The Bug That Made Me President a Browser- and Web-Security Case Study on Helios Voting

This paper briefly describes security challenges for critical web applications such as the Helios Voting system. After analyzing the Helios demonstration website we discovered several small flaws that can have a large security critical impact. An attacker is able to extract sensitive information, manipulate voting results, and modify the displayed information of Helios without any deep technical knowledge or laboratory-like prerequisites. Displaying and processing trusted information in an untrustworthy user agent can lead to the issue that most protection mechanisms are useless. In our approach of attacking Helios voting systems we do not rely on an already infected or trojanized machine of the user, instead we use simple and commonly known web browser features to leverage information disclosure and state modification attacks. We propose that online voting applications should at least follow the latest vulnerability mitigation guidelines. In addition, there should be thorough and frequent coverage with automated as well as manual penetrations tests in privacy sensitive applications. E-Voting software driven by web browsers is likely to become an attractive target for attackers. Successful exploitation can have impact ranging from large scale personal information leakage, financial damage, calamitously intended information and state modification as well as severe real life impact in many regards.

[1]  Rop Gonggrijp,et al.  Studying the Nedap/Groenendaal ES3B Voting Computer: A Computer Security Perspective , 2007, EVT.

[2]  Bart Preneel,et al.  Computer Security - ESORICS 2010, 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings , 2010, ESORICS.

[3]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[4]  Sebastian Schmidt,et al.  RIES - Rijnland Internet Election System: A Cursory Study of Published Source Code , 2009, VoteID.

[5]  Giovanni Vigna,et al.  An Experience in Testing the Security of Real-World Electronic Voting Systems , 2010, IEEE Transactions on Software Engineering.

[6]  Dan S. Wallach,et al.  Hack-a-vote: Security issues with electronic voting systems , 2004, IEEE Security & Privacy Magazine.

[7]  Collin Jackson,et al.  Protecting browsers from cross-origin CSS attacks , 2010, CCS '10.

[8]  Dan Boneh,et al.  Busting frame busting a study of clickjacking vulnerabilities on popular sites , 2010 .

[9]  Dawn Xiaodong Song,et al.  Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[10]  Yvo Desmedt,et al.  Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example , 2010, EVT/WOTE.

[11]  Andrea Pasquinucci Web voting, security and cryptography , 2007 .

[12]  Ahmad-Reza Sadeghi,et al.  Enabling the Application of Open Systems like PCs for Online Voting , 2006 .

[13]  van Hca Henk Tilborg,et al.  Description and analysis of the RIES internet voting system , 2008 .

[14]  Markus Jakobsson,et al.  Towards Trustworthy Elections, New Directions in Electronic Voting , 2010, Towards Trustworthy Elections.

[15]  Andrea Pasquinucci The difficult art of managing logs , 2007 .

[16]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[17]  Holger Junker OWASP Enterprise Security API , 2012, Datenschutz und Datensicherheit - DuD.

[18]  Lukasz Olejnik,et al.  Web Browser History Detection as a Real-World Privacy Threat , 2010, ESORICS.

[19]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[20]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[21]  Melanie Volkamer,et al.  E-Voting and Identity, First International Conference, VOTE-ID 2007, Bochum, Germany, October 4-5, 2007, Revised Selected Papers , 2007, VOTE-ID.

[22]  Emmanouil Magkos,et al.  Towards Secure and Practical E-Elections in the New Era , 2003, Secure Electronic Voting.

[23]  Carlos Ribeiro,et al.  Improving Remote Voting Security with CodeVoting , 2010, Towards Trustworthy Elections.

[24]  David Sands,et al.  Lightweight self-protecting JavaScript , 2009, ASIACCS '09.

[25]  Sid Stamm,et al.  Reining in the web with content security policy , 2010, WWW '10.

[26]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[27]  Andrew W. Appel,et al.  The New Jersey Voting-machine Lawsuit and the AVC Advantage DRE Voting Machine , 2009, EVT/WOTE.

[28]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning , 2011 .

[29]  Zachary Weinberg,et al.  I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks , 2011, 2011 IEEE Symposium on Security and Privacy.

[30]  David A. Wagner,et al.  Risks of e-voting , 2007, CACM.