URL:
Abstract:
Internet voting is a unique problem from other online services, mostly due to its need for accurate tabulation, anonymity, and security from outside attack. This paper runs an analysis on Estonia's e-voting system, describing the process alongside its flaws. In short, Estonia's e-voting system uses a voting client alongside an individual's government-issued smartcard to verify a voter's identity. The vote is then stored and tabulated on a series of servers, and a user can then verify its vote via smartphone application. The authors found that on the human side of things, there were inadequate procedural controls, lax operational security, and insufficient transparency of the voting process, while there were also code vulnerabilities on both the client and server sides, leading to denial-of-service attacks and shell injection attacks among others. These vulnerabilities were found and tested in a mock election environment. The paper concludes by recommending that due to the ease with which one could attack the online election process, online voting in Estonia should be discontinued.
Year:
2014
Domain:
Dimension:
Region:
Country:
Estonia