Hacker News new | past | comments | ask | show | jobs | submit login
Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering [pdf] (galois.com)
25 points by CapitalistCartr on Nov 11, 2014 | hide | past | web | favorite | 2 comments

> Galois applies cutting edge computer science and mathematics to solve difficult technological problems.

Is this serious? Essentially what you're saying "when transmitting a PDF over an unencrypted transport we can move in and alter it".

This is why we don't do banking over HTTP or any other sensitive transaction. If it were ever allowed to submit a ballot over an unencrypted connection you deserve your election to be tampered with.

This comment left by another user on their YouTube video demonstrating this "hack" is rather to the point:

"So the only thing you've done is validated that things like end-to-end encryption and digital signatures have a reason for existing. Bravo! I sincerely hope using unsigned PDFs over plain-text channels, such as are assumed in this video, aren't even considered to be used for voting? I feel like this video is purposefully biasing people against digital voting by omitting the fact that methods and systems to prevent exactly this kind of tampering have already existed for a long time and are in use for countless other applications where privacy and authentication matter. There are other complications with digital voting such as guaranteeing anonymity while preventing individuals from voting multiple times, but this hack is based on a retarded way of digital voting. Who even sends e-mails with funny cat pictures to their uncle over unsecured SMTP anymore?"

They are involved with applying cutting edge research to difficult technological problems (see e.g. http://galois.com/project/proceed/ ). I don't think this paper is an example of that, but more of a way to issue an expert opinion - supported by a demo - on the risks of what is unfortunately not an uncommon practice. It might very well be obvious to everyone in HN why you don't send votes over any clear-text unsigned format over the internet, but unfortunately it is not obvious to the average voter or politician.

Note that just encrypting the link is not really a good fix in this scenario, since that makes the server a single point of failure which attackers might try to subvert if the stakes are high enough. We have indeed solutions even for that (client-side signatures), but for really high stake elections we run into much bigger problems: the need to protect vote confidentiality from the polling authorities themselves, avoiding third-party verifiable proofs-of-vote because it allows vote buying/selling, allowing first-party verifiable proofs-of-vote since otherwise fraud is hard to detect, risk of fraud via compromised clients, etc.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact