Real-world Electronic Voting: Design, Analysis and Deployment

We are pleased to announce the completion of a new book “Real-world Electronic Voting: Design, Analysis and Deployment”, which is due to be published by the CRC Press. It’s still in press, but you can pre-order it from Amazon (the book will be freely available in the open-access domain two years from its publication).

This book is co-edited by Peter Ryan and myself. It aims to capture all major developments in electronic voting since 2003 in a real-world setting. It covers three broad categories: e-voting protocols, attacks reported on e-voting, and new developments on the use of e-voting.

Table of contents [PDF]

Foreword (Josh Benaloh) [PDF]

Preface (Feng Hao and Peter Ryan) [PDF]

Part 1: Setting the scheme

  • Chapter 1: Software Independence Revisited (Ronald L. Rivest and Madars Virza)
  • Chapter 2: Guidelines for Trialling E-voting in National Elections (Ben Goldsmith)

Part II: Real-world e-voting in national elections

  • Chapter 3: Overview of Current State of E-voting World-wide (Carlos Vegas and Jordi Barrat)
  • Chapter 4: Electoral Systems Used around the World (Siamak F. Shahandashti)
  • Chapter 5: E-voting in Norway (Kristian Gjøsteen)
  • Chapter 6: E-voting in Estonia (Dylan Clarke and Tarvi Martens)
  • Chapter 7: Practical Attacks on Real-world E-voting (J. Alex Halderman)

Part III: E2E verifiable protocols and real-world applications

  • Chapter 8: An Overview of End-to-End Verifiable Voting Systems (Syed Taha Ali and Judy Murray)
  • Chapter 9: Theoretical Attacks on E2E Voting Systems (Peter Hyun-Jeen Lee and Siamak F. Shahandashti)
  • Chapter 10: The Scantegrity Voting System and its Use in the Takoma Park Elections (Richard T. Carback, David Chaum, Jeremy Clark, Aleksander Essex, Travis Mayberry, Stefan Popoveniuc, Ronald L. Rivest, Emily Shen, Alan T.
    Sherman, Poorvi L. Vora, John Wittrock, and Filip Zagórski)
  • Chapter 11: Internet voting with Helios (Olivier Pereira)
  • Chapter 12: Prêt à Voter – the Evolution of the Species (Peter Y A Ryan, Steve Schneider, and Vanessa Teague)
  • Chapter 13: DRE-i and Self-Enforcing E-Voting (Feng Hao)
  • Chapter 14: STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System (Susan Bell, Josh Benaloh, Michael D. Byrne, Dana DeBeauvoir, Bryce Eakin, Gail Fisher, Philip Kortum, Neal McBurnett, Julian Montoya, Michelle Parker, Olivier Pereira, Philip B. Stark, Dan S. Wallach, and Michael Winn)

TouchSignatures: Identification of user touch actions and PINs based on mobile sensor data via JavaScript

How much do you trust your browser when you are surfing the internet on a mobile phone  using Safari, Chrome, Opera or Firefox? Perhaps, you feel secure as long as you do not download suspicious files, or enter your secret passwords onto unknown websites. You may feel even more secure by closing the browser and locking the phone.

However, our recent research (published in the Journal of Information Security and Applications) shows that there is a significant deficiency in the current W3C specifications, which affects the security of all major mobile browsers including Safari, Chrome, Opera and Firefox. The current W3C specification allows embedded JavaScript code in a web page to access the motion and orientation sensors on a mobile phone without requiring any user permission. This makes it possible for a remote website to learn sensitive user information such as phone call timing, physical activities, touch actions on the screen, and even the PINs, by collecting and analysing the sensor data.

We studied the implementation of W3C in all major mobile browsers. Our study confirms that embedded JavaScript code can compromise user sensitive information by listening to the side channel data provided by the motion and orientation sensors without any user permission, through an inactive tab, iframe, or minimised browser (even when the screen of the mobile phone is locked). Below you can see a list of affected browsers on iOS and Android.

1

To show the feasibility of the attack, we present TouchSignatures which implements an attack where malicious JavaScript code on an attack tab listens to such sensor data measurements. Based on these streams and by using advanced machine learning methods, TouchSignatures is able to distinguish the user’s touch actions (i.e., tap, scroll, hold, and zoom) and her PINs, allowing a remote website to learn the client-side user activities. We demonstrate the practicality of this attack by collecting data from real users and reporting high success rates, up to 70% identification of digits (PIN) in Android and 56% in iOS. For more details, we refer the reader to our paper.

This problem has been largely neglected in the past as the sensor stream available to JavaScript has been restricted to low rates (3-5 times lower than those available to app). The common perception within the W3C community and the browser industry is that such a low rate should not expose risks to information leakage. However, our work suggests this perception is incorrect. There are serious security risks imposed by the JavaScript’s unrestricted access to the sensor data even at a low rate.

We reported the results of this research to the W3C community and mobile browser vendors including Mozilla, Opera, Chromium and Apple. We are grateful to their quick and constructive feedback, which is summarized below:

  • W3C: “This would be an issue to address for any future iterations on this [W3C] document”.
  • Mozilla: “Indeed, and it should be fixed consistently across all the browsers and also the spec [W3C specification] needs to be fixed.”
  • Chrome: “It [i.e. this research] sounds like a good reason to restrict it [i.e. sensor reading] from iframes”.
  • Opera: “Opera on iOS giving background tabs access to the events does seem like an unwanted bug”.
  • Safari: “We have reviewed your paper and are working on the mitigations listed in the paper.”

An earlier version of the paper was presented in AsiaCCS’15 and a journal version is published in JISA (Elsevier). Please feel free to leave comment or contact me (m.mehrnezhad@ncl.ac.uk) if you have any questions about this research project.