Friday, November 26, 2010

David Bismark: E-voting without fraud

Brilliant Talk on E-voting "without frauds".
It seems is talking about scantegrity or any other Software Independent voting system (great article from NIST).

But there are many different ways to attack a system like that (Verifiable). For example a great way to attack the system is to attack the feedback chain back to the voter. Let me try with an example:
Voter A votes for OBM. Pol-worker P scans A's ballot and destroys it. A keeps the "receip" and later he will be able to verify it through an apposite service (Check Phase in the following image).

Assuming that everything goes well: the real vote goes to the tally servers and is really counted (with anonymity properties). The attacker may attack the feedback services showing up a wrong feedback to the A. Now A believes that something went wrong since the code he has does not match to the one saw in the feedback service. Everything went well, but the A believes that something went wrong. This is a reputation attack. The attacker modifying the feedback chain makes the voters believe wrong.

Making the voters believe that the voting process has been compromised is the same than really compromise the system. Results and causes are the same.

No comments: