A Trustworthy Electronic Voting System for Australian Federal Elections
Authors:
Mark Eldridge
Abstract:
The existing system for determining election results in Australia is, for the most part, secure, accurate and understandable by the average voter. This thesis explores the design of electronic voting systems designed to achieve these same goals, while also improving on the existing system in the areas of counting speed, accuracy, tamper resistance and accessibility.
Electronic voting systems hav…
▽ More
The existing system for determining election results in Australia is, for the most part, secure, accurate and understandable by the average voter. This thesis explores the design of electronic voting systems designed to achieve these same goals, while also improving on the existing system in the areas of counting speed, accuracy, tamper resistance and accessibility.
Electronic voting systems have seen limited use within Australian elections, most prominently for State Elections in Victoria (2014), New South Wales (2015) and Western Australia (2017), along with trials of electronic voting systems in federal elections in 2007.
This thesis presents an analysis of the iVote electronic voting system used for the 2017 Western Australian State Election (iVote WA), outlining a number of security risks introduced by the use of cloud-based distributed denial of service mitigation. In addition, this thesis presents the results of a cross-sectional survey of Australian voters regarding levels of trust for three voting systems: the existing paper-based system used for Australian federal elections, the iVote WA system, and the vVote system used for the 2014 Victorian State Election.
The analysis of iVote, combined with the survey results, are used to inform a recommendation for future research and public policy regarding the use of electronic voting systems in Australian federal elections.
△ Less
Submitted 6 May, 2018;
originally announced May 2018.
Trust Implications of DDoS Protection in Online Elections
Authors:
Chris Culnane,
Mark Eldridge,
Aleksander Essex,
Vanessa Teague
Abstract:
Online elections make a natural target for distributed denial of service attacks. Election agencies wary of disruptions to voting may procure DDoS protection services from a cloud provider. However, current DDoS detection and mitigation methods come at the cost of significantly increased trust in the cloud provider. In this paper we examine the security implications of denial-of-service prevention…
▽ More
Online elections make a natural target for distributed denial of service attacks. Election agencies wary of disruptions to voting may procure DDoS protection services from a cloud provider. However, current DDoS detection and mitigation methods come at the cost of significantly increased trust in the cloud provider. In this paper we examine the security implications of denial-of-service prevention in the context of the 2017 state election in Western Australia, revealing a complex interaction between actors and infrastructure extending far beyond its borders.
Based on the publicly observable properties of this deployment, we outline several attack scenarios including one that could allow a nation state to acquire the credentials necessary to man-in-the-middle a foreign election in the context of an unrelated domestic law enforcement or national security operation, and we argue that a fundamental tension currently exists between trust and availability in online elections.
△ Less
Submitted 3 August, 2017;
originally announced August 2017.