Online voting system used for primary elections for the French Presidential, must be secure right?
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 112 | |
| Autor | ||
| Mitwirkende | ||
| Lizenz | CC-Namensnennung - keine kommerzielle Nutzung - Weitergabe unter gleichen Bedingungen 4.0 International: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen und nicht-kommerziellen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben. | |
| Identifikatoren | 10.5446/60832 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
EuroPython 202267 / 112
5
10
14
17
19
23
25
29
31
32
34
44
47
51
53
54
57
61
69
70
82
83
88
93
94
97
101
105
106
00:00
SystemprogrammierungGoogolChiffrierungClientPunktwolkeOpen SourceTropfenComputervirusNeuroinformatikInternetworkingRegulator <Mathematik>DatenmissbrauchDatenbankFolge <Mathematik>GrenzschichtablösungDigitalsignalWiderspruchsfreiheitServerTransaktionAbgeschlossene MengeQuellcodeGreen-FunktionLokales MinimumGruppenoperationPlastikkarteMagnettrommelspeicherZustandsdichteMenütechnikMailboxMultiplikationsoperatorZahlenbereichRechenschieberSchreiben <Datenverarbeitung>Elektronische WahlClientWeb SiteDatenmissbrauchBeweistheorieBlackboxNeuroinformatikQuellcodeMereologieSoftwareSystemaufrufGrundraumDifferentePhysikalismusTranslation <Mathematik>Rechter WinkelZählenQuaderOpen SourceServerAbstimmung <Frequenz>ChiffrierungKategorie <Mathematik>InstantiierungSpieltheorieComputersicherheitExpertensystemReelle ZahlBitInternetworkingGruppenoperationPunktSystemprogrammierungZellularer AutomatNeunzehnFormale SpracheVorlesung/KonferenzXML
06:03
CodePersönliche IdentifikationsnummerLoginPasswortAbstimmung <Frequenz>AdressraumE-MailWeb SiteService providerSystemprogrammierungKontrollstrukturFormation <Mathematik>Inklusion <Mathematik>Web SiteAbstimmung <Frequenz>PasswortMereologieTouchscreenPersönliche IdentifikationsnummerBitQuelle <Physik>WellenpaketGruppenoperationComputeranimation
06:53
MIDI <Musikelektronik>Baum <Mathematik>BitrateDemo <Programm>Uniformer RaumLokales MinimumAbstimmung <Frequenz>BeweistheorieKanal <Bildverarbeitung>ServerGruppenoperationAbstimmung <Frequenz>QuaderBeweistheorieSpieltheorieTouchscreenInformationResultanteGruppenoperationAdressraumServerPasswortValiditätMultiplikationsoperatorWeb SiteQuellcodeVerschlingungEinsZellularer AutomatNeuroinformatikBitrateSystemzusammenbruchXMLComputeranimation
08:25
CachingServerSchlüsselverwaltungPasswortBeweistheorieSkriptspracheWeb SiteNeuroinformatikGeradeInstantiierungCodeCachingChiffrierungQuellcodePackprogrammCASE <Informatik>PunktKontrollstrukturProgrammschleifeFehlermeldungMultiplikationsoperatorVierzigWärmeleitfähigkeitSchlüsselverwaltungAusnahmebehandlungComputeranimationXML
09:51
Funktion <Mathematik>Kette <Mathematik>p-BlockEin-AusgabeHash-AlgorithmusKryptologieZufallszahlenZyklische RedundanzprüfungSkriptspracheDezimalzahlBinärdatenChiffrierungVollständiger VerbandATMMIDI <Musikelektronik>Spannungsmessung <Mechanik>Abstimmung <Frequenz>BeweistheorieTelekommunikationFlächeninhaltRobotikBeweistheorieAbstimmung <Frequenz>SchlüsselverwaltungPrivate-key-KryptosystemSkriptspracheRelationentheorieGraphiktablettKryptologieMereologieMultiplikationsoperatorQuaderGamecontrollerZeichenketteWeb SiteDateiformatNeuroinformatikCASE <Informatik>Beobachtungsstudiep-BlockChiffrierungElektronische WahlSelbst organisierendes SystemHoaxReelle ZahlComputersicherheitGenerator <Informatik>ValiditätBitrateArithmetisches MittelSoftwareGruppenoperationData MiningGraphfärbungInhalt <Mathematik>Formation <Mathematik>SystemaufrufSprachsyntheseElektronische PublikationQuellcodeKonditionszahlElektronische UnterschriftEreignishorizontComputeranimation
15:17
Funktion <Mathematik>Lokales MinimumCodeAdressierungWendepunktGruppenoperationAtomarität <Informatik>ComputersicherheitAngewandte PhysikSkriptspracheElektronische PublikationRSA-VerschlüsselungChiffrierungPrinzip der gleichmäßigen BeschränktheitZoomProgrammbibliothekAbstimmung <Frequenz>ProgrammbibliothekChiffrierungComputersicherheitWeb SiteKryptologieMultiplikationsoperatorBitSkriptspracheCodeQuaderDateiformatTermInstantiierungMereologieEinsTypentheorieFlächeninhaltAlgorithmusProzess <Informatik>Web-SeiteElektronische PublikationGoogolProjektive EbeneSuchmaschineNatürliche ZahlSpielkonsoleExpertensystemComputeranimation
17:37
Demo <Programm>SoftwaretestCOMPasswortInternetworkingRegulator <Mathematik>DatenmissbrauchStandardabweichungDateiformatService providerMarketinginformationssystemRSA-VerschlüsselungSchlüsselverwaltungVersionsverwaltungGanze ZahlZeichenketteHash-AlgorithmusChiffrierungProtokoll <Datenverarbeitungssystem>ZufallszahlenASCIIGerichtete MengeComputersicherheitBinärcodeDateiformatSchlüsselverwaltungGamecontrollerComputersicherheitChiffrierungASCIIQuaderRechter WinkelForcingBitPackprogrammLesen <Datenverarbeitung>t-TestSichtenkonzeptART-NetzReelle ZahlOffene MengeGenerator <Informatik>TabelleAbstimmung <Frequenz>MereologieGeradeTypentheorieArithmetisches MittelAiry-FunktionBildschirmmaskeFontE-MailBildschirmfensterQuick-SortObjekt <Kategorie>PasswortWeb SiteBitrateUnrundheitSoftwareWeb-SeiteRandomisierungMessage-PassingDeskriptive StatistikFlächeninhaltZahlenbereichQuelle <Physik>QuellcodeProjektive EbeneElektronische PublikationFehlermeldungDrucksondierungCodierung <Programmierung>sinc-FunktionMultiplikationsoperatorSkriptspracheGraphiktablettKryptologieMultiplikationBeweistheoriePublic-Key-KryptosystemCASE <Informatik>SystemprogrammierungDiskrete UntergruppeCodeStandardabweichung
25:52
RSA-VerschlüsselungHash-AlgorithmusPasswortSkalarproduktPROMInhalt <Mathematik>Abstimmung <Frequenz>VersionsverwaltungMailing-ListeTechnische InformatikAbstimmung <Frequenz>Public-Key-KryptosystemWeb SiteQuaderVerschlingungSchlüsselverwaltungDeskriptive StatistikElektronische PublikationZahlenbereichDienst <Informatik>DifferenteElektronische UnterschriftMathematikSummengleichungBeweistheorieSkriptspracheBitMultiplikationsoperatorKonditionszahlObjekt <Kategorie>Quick-SortServerHash-AlgorithmusHoaxPackprogrammGenerator <Informatik>RSA-VerschlüsselungGemeinsamer SpeicherChiffrierungXMLComputeranimation
30:55
Hash-AlgorithmusVerschlingungBeweistheorieAbstimmung <Frequenz>ServerKonsistenz <Informatik>SystemprogrammierungCodeZeichenketteAdvanced Encryption StandardMessage-PassingRSA-VerschlüsselungProgrammbibliothekKryptologieWeb SiteZustandsdichteSoftwaretestMehrrechnersystemMathematikResultanteGraphiktablettGrundsätze ordnungsmäßiger DatenverarbeitungKryptologieInformationPackprogrammBimodulSystemzusammenbruchChiffrierungAbstimmung <Frequenz>PasswortWeb SiteBeweistheorieQuellcodeMultiplikationsoperatorElektronische PublikationNeuroinformatikSkriptspracheZeichenketteQuaderPrivate-key-KryptosystemElektronische WahlServerDifferenteStellenringRechter WinkelValiditätBitrateGruppenoperationFrequenzSelbst organisierendes SystemSichtenkonzeptLesezeichen <Internet>HorizontaleInstantiierungRoutingZehnAbstandVerkehrsinformationComputeranimation
35:59
Lokales MinimumGruppenoperationSystemprogrammierungVerschlingungAbstimmung <Frequenz>ComputersicherheitDatenmissbrauchAnalysisService providerZellularer AutomatInklusion <Mathematik>Prozess <Informatik>DatenstrukturSystemprogrammierungPRINCE2IntelSprachsyntheseComputeranimation
36:38
ComputersicherheitSystemprogrammierungElektronische WahlMultiplikationsoperatorVorlesung/Konferenz
37:19
SystemprogrammierungPunktSichtenkonzeptMetropolitan area networkSuite <Programmpaket>ComputersicherheitAbstimmung <Frequenz>Vorlesung/Konferenz
38:34
MultiplikationsoperatorQuellcodePlastikkarteSoftwareentwicklerRegulärer GraphTechnische InformatikPi <Zahl>CodeMathematikerinKryptologieAbstimmung <Frequenz>DatenflussRechenschieberWeb-SeiteTwitter <Softwareplattform>AggregatzustandSystemprogrammierungVorlesung/Konferenz
40:07
Elektronische WahlSystemprogrammierungOpen SourceArithmetisches MittelAbstimmung <Frequenz>NeuroinformatikSoftwareCASE <Informatik>ExpertensystemMultiplikationsoperatorProzess <Informatik>PhysikalismusBitPolstelleVollständiger VerbandPhysikalischer EffektDemoszene <Programmierung>InstantiierungBaumechanikDifferenteVorlesung/Konferenz
42:51
BeweistheorieHecke-OperatorMultiplikationsoperatorGruppenoperationAbstimmung <Frequenz>NeuroinformatikUnrundheitTransaktionGarbentheorieResultanteMathematikProzess <Informatik>ServerKette <Mathematik>EnergiedichteAbschattungSoftwareDatenbankSoftwareentwicklerInformation EngineeringQuaderPhysikalismusVollständigkeitPhysikalische TheoriePackprogrammHackerVorlesung/Konferenz
Transkript: Englisch(automatisch erzeugt)
00:06
Hello, hello everyone, so I have not much time because I have a really a big number of slides So I will go really fast about me. I'm emmanuel most of the time. I'm writing I'm in a company writing a software called parsec which has absolutely nothing to do with the company doing gaming
00:24
We choose the name at the same time, so yeah, that's kind of thing happen anyway So if you're interesting in really secure open source software with end-to-end encryption You should check a look. It's in python all the source code is there. It's funny Anyway, I'm going to talk to you about something totally unrelated
00:43
which is voting so I'm not an expert in voting in any way but I talk a lot with researchers and so basically what I understood is when you Using when you're talking about voting system. There is a multiple property that you have to evaluate
01:02
for instance the most common one is The ballot secrecy so you're voting of course your vote must be secret, but there is other things for instance you should not be able to to prove that you're worried for somebody because otherwise you could go and ask for you and get money from
01:23
Someone else because you're worried for the right guy or maybe you could get your leg broken because you're worried for the wrong guy Something else is what they call auditability so basically you need to be able to do The ballot counting and about counting it's better if there is a lot of different party involved for doing the ballot counting
01:44
All this kind of thing and anyway online voting is I mean the funny thing is all those property. They are not perfect when you do Physical voting, but it's kind of work there is issue
02:01
But it's okay with online voting it make things really really really complicated Basically because here we can see there is a like little Billy He's a kid and he understand what he's doing just by voting but he puts a physical proof of What he want what he wants to vote inside this ballot box
02:21
But on the other hand there is a server for online voting and nobody has any idea what's going on And at the end of the election you have absolutely no physical proof of what happened So if somebody is not happy with the election, it's really hard to tell what you should do Anyway, so in France we have something which is called the Kneel which is a
02:43
Commission national commission of informatics. I mean, it's the translation in Wikipedia I don't think it's right. But anyway, so basically it's the people who deal with with Sorry data privacy and so there really is this thing if you're not French speaker
03:01
This is a really long title, but basically it is some recommendation for Online voting so what you should if you want to make a online voting what you should or should not do and Basically what they say is they are not really They don't say it's it's the best idea to do
03:24
to the online voting for political election and The most important part of this thing. It's it's only a recommendation. So basically the Kneel say, yeah, you should do that But if you don't do that, there is no legal implication So basically it means that if you want to make online voting in France
03:45
There is For what? I understand there is no Legal obligation of anything you can just develop your software and it's okay So now we are going to talk about a company which is called no But this call is this company is basically the main actor in in France for online voting
04:03
So they I guess they got a lot of clients with COVID-19 because plenty of people now want to vote Online they work for the university plenty of company, etc. And yeah, sorry They have
04:20
Used the software has been used for the political election for the the primary party election So that's when I start knowing them So if we talk about their solution their software The main issue with a software is it's a total black box. So there is no documentation or white paper nothing
04:41
What you see here is basically the only thing on the website which took a bit about what they do But it's the only thing you have so it's very few. Of course, you cannot see the source code and as I said, yeah, there is a multiple primary party will the some
05:01
primary election and So all those election we are done with new votes on the internet Yeah, so spoiler alert I voted for the Green Party and so I got interesting in the thing and so I started with the Software how it works, etc. And so I wanted to write an article
05:22
I talked about all my finding to new votes as I consider it wasn't a real finding and Yeah, I just was nagging about the thing that I didn't find anything interesting So anyway, I met in cabron char which is a French researcher she works at CNRS and so
05:43
together with Joie and Juliette, we wrote a paper that got raised last month in in conference in France and so near what Don't seem to be really happy about it because they tried to to consult the talk at the conference with a legal action
06:01
so that didn't work, but Anyway, so I have to to be faster because otherwise you won't see the fun part So I voted for I said for the primary for the Green Party. So basically how it works you You go on the website you you do some stuff like you choose a password Then you go on the website for voting and you use your cell phone with pin code for vote, etc
06:25
I won't go in detail if you were more interested in these things. There is another talk another paper Sorry about that. It's in French if you don't read French, sorry so at the end of the voting you have this thing which so it's a
06:40
Last screen which said oh you voted So we have a really white screen. So when I took the screenshot, yeah, that's it And so if you don't see there is this weird thing at the middle, which is a bit red orange, which they called Proof of vote and so they said okay you voted and now there is this proof of vote
07:00
Keep it it's personal if you want to check that your vote. I've been Reusing inside the ballot box. Everything is right. You should use that so, okay, but There was not much information about that So I asked me about how it works and they told me that you have to wait for the end of the election And then you will have the stuff. So I went for the end of the election
07:20
And then here's a result screen from the end of the election and you see there is this you saw there They give you a website and they say okay, you can verify your your vote going to this website and using this password So the website is here. So it's a different website On the website you put the address of the server you voted on
07:42
You put the password you push your proof of vote and after that you you hit validate and it crashed Sorry, so yeah it crashed and in fact it time out and so you have to retry and then retry and then retry and after some time It finally works. And so here you have the thing so they say
08:04
Everything is fine. The green box is a saying Yeah, your proof of vote proof of vote is working and if you see the result, it's the same that on Wikipedia It's the official one. So, okay everything fine Yeah, there is one thing funny that I saw when I did that is there is there is this link for the source code
08:24
So I click it. I got a PHP script, which is a source code And so it's really great because it means that you can run the source code the PHP script on your own computer You don't have to trust the website for doing the check. So yeah good So here is an example. So you're the the code is
08:43
Copyrighted I guess so I cannot show everything but I can show the little extract the script is like four thousand five hundred lines And so here is for instance the code for the error handling for the error we saw So we have the ballot counting the ballot counting take a lot of time because there is encryption etc, whatever
09:03
So we have this written code is the written code is 98 then you store the stuff on the cache And then you have this written code, which is one and your point which in 40 plus written code divided one thousand But if your case is two three five and six
09:20
But not four then your code is six your point in 28 plus written code divided by one thousand And you have a break to which is a piece pre-instruction to say you have to go outside of two loops Okay fine enough so now What does this script do? Go it goes on the website it download to archives
09:44
it Decretes archive with the password and then it check your ballot But your proof of what and it comes about it. Okay. So first thing we are going to see is This proof of what what is made of so here is typically the proof of what it's a base 64 of something
10:01
Which is encrypted with a yes so symmetric encryption Yeah So the keys inside the script I Ask you what about that and they say it's fine. There is no security issue because it's not for security. It's for padding
10:21
So let's talk about padding because you know, yes, it's what they call block encryption So block encryption means you encrypt 32 octet 32 bytes a time and so if your last part is not 32 long, what do you do you do padding so In AES there is this thing which is to call pkcs7 which do the padding. So the question is
10:45
Why not using pkcs7 instead of using just AES for doing the padding? It would be much more efficient and it won't look suspicious as a sewing and articulate key And anyway what for because The proof of what why it should have to be at this side. We don't know because there is no documentation and sorry anyway
11:04
All the data for all the generated and proof of vote are all the same side. So Yet again anyway So what's inside of this proof of vote? It's five shower 512 ashes So each one of them are for one vote. So there is like five votes in this proof of vote
11:25
So why is it so what is it for that? It's because The idea is what I told you before When you got one proof of vote, you shouldn't be able to show for who you voted for So there is your vote inside the proof of vote and for other vote So you should not be able to say for who you voted for
11:44
You the funny thing is of course, there is no crypto signature, which means we can We can do funny stuff I'm going to see so anyway the format just really fast as you see on the Where my cursor? Yeah here you have All the shower ashes you have some random part of the header
12:02
And so the idea is they do a CRC so redundancy control so they do a checksum And so for doing this checksum, they use this This variable this constant which is called a paper and the funny thing is they concatenate it and it's PHP
12:21
so maybe you don't see but this is a string but this is bytes in fact and So this looks like exact signal String but it's used directly here as bytes So that concatenate bytes which only contain exactly similar character It's a bit weird, but I think there's forget something here
12:42
Anyway, so you have your redundancy control you concatenate with the rest of the thing you do as a yes And you know you got your proof of vote. So it's really simple So of course you can write a fake proof of vote script so here is mine because it's a Python conference So you should see some Python
13:01
So here you see I just generated a random sha 512 screw ashes And so if you do this you go on the website, and it doesn't work. Yeah, I mean the Neovot website says your proof about this is wrong so so far so good I mean, maybe we don't go really far with this
13:22
But in fact we do because what we are doing here is we are provided a fake proof of vote And we are checking it against the genuine ballot box But Neovot has no way to know if it's not the other way around Maybe we have a genuine a real proof of vote and the ballot box has been tempered and on the two sides
13:44
It's always the same checks that is done, and there is no way to know which one is which so what does it? Anyone can generate proof of vote and Claim that his proof of vote doesn't check with the ballot box and hence the election was rigged and
14:02
The other funny thing is anyone with a valid proof of vote who sees an organizer saying oh my proof of vote doesn't work Something is fishy The organizer can tell them you're the one who generate a fake proof of vote You fake news anyway So now for a real case studies
14:22
Green party election there was a the person who arrived last he really couldn't believe it so he said this is not right the election might have been rigged and so he went to justice for for this and Yeah, nothing could be proved so yeah, I just just lost his thing
14:43
the funny thing is so there is this quote from a Researcher which is called Chantal anger which is to slice in electronic voting and So the idea is the electronic voting industry basically what they say is electronic voting works great because nobody ever say that there is an actual dispute there is issue and
15:04
Why is it so it's simple because there is no way to prove there is something which went wrong So if you have physical evidence of the votes it's much simpler to show something fishy is and if everything happened on a computer So anyway now we are going to see the voting website. I show you before so basically it's like every
15:25
Website, so it minified. It's like that anyway, so you can Unminified it and You have all those variable you see that there are weird names that get changed every time you read out the page, okay? But some of them are not
15:40
Minified are not really well named they stay there so we can do a bit of Google search GitHub search, and then we find a library which is called ASM crypto So it might be the ones I use in the website, and it is of course Here you can see ASM script or on the one side the code from new vote on the other so it's pretty similar
16:06
Now for the bad news is ASM script. Oh hasn't been modified since September 2020 of whose There is no security audit, so It doesn't seem the best library to do a really sensitive thing But there is one thing that didn't add up
16:22
It's as we will see new what use one type of encryption which is areas Pkscs blah blah blah anyway, and this Precies algorithm is not supported by ASM crypto the library, so
16:40
They don't use ASM crypto they use an unmerged pull request of ASM crypto Yeah, so here is for instance one part of the code, so Same thing you see the new about code the ASM crypto pull request and so same code So let's talk a bit about ANSI so ANSI in France is
17:05
the people which are Responsible to say what you should and should not do in term of computing security, so there are really really great guy Who give really good advice when they say something you should listen to them and what they say is you must really please use
17:21
Major library library that have written by experts, and you use library with security support It's really important because it's really simple to have something which is broken in security in cryptography that you don't know that is broken So anyway, let's talk about the ballot box format As you saw in the in the rigid page
17:40
So the website you put it for there is this password that is provided and So with the password you supposed to decrypt the the to archive one is a ballot box And the other is ballot key And if you decrypt the ballot keys on the windows there is an error if you better if you decrypt Not ballot key, but ballot box on Linux. There is an error
18:03
So why is it so? someone knows A little advice tip yeah, you see it. Do you see it? Okay, yeah of course so yeah The trouble is if you if you use your archive is a zip format on zip format
18:24
They don't specify. They don't specify. What will be the encoding so if you use Unicode characters the encoding depend of your system if your line looks it will be UTF-8 if you're on Windows it most likely will be either and so yeah, it's It's not great
18:41
Anyway, the PHP script. He has to open both archives, so how does it work? They try They try to put encryption on top of it, and they try to put the other encryption I mean sorry the other encoding on top of it and After three try they should be fine enough
19:03
So yeah, I Wouldn't have done that this way especially if you control the generation of the archive the reading of the archives Yeah anyway So maybe you thinking like oh, it's not big deal. It's small thing. It's not real security issue
19:22
So yeah, but it's not like that I mean I was talking to you about the Kneel and the recommendation in the recommendation what they say is it's Important for third-party people to be able to read the ballot box. It's important for third-party people to write independent software that could help checking the ballot box and so basically that's what I'm doing and
19:46
for the presidential election new vote was used by 700,000 voters and basically From what I understand. I'm the only guy working writing a third-party tools for this so please Can we have like standard format something that make it simpler for people like me to write things that check
20:05
Because on the all the work. I've done for sorry all the work I've done here on this thing this encoding issue is it's things that took me the most time So yeah, it could have been really avoided please anyway
20:21
So yeah one more thing I told you first there was no absolutely no source code from the robot, and then I told you there is this Little source code you can download And it's because yes since Last time I mean since the Green Party election and since I've sent them the fact that all the defining
20:41
I had they removed the possibility to download the code great transparency Anyway, what's in the archive? So there is this first archive which is about key exports Which contain every say key so a private key for doing decryption?
21:01
The file is a dot PM. Which is a standard format for a ski, but it doesn't contain PM key So a little digression what is PM? When you want to store so basically in every say your key your key is a really big number if you want to store It you store it in a format or in the format So which is called ASN one so okay anyway
21:23
And this format you encode it inside in a binary format, which is called dear But given this format is binary. It's not really convenient So basically what you do is you put a header you put a footer you do base 64 encoding and here it is you've got your PM key and what new about does is that another layer of base
21:44
64 encoding because why not and so it makes thing a bit more complicated for me for people like me writing supply tools anyway So next thing what's in the archive? You have so it is other archives a ballot box export one What you have here is?
22:01
Multiple file which are not really interesting like the name of the election something like that And you have those two folder each folder is a round of the election so this election there was two rounds That's why there is two folder If we have a look at what's inside one of the folder there is this thing which is this file
22:21
Which is called the object names which contain the ID of each candidate and the name of the candidate So you see here is the second round so there is a two candidate and the the white vote And after that there is this cone param Which is another fine which contain the type of election if it's if you have to vote for one person or multiple person
22:43
And finally there is a more interesting part which is this third file which is called bad data and it contained one line per vote that happened and We're going to see what it contained So what you see here is there is a first part and the second part is
23:02
Sha 512 of the first part so the second part is the thing we saw in the in the proof of vote the first part it's RSA encrypted and it contained On the right side random things and on the left side in contains the ID of the candidate
23:24
Which has been voted for? Now little discretion because I said the thing is encrypted with everything, but you all know of course that you should never do Textbook everything so you should not just use everything you should always use everything with padding and so there is different type of piding
23:42
And basically there is a new Shiny one which is a or EP and PSS and there is the older one which is close because yes one which is used by Neovot and What say and see about this is basically it's obsolete so you shouldn't use it for newer software
24:01
Okay, and so how does it work because yes you have When you encrypt something with air say your the thing you encrypt may be the same side of your key So in case here, it's a three thousand seven to seventy two bits And so with PKS one you have a header you have a random stuff
24:21
Which is a cryptographically secure random bytes, and you have your message your message is what we saw the funny thing is The thing on the right which is supposed to be random It's not Cryptographically secure. It's just it's much less random that cryptographically
24:41
Secure thing it's easy to see this because here you see This is bytes still this is bytes, and you see there is only printable characters So basically what they do they take good randomly secure bytes And they do some kind of cooking to turn them into something printable
25:00
I don't know why they need something printable, but anyway, and so it makes thing less Less random so basically what they're doing is they're replacing this cryptographically secure random bytes from the PKS padding by something which is less random I Don't know why they do this, but
25:21
Not a great idea. I guess But it's not a security issue because PKS is is well made and there must be at the very least eight Cryptographically secure random bytes, but anyway, it's still weird oh
25:40
I'm already there. I know I can start to slow down Because I thought it would be much faster must slower anyway So we are going to to have a bit of fun so the The ballot box we saw there is no signature on it
26:03
We also saw that they gave us the RSA private key to do the decryption We know all the vote ashes because there are inside The ballot box and there are the one which are used inside the proof of what the so-called proof of vote So we can try to to tamper with the ballot box
26:24
Yeah, so first thing we can do is you know there is this file which is called object name where we saw With the ID of the candidate and the name of the candidate so really basic thing we can do is just modify this file So we switch the name and we saw what happened and so if we generate a new
26:43
ballot box and we provide it to the official website that do the check and you use The proof of vote a regular one you see that everything is considered as valid So it's fine except that now it's a wrong kind that that's a one so it's a really basic attack, but it works and so
27:05
The thing is the very practical thing about this attack is you don't have to be a computing engineer You don't have to do fancy thing You just have to open a zip archive modify two names close the zip archive and that's it You're done, so it's really incredible incredibly simple to do that if you're a voter
27:23
It's really hard to see that something wrong went because you have your proof of it But remember the proof of it doesn't contain only the the vote for who you voted for it contains also all the votes so You you cannot see that you voted for the wrong person because the idea has been switched I
27:45
Guess it's not really practical because what new vote can do is Take this file which is the file containing the the link between the ID and the name of the candidate and they can just share it and
28:00
Share it before the election with all the different bodies say okay. This ID is going to be this candidate So if you do that, it's really simple to see that there is switch that happen I don't know if they either do any check, but I suppose they do because There is no documentation about what they do of course So let's try something a bit more complicated
28:21
which is Given we have the private key the private RSA key. We also have the public one And so if we have the public RSA key we can do encryption and so we can start encrypting our own new ballot We can generate new about as much as we want So, yeah, we just have your ballot box archive and we put plenty of new about box just enough so that
28:46
There is a difference of one vote before between the two candidates. And so now the wrong candidate has win So it works again of course this attack is much more visible because The issue as we saw here is the number of ballots has changed because we have generated plenty of new ballots
29:05
So if you look at all the people that was supposed to vote and all the ballots at the end You see the number is different. So it's really easy to spot It's a funny attack and now for the the third attack there is this file
29:22
Of course, you saw it. Of course, you were wondering what it was and we are going to talk about this file So the name is extra ashes What does this fine do it's simple when the script is checking for the Ashes in your proof of vote. First thing you do is go inside this file and it removes the
29:43
Ashes from your proof of vote which are inside this file. So basically this is fine thing Okay, these prove these ashes. Yeah, don't don't take care. Don't care about it. Just just drop it So my guess is why they do this is because When you are the very first person that go to vote
30:05
On the Neovot server, there is no other vote, but Neovot server has to send you back your the five hash The five ashes to generate the proof of vote and so what the Neovot server does is it generate four random?
30:21
Ashes store them in extra ashes and so return you the ashes Anyway, so the funny thing is now what can we do is? generate Fake ballots like we do in the second attack. We put the fake ballot inside the file We've all the ballots, but now we have too much ballots inside the file
30:42
so we remove some of the of the genuine ballot from the ballot box about data file and all those All those ballots that have been removed you can take their Ashes and you put the ashes inside the extra ashes that CSV file. I mean there was 24
31:04
There was 24 ashes in extra ashes. Now. There is something like 5,000 or 10,000. What's the difference? Who knows? But the good thing is now you totally Change the result of the election. So everything's fine now still you have a difference of two votes between the first and the second one and
31:26
Yeah, everything is fine because you have the right name of vote You have checked everything everybody has a valid proof of vote Everything up here like it should but the only difference is you have too much ashes in extra ashes
31:43
but nobody knows what this file does so Who can say it's wrong or right to have 5,000 or 24 anyway Yeah, so as I said All the votes, all the proof of vote are valid If you are an organizer, you just cannot
32:01
Know that if this attack happens you cannot have any way to check so If you wonder of course given our I give those information to know what they answered They say that all my attack are not I'm not adding the official new what server of course
32:23
I'm doing this stuff on local on my computer. I write my scripts and so they said it's misleading what I'm saying because I could not change the result of the election because I could only change a file on my computer and the only
32:40
source of truth is the archive which is on the Website on the voting website, which is hosted by new vote So I'm totally agree with them on this What does it means is as long as you trust the archive that is on the new what server? Then the transparency script that you should run not to trust new what is working fine
33:07
fair enough Yeah, so I have time we can say What we saw today, so there is this string versus byte just mismanagement that remember us when we were doing Python 2 but
33:26
2021 2022 now Anyway, there is this encoding issues. There is this symmetric encryption use as padding stuff this random Bytes which are not cryptographically secure random bytes with but which are added for God knows why
33:45
the use of legacy padding Of course my favorite one the use of ASM crypto pull request for doing cryptography And the fact that We saw that when you do
34:01
The ballot box is a proof of vote checking on the website the website crashes but why it crashes it's because you have a lot a lot a lot of eraser decryption to do and It's costly. But what it means if if you are in an election like What I what I show an election with like 100,000 people if you are one people
34:23
I want to check his vote. The website is already done so It's like People they are supposed. I mean you you give them to to say ah, you should check your your vote But if they try to do it Thing are crashing if you are not working great
34:41
For instance in in the green parties I were talking about this proof of vote and where you can do the check for the next election for the the left-wing party primary party election They didn't talk at all about this voting proof the fact the fact you can check on the website so when you end up voting they say oh you can check your vote at the end with this thing and
35:04
after that at the end of the election, they don't give any information where you can do the check and Nobody seems to complain because nobody understand how online voting works so It's not really great for from us Yeah
35:22
So anyway, if you're curious and you want to see Mickey Mouse Win the election you can try it yourself I have put everything on github so you can just download the box try change the thing You can check against the real very verified website
35:41
As you can see I had to change the password from the original archive because I couldn't in Python puts The right password with all this encoding weirdness and it's because the zip module in Python doesn't support encrypted archive Anyway
36:01
So I talked to you about the CNRS publication in in algotel If you are French speaking, it's great. But if you are an English speaker, it's not great. But don't worry There is a new conference coming which is in Austria and there is a paper and this paper is in English And if you want to to write the analyze the preprint you can it's still done by
36:24
anchor Which have done an incredible job on this? So if you're Austrian, you should check it And I think I'm done. Yeah. Thank you very much. Amalia for this very interesting talk and
36:44
It's always great to see that somebody looks at the security and then it's just surprised that presents the stars Normally, you would just trust these systems or just expect them to be trustworthy without having to check it yourself We have time for some questions. So it's other questions from the audience. If you have a question about the security of the
37:06
online voting you can get quickly to the microphone here in front and Ask a question. I see somebody already coming so Hello, please ask your question Hi, thank you for the very informative talk
37:20
I was just interested. Did you manage to gain interest for some like interested actors like from there? Government but people who are in charge actually of making such systems Yeah, so as I told you from from what I understand from
37:42
legal point of view What Neubert is doing is fine. I mean they cannot be Don't quote of me on this because I'm basically the man in the street when I'm seeing that but what I understand is They cannot be a suit or anything for what they're doing, I guess but
38:01
Anyway, I think my finding are interesting So I send them to Neubert so they can react and after that because they didn't react I send also them to The Kneel I told to you about and the NC so the guy which are responsible to say what you should and shouldn't do in security So now they know they do something or not. It's what they want
38:25
And anyway, we are doing a publication with the with the CNRS with anchor. So That's the most we can do Thank you very much the next question, please Hi, thanks for the interesting talk. I just wanted to ask a simple question. What is your background?
38:43
What did you study to be able to understand all of this? So I'm mostly doing Software development And what I do is what I show you on the very first slide that you should go check anyway So it's like I'm using crypto, but I'm not a mathematician. I'm not developing crypto
39:05
I stay as far away as I can from crypto because I'm just want to have a well thought API like if you do crypto you should use a Leap sodium if you know it It's basically the good way to do crypto and so I'm just a regular computing engineer
39:22
I'm just curious and so you you saw On the pie on the on the page when you check the votes There was you can download the source card. So you get triggers you download you read the code you say I could And then you just follow the flow of the script and and you see what happened and the sad thing about that is
39:42
Now they removed the download the source code, so imagine if there from the beginning haven't put this download source code I would not be here talking about this. They could get away with it. I mean the All the all the things that's inside this conference Nobody we could know because everything is closed
40:03
Thanks Next question, please Hello, thanks for the talk was really cool to see that I'm French too so I can relate Do you know of any? trustworthy state-of-the-art system that could be trusted by government and citizens from online voting and which is
40:25
hopefully open source and transparent and everything Yeah basically, I mean basically When you're talking about online voting you already I mean you already too far
40:40
If you want to do voting, I mean there is two way to do voting. There is one way which is you care about Secrecy and then you have to do physical voting and the other thing is you don't care about secrecy I mean it's possible if you if you're voting for something that is not really important you can say
41:01
Okay, let's vote and we can all be clear about it We just raise a hand or we vote online on the poll software or anything I mean, it's a it's a legitimate use case and at least it's really clear that the thing is open If you do online voting, it's like a grayish thing. So for instance, I was talking about one researcher
41:24
Chantal anger she does a lot of research on this thing and what I understood She told me I understood that so I'm not an expert is When there is a switch People were using physical
41:42
physical voting and then the switch for online or electronic voting People are not voting the same. There is more people voting before that when you have to do something physical Maybe people are lazy. They don't go there. There are more people voting most of the time It's because even if it's electronic voting people have to go to the company to vote
42:02
So, of course, you don't say oh no, I'm not going Going to have a serious. No you go with everybody and the other thing is Once they vote they vote differently because when you are in a company and you have You have your political opinion
42:21
So you want to vote for something but you know The election is held by the company and you don't know how much you can trust the computer the software etc, etc And start you start by going a bit like yeah yeah, maybe it's just easier to to temper a bit what I think and Be sure I won't lose my job something like that
42:42
So yeah, if you want to do good voting just do physical voting Okay, we have time for one quick more question. Please ask the question. Hi great talk. Thanks Quick question. I'm a data engineer. So in my job, I have access to really big databases I see your personal data and my company trusts me not to do anything illegal with it. Yeah ross. I go to jail
43:07
How much do you trust new vote developers To you know respect an election and not secure the votes Is there any way to know that the current people who ran for the election did not did or did not actually win
43:22
Yeah, your question is kind of the The the complete theory or something like that I would say that As long as there is no proof You don't have to You don't want to put a shadow and say yeah, then maybe doing the maybe not no, I mean
43:41
What I believe is they're honest They don't want to to temper the the election and it would be really foolish to do that Of course because it's not I mean they are making money with this software. So they don't want to kill the milking coal So i'm pretty sure they are doing an honest job. They don't try to change things or anything
44:02
but It's not I mean there is so many layers so many different people who can do something. I mean if tomorrow There is a I don't know insert a big country with hackers That understand that there is this software which is more and more used for the for doing voting
44:24
maybe it's interesting to put enough energy in hacking this thing and they go inside the server and They understand how to rewrite the zip archive with these encoding issues To change the vote about box and now they change the election and no one can know anything about it or maybe
44:43
Later on you realize that oh this election there was a hacking things and maybe the election the result has changed And what can you do or maybe there is no thing that happened I mean everything is fine, but just you have a like a donald trump. I said the election is rigged And uh, how can you prove the election is not rigged given everything is done on a computer?
45:04
You don't have a lot of physical evidence so Even if everybody everybody is perfectly honest, it's still an issue Thank you. Okay. Thank you very much for all the questions and thanks again for the talk So let's have another round of applause for emmanuel