Skip to main content
SpringerLink
Log in

The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election

  • Conference paper
  • First Online:
Book cover E-Voting and Identity (Vote-ID 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9269))

Included in the following conference series:

Abstract

In the world’s largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Or rather, it did for the first week of voting, until we pointed this out to NSWEC.

  2. 2.

    In the case of the web server, this would require forging a signature attached to the vote by the client. This signing step is evident in the JavaScript, but we could not find any documentation on how the signing key was derived or how the signature was verified. Hence we do not know whether a compromised web server could have simply created a new signature on any vote it received, or whether it would have needed to modify the JavaScript served to the client in order to get a valid signature on an altered vote.

  3. 3.

    Some also use homomorphic tallying, but that would not work for Australian (preferential) voting.

References

  1. ABC News. Computer voting may feature in March NSW election, February 2015. http://www.abc.net.au/news/2015-02-04/computer-voting-may-feature-in-march-nsw-election/6068290

  2. Abendan, O.: How DNS changer Trojans direct users to threats. In: Trend Micro Threat Encyclopedia (2012)

    Google Scholar 

  3. Adida, B.: Helios: web-based open-audit voting. In: 17th USENIX Security Symposium, August 2008. https://vote.heliosvoting.org

  4. Adida, B., De Marneffe, O., Pereira, O., Quisquater, J.-J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: Electronic Voting Technology Workshop (EVT) (2009)

    Google Scholar 

  5. Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J.A., Heninger, N., Springall, D., Thomé, E., Valenta, L., VanderSloot, B., Wustrow, E., Zanella-Béguelin, S., Zimmermann, P.: Imperfect forward secrecy: how Diffie-Hellman fails in practice, May 2015. https://weakdh.org/

  6. Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the Internet. In: Proceedings of ACM SIGCOMM, August 2007

    Google Scholar 

  7. Bell, S., Benaloh, J., Byrne, M.D., DeBeauvoir, D., Eakin, B., Fisher, G., Kortum, P., McBurnett, N., Montoya, J., Parker, M., et al.: Star-vote: a secure, transparent, auditable, and reliable voting system. USENIX J. Election Technol. Syst. 1(1), 18–37 (2013)

    Google Scholar 

  8. Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zinzindohoue, J.K.: A messy state of the union: taming the composite state machines of TLS. In: 36th IEEE Symposium on Security and Privacy (2015)

    Google Scholar 

  9. Bilodeau, O., Dupuy, T.: Dissecting Linux/Moose: the analysis of a Linux router-based worm hungry for social networks, May 2015. http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf

  10. Carback, R., Chaum, D., Clark, J., Conway, J., Essex, A., Herrnson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E. et al.: Scantegrity II municipal election at Takoma Park: the first E2E binding governmental election with ballot privacy. In: Proceedings of the 19th USENIX Security Symposium (2010)

    Google Scholar 

  11. Culnane, C., Ryan, P.Y.A., Schneider, S., Teague, V.: vVote: A verifiable voting system. ACM Transactions on Information and System Security. To appear. Technical report at http://arxiv.org/abs/1404.6822

  12. Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: Tracking the FREAK attack. https://freakattack.com/

  13. Estonian Internet Voting Committee. Statistics about Internet voting in Estonia, May 2014. http://www.vvk.ee/voting-methods-in-estonia/engindex/statistics

  14. Gjøsteen, K.: The Norwegian Internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) VoteID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  15. Hastings, N., Peralta, R., Popoveniuc, S., Regenscheid, A.: Security considerations for remote electronic UOCAVA voting. National Institute of Standards and Technology, NISTIR 7770, February 2011. http://www.nist.gov/itl/vote/upload/NISTIR-7700-feb2011.pdf

  16. Heninger, N.: Factoring as a service. Crypto 2013 rump session. https://www.cis.upenn.edu/nadiah/projects/faas/

  17. Kaminsky, D.: It’s the end of the cache as we know it. In: Toorcon (2008)

    Google Scholar 

  18. Kusters, R., Truderung, T., Vogt, A.: Clash attacks on the verifiability of e-voting systems. In: 33rd IEEE Symposium on Security and Privacy, pp. 395–409 (2012)

    Google Scholar 

  19. Marlinspike, M.: New tricks for defeating SSL in practice. Black Hat (2009). http://www.thoughtcrime.org/software/sslstrip/

  20. McKay, R.: Flaws in iVote’s re-vote process which attempts to defeat coercers. http://www.bigpulse.com/governmentelections#changevoteflaw. BigPulse

  21. NSW Electoral Commission. legislative council–final distribution of preferences (2015). http://vtr.elections.nsw.gov.au/lc-home.htm#lc/state/dop/dop_index

  22. NSW Electoral Commission. Index of iVote reports. http://www.elections.nsw.gov.au/about_us/plans_and_reports/ivote_reports

  23. NSW Electoral Commission. iVote threat analysis and risk assessment, January 2014. http://www.elections.nsw.gov.au/_data/assets/pdf_file/0008/175760/NSW_Election_iVote_Threat_Analysis_and_Risk_Assessment_v3.0.pdf

  24. NSW Electoral Commission. iVote system security implementation statement, March 2015. http://www.elections.nsw.gov.au/_data/assets/pdf_file/0007/193219/iVote-Security_Implementation_Statement-Mar2015.pdf

  25. Räisänen, O.: The bank deal. http://oona.windytan.com/pankki.html

  26. Ryan, P.Y.A., Teague, V.: Pretty good democracy. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 111–130. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  27. Segaard, B., Christensen, D.A., Folkestad, B., Saglie, J.: Internettvalg: hva gjør og mener velgerne? (2014). https://www.regjeringen.no/globalassets/upload/kmd/komm/rapporter/isf_internettvalg.pdf

  28. Springall, D., Finkenauer, T., Durumeric, Z., Kitcat, J., Hursti, H., MacAlpine, M., Halderman, J.A.: Security analysis of the Estonian internet voting system. In: ACM Conference on Computer and Communications Security (CCS), November 2014

    Google Scholar 

  29. Teague, V., Halderman, J.A.: Security flaw in New South Wales puts thousands of online votes at risk. Freedom to Tinker blog post, 22 March 2015. https://freedom-to-tinker.com/blog/teaguehalderman/ivote-vulnerability/

  30. Victorian Electoral Commission. Report to Parliament on the 2010 Victorian State election; Section 11: Statistical overview of the election (2011). http://www.vec.vic.gov.au/files/ER-2010-Section11.pdf

  31. Wolchok, S., Wustrow, E., Isabel, D., Halderman, J.A.: Attacking the Washington, D.C. Internet voting system. In: 16th International Conference on Financial Cryptography and Data Security (FC), February 2012

    Google Scholar 

  32. Zagórski, F., Carback, R.T., Chaum, D., Clark, J., Essex, A., Vora, P.L.: Remotegrity: design and use of an end-to-end verifiable remote voting system. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 441–457. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

Download references

Acknowledgments

The authors thank David Adrian, Ed Felten, Rajeev Goré, Nadia Heninger, Harri Hursti, and Liz Minchin for assistance during this project. For their support and encouragement after we made our results public, we would also like to thank the tremendous community of election integrity scholars and advocates, including but not limited to: Duncan Buell, David Dill, Joseph Hall, Candice Hoke, David Jefferson, Noel Runyan, Ronald Rivest, Barbara Simons and Pamela Smith. This material is based in part upon work supported by the U.S. National Science Foundation under grants CNS-1345254 and CNS-1409505, and by the Morris Wellman Faculty Development Assistant Professorship.

Author information

Authors and Affiliations

  1. University of Michigan, Ann Arbor, USA

    J. Alex Halderman

  2. University of Melbourne, Melbourne, Australia

    Vanessa Teague

Authors
  1. J. Alex Halderman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vanessa Teague
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vanessa Teague .

Editor information

Editors and Affiliations

  1. Bern University of Applied Sciences, Biel, Switzerland

    Rolf Haenni

  2. Bern University of Applied Sciences, Biel, Switzerland

    Reto E. Koenig

  3. Royal Institute of Technology, Stockholm, Sweden

    Douglas Wikström

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Halderman, J.A., Teague, V. (2015). The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election. In: Haenni, R., Koenig, R., Wikström, D. (eds) E-Voting and Identity. Vote-ID 2015. Lecture Notes in Computer Science(), vol 9269. Springer, Cham. https://doi.org/10.1007/978-3-319-22270-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22270-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22269-1

  • Online ISBN: 978-3-319-22270-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation