Security Analysis of the Estonian Internet Voting System
Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, and J. Alex Halderman
In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS ’14), November 2014
Abstract
Estonia was the first country in the world to use Internet voting nationally, and today more than 30% of its ballots are cast online. In this paper, we analyze the security of the Estonian I-voting system based on a combination of in-person election observation, code review, and adversarial testing. Adopting a threat model that considers the advanced threats faced by a national election system—including dishonest insiders and state-sponsored attacks—we find that the I-voting system has serious architectural limitations and procedural gaps that potentially jeopardize the integrity of elections. In experimental attacks on a reproduction of the system, we demonstrate how such attackers could target the election servers or voters’ clients to alter election results or undermine the legitimacy of the system. Our findings illustrate the practical obstacles to Internet voting in the modern world, and they carry lessons for Estonia, for other countries considering adopting such systems, and for the security research community.
@InProceedings{ivoting-ccs2014,
author = {Drew Springall and Travis Finkenauer and
Zakir Durumeric and Jason Kitcat and
Harri Hursti and Margaret MacAlpine and
J. Alex Halderman},
title = {Security Analysis of the {E}stonian
{I}nternet Voting System},
booktitle = {Proceedings of the 21st ACM Conference on
Computer and Communications Security},
year = 2014,
month = nov,
organization = {ACM}
}