If you are going to run an election online you need to protect yourself against distributed denial of service attacks (DDoS). You can hire a cloud-based service to provide DDoS protection, but how much trust are you placing in them?

As it turns out, probably more than most people realize, and potentially more than is appropriate for an election.

In this paper we examine the trust implications of DDoS protection in the context of the 2017 state election of Western Australia and their use of the iVote online voting platform.

Key Findings

• Anti-DDoS cloud providers have privileged access to voter credentials and ballots by virtue of their inherent man-in-the-middle position between voters and the election website
  • Encryption is not end-to-end between the voter and the election website. Data about the voter potentially exists at in an unencrypted form on the cloud provider’s server
  • To fingerprint clients as part of their anti-DDoS protection strategy, the cloud provider injects obfuscated Javascript into the main page of the voting website in which a malicious man-in-the-middle could use to hide vote stealing malware.
• The “double-encryption” mitigation of iVote in WA is not cryptographically secure.
  • We built a test credential recovery tool that could recover a voter’s PIN in about 1 minute for the cost of $1 worth of cloud computing
  • A more detailed discussion of the double encryption login process can be found here.
• The highly multi-national nature of cloud providers exposes elections to state actors
  • We did an internet wide scan on election day and confirmed the election website’s public key certificate was serving out of Incapusla data centers around the world (including China).
  • We observed the cloud provider bundling numerous unrelated websites under a single public key certificate
  • We outline a scenario in which a national security agency of one country can make a lawful surveillance request on a domestic target, yet wind up with the private key used to identify the election server.

Presentation Video

Youtube version of the talk from E-Vote-ID in Bregenz Austria

Technical Paper

        @inproceedings{ CEE+17,
            title = { Trust Implications of DDoS Protection in Online Elections },
            author = { Chris Culnane, Mark Eldridge, Aleksander Essex, and Vanessa Teague },
            booktitle = { Electronic Voting: Second International Joint Conference, E-Vote-ID },
            year = 2017
            }
        

Other Articles

Read more about this work in The Register and Pursuit.