Online democracy by 2020? University reveals e-voting security breakthrough

As Britain takes to the polls for its general election this week, many have questioned why voting in the country hasn’t advanced to the digital age. While Thursday’s vote will take place in schools and local halls, a breakthrough from the University of Birmingham suggests that this old tradition may come to an end in time for future votes across the UK.

SC Magazine reports that the technology is designed to work even for those whose computers are suspected to be infected with malware. Called a Du-Vote, the credit card sized device takes inspiration from card readers distributed by banks to authenticate transactions in their online services.

“The main advantage of this system is that it splits the security between the independent security device and a voter’s computer or mobile device. A computer is a hugely powerful, all-purpose machine running billions of lines of code that no one really understands, whereas the independent security device has a much, much smaller code base and is not susceptible to viruses,” explained Professor Mark Ryan, from the security and privacy research group at Birmingham University.

The device works in conjunction with a unique code that they need to type into the computer when the device is connected, and it could be ready in time for use at the 2020 or 2025 general elections, the research group says.

Gurchetan Grewal, part of the project team also told Phys.org, “This is currently the only piece of work that addresses a core problem of e-voting – namely, that someone may have viruses or other malware on their computer. For example, the system in Estonia, where they have already introduced online voting, does not deal with this potentially undetectable source of vote manipulation or breach of voter privacy.”

However, others remain skeptical that secure e-voting is this close. Speaking to SC Magazine, Jeremy Epstein, a senior computer scientist at SRI International, predicts that we’re still 20-30 years away from a genuinely secure solution to rival the ballot box: “It’s difficult to predict when the political pressures will force e-voting to happen; it’s already happening in the US, Estonia, and other countries. However, it’s not *secure* e-voting, it’s just e-voting – every system that’s been examined has been insecure.”

“The university research focuses on the security of the voting experience, sometimes at the expense of usability by the voter. Vendor systems focus on usability, and are (so far without exception) completely insecure. We need to bring the two together to come up with systems that are both secure and usable,” he added.

The paper, titled ‘Du-Vote: Remote Electronic Voting with Untrusted Computers’, is due to be presented at the IEEE Computer Security Foundations Symposium in Verona, in July.

Author , ESET

  • Coyote

    “The main advantage of this system is that it splits the security
    between the independent security device and a voter’s computer or mobile
    device.”

    For now. Supposedly.

    “A computer is a hugely powerful, all-purpose machine running
    billions of lines of code that no one really understands, whereas the
    independent security device has a much, much smaller code base and is
    not susceptible to viruses,” explained Professor Mark Ryan, from the
    security and privacy research group at Birmingham University.

    Really, no one understands it? Maybe you aren’t able to, but that doesn’t mean no one does. I suspect those that created assembly language (which is still quite low level i.e. close to hardware) so no need to use pure binary/hex/octal also did not understand all the software running on the system, right? Those that know assembly also aren’t capable of this. The same applies to compiler writers (and compiler compiler writers, even), I’m sure. 100% false.

    Incidentally, THIS statement: “… and is not susceptible to viruses”
    shows you to be incredibly naive and a very ignorant newbie in security (realistically more than security). I’m putting it nicely. That you’re actually suggesting this about a voting system is incredibly disturbing. There is no breakthrough here. While manual systems can be manipulated, they are limited to specific protocols and are not generally available to the public (so that there are flaws makes it more troubling). Automatic, and especially devices given to the masses (supposedly vulnerability free; there is no such thing as vulnerability free) means there’s far higher chance someone will discover a critical flaw and a high chance it would be abused. No system is 100% vulnerability free, and there will always be new flaws discovered. Any other claim is a dangerous lie.

    • Coyote2

      So do you understand all the code? What about your mom and dad? Mate I think the point here is to reduce the trust from a general purpose computer (billions of lines) to a simple device (few thousands) that is easy to test. May be you understand all those billions of lines of code, but wouldn’t it be easier if they were just a few thousand? I don’t know, up to you to decide.

      • Coyote

        Yes. And indeed, less does mean it is easier to audit. But that wasn’t my point at all. The point was that here they are suggesting the amount of code is relevant to what they’re claiming – that it is immune to malware. In fact, the problem is it doesn’t matter how much code is there.

        Make no mistake: it isn’t immune to malware. Even if it seems that way it isn’t reality (false sense of security through naiveness and ignorance). The fact he suggests these things when he is working on a voting system is disturbing. This is elementary stuff. But let’s be real: the fact is anything that involves humans is going to be vulnerable to problems humans cause and humans cause all sorts of problems. Far too many. It is worse with technology, though. I could write a volume of textbooks on this situation (maybe volume is far fetched but a textbook isn’t so extreme) but I don’t see why – no one will care anyway, will they? They haven’t yet and they never will, because of another trait of humans. Like how I did that?

        In the end, the point is there weren’t any milestones here and it isn’t immune to malware. No such thing as 100% security in anything and especially with computers (and technology). The points I made – if you can analyse them more – explain this a bit more (though I certainly didn’t touch upon everything).

        • Coyote2

          Really sorry for my ignorance but I struggle to get your point. I didn’t see the argument about 100% secure anywhere. It does says that the task is divided between a computer and a dedicated device. I have a device from my bank and that ensures that malware on my computer doesn’t learn my password (e.g. my using one time passwords), which makes my money a bit more secure. May be here they have invented something more than that? I dont see why that is not possible.

          • Coyote

            Firstly, please do not apologise – there’s no need to be sorry. To apologise for ignorance when you’re trying to understand it is what everyone should do (but many do not) – ignorant of a fact is one thing but ignorance (and/or denial) of ignorance (and the fact there’s always room for improvement) is another entirely! That you’re doing that is to be commended and I am not one to say such a thing if it weren’t something I strongly felt. Indeed the very fact you are trying to understand my point (regardless of any flaws – there is no perfection! – semantics or anything else) means you’re ahead; after all, if you can’t acknowledge mistakes/ignorance how can you learn more, better yourself, and improve quality of everything you do? So don’t at all apologise for that! I wish more would do that.

            My response:
            Well sure, 2FA (two factor authentication) is useful and all, but how do you go about it for voting? I don’t necessarily refer to flaws in the device itself (although that does apply) but also flaws in what allows votes to be registered (counted) and not abused. Maybe I can word the other point differently.

            The idea is this: digital technology is incredibly error prone (see next paragraph). Yes, so is other technology (if you think about mechanical technology including hard disk drives, they will die eventually because they are mechanical) but the problem is exploiting bugs in the software (and also the hardware!) and this includes malware (but isn’t limited to it). Look at point of sale malware – the ones that scrape memory on the systems and steal credit card numbers (e.g. what Target and other US retailers). There’s a very real threat.

            If you can make it you can break it. That’s a risk we all take (and personally I wouldn’t have it any other way as a general rule but that’s generally) but the problem here is the larger target. For instance – Windows is far more common than MacOS and MacOS is probably targeted more than various Linux distributions. Yet Linux is a derivative of a Unix (Minix? I can’t recall for sure but that’s not all that relevant). Meanwhile, MacOS is based on NeXT and one or more BSD (both Unix operating systems). Because of this there’s far more Windows malware (this is especially relevant nowadays because malware seems to be more about theft/fraud/etc. whereas older malware (and I’ve been around long enough to know this from experience) wasn’t all about theft and actually had some art to it (Graham Cluley wrote about this here, actually: https://grahamcluley.com/2013/08/dying-art-computer-viruses/ ). It makes sense then, doesn’t it? The more victims the more profit. It should be noted that despite what some will claim, malware is not a Windows specific issue – only ignorant/naive people will claim otherwise. Case in point is ‘The Morris Worm’ from the 80s, one of the (if not the) most notorious worms that attacked Unix systems (through exploits in two or three Unix services including fairly common ones). This worm itself had a design flaw which ultimately led to the systems crawling to their knees (mostly meaning halt) and the fact this happened meant more was done to track the creator (Robert Tappan Morris actually made it appear to come from a different university but because of the implications they tracked him down and could not worm his way out of trouble).

            The voting systems in countries that have general elections are already flawed; by introducing more devices (and if voters are allowed to keep them after voting the risks increase exponentially) you’re introducing more possible attacks and for voting that is rather concerning, don’t you think ? Of course there is one point you’re right (whether directly or inferred isn’t relevant to me): there is no 100% secure and there never will be; more to the point, the current system is problematic but going digital is not the solution I’m afraid (there’s been proof of concept digital voting systems, if I recall, and I also recall there were security flaws in them that were made public [don’t have references here though admittedly but I could probably find some]). Again, it isn’t only the devices that do the voting, it is also the system itself.
            Kind regards.

          • iAmCoyote

            Dude, calm down! This article is just a 1 liner of a peer-reviewed work of a good security conference. Don’t you think reviewers of the conference would have considered all these points. There is some difference between researchers and vendors. Researcher dont sell anything, they just explain the work they have done. Some of my friends here in the US are researchers and I know how careful they usually are before publishing a new research work in a conference.

          • Coyote

            I’m perfectly calm and when others tell me otherwise (you’re not the first by any means but it is probably the first over the Internet which amplifies this) it is incredibly amusing. Thanks for pointing out, also, the difference between a researcher[1] and a
            vendor, because I’m sure the dictionaries I read for fun (years ago) didn’t have
            those words in it. What is the point of telling me that? I’m baffled by the very idea (and unless I don’t remember right, I didn’t bring up research or vendors; maybe I did but if not it baffles me even more that you would bring it up – even then why tell me the difference, as if I don’t know what each are [but see point 1])..

            As for the issue. No, I do not think they would put those thoughts in to consideration. Actually, I hope they didn’t. Because if they did then the issue is more serious, isn’t it, seeing as how their ideas (or perhaps ‘research’ is how you would describe it) would dismiss my concerns. Security isn’t that simple anyway and I already pointed this out (whether directly or indirectly is irrelevant).

            [1] Researchers aren’t necessarily not-for-profit. Medical science comes to mind. But forget actual examples: there is nothing about researching that states you can’t also sell products (or do anything else for that matter). Also, they could be both. You might call this semantics but keep in mind what point of yours I am responding to.

          • Coyote_the_software_developer

            I just searched and there are no patents involved in this research so I think this is a not-for-profit research. There are techniques described in the paper and anyone can implement their own devices and software. Maybe you would like to implement this research to yours (and everyones) satisfaction! Lets help the society by giving what we have. You being a computer literate can write an open source software for it.

          • Coyote

            Brilliant idea if you don’t have very good (I want to say ‘don’t have basic’ but I’ll not be that cruel) reading comprehension (or otherwise if you deliberately ignore the points). Otherwise not so brilliant (quite the opposite extreme). Indeed if you actually understood what I wrote in the first place you’d understand the problem with that idea because you’d realise the point isn’t about software per se. Funnily enough, the problem has to with much more than software. I’m sure that is hard to believe but it is the truth.

            On the other hand, your name is even more brilliant and shows an incredible amount of cleverness and imagination. But given that you think Coyote should write the software (even though you didn’t get the point – at all) and given that you also include it (‘Coyote’) in your display name, perhaps you should follow your own advice (not that it is good advice) ? That would be more clever, wouldn’t it (but still not all that clever) ? You could even give the name as ‘Coyote, the trollish software developer’ (numerous ways to word it, of course but I think that fits – even with certain absurd contradictions in the matter).

Follow us

Copyright © 2018 ESET, All Rights Reserved.