Explore
For Enterprise
Join for Free
Log In

Arts and Humanities
Business
Computer Science
Data Science
Information Technology
Health
Math and Logic
Personal Development
Physical Science and Engineering
Social Sciences
Language Learning
Degrees
Certificates

Explore all of Coursera

Browse
Search
For Enterprise
Log In
Join for Free

Server-side Threats

Loading...

Securing Digital Democracy

University of Michigan

4.8 (105 ratings) | 7K Students Enrolled

In this course, you'll learn what every citizen should know about the security risks--and future potential — of electronic voting and Internet voting. We'll take a look at the past, present, and future of election technologies and explore the various spaces intersected by voting, including computer security, human factors, public policy, and more.

Skills You'll Learn

Software Testing, Cybersecurity, Usability, Operating System

Reviews

4.8 (105 ratings)

5 stars
89 ratings
4 stars
12 ratings
3 stars
3 ratings
2 stars
1 ratings

DI

Mar 30, 2018

This is an excellent, very interesting non-technical course. A very productive way to spend some relaxing evenings.

AC

Mar 06, 2016

Great course on a real battlefield in Systems Security. A well designed academic "mind opener".

From the lesson

Human Factors and Internet Voting

Users don't always behave as expected, even when voting

Client-side Threats14:37

Server-side Threats13:41

Washington, D.C.26:23

Taught By

J. Alex Halderman
Associate Professor

Transcript

So, all of the problems we just talked about are things that can go wrong on the

voter's PC. They're client side threats.

There's some equally worrisome problems that can happen on the server.

The, the web server that the voting officials maintain in order to provide

that web site and to accept the ballots that voters submit.

Now the sad state of internet security is that both client side and server side

threats are extremely widespread problems in other kinds of online applications.

And, and, and both very hard to defend against.

But I want to talk about some of the most important server side threats for voting

today. So one threat and one of the easiest kinds

of attacks to carry out is something called the denial-of-service attack.

A denial-of-service attack just tries to knock the server offline, so that real

users can't get to it. Or to make it so slow that real users go

away. Remember those botnets we talked about at

the end of the last segment? Well botnets can be used to commit a

massive form of denial-of-service called the distributed denial-of-service or DDoS

attack. This is where potentially thousands of

infected computers on the internet just try to access the server at the same

time, overwhelming it with traffic. These servers might try to reload that

webpage as many times as they can, all the time, as long as the denial of service

attack is going on. This kind of attack has become a popular

form of hacktivism. And there tools like this.

Something called the Low Orbit Ion Cannon. That are available to people to

voluntarily take part in a denial-of-service attack, and use their

home computer as part of a, a massive mob of machines attacking a particular site

that has invoked the ire of the protesters. This kind of tool was used recently to

attack websites of major credit card operations after those credit card

operators stop doing business with the website Wikileaks.

We've also seen examples of denial of service against elections online.

One example from 2012 involved a party election in Canada.

Where the National Democratic Party held an election that was partly interrupted by

denial of service. Another kind of threat against the server

side, is the threat of insider attacks. An insider attack is attacks by trusted

people. Are as much or more of a threat in

Internet voting as they are in other electronic voting systems like DRE voting.

So, if the insiders include people who develop the, the Internet voting system.

People who are running the systems for the elections.

The election authority people who make other pieces of software, commercial

off-the-shelf software for instance that's running on those machines.

Insider attacks are particularly severe, particularly severe possibility with

online voting because its not simply enough to set the system for election and,

and then go away. Any online service has to be able to

respond to attacks as they happen and so people have to be logging into these

servers to monitor them, potentially to update things if new kinds of problem are

discovered. All the time, there are new software

glitches, vulnerabilities discovered in different kinds of server software.

And so we have to update that software as soon as possible in order to prevent the

attack from happening. With a, an online voting system we're

faced with two possibilities. If an attack is discovered shortly before

the election, we can either update the software and install new software that

potentially hasn't been tested, hasn't been vetted for, kinds of flaws or, or,

or, insider attacks embedded in it. Or we can, we can wait and not update the

software, but then, we're running an election on something that's already known

to be vulnerable. So we're, we're face with the we're face

with an extremely difficult, perhaps impossible choice there.

Since an online voting system has to count votes in secret like any other kind of

voting system. This just further complicates defenses

against insider attacks, since we can't be constantly monitoring the results as

things are going on. From the voter's perspective with the

simple online voting system of the, the model that, that we described at the

earlier in this lecture there's just voters have to take the, the word of

election authorities and the people who develop the server software that their

votes are actually being counted. Another kind of threat is remote

intrusion, and this is the sort of thing that is enabled by bugs, glitches,

vulnerabilities as we called them in online server software.

If there certain kinds of flaws in the software that's, that's serving the

website then remote parties can get in. Attackers can access the servers.

Potentially run software on them. Potentially change data on them.

Steal data etcetera. In the context of voting this is really,

really scary since the server is maintaining what is usually the only copy

of the votes. Now, a particularly dangerous kind of

server side intrusion is the result of something we call an advanced persistent

threat, or APT. And what an advanced persistent threat is,

is this is an attacker who is who is specifically targeting a particular a

particular server or host. Now, to explain the distinction many

attacks online are, are just the result of criminals looking for any vulnerable

systems that they can find. They don't care if it's a server at, at a

business or a machine in someone's home. They just want to infect a machine in

order to enlist yet another member of their bot net army.

An advanced persistent threat involves an attacker who's expending all of its

resources to attack you. Now this kind of attack, if the attacker

is well resourced can be extremely difficult to defend against.

some evidence from recent years for this is that Google, the Pentagon, even the

RSA, security company that makes those secure authentication tokens that you

probably use at work. All of these have been compromised by

advanced persistent threats and had valuable data stolen.

So if companies like this, and organizations like the Pentagon, that have

incredible security resources, and so much at stake, can't defend against advanced

persistent threats, then what are the odds that an election authority can?

I don't think they're very good. Some advanced persistent threats in recent

years have are believed to have originated from foreign governments.

And state sponsored attacks, are probably the scariest threat against internet

voting systems. To give you one example.

This is probably the best known state- sponsored attack.

A piece of malware, that researchers discovered and named Stuxnet.

Was found spreading around on the internet.

But when researchers looked at it, they found that it was vastly more complex than

almost any other piece of malware they had discovered to date.

Furthermore, when they tried to figure out where in the world computers were

infected, plotted it on a map like this, they found that the, the majority of the

infections were located in computers in Iran.

We later learned from, from leaks from the White House that Stuxnet was developed as

a partnership between intelligence services in the U.S.

And in Israel. And its purpose was to target and sabotage

the Iranian nuclear program. This is one of the, the best documented

instances we have to date of state-sponsored malware being used

essentially for cyber warfare purposes. But you can imagine if the resources of

the state could be directed to, to interfere with a national program like

Iran's nuclear program then a covert operation sponsored by, by foreign

governments to interfere with an election to change votes and influence national

policies is well within the realm of possibility.

And we just don't know how to defend against well-resourced advanced persistent

threats in state sponsored attacks like this.

The state of computer security is not developed to the point where we can

reliably defend against them. So with all these threats, the, I, I think

we need to put them in context a little bit, and, and look at a couple of

comparisons. The first comparison I want to discuss is

between internet voting and postal voting. How do the, the threat scenarios differ?

If we vote by mail, is internet voting really that much more dangerous?

Well, both of them suffer from some of the same problems.

The same risks of coercion or vote buying that they create, because they provide

such weak ballot secrecy protections. But internet voting has some aspects where

it's, it's much more dangerous. Because attackers could target the

centralized server that's collecting all of the votes.

That's one point that they could get into. And, and change everything in the

election. With the postal system possibly a large

conspiracy within the postal office could open ballots and change votes.

But this would be much more difficult to do without getting caught.

Another distinction has to do with denial of service.

With an internet voting system, it would be relatively easy to attack the servers

and knock them offline for the period of voting.

With the post office, and postal voting, it's very, very hard to make all of the

ballot papers not be delivered without anybody noticing.

Another distinction that I want to draw is between internet voting and online

banking. Something I hear all the time is, I can

bank online, why can't I vote online, this is the twenty-first century.

Well, it turns out that voting and, and e-commerce are radically different

problems, and in many ways, voting is a much more difficult security problem to

solve. And that comes from that tension I, I

talked about in the beginning, between integrity and the secret ballot.

So with online banking we have a lot of protections involved that involve

disclosing what it was you bought or how much money you spent or earned.

These are things like receipts that might be sent to you saying what you bought.

Credit card statement at the end of the month.

A, a, a bank statement showing how much money is in your account.

In addition to this on and back at the bank they're doing double ledger

accounting with carefully controlled audits.

They're keeping track of every dollar at all times.

So, with voting. These protections just can't be

implemented, because the election authorities aren't allowed to just have a

list of every person and how they voted. We can't give you a receipt because that

would just make vote a vote selling and vote buying that much easier.

We can't we can't have the election authorities monitoring every transaction

on the, the granularity of the, the votes on the ballot.

Because that could be tied to the identity.

So those kinds of protections just can't be implemented in voting because of the

secret ballot. Another difference is, with online banking

if there's fraud then odds are extremely good that you are going to notice.

If someone's stolen your money, at, at, at some point, you'll go to buy something and

there wont be any money left in your account.

If the transaction won't go through. With internet voting, if someone has

shifted votes from one column to another, we may never notice.

So, for all of these reasons Internet voting is, is a much harder problem than

online banking. But, guess what?

Banks suffer many, many millions of dollars of fraud online every year.

But, its just part of the cost of doing business to accept that these attacks take

place. I don't know how much voting fraud is an

acceptable, is acceptable in order to allow people to vote online.

But I don't think most voters would think it was a very high amount.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2019 Coursera Inc. All rights reserved.

Download on the App Store

Get it on Google Play

Coursera
About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government

Community
Learners
Partners
Developers
Beta Testers
Translators

Connect
Blog
Facebook
LinkedIn
Twitter
Instagram
YouTube
Tech Blog

More
Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates