Abstract
AbstractOnline voting systems typically display a confirmation screen allowing voters to confirm their selections before casting. This paper considers whether a network-based observer can extract information about voter selections from the length of the exchanged network data.We conducted a detailed analysis of the Simply Voting implementation, which had randomly varying lengths of exchanged data due to dynamic page content and gzip compression. We demonstrated that we could correctly guess a voter’s selection with accuracy values ranging up to 100% in some instances. Even on more complex ballots, we generally could still rule out some combinations of candidates. We conducted a coordinated disclosure with the vendor and worked with them to roll out a mitigation.To their credit, this discovery (and therefore its fix) was made possible by their willingness to provide a publicly accessible demo, which, as we will show, remains a rarity in the industry.
Publisher
Springer International Publishing
Reference13 articles.
1. Lecture Notes in Computer Science;A Cardillo,2019
2. Lecture Notes in Computer Science;A Cardillo,2018
3. Clark, J., Essex, A.: Internet voting for persons with disabilities - security assessment of vendor proposals. City of Toronto FOI Request 2014-01543 (2014). https://verifiedvoting.org/wp-content/uploads/2020/07/Canada-2014-01543-security-report.pdf
4. Lecture Notes in Computer Science;C Culnane,2017
5. Degabriele, J.P.: Hiding the lengths of encrypted messages via Gaussian padding. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 1549–1565 (2021)
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献