In this course, you'll learn what every citizen should know about the security risks--and future potential — of electronic voting and Internet voting. We'll take a look at the past, present, and future of election technologies and explore the various spaces intersected by voting, including computer security, human factors, public policy, and more.
Server-side Threats
Loading...
From the course by University of Michigan
Securing Digital Democracy
96 ratings
From the lesson
Human Factors and Internet Voting
Users don't always behave as expected, even when voting
Meet the Instructors
J. Alex HaldermanAssociate Professor
Electrical Engineering and Computer Science
So, all of the problems we just talked about are things that can go wrong on the
voter's PC. They're client side threats.
There's some equally worrisome problems that can happen on the server.
The, the web server that the voting officials maintain in order to provide
that web site and to accept the ballots that voters submit.
Now the sad state of internet security is that both client side and server side
threats are extremely widespread problems in other kinds of online applications.
And, and, and both very hard to defend against.
But I want to talk about some of the most important server side threats for voting
today. So one threat and one of the easiest kinds
of attacks to carry out is something called the denial-of-service attack.
A denial-of-service attack just tries to knock the server offline, so that real
users can't get to it. Or to make it so slow that real users go
away. Remember those botnets we talked about at
the end of the last segment? Well botnets can be used to commit a
massive form of denial-of-service called the distributed denial-of-service or DDoS
attack. This is where potentially thousands of
infected computers on the internet just try to access the server at the same
time, overwhelming it with traffic. These servers might try to reload that
webpage as many times as they can, all the time, as long as the denial of service
attack is going on. This kind of attack has become a popular
form of hacktivism. And there tools like this.
Something called the Low Orbit Ion Cannon. That are available to people to
voluntarily take part in a denial-of-service attack, and use their
home computer as part of a, a massive mob of machines attacking a particular site
that has invoked the ire of the protesters. This kind of tool was used recently to
attack websites of major credit card operations after those credit card
operators stop doing business with the website Wikileaks.
We've also seen examples of denial of service against elections online.
One example from 2012 involved a party election in Canada.
Where the National Democratic Party held an election that was partly interrupted by
denial of service. Another kind of threat against the server
side, is the threat of insider attacks. An insider attack is attacks by trusted
people. Are as much or more of a threat in
Internet voting as they are in other electronic voting systems like DRE voting.
So, if the insiders include people who develop the, the Internet voting system.
People who are running the systems for the elections.
The election authority people who make other pieces of software, commercial
off-the-shelf software for instance that's running on those machines.
Insider attacks are particularly severe, particularly severe possibility with
online voting because its not simply enough to set the system for election and,
and then go away. Any online service has to be able to
respond to attacks as they happen and so people have to be logging into these
servers to monitor them, potentially to update things if new kinds of problem are
discovered. All the time, there are new software
glitches, vulnerabilities discovered in different kinds of server software.
And so we have to update that software as soon as possible in order to prevent the
attack from happening. With a, an online voting system we're
faced with two possibilities. If an attack is discovered shortly before
the election, we can either update the software and install new software that
potentially hasn't been tested, hasn't been vetted for, kinds of flaws or, or,
or, insider attacks embedded in it. Or we can, we can wait and not update the
software, but then, we're running an election on something that's already known
to be vulnerable. So we're, we're face with the we're face
with an extremely difficult, perhaps impossible choice there.
Since an online voting system has to count votes in secret like any other kind of
voting system. This just further complicates defenses
against insider attacks, since we can't be constantly monitoring the results as
things are going on. From the voter's perspective with the
simple online voting system of the, the model that, that we described at the
earlier in this lecture there's just voters have to take the, the word of
election authorities and the people who develop the server software that their
votes are actually being counted. Another kind of threat is remote
intrusion, and this is the sort of thing that is enabled by bugs, glitches,
vulnerabilities as we called them in online server software.
If there certain kinds of flaws in the software that's, that's serving the
website then remote parties can get in. Attackers can access the servers.
Potentially run software on them. Potentially change data on them.
Steal data etcetera. In the context of voting this is really,
really scary since the server is maintaining what is usually the only copy
of the votes. Now, a particularly dangerous kind of
server side intrusion is the result of something we call an advanced persistent
threat, or APT. And what an advanced persistent threat is,
is this is an attacker who is who is specifically targeting a particular a
particular server or host. Now, to explain the distinction many
attacks online are, are just the result of criminals looking for any vulnerable
systems that they can find. They don't care if it's a server at, at a
business or a machine in someone's home. They just want to infect a machine in
order to enlist yet another member of their bot net army.
An advanced persistent threat involves an attacker who's expending all of its
resources to attack you. Now this kind of attack, if the attacker
is well resourced can be extremely difficult to defend against.
some evidence from recent years for this is that Google, the Pentagon, even the
RSA, security company that makes those secure authentication tokens that you
probably use at work. All of these have been compromised by
advanced persistent threats and had valuable data stolen.
So if companies like this, and organizations like the Pentagon, that have
incredible security resources, and so much at stake, can't defend against advanced
persistent threats, then what are the odds that an election authority can?
I don't think they're very good. Some advanced persistent threats in recent
years have are believed to have originated from foreign governments.
And state sponsored attacks, are probably the scariest threat against internet
voting systems. To give you one example.
This is probably the best known state- sponsored attack.
A piece of malware, that researchers discovered and named Stuxnet.
Was found spreading around on the internet.
But when researchers looked at it, they found that it was vastly more complex than
almost any other piece of malware they had discovered to date.
Furthermore, when they tried to figure out where in the world computers were
infected, plotted it on a map like this, they found that the, the majority of the
infections were located in computers in Iran.
We later learned from, from leaks from the White House that Stuxnet was developed as
a partnership between intelligence services in the U.S.
And in Israel. And its purpose was to target and sabotage
the Iranian nuclear program. This is one of the, the best documented
instances we have to date of state-sponsored malware being used
essentially for cyber warfare purposes. But you can imagine if the resources of
the state could be directed to, to interfere with a national program like
Iran's nuclear program then a covert operation sponsored by, by foreign
governments to interfere with an election to change votes and influence national
policies is well within the realm of possibility.
And we just don't know how to defend against well-resourced advanced persistent
threats in state sponsored attacks like this.
The state of computer security is not developed to the point where we can
reliably defend against them. So with all these threats, the, I, I think
we need to put them in context a little bit, and, and look at a couple of
comparisons. The first comparison I want to discuss is
between internet voting and postal voting. How do the, the threat scenarios differ?
If we vote by mail, is internet voting really that much more dangerous?
Well, both of them suffer from some of the same problems.
The same risks of coercion or vote buying that they create, because they provide
such weak ballot secrecy protections. But internet voting has some aspects where
it's, it's much more dangerous. Because attackers could target the
centralized server that's collecting all of the votes.
That's one point that they could get into. And, and change everything in the
election. With the postal system possibly a large
conspiracy within the postal office could open ballots and change votes.
But this would be much more difficult to do without getting caught.
Another distinction has to do with denial of service.
With an internet voting system, it would be relatively easy to attack the servers
and knock them offline for the period of voting.
With the post office, and postal voting, it's very, very hard to make all of the
ballot papers not be delivered without anybody noticing.
Another distinction that I want to draw is between internet voting and online
banking. Something I hear all the time is, I can
bank online, why can't I vote online, this is the twenty-first century.
Well, it turns out that voting and, and e-commerce are radically different
problems, and in many ways, voting is a much more difficult security problem to
solve. And that comes from that tension I, I
talked about in the beginning, between integrity and the secret ballot.
So with online banking we have a lot of protections involved that involve
disclosing what it was you bought or how much money you spent or earned.
These are things like receipts that might be sent to you saying what you bought.
Credit card statement at the end of the month.
A, a, a bank statement showing how much money is in your account.
In addition to this on and back at the bank they're doing double ledger
accounting with carefully controlled audits.
They're keeping track of every dollar at all times.
So, with voting. These protections just can't be
implemented, because the election authorities aren't allowed to just have a
list of every person and how they voted. We can't give you a receipt because that
would just make vote a vote selling and vote buying that much easier.
We can't we can't have the election authorities monitoring every transaction
on the, the granularity of the, the votes on the ballot.
Because that could be tied to the identity.
So those kinds of protections just can't be implemented in voting because of the
secret ballot. Another difference is, with online banking
if there's fraud then odds are extremely good that you are going to notice.
If someone's stolen your money, at, at, at some point, you'll go to buy something and
there wont be any money left in your account.
If the transaction won't go through. With internet voting, if someone has
shifted votes from one column to another, we may never notice.
So, for all of these reasons Internet voting is, is a much harder problem than
online banking. But, guess what?
Banks suffer many, many millions of dollars of fraud online every year.
But, its just part of the cost of doing business to accept that these attacks take
place. I don't know how much voting fraud is an
acceptable, is acceptable in order to allow people to vote online.
But I don't think most voters would think it was a very high amount.
Explore our Catalog
Join for free and get personalized recommendations, updates and offers.
Coursera provides universal access to the world’s best education,
partnering with top universities and organizations to offer courses online.
© 2018 Coursera Inc. All rights reserved.
