If you are going to run an election online you need to protect yourself against distributed denial of service attacks (DDoS). You can hire a cloud-based service to provide DDoS protection, but how much trust are you placing in them?
As it turns out, probably more than most people realize, and potentially more than is appropriate for an election.
- Anti-DDoS cloud providers have privileged access to voter credentials and ballots by virtue of their inherent man-in-the-middle position between voters and the election website
- Encryption is not end-to-end between the voter and the election website. Data about the voter potentially exists at in an unencrypted form on the cloud provider’s server
- The “double-encryption” mitigation of iVote in WA is not cryptographically secure.
- We built a test credential recovery tool that could recover a voter’s PIN in about 1 minute for the cost of $1 worth of cloud computing
- A more detailed discussion of the double encryption login process can be found here.
- The highly multi-national nature of cloud providers exposes elections to state actors
- We did an internet wide scan on election day and confirmed the election website’s public key certificate was serving out of Incapusla data centers around the world (including China).
- We observed the cloud provider bundling numerous unrelated websites under a single public key certificate
- We outline a scenario in which a national security agency of one country can make a lawful surveillance request on a domestic target, yet wind up with the private key used to identify the election server.
Youtube version of the talk from E-Vote-ID in Bregenz Austria