how not to build an electronic voting system -...
TRANSCRIPT
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.
...... How not to build an electronic voting system
Quentin Kaiser
Hack.lu 2015
October 21, 2015
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. $ whoami
Quentin KaiserSecurity Engineer | Penetration Tester
www.quentinkaiser.be [email protected] QKaiser
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Disclaimer
This research was prepared and accomplished in my personalcapacity. The opinions expressed in this talk are my own and donot reflect the view of past, current, or future employer.
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Outline
IntroductionEvoting Systems in BelgiumBuilding Secure Voting SystemsCODI
Polling stationsNetwork infrastructureWeb Applications
SmartmaticElection Configuration ManagerPV-VM
Conclusions
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Introduction
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..Evoting Systems in BelgiumHistorical Background
”I think your crypto is broken” - King Albert II
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..Evoting Systems in BelgiumHistorical Background
1991 - first experiment in two townships1994 - expanded to 20% of electorate1999 - expanded to 44% of electorate, introduction of OCRcounting2003 - first experiment with ticketing in two townships2007 - BeVoting report2012 - Introduction of Smartmatic systems
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Cryptographically Secure Voting Systems
Building secure voting systems is complex.ConfidentialityNon repudiationAuthenticityIntegrityNon coercionUniquenessAudit trailSimplicityEquityVerifiability
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Threat Model
And people are out there to get you.
1
1Security Analysis of the Estonian Internet Voting SystemQuentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. CODI
CODI
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. CODI
CODI encompass multiple evoting components:JitesDigivotePGM2PGM3Election Management System
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIVoting booths
Authentication & Authorizationpolling station president initialize software with a passwordpassword verified with checksum
0 1 2 3 4 5 6 7 8 9
fullPasswordValue extension
Password checksum
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIVoting booths
Integrity Protectionfloppy disk content integrity is checked
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIVoting booths
Vote castingbug2505 explored by @doegox 2
1http://www.poureva.be/spip.php?article853Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIBallot boxes
Magnetic card layout
token (5 bytes) - uniquely identify a polling stationpassage (1 byte) - boolean for vote castingMAC3 (4 bytes) - ensure integrity and authenticity of votetest (1 byte) - identify voter type (N, E, S)vote (2 + x bytes) - vote value
3ISO-9797-1, Algo 2 / Padding 2Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIBallot boxes
Fraud detectionByte length - Sanity checkToken - Ensure vote was cast in same polling stationMAC - Ensure integrity and authenticity of vote
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesBypassing fraud detection
Step 1 - Byte length
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesBypassing fraud detection
Step 2 - Token recovery
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesBypassing fraud detection
Step 3 - MAC key recovery
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesBypassing fraud detection
Step 3 - MAC key recovery
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesBypassing fraud detection
Step 3 - MAC key recovery
read MAC and vote values off a magnetic cardforeach 104 possible password combinations
...1 derive key from password combination
...2 compute MAC with derived key
...3 compare computed MAC with magnetic card’s MAC
Byproduct of MAC key recovery: you also recovered 6 bytes out of10 of the polling station’s president password.
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIBallot boxes
Fraud detectionByte length - DoneToken - DoneMAC - Done
Being able to create rogue magnetic cards breaks:non-coercion (vote buying activities)uniqueness (ballot stuffing)
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesSecure vote storage
Votes are stored in temporary file during election processtemporary file encrypted with AES on polling station closing
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesSecure vote storage
Temporary file”encrypt” each vote with XOR cipherrandomness of vote position is heavily questionned
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesSecure vote storage
Temporary fileXOR filter easily recoverable by brute force or offline attack(see fraud detection bypass)
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODI - Ballot boxesSecure vote storage
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIPGM
PGM2 & PGM3Microsoft Windows executablesrely on obscure software (GuptaSQL, anyone ?)did not manage to execute them properly :(
Expected behavior:generate minutes as PDF filePDF file signed with polling station president eIDencode votes into undocumented ”Format F” formatminutes PDF + ”Format F” content sent to central server
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Zipping deeper
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODISecure Vote Transmission
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
aka OWASP Top 10
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Web1 : encoding of lists, candidates, polling stations, ...Web2 : used by belgian ambassies to transmit votesWeb3 : Ministry of home affairs intranet webapp holdingelection resultsWeb4 : logging and monitoring of WebsomethingWeb5 : webapp that hosts results, available to the generalpublicLoc1 : reception of ”format F” files and transmission to Loc2Loc2 : results verification, loading in database, transmissionto Loc3Loc3 : transmission of results to different partners (mostlypress, hopefully)
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Information leak
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Keeping your private key private
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Storing passwords in plaintext
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Arbitrary file downloaddiscovered unauthenticated arbitrary file download on Web1downloaded the script itself to look at it”StackOverflow copy/pasta”
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Arbitrary file download
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Arbitrary file download
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..CODIElection Management System
Disclosure timeline:07/2014: first mail to notify Civadis about infoleak07/2014: second email to notify Civadis about private keys08/2014: third email to notify Civadis about arbitrary filedownload01/09/2014: email again, this time I cc the IBZ02/09/2014: answer from Civadis, I replied back explainingimpact03/09/2014: ”no impact, it’s a backup server”4
05/09/2014: Civadis deactivate the accounts10/09/2014: Civadis shutdown those servers
4but it’s not, I can prove itQuentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Smartmatic
Speaking of coordinated disclosure ...
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Smartmatic
Smartmatic
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Smartmatic
Smartmatic provides two systems:ECM - Election Configuration ManagerPM-VM - Voting machines (vote casting + ballot boxes)
Due to limited time, I only managed to look at ECM (for now).
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..SmartmaticElection Configuration Manager
Highlights3 Ubuntu hosts running Linux 2.6.38-8-genericeach host provided as an .iso file online
ECM DB (PostgreSQL)ECM server (JBoss)ECM client (Java client)
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..SmartmaticElection Configuration Manager
Getting access to those f***ing boxesno credentials in documentationno SSHno shell for saes (default user)
I ended up doing this:mount isocopy to get read/write accessmodify smartmatic seed file to set my own root passwordrepackage isoinstall in VM, login, usual post exploitation commands
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Election Configuration Manager
Well thought hardening:no remote access (rsh, telnet, ssh, whatever)file permissions are well setiptables config is not great, but good enoughsudoers file limits capabilities of saes usersecurity/access.conf to disable accessno password for builtin users (e.g. postgres)loading of arbitrary remote classes disabled in RMI serveraccess to PostgreSQL limited to whitelisted IP
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Election Configuration Manager
However...PostgreSQL traffic is unencryptedNo password on PostgreSQL users (ecm, postgres)
Messing with the elections in 4 steps:...1 gain physical access to network...2 ARP spoofing JBoss host and PostgreSQL host...3 connects to PostgreSQL server assuming JBoss host IP...4 dump database, gain RCE as postgres with UDF
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
..SmartmaticPM-VM
Maybe for next year !
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Conclusions
Don’t believe the hype.CODI system was broken from day 1Smartmatic system also has its flaws
We need a serious audit of the Election ManagementSystem.
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. Q&A
Thank you for your attention. Any questions ?
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. References I
Affront, Affront analysis of 2003/2004 versions of digivote,Affront (2004).
D. Wagner C. Karlof, N. Sastry, Cryptographic votingprotocols: A systems perspective., 14th USENIX SecuritySymposium.Internet Policy Institute, Voting systems design criteria. reportof the national workshop on internet voting: Issues andresearch agenda.Jason Kitcat Margaret MacAlpine Travis FinkenauerDrew Springall J. Alex Halderman, Harri Hursti, Securityanalysis of the estonian internet voting system.LaLibre.be, Le parlement wallon se prononce en faveur de lafin du vote électronique en belgique, 6 2015, .
Quentin Kaiser How not to build an electronic voting system
..........
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
.....
.....
......
.....
......
.....
.....
.
.. References II
Medor Mag, Le jour où la belgique a bugué., 5 2015, .
Oladiran Tayo Arulogun Olayemi Mikail Olaniyi,Adeoye Oludotun and Elijah Olusayo Omidior, Design ofsecure electronic voting system using multifactorauthentication and cryptographic hash functions., InternationalJournal of Computer and Information Technology (2013).
PourEVA, Comment frauder lors d’une élection communalesans trop de connaissances informatiques ?, 11 2006, .
, Victoire de la transparence au conseil d’etat, 5 2011, .
, Généalogie du code source des systèmes digivote etjites, 6 2014, .
, On vous dit tout ce que l’on sait du bug2505, 6 2014,.
Quentin Kaiser How not to build an electronic voting system