Abstract | ||
---|---|---|
The security of the Norwegian Internet voting system depends strongly on the implemented verification code mechanism, which allows voters to verify if their vote has been cast and recorded as intended. For this to work properly, a secure and independent auxiliary channel for transmitting the verification codes to the voters is required. The Norwegian system assumes that SMS satisfies the necessary requirements for such a channel. This paper demonstrates that this is no longer the case today. If voters use smartphones or tablet computers for receiving SMS messages, a number of new attack scenarios appear. We show how an adversary may exploit these scenarios in systems providing vote updating and point out the consequences for the vote integrity in the Norwegian system. We also give a list of possible counter-measures and system enhancements to prevent and detect such attacks. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1007/978-3-642-39185-9_5 | VOTE-ID |
Keywords | Field | DocType |
vote integrity,sms message,verification code mechanism,norwegian system,system enhancement,verification code,independent auxiliary channel,norwegian internet voting system,new attack scenario,necessary requirement | Norwegian,Short Message Service,Computer security,Communication channel,Exploit,Mobile device,Engineering,Adversary,Internet voting | Conference |
Citations | PageRank | References |
3 | 0.40 | 20 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Reto E. Koenig | 1 | 83 | 8.38 |
Philipp Locher | 2 | 16 | 4.12 |
Rolf Haenni | 3 | 371 | 33.39 |