Saghar Estehghari

Impact of Client-side Vulnerabilities on Web-based E-voting Systems: Demonstrating a Client-side Attack Against Helios 2.0 As an Example Saghar Estehghari

E-voting systems are composed of machines located in polling stations. The research has shown that these systems are vulnerable to hacking attacks that endanger anonymity of voters and correctness of results. The implementation of such e-voting systems using web-based technologies has recently become a hot topic. Helios is a web-based open-audit voting system designed by Adida at Harvard University. State of the art web technologies and advanced cryptographic techniques have been utilized to provide integrity of ballots and voter secrecy in the insecure Internet environment. However this book demonstrates that the matter of computer and web browser security has not been considered properly in this application. For this work, an attack is designed and implemented by exploiting both software and web browser vulnerabilities on client's machine. Thus this gives an opportunity to an attacker to tamper with the integrity of an election. This book targets not only computer scientists and security professionals but also computer users. It shows the extend to which the vulnerabilities on client machines may risk the privacy of users on the Internet environment.