Return of the Insecure Brazilian Voting Machines
Event details
| Date | 23.10.2018 |
| Hour | 14:15 |
| Speaker | Prof. Diego F. Aranha, Aarhus University, Denmark |
| Location | |
| Category | Conferences - Seminars |
Abstract
This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, multiple serious vulnerabilities (hard-coded cryptographic keys and insufficient integrity checks, among others) were detected in the voting software, which when combined compromised the main security properties of the equipment, namely ballot secrecy and software integrity. We trace the history of the vulnerabilities to a previous security analysis, providing some perspective about how the system evolved in the past 6 years. As far as we know, this was the most in-depth compromise of an official large-scale voting system ever performed under such severely restricted conditions. Joint work with Pedro Y. S. Barbosa, Thiago N. C. Cardoso, Caio Lüders and Paulo Matias.
Biography
Diego F. Aranha is an Assistant Professor in the Department of Engineering at Aarhus University. He was previously an Assistant Professor at the University of Brasília (3 years) and the University of Campinas (4 years). He holds a PhD degree in Computer Science from the University of Campinas and has worked as a visiting PhD student for 1 year at the University of Waterloo. His professional experience is in Cryptography and Computer Security, with a special interest in the efficient implementation of cryptographic algorithms and security analysis of real-world systems. He received the Google Latin America Research Award for research on privacy twice, and the MIT TechReview's Innovators Under 35 Brazil Award for his work in electronic voting.
This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, multiple serious vulnerabilities (hard-coded cryptographic keys and insufficient integrity checks, among others) were detected in the voting software, which when combined compromised the main security properties of the equipment, namely ballot secrecy and software integrity. We trace the history of the vulnerabilities to a previous security analysis, providing some perspective about how the system evolved in the past 6 years. As far as we know, this was the most in-depth compromise of an official large-scale voting system ever performed under such severely restricted conditions. Joint work with Pedro Y. S. Barbosa, Thiago N. C. Cardoso, Caio Lüders and Paulo Matias.
Biography
Diego F. Aranha is an Assistant Professor in the Department of Engineering at Aarhus University. He was previously an Assistant Professor at the University of Brasília (3 years) and the University of Campinas (4 years). He holds a PhD degree in Computer Science from the University of Campinas and has worked as a visiting PhD student for 1 year at the University of Waterloo. His professional experience is in Cryptography and Computer Security, with a special interest in the efficient implementation of cryptographic algorithms and security analysis of real-world systems. He received the Google Latin America Research Award for research on privacy twice, and the MIT TechReview's Innovators Under 35 Brazil Award for his work in electronic voting.
Practical information
- General public
- Free
- This event is internal
Organizer
- Prof. Bryan Ford
Contact
- Dr. Philpp Jovanovic