An Analysis of the Wombat Voting System Model
By Eitan Grundland
ElectionsSecurity
Democracy
ElectronicsTranspare
ncy
Hacking
The System Goals
● Integrity
● Privacy
● Transparency
Why Change to Digital?
● Computers are faster!● Computers are more accurate!● As days go by, digital interfaces are more
intuitive to the public!
The evolution in inevitable!
From Paper to Digital
From Paper to Digital
From Paper to Digital
From Paper to Digital
From Paper to Digital
SecurityComponentsOverview
Security Components
A weak identification procedure can compromise the entire election process.
Security Components
• Live CD OS• Encryption• Randomness Generation• Zero Knowledge 1 of L
Security Components
• Voter's Receipt• Digital Signatures
Security Components
• Paper Ballots• Serial Number
Security Components
• Threshold Encryption• Hash for Tallying Verification
Audit Ballot
Security Components
Security Components
• Mixnet• Mixnet Zero
Knowledge
TheParticipating
Parties
The Participating Parties
Polling Technicians and Staff 1
● Ballot Stuffing● Voter Exposure● Authentication Disabling● Smart Card Forgery
The Participating Parties
Actions That Pose No Threat When Carried Out by a Single Party
Supervising Authorities and Candidates System Administrators
2
Polling Technicians and Staff 1
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
● False Results Publishing
Bulletin Board Administrators 3
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
● False Accusation
Voters 4
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4● Registration Frauds
Impostors 5
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5
● Vote Buyers Motivation● Voter Exposure
Vote Buyers/ Coercers 6
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6
Actions That Pose No Threat When Carried Out by a Single Party
Smart Card Manufacturers 7
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7
● Voter Exposure● Printing Subliminal
Channel● Booth Denial of Service
Printer Manufacturer 8
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8
● Partial Voter Exposure
Scanner Manufacturer 9
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9
● Booth OS Built-in Backdoor
● Altering Ballots● Subliminal Channel● Printing Subliminal
ChannelLinux OS CD provider 10
The Participating Parties
Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0
● Collecting External Information
External Attackers 11
Threats of Attackers Collaboration
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Registration Frauds
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Repeating
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Booth's OS CD Manufacturers Capabilities Identity
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
● Partial Exposure Voter● Voter Exposure by the
Ability to Decrypt the Votes
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Voter Exposure by the Ability to Decrypt the Votes
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Ballot Stuffing
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Voter Exposure
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Chain Voting
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Chain Voting
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Voter Exposure by the Ability to Decrypt the Votes
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Subliminal Channel
Attackers Collaboration Polling Technicians and Staff 1Supervising Authorities and Candidates System Administrators
2
Bulletin Board Administrators 3
Voters 4Impostors 5Vote Buyers/ Coercers 6Smart Card Manufacturers 7Printer Manufacturer 8Scanner Manufacturer 9Linux OS CD provider 1
0External Attackers 1
1
Voter Exposure by the Ability to Decrypt the Votes
Conclusion
Identification Process
• People can vote anywhere
• Biometric identification
• Limit each scanned vote to a single identification by software.
Live OS CD
The CD should be digitally signed
Booth Machine
The booth machine should be checked for suspicious components
Physical Stamp
Each stamp should contain poll's digital signature
Bulletin Board
A digitally signed list of all the cipher votes
Booth Machine Auditing
An audit every two hours in each booth
Ballot Scanning Authentications Auditing
A special "authentication audit ballot"
Conclusion
An audit OCR program
TheEnd
