Skip to main content

Attacking the Washington, D.C. Internet Voting System

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7397)

Abstract

In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. Prior to deploying the system in the general election, the District held a unique public trial: a mock election during which anyone was invited to test the system or attempt to compromise its security. This paper describes our experience participating in this trial. Within 48 hours of the system going live, we had gained near-complete control of the election server. We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days—and might have remained unaware for far longer had we not deliberately left a prominent clue. This case study—the first (to our knowledge) to analyze the security of a government Internet voting system from the perspective of an attacker in a realistic pre-election deployment—attempts to illuminate the practical challenges of securing online voting as practiced today by a growing number of jurisdictions.

Keywords

  • Internet voting
  • e-voting
  • penetration testing
  • case studies

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-32946-3_10
  • Chapter length: 15 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-32946-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   74.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Internet voting in Estonia. Vabariigi Valimiskomisjon (February 2007), http://www.vvk.ee/public/dok/Internet_Voting_in_Estonia.pdf

  2. Uncovering the veil on Geneva’s Internet voting solution. Republique Et Canton De Geneve (February 2009), http://www.geneve.ch/evoting/english/doc/Flash_IT_vote_electronique_SIDP_final_english.pdf

  3. District of Columbia’s Board of Elections and Ethics adopts open source digital voting foundation technology to support ballot delivery. OSDV Press Release (June 2010), http://osdv.org/wp-content/uploads/2010/06/osdv-press-release-final-62210.pdf

  4. Internet voting, still in beta. The New York Times editorial (January 2010), http://www.nytimes.com/2010/01/28/opinion/28thu4.html

  5. Internet voting. Verified Voting (May 2011), http://www.verifiedvoting.org/article.php?list=type&type=27

  6. Adida, B.: Helios: Web-based open-audit voting. In: Proc. 17th USENIX Security Symposium (July 2008)

    Google Scholar 

  7. Appel, A.W., Ginsburg, M., Hursti, H., Kernighan, B.W., Richards, C.D., Tan, G., Venetis, P.: The New Jersey voting-machine lawsuit and the AVC Advantage DRE voting machine. In: Proc. 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE) (August 2009)

    Google Scholar 

  8. Butler, K., Enck, W., Hursti, H., McLaughlin, S., Traynor, P., McDaniel, P.: Systemic issues in the Hart InterCivic and Premier voting systems: Reflections on project EVEREST. In: Proc. 2008 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE) (July 2008)

    Google Scholar 

  9. Esteghari, S., Desmedt, Y.: Exploiting the client vulnerabilities in Internet e-voting systems: Hacking Helios 2.0 as an example. In: Proc. 2010 Electronic Voting Technology Workship/Workshop on Trustworthy Elections (EVT/WOTE) (August 2010)

    Google Scholar 

  10. Feldman, A.J., Halderman, J.A., Felten, E.W.: Security analysis of the Diebold AccuVote-TS voting machine. In: Proc. 2007 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE) (August 2007)

    Google Scholar 

  11. Jefferson, D., Rubin, A.D., Simons, B., Wagner, D.: A security analysis of the secure electronic registration and voting experiment (SERVE) (January 2004), http://servesecurityreport.org/paper.pdf

  12. Kiayias, A., Korman, M., Walluck, D.: An Internet voting system supporting user privacy. In: 22nd Annual Computer Security Applications Conference

    Google Scholar 

  13. Kohno, T., Stubblefield, A., Rubin, A.D., Wallach, D.S.: Analysis of an electronic voting system. In: IEEE Symposium on Security and Privacy, pp. 27–40 (May 2004)

    Google Scholar 

  14. Rokey, W., Suleman, I., McGhie, K.W., Togo, D., West, J., Lowery, C.: Making reform a reality: An after-action report on implementation of the Omnibus Election Reform Act. DCBOEE (February 2011), http://www.dcboee.org/popup.asp?url=/pdf_files/nr_687.pdf

  15. Rubin, A.: Security considerations for remote electronic voting over the Internet, http://avirubin.com/e-voting.security.html

  16. Stenbjorn, P.: An overview and design rationale memo. DCBOEE (September 2010), http://www.dcboee.us/dvm/DCdVBM-DesignRationale-v3.pdf

  17. Wolchok, S., Wustrow, E., Halderman, J.A., Prasad, H.K., Kankipati, A., Sakhamuri, S.K., Yagati, V., Gonggrijp, R.: Security analysis of India’s electronic voting machines. In: Proc. 17th ACM Conference on Computer and Communications Security (CCS) (October 2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wolchok, S., Wustrow, E., Isabel, D., Halderman, J.A. (2012). Attacking the Washington, D.C. Internet Voting System. In: Keromytis, A.D. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7397. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32946-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32946-3_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32945-6

  • Online ISBN: 978-3-642-32946-3

  • eBook Packages: Computer ScienceComputer Science (R0)