26
Attacks on RFID-Based Electronic Voting Systems Yossi Oren and Avishai Wool, http://eprint.iacr.org/2009 ipurl.com/e-voting IEEE RFID’2010, Orlando

Attacks on RFID-Based Electronic Voting Systems

  • Upload
    emile

  • View
    55

  • Download
    5

Embed Size (px)

DESCRIPTION

Yossi Oren and Avishai Wool, . Attacks on RFID-Based Electronic Voting Systems. IEEE RFID’2010, Orlando FL. snipurl.com/e-voting. http://eprint.iacr.org/2009/422. Agenda. What’s the Israeli e-Voting Scheme? How can we break it cheaply and completely?. Not on the Agenda. - PowerPoint PPT Presentation

Citation preview

Page 1: Attacks on RFID-Based Electronic Voting Systems

Attacks on RFID-Based Electronic Voting Systems

Yossi Oren and Avishai Wool,

http://eprint.iacr.org/2009/422snipurl.com/e-votingIEEE RFID’2010, Orlando FL

http://eprint.iacr.org/2009/422
http://snipurl.com/e-voting
Page 2: Attacks on RFID-Based Electronic Voting Systems

Agenda

What’s the Israeli e-Voting Scheme? How can we break it cheaply and

completely?

Page 3: Attacks on RFID-Based Electronic Voting Systems

Not on the Agenda

Why the new scheme is legally unsound

Why our (ex-)ministers are all corrupt

The biometric database

Page 4: Attacks on RFID-Based Electronic Voting Systems

Why do we have elections?

Page 5: Attacks on RFID-Based Electronic Voting Systems

Elections

What’s a good election scheme? General Free Equal Fair

Page 6: Attacks on RFID-Based Electronic Voting Systems

Preliminaries Definition: An election E is an NP

election, if…

N P

Conjecture: An election is only secure if it is NP-secure Claim: The Israeli Scheme is NP-insecure

Page 7: Attacks on RFID-Based Electronic Voting Systems

How Do We Vote Today?

Israel votes by national list proportional representation

Page 8: Attacks on RFID-Based Electronic Voting Systems

How Do We Vote Today?

Voter

Voting Booth

LocalElections

Committee

Ballot Box

Paper Ballots

Blank Ballots

Blank Ballots

Signed Envelopes

Blank Ballots

Blank Ballots

Cast Votes

List of Authorized

Voters

NP

Page 9: Attacks on RFID-Based Electronic Voting Systems

Voter

Voting Booth

LocalElections

Committee

Ballot Box

Paper Ballots

Blank Ballots

Blank Ballots

Signed Envelopes

Blank Ballots

Blank Ballots

Cast Votes

List of Authorized

Voters

N

How Do We Vote Today?

NP

Page 10: Attacks on RFID-Based Electronic Voting Systems

Voter

Voting Booth

LocalElections

Committee

Ballot Box

Paper Ballots

Blank Ballots

Blank Ballots

Signed Envelopes

Blank Ballots

Blank Ballots

Cast Votes

List of Authorized

Voters

How Do We Vote Today?

NP

•72.1% participation rate•Less than 1.3% disqualified votes

(including protest “blank ballot” votes)•99% final results 6 hours after poll closes

Public Trust

Page 11: Attacks on RFID-Based Electronic Voting Systems

How Will We Vote Tomorrow?

Voter

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Cast Votes

Population Register Terminal

Page 12: Attacks on RFID-Based Electronic Voting Systems

Tomorrow’s Ballot

Page 13: Attacks on RFID-Based Electronic Voting Systems

How Will We Vote Tomorrow?

Voter

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Cast Votes

Population Register Terminal

Page 14: Attacks on RFID-Based Electronic Voting Systems

How Will We Vote Tomorrow?

Voter

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Cast Votes

Population Register Terminal

Page 15: Attacks on RFID-Based Electronic Voting Systems

How Will We Vote Tomorrow?

Voter

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Cast Votes

Population Register Terminal

N PN

Page 16: Attacks on RFID-Based Electronic Voting Systems

How Will We Vote Tomorrow?

Voter

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Blank Ballots

Cast Votes

Population Register Terminal

N PN

Page 17: Attacks on RFID-Based Electronic Voting Systems

Attacks on the Voting System

Relay Attacks Ballot Sniffing Single Dissident Ballot Stuffing

Non-Relay Attacks Zapper Remote Jamming Implementation Attacks

Relay Attacks Ballot Sniffing Single Dissident Ballot Stuffing

Non-Relay Attacks Zapper Remote Jamming Implementation Attacks

Page 18: Attacks on RFID-Based Electronic Voting Systems

Relay Attacks

5 cm

HF RFID Reader HF RFID Tag

L

G

HF RFID Tag

Page 19: Attacks on RFID-Based Electronic Voting Systems

The Ballot Sniffing Attack

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

P N

N

N

PPN

N

N PNP N

N

N

PPN

N

Page 20: Attacks on RFID-Based Electronic Voting Systems

The Ballot Stuffing Attack

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

P N

N

N

PPN

N

N P

P

P

P

NP

P

P

Page 21: Attacks on RFID-Based Electronic Voting Systems

The Zapper Attack

Voting Booth

LocalElections

Committee

Ballot BoxVoting and Counting Terminal

Verification Terminal

Blank Ballots

Blank Ballots

Blank Ballots

PPPP

P

P

PP

Zap!

Zap!

Page 22: Attacks on RFID-Based Electronic Voting Systems

The Government’s Response…

Page 23: Attacks on RFID-Based Electronic Voting Systems

:// . . /http www youtube com? = 3-watch v wxd YodOmM

http://www.youtube.com/watch?v=wxd3-YodOmM
http://www.youtube.com/watch?v=wxd3-YodOmM
http://www.youtube.com/watch?v=wxd3-YodOmM
Page 24: Attacks on RFID-Based Electronic Voting Systems

Implementation Attacks

Session Hijacking Replay Attacks Semantic Insecurity …

Page 25: Attacks on RFID-Based Electronic Voting Systems

Conclusion

Is the new e-voting scheme a good scheme? General Free Equal Fair

Is the new e-voting scheme a good scheme? General Free Equal Fair

Page 26: Attacks on RFID-Based Electronic Voting Systems

Thank You!

If it ain’t broke, don’t fix it!

http://eprint.iacr.org/2009/422snipurl.com/e-voting

http://eprint.iacr.org/2009/422
http://snipurl.com/e-voting

Practical Attacks on Real-world E-voting

Practical Attacks on Real-world E-voting

Documents
Attacks on RFID-Based Electronic Voting Systems

Attacks on RFID-Based Electronic Voting Systems

Documents
LNCS 4727 - Power and EM Attacks on Passive 13.56 MHz RFID

LNCS 4727 - Power and EM Attacks on Passive 13.56 MHz RFID

Business
Evaluation of the feasible attacks against RFID tags for ... · PDF fileEvaluation of the feasible attacks against RFID tags for access control systems Hristo Dimitrov & Kim van Erkelens

Evaluation of the feasible attacks against RFID tags for ... · PDF fileEvaluation of the feasible attacks against RFID tags for access control systems Hristo Dimitrov & Kim van Erkelens

Documents
G.P. Hancke, Eavesdropping Attacks On High-Frequency RFID Tokens

G.P. Hancke, Eavesdropping Attacks On High-Frequency RFID Tokens

Documents
Ontological Modeling of Radio Frequency Identification ...journal.itrc.ac.ir/article-1-188-fa.pdf · paper, an ontological modeling of RFID attacks is presented. Keywords- RFID Attack,

Ontological Modeling of Radio Frequency Identification ...journal.itrc.ac.ir/article-1-188-fa.pdf · paper, an ontological modeling of RFID attacks is presented. Keywords- RFID Attack,

Documents
Radio Frequency Identification (RFID)jain/cse574-10/ftp/j_orfid.pdf · Radio Frequency Identification (RFID) ... RFID Standards Security Issues. ... Types of Attacks, Optical RFID,

Radio Frequency Identification (RFID)jain/cse574-10/ftp/j_orfid.pdf · Radio Frequency Identification (RFID) ... RFID Standards Security Issues. ... Types of Attacks, Optical RFID,

Documents
Power and EM Attacks on Passive 13.56 MHz RFID Devicesmhutter.org/papers/Hutter2007PowerandEMPassiveRFID.pdf · Keywords: RFID, Power Analysis, EM Attacks, Side-Channel Attacks, DPA,

Power and EM Attacks on Passive 13.56 MHz RFID Devicesmhutter.org/papers/Hutter2007PowerandEMPassiveRFID.pdf · Keywords: RFID, Power Analysis, EM Attacks, Side-Channel Attacks, DPA,

Documents
Electronic voting machine using RFID

Electronic voting machine using RFID

Engineering
Clash Attacks on the Verifiability of E-Voting Systems › TC › SP2012 › papers › 4681a395.pdf · Clash Attacks on the Verifiability of E-Voting Systems Ralf Kusters, Tomasz

Clash Attacks on the Verifiability of E-Voting Systems › TC › SP2012 › papers › 4681a395.pdf · Clash Attacks on the Verifiability of E-Voting Systems Ralf Kusters, Tomasz

Documents
Practical RFID Attacks - Chaos Communication Camp 2007

Practical RFID Attacks - Chaos Communication Camp 2007

Documents
Evaluation of the feasible attacks against RFID tags for access

Evaluation of the feasible attacks against RFID tags for access

Documents
Chapter 11 Addressing Covert Channel Attacks in RFID ... › ~robins › papers › RFID_supply_chains_book_chapter.pdfenable adversaries to exploit covert channels to surreptitiously

Chapter 11 Addressing Covert Channel Attacks in RFID ... › ~robins › papers › RFID_supply_chains_book_chapter.pdfenable adversaries to exploit covert channels to surreptitiously

Documents
Rfid Based Voting Machine

Rfid Based Voting Machine

Documents
Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions

Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions

Documents
Attacks on the HF Physical Layer of Contactless and RFID Systems

Attacks on the HF Physical Layer of Contactless and RFID Systems

Documents
IoTDDoS Attacks Detection based on SDN · DDoS ATTACK ON IOT DDoS on Perception Layer RFID Jamming RFID Kill Command Attack RFID De-synchronizing Attack 1. Sonar, K., & Upadhyay,

IoTDDoS Attacks Detection based on SDN · DDoS ATTACK ON IOT DDoS on Perception Layer RFID Jamming RFID Kill Command Attack RFID De-synchronizing Attack 1. Sonar, K., & Upadhyay,

Documents
30 Minutes of RFID - Analysis, Applications and Attacks

30 Minutes of RFID - Analysis, Applications and Attacks

Business
RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

RFID attacks and proxmark hands-on · +4fd9 NFC is a subset of RFID – 13.56MHz – ISO/IEC 14443 – NFC device can be both a reader and a tag Let’s get this out of the way: RFID

Documents
RFIDSec talk - Eavesdropping Attacks on High-Frequency RFID

RFIDSec talk - Eavesdropping Attacks on High-Frequency RFID

Business
Known attacks on RFID systems, possible - RFID-Handbook

Known attacks on RFID systems, possible - RFID-Handbook

Documents
Using NFC enabled Android devices to attack RFID systemscs.ru.nl/.../2018/...enabled_Android_devices_to_attack_RFID_systems.… · types of attacks with Android phones on RFID cards:

Using NFC enabled Android devices to attack RFID systemscs.ru.nl/.../2018/...enabled_Android_devices_to_attack_RFID_systems.… · types of attacks with Android phones on RFID cards:

Documents
Practical Algebraic Attacks on the HITAG2 TM Stream Ciphernicolascourtois.com/papers/courtoisesmart09.pdf · Practical Algebraic Attacks on the HITAG2 TM Stream Cipher in RFID Transponders

Practical Algebraic Attacks on the HITAG2 TM Stream Ciphernicolascourtois.com/papers/courtoisesmart09.pdf · Practical Algebraic Attacks on the HITAG2 TM Stream Cipher in RFID Transponders

Documents
Classifying RFID Attacks and Defenses

Classifying RFID Attacks and Defenses

Documents
Evaluation of the feasible attacks against RFID tags for ...sessing RFID system security and privacy risk. The framework doesn’t consider all the technical aspects that are involved

Evaluation of the feasible attacks against RFID tags for ...sessing RFID system security and privacy risk. The framework doesn’t consider all the technical aspects that are involved

Documents
electronic voting machine by rfid

electronic voting machine by rfid

Documents
RFID Jamming and Attacks on Israeli e-Votingyash/evoting-jammer-systech12.pdf · RFID Jamming and Attacks on Israeli e-Voting Yossef Oren, ... report on the actual implementation

RFID Jamming and Attacks on Israeli e-Votingyash/evoting-jammer-systech12.pdf · RFID Jamming and Attacks on Israeli e-Voting Yossef Oren, ... report on the actual implementation

Documents
RFID based Electronic Voting Machine

RFID based Electronic Voting Machine

Engineering
New Attacks against RFID-Systems - Black Hat Briefings · PDF file– Replay attack to fool the access control systems. Generic Attacks • Counterfeiting the identity of the reader

New Attacks against RFID-Systems - Black Hat Briefings · PDF file– Replay attack to fool the access control systems. Generic Attacks • Counterfeiting the identity of the reader

Documents
Copyright Security-Assessment.com 2006 30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

Copyright Security-Assessment.com 2006 30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

Documents