Helios is an open-audit internet voting system providing cryptographic protections to voter privacy, and election integrity. As part of these protections, Helios produces a cryptographic audit trail that can be used to verify ballots were correctly counted. Cryptographic end-to-end (E2E) election verification schemes of this kind are a promising step toward developing trustworthy electronic voting systems. In this research we approach the discussion from the flip-side by exploring the practical potential for threats to be introduced by the presence of a cryptographic audit trail.
We conducted a security analysis of the Helios implementation and discovered a range of vulnerabilities and implemented exploits including:
- An election rigging attack that would allow a malicious election official to produce arbitrary election results with accepting proofs of correctness
- A poisoned ballot attack that allow a malicious voter to cast a malformed ballot to prevent the tally from being computed
- A vote stealing attack that would allow an attacker to surreptitiously cast a ballot on a voter’s behalf
We also examine privacy issues including a random-number generation bias affecting the indistinguishably of encrypted ballots. We reported the issues and worked with the Helios designers to address the issues, and the vulnerabilities have been fixed.
Watch Nick’s attack demo
Nicholas Chang-Fong and Aleksander Essex
32nd Annual Computer Security Applications Conference (ACSAC '16), CA, 2016.
[ Citation ]