale voting system ever performed under such severely restricted conditions.

Joint work with Pedro Y. S. Barbosa, Thiago N. C. Cardoso, Caio Lüders and Paulo Matias.

Diego F. Aranha is an Assistant Professor in the Department of Engineering at Aarhus University. He holds a PhD degree in Computer Science from the University of Campinas and has worked as a visiting PhD student for 1 year at the University of Waterloo. His professional experience is in Cryptography and Computer Security, with a special interest in the efficient implementation of cryptographic algorithms and security analysis of real-world systems. He coordinated two teams of independent researchers capable of detecting and exploring vulnerabilities in the software of the Brazilian voting machines during controlled tests organized by the national electoral authority. He received the Google Latin America Research Award for research on privacy twice, and the MIT TechReview's Innovators Under 35 Brazil Award for his work in electronic voting.

We will start the talk with a general introduction into the history of Estonian e-government solutions. Facilitated by the strong digital identity principle and supported by deployment of the national ID-card, the idea of over-the-Internet vote casting was first implemented in Estonia in 2005. Since then, popularity of remote electronic voting has seen a steady increase, with 44,4% of all the votes being cast using this medium in the 2019 parliamentary elections. During this period, many things have happened, leading to gradual improvement of the initial simple protocol. By 2017, the system reached the level closest to the end-to-end verifiability paradigm there currently is in practical use in the World. The talk will take the audience through the most memorable moments of this journey.

Dr. Ivo Kobjas is the engineer in charge of the cryptographic algorithms of the Estonian elections.

TBD

אציג מהם איומי הסייבר על מערכת הבחירות בשלושה ממדים: השפעה על דעת הקהל, הטיית תוצאות הבחירות ושיבוש תהליך הבחירות, ובנוסף: אפיון יריבים ואיך ניתן לעשות זאת, בדגש על הטיית תוצאות הבחירות ושיבוש התהליך באמצעות תקיפת שרשרת האספקה, תקיפת המרכיב האנושי וכדומה. אדבר על דילמות דמוקרטיות שכרוכות בכך כמו למשל חוק המכרזים החושף למעשה את הנקודות הקריטיות במערכת וכן על חברות בשרשרת האספקה, המפרסמות כי הן לוקחות חלק (טוב ל-PR אבל גם טוב לתוקף). אביא כמה דוגמאות לכך ממערכת הבחירות הישראלית.

Eyal Pinko (Navy Commander, retired) served in the Israeli navy for 23 years. In those years he served in operational duties, as a project manager and as the head of a branch at the Israeli naval intelligence. Eyal served for 5 more years as the head of division at the ministry of defense (Civilian rank equal to RADM). Eyal holds the Israel's security award, prime minister's decoration of excellence, DDR&D decoration of excellence, and IDF commander in chief decoration of excellence. Since August 2017, he is a senior private consultant for cyber security, maritime cyber and business intelligence for many private companies and for the governmental sector. He holds bachelor’s degree with honor in electronics engineering, and two master’s degrees with honor in political science and in organizational development. Since 2015, he has been a PhD candidate at the Bar-Ilan university and a Research Fellow at the Haifa Maritime Policy and Strategy Research Center.