0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/1373 Thanks! 1 00:00:19,810 --> 00:00:22,539 So the Swiss democracy 2 00:00:22,540 --> 00:00:23,770 is one of its kind. 3 00:00:24,820 --> 00:00:27,249 No other country lets its citizens 4 00:00:27,250 --> 00:00:29,499 have that much of an impact 5 00:00:29,500 --> 00:00:31,629 on their rules and regulations. 6 00:00:32,830 --> 00:00:34,899 Meanwhile, in a time where 7 00:00:34,900 --> 00:00:37,059 everything gets digitized, it's 8 00:00:37,060 --> 00:00:39,159 only a natural conclusion that this might 9 00:00:39,160 --> 00:00:41,559 also affect voting someday. 10 00:00:41,560 --> 00:00:43,839 So earlier this year, the Swiss 11 00:00:43,840 --> 00:00:45,969 Post released e-voting source 12 00:00:45,970 --> 00:00:48,099 code as part of a mandatory 13 00:00:48,100 --> 00:00:50,259 public intrusion test or 14 00:00:50,260 --> 00:00:52,149 pit for short. 15 00:00:52,150 --> 00:00:54,429 Yeah, and that's where our story starts. 16 00:00:55,960 --> 00:00:57,489 My name's young executional. 17 00:00:57,490 --> 00:00:59,589 I'm a Swiss cybersecurity researcher 18 00:00:59,590 --> 00:01:00,789 and CTF player. 19 00:01:01,990 --> 00:01:03,699 Together with my research team set up 20 00:01:03,700 --> 00:01:05,919 this year, we analyzed the Swiss E-voting 21 00:01:05,920 --> 00:01:07,359 Source Code. 22 00:01:07,360 --> 00:01:09,579 Obviously, my views are my own 23 00:01:09,580 --> 00:01:11,890 and not my employer's dramas or dogs. 24 00:01:14,680 --> 00:01:16,869 So little bit of 25 00:01:16,870 --> 00:01:18,819 background information. 26 00:01:18,820 --> 00:01:20,949 Why should we vote digitally in the 27 00:01:20,950 --> 00:01:22,749 first place? 28 00:01:22,750 --> 00:01:25,059 So one of the main arguments 29 00:01:25,060 --> 00:01:27,699 was that it's comfortable for experts, 30 00:01:27,700 --> 00:01:30,099 for people living abroad because 31 00:01:30,100 --> 00:01:31,869 for them, voting used to be quite a 32 00:01:31,870 --> 00:01:33,999 hassle. They have to center votes 33 00:01:34,000 --> 00:01:36,159 per mail and sometimes the mail 34 00:01:36,160 --> 00:01:38,949 gets lost and or arrive too late. 35 00:01:38,950 --> 00:01:41,019 So that's one of the main reasons. 36 00:01:41,020 --> 00:01:43,809 Also, it should attract young voters 37 00:01:43,810 --> 00:01:46,449 and it should make voting more accessible 38 00:01:46,450 --> 00:01:47,450 to the public. 39 00:01:48,370 --> 00:01:51,039 However, with the 40 00:01:51,040 --> 00:01:53,259 e-voting also comes with some major 41 00:01:53,260 --> 00:01:54,909 downsides. 42 00:01:54,910 --> 00:01:57,159 Security risks are in scale. 43 00:01:57,160 --> 00:01:59,319 You don't have to bribe a few thousand 44 00:01:59,320 --> 00:02:01,479 people, you have to find the right 45 00:02:01,480 --> 00:02:03,609 exploit, and maybe you can even do 46 00:02:03,610 --> 00:02:05,680 it in the comfort of your home and home. 47 00:02:06,850 --> 00:02:09,099 Also, it's very expensive to maintain 48 00:02:09,100 --> 00:02:11,739 and the systems must be trusted. 49 00:02:11,740 --> 00:02:13,839 And it's hard to create a 50 00:02:13,840 --> 00:02:16,419 trust because how do you make sure 51 00:02:16,420 --> 00:02:18,309 that the software running on these voting 52 00:02:18,310 --> 00:02:20,619 machines is actually the software that 53 00:02:20,620 --> 00:02:22,809 has been released or tested? 54 00:02:22,810 --> 00:02:24,879 The first thing that comes to mind is 55 00:02:24,880 --> 00:02:27,039 checksum. I mean, checksums are great, 56 00:02:27,040 --> 00:02:29,319 right? But how do you make sure 57 00:02:29,320 --> 00:02:31,449 the checks and program is right and not 58 00:02:31,450 --> 00:02:33,099 just the static string? 59 00:02:33,100 --> 00:02:35,499 So that's one of the major problems. 60 00:02:37,300 --> 00:02:39,879 I often hear a comparison between 61 00:02:39,880 --> 00:02:42,279 electronic voting and electronic 62 00:02:42,280 --> 00:02:43,749 banking. 63 00:02:43,750 --> 00:02:45,099 However, I think there are major 64 00:02:45,100 --> 00:02:47,259 differences, and in my opinion, 65 00:02:47,260 --> 00:02:50,049 it's easier to protect electronic banking 66 00:02:50,050 --> 00:02:52,239 because there you have transactions 67 00:02:52,240 --> 00:02:54,249 between two parties that can easily be 68 00:02:54,250 --> 00:02:56,409 identified and corrected 69 00:02:56,410 --> 00:02:57,759 in electronic voting. 70 00:02:57,760 --> 00:02:59,919 You have to guarantee 71 00:02:59,920 --> 00:03:02,289 absolute anonymity for the voter, 72 00:03:02,290 --> 00:03:04,029 which makes it pretty hard. 73 00:03:04,030 --> 00:03:05,859 There are two components. 74 00:03:05,860 --> 00:03:08,859 There is the university verifiability 75 00:03:08,860 --> 00:03:11,499 and the individual verifiability 76 00:03:11,500 --> 00:03:13,839 that are supposed to 77 00:03:13,840 --> 00:03:15,999 make you validate your 78 00:03:16,000 --> 00:03:17,559 votes mathematically. 79 00:03:17,560 --> 00:03:19,389 These are some core components of 80 00:03:19,390 --> 00:03:21,219 electronic voting. 81 00:03:21,220 --> 00:03:23,439 So, yeah, the 82 00:03:23,440 --> 00:03:26,559 process is um, 83 00:03:26,560 --> 00:03:28,989 if you if you vote line, 84 00:03:28,990 --> 00:03:31,329 you usually have your vote 85 00:03:31,330 --> 00:03:33,489 and you put it in the ballot box 86 00:03:33,490 --> 00:03:35,739 and then you have a lot of people 87 00:03:35,740 --> 00:03:37,629 that count the votes, you have election 88 00:03:37,630 --> 00:03:40,119 helpers, you have election 89 00:03:40,120 --> 00:03:41,889 observers, etc. 90 00:03:41,890 --> 00:03:43,819 But if you vote online, you just sent 91 00:03:43,820 --> 00:03:46,209 your request to the server and 92 00:03:46,210 --> 00:03:48,369 afterwards you get a check them back 93 00:03:48,370 --> 00:03:49,449 and check some. 94 00:03:49,450 --> 00:03:51,789 It's for your individual verifiability 95 00:03:51,790 --> 00:03:54,069 that you can prove mathematically 96 00:03:54,070 --> 00:03:56,169 that your vote has 97 00:03:56,170 --> 00:03:58,149 been counted correctly. 98 00:03:58,150 --> 00:04:00,219 On the other side, for the government, 99 00:04:00,220 --> 00:04:02,889 they get the universal verifiability 100 00:04:02,890 --> 00:04:04,719 where they can check if all votes have 101 00:04:04,720 --> 00:04:08,199 been counted correctly mathematically. 102 00:04:08,200 --> 00:04:10,329 So fast 103 00:04:10,330 --> 00:04:11,829 forward a bit. 104 00:04:11,830 --> 00:04:14,019 Electronic voting is nothing new per 105 00:04:14,020 --> 00:04:16,299 se. Many countries already 106 00:04:16,300 --> 00:04:18,429 had electronic voting solutions in 107 00:04:18,430 --> 00:04:20,049 place. 108 00:04:20,050 --> 00:04:22,899 For example, Basel or Geneva. 109 00:04:22,900 --> 00:04:25,149 However, the new part is that the 110 00:04:25,150 --> 00:04:27,279 government wanted to use 111 00:04:27,280 --> 00:04:29,559 electronic voting as an official 112 00:04:29,560 --> 00:04:30,759 channel. 113 00:04:30,760 --> 00:04:33,369 As an official voting channel all 114 00:04:33,370 --> 00:04:34,370 over Switzerland. 115 00:04:35,560 --> 00:04:38,559 So there were some problems. 116 00:04:38,560 --> 00:04:41,229 Geneva had to stop their e-voting 117 00:04:41,230 --> 00:04:43,459 program completely in Basel 118 00:04:43,460 --> 00:04:46,029 is on the verge of it because electronic 119 00:04:46,030 --> 00:04:48,579 voting is extremely expensive. 120 00:04:48,580 --> 00:04:50,679 There were some studies that said for 121 00:04:50,680 --> 00:04:53,139 every effective user user 122 00:04:53,140 --> 00:04:55,419 that used electronic voting over 123 00:04:55,420 --> 00:04:57,699 10 years, the counting of Basel 124 00:04:57,700 --> 00:04:59,829 would have to pay around 4000 Swiss 125 00:04:59,830 --> 00:05:02,229 francs, which is honestly quite 126 00:05:02,230 --> 00:05:03,519 a lot. 127 00:05:03,520 --> 00:05:05,709 Yeah, and Geneva 128 00:05:05,710 --> 00:05:07,959 is an interesting example because 129 00:05:07,960 --> 00:05:10,179 it developed its own electronic 130 00:05:10,180 --> 00:05:12,369 voting solution that has been 131 00:05:12,370 --> 00:05:14,229 used by some of the contents in 132 00:05:14,230 --> 00:05:15,230 Switzerland. 133 00:05:17,780 --> 00:05:20,329 So SARS-CoV publication, 134 00:05:21,350 --> 00:05:23,569 it was pretty interesting when 135 00:05:23,570 --> 00:05:25,909 we could get our hands on this 136 00:05:25,910 --> 00:05:28,129 very special code, this very 137 00:05:28,130 --> 00:05:29,389 important code. 138 00:05:29,390 --> 00:05:31,549 And so it started to 139 00:05:31,550 --> 00:05:32,629 the great news. 140 00:05:32,630 --> 00:05:34,219 We went to the website, we wanted to 141 00:05:34,220 --> 00:05:36,409 download it and we were 142 00:05:36,410 --> 00:05:39,229 greeted with a non-disclosure agreement. 143 00:05:39,230 --> 00:05:41,419 This struck me as odd because I thought 144 00:05:41,420 --> 00:05:44,429 the code was supposed to be open source. 145 00:05:44,430 --> 00:05:47,149 However, the Swiss Post introduced 146 00:05:47,150 --> 00:05:50,209 open code, which is basically 147 00:05:50,210 --> 00:05:52,579 released a snapshot of the code under 148 00:05:52,580 --> 00:05:54,319 an NDA. So the code is public. 149 00:05:54,320 --> 00:05:57,349 But it's it's not really Open-Source. 150 00:05:57,350 --> 00:05:59,659 Not at all. So, yeah, 151 00:05:59,660 --> 00:06:01,969 nevertheless, we signed up for it because 152 00:06:01,970 --> 00:06:03,679 we wanted to test the code. 153 00:06:03,680 --> 00:06:05,779 And the first thing we noticed 154 00:06:05,780 --> 00:06:08,269 is how big the code actually 155 00:06:08,270 --> 00:06:10,189 was like. 156 00:06:10,190 --> 00:06:12,289 It was around a quarter million 157 00:06:12,290 --> 00:06:14,749 lines of code it 158 00:06:14,750 --> 00:06:16,849 was. It was really big, 159 00:06:16,850 --> 00:06:19,009 and it featured a 160 00:06:19,010 --> 00:06:21,109 microservices architecture of 161 00:06:21,110 --> 00:06:23,479 several components that talked with 162 00:06:23,480 --> 00:06:25,819 each other. It was really, really a big 163 00:06:25,820 --> 00:06:27,049 solution. 164 00:06:27,050 --> 00:06:29,239 And another thing that 165 00:06:29,240 --> 00:06:31,669 was really, really big was 166 00:06:31,670 --> 00:06:32,629 the dependencies. 167 00:06:32,630 --> 00:06:35,299 They had a lot of dependencies 168 00:06:35,300 --> 00:06:36,559 like really a lot, and 169 00:06:37,640 --> 00:06:39,799 history has shown that dependencies 170 00:06:39,800 --> 00:06:41,619 can be really dangerous. 171 00:06:41,620 --> 00:06:43,789 And one example that I like 172 00:06:43,790 --> 00:06:46,069 to come up with is Event Stream early 173 00:06:46,070 --> 00:06:48,679 2018, where a developer 174 00:06:48,680 --> 00:06:51,169 got tired of maintaining 175 00:06:51,170 --> 00:06:53,449 his nice little project and transferred 176 00:06:53,450 --> 00:06:55,819 ownership to someone who offered 177 00:06:55,820 --> 00:06:57,889 help. However, that person was 178 00:06:57,890 --> 00:07:00,259 a malicious actor, and yeah, 179 00:07:00,260 --> 00:07:02,479 now a few thousand 180 00:07:02,480 --> 00:07:05,479 programs featured malware in it 181 00:07:05,480 --> 00:07:07,339 and also in the e-voting code. 182 00:07:07,340 --> 00:07:09,409 He found some dependencies 183 00:07:09,410 --> 00:07:11,029 that third party libraries that were 184 00:07:11,030 --> 00:07:13,339 vulnerable to several exploits, 185 00:07:13,340 --> 00:07:15,649 however, did function burned exactly 186 00:07:15,650 --> 00:07:17,869 you? So the risk wasn't that 187 00:07:17,870 --> 00:07:20,479 big, but alone that the fact that 188 00:07:20,480 --> 00:07:23,359 these these libraries were present 189 00:07:23,360 --> 00:07:25,519 shows that, yeah, it's a real threat 190 00:07:25,520 --> 00:07:27,410 and that patch management is hard. 191 00:07:29,240 --> 00:07:31,759 So where do you start 192 00:07:31,760 --> 00:07:33,949 when you got such a big 193 00:07:33,950 --> 00:07:35,359 software? 194 00:07:35,360 --> 00:07:38,539 And first point would be documentation? 195 00:07:38,540 --> 00:07:40,789 You look at how does it work? 196 00:07:40,790 --> 00:07:42,769 What's the threat model? 197 00:07:42,770 --> 00:07:43,939 Just look how it works. 198 00:07:43,940 --> 00:07:47,419 So in the Geneva system, 199 00:07:47,420 --> 00:07:49,609 they had a lot of documentation. 200 00:07:49,610 --> 00:07:51,379 They had like threat models for every 201 00:07:51,380 --> 00:07:52,380 component. 202 00:07:53,360 --> 00:07:55,849 But in the news, a Swiss system, 203 00:07:55,850 --> 00:07:57,499 there were only three high level 204 00:07:57,500 --> 00:07:59,929 documents some about the cryptography, 205 00:07:59,930 --> 00:08:01,669 a little bit high level voting workflow, 206 00:08:01,670 --> 00:08:04,039 a little bit lower level, but it wasn't 207 00:08:04,040 --> 00:08:05,509 that useful. 208 00:08:05,510 --> 00:08:07,939 It also featured as some 209 00:08:07,940 --> 00:08:10,069 API descriptions, 210 00:08:10,070 --> 00:08:11,989 but most of them were internal and 211 00:08:11,990 --> 00:08:13,999 weren't of much use. 212 00:08:14,000 --> 00:08:16,219 But there there was 213 00:08:16,220 --> 00:08:17,119 something interesting. 214 00:08:17,120 --> 00:08:19,189 There were security audits performed 215 00:08:19,190 --> 00:08:21,319 before the public intrusion 216 00:08:21,320 --> 00:08:23,449 test, and these are great because 217 00:08:23,450 --> 00:08:25,279 you can see maybe there were invalid 218 00:08:25,280 --> 00:08:27,529 patches or just see what 219 00:08:27,530 --> 00:08:29,479 are the core parts that are interesting 220 00:08:29,480 --> 00:08:30,619 to look at. 221 00:08:30,620 --> 00:08:32,779 So we went to the Swiss Post 222 00:08:32,780 --> 00:08:34,009 website. 223 00:08:34,010 --> 00:08:36,259 We downloaded it and the file 224 00:08:36,260 --> 00:08:38,209 sizes seemed oddly small. 225 00:08:39,440 --> 00:08:41,450 Now, when you open these PDFs, 226 00:08:42,650 --> 00:08:44,839 they only seem to contain the covers 227 00:08:44,840 --> 00:08:46,729 table of contents. 228 00:08:46,730 --> 00:08:48,499 Honest mistake. Of course, everybody 229 00:08:48,500 --> 00:08:50,899 published the wrong thing, but after 230 00:08:50,900 --> 00:08:53,089 some further investigation, 231 00:08:53,090 --> 00:08:55,339 it showed that this was on purpose to 232 00:08:55,340 --> 00:08:57,589 protect the IP law after 233 00:08:57,590 --> 00:08:59,659 a company that audited it, 234 00:08:59,660 --> 00:09:01,489 and they didn't want to give out those 235 00:09:01,490 --> 00:09:03,499 reports, which was kind of a bummer. 236 00:09:04,880 --> 00:09:07,639 So, OK, we had to work without 237 00:09:07,640 --> 00:09:08,719 any documentation. 238 00:09:08,720 --> 00:09:10,819 So next thing you usually do 239 00:09:10,820 --> 00:09:13,129 is, yeah, set up the system and 240 00:09:13,130 --> 00:09:14,749 check a bit. How does it work? 241 00:09:14,750 --> 00:09:16,429 How does it interact, how you play with 242 00:09:16,430 --> 00:09:17,430 it? 243 00:09:17,810 --> 00:09:20,059 However, you couldn't build the system. 244 00:09:21,560 --> 00:09:23,449 The system wasn't buildable at all. 245 00:09:23,450 --> 00:09:26,119 The system wasn't meant to be built. 246 00:09:26,120 --> 00:09:28,159 The system relied on an internal built 247 00:09:28,160 --> 00:09:30,049 server at the development company in 248 00:09:30,050 --> 00:09:32,299 Spain, and 249 00:09:32,300 --> 00:09:34,039 you were only supposed to access the 250 00:09:34,040 --> 00:09:35,779 systems during the official public 251 00:09:35,780 --> 00:09:37,879 intrusion tests already provided you with 252 00:09:37,880 --> 00:09:39,739 test instance. 253 00:09:39,740 --> 00:09:41,989 So even with some public 254 00:09:41,990 --> 00:09:44,359 effort to reconstruct the source 255 00:09:44,360 --> 00:09:46,849 code by several parties, 256 00:09:46,850 --> 00:09:47,749 it didn't work out. 257 00:09:47,750 --> 00:09:50,299 It was just a true limited timeframe. 258 00:09:50,300 --> 00:09:52,909 And yeah, it was too big. 259 00:09:52,910 --> 00:09:55,039 So all that was left was static 260 00:09:55,040 --> 00:09:57,379 analysis over the whole 261 00:09:57,380 --> 00:09:58,429 thing. 262 00:09:58,430 --> 00:10:00,649 So during 263 00:10:00,650 --> 00:10:02,929 our research, the media blew 264 00:10:02,930 --> 00:10:05,149 up a bit about the news of some 265 00:10:05,150 --> 00:10:07,399 e-voting leak. 266 00:10:07,400 --> 00:10:09,679 This is odd, I thought, because 267 00:10:10,790 --> 00:10:12,889 the system was released right to 268 00:10:12,890 --> 00:10:14,629 some components they were hiding or 269 00:10:14,630 --> 00:10:15,949 something. 270 00:10:15,950 --> 00:10:18,059 No, it. Turns out, some people took 271 00:10:18,060 --> 00:10:20,189 the source code and uploaded to their 272 00:10:20,190 --> 00:10:22,259 own GitHub repository, so others could 273 00:10:22,260 --> 00:10:24,569 evade the non-disclosure and agreements. 274 00:10:24,570 --> 00:10:26,789 And obviously this was their 275 00:10:26,790 --> 00:10:28,979 DMCA claims filed against it, and 276 00:10:28,980 --> 00:10:31,139 so this news could have been avoided 277 00:10:31,140 --> 00:10:33,299 if they would have open sourced 278 00:10:33,300 --> 00:10:34,300 the solution. 279 00:10:35,550 --> 00:10:36,960 Yeah, so. 280 00:10:42,680 --> 00:10:44,869 This function is really interesting. 281 00:10:44,870 --> 00:10:47,329 How does it make you feel? 282 00:10:47,330 --> 00:10:49,579 How does it make you feel with user 283 00:10:49,580 --> 00:10:50,809 inputs? 284 00:10:50,810 --> 00:10:52,669 How does it make you feel with user input 285 00:10:52,670 --> 00:10:54,739 that's not validated yet? 286 00:10:54,740 --> 00:10:56,960 You know what I want to imply here? 287 00:10:58,700 --> 00:11:00,949 The component, called a secure data 288 00:11:00,950 --> 00:11:03,229 manager, didn't seem as secure 289 00:11:03,230 --> 00:11:04,230 at all. 290 00:11:05,450 --> 00:11:07,519 However, the post assured us that 291 00:11:07,520 --> 00:11:09,889 it's actually very secure because 292 00:11:09,890 --> 00:11:12,559 the contents that run this component 293 00:11:12,560 --> 00:11:14,449 would use some air gaps and Eric apps 294 00:11:14,450 --> 00:11:16,309 have proven to be very effective over 295 00:11:16,310 --> 00:11:17,869 time, right? 296 00:11:17,870 --> 00:11:20,389 So, yeah, 297 00:11:20,390 --> 00:11:22,579 um, very secure 298 00:11:22,580 --> 00:11:24,079 and out of scope, but there we're happy 299 00:11:24,080 --> 00:11:25,669 to tell us that they would sign and patch 300 00:11:25,670 --> 00:11:28,249 it. So it's all great. 301 00:11:28,250 --> 00:11:30,319 So this was around the time 302 00:11:30,320 --> 00:11:32,749 when the actual public intrusion 303 00:11:32,750 --> 00:11:35,359 test started and 304 00:11:35,360 --> 00:11:37,609 you were provided with to yourself 305 00:11:37,610 --> 00:11:39,799 that you could test it was the voting 306 00:11:39,800 --> 00:11:42,379 workflow and the administration workflow. 307 00:11:44,030 --> 00:11:46,249 Well, you could only test the voting 308 00:11:46,250 --> 00:11:48,499 workflow. The administration 309 00:11:48,500 --> 00:11:50,899 workflow required some certificate 310 00:11:50,900 --> 00:11:53,149 based of ventilation, 311 00:11:53,150 --> 00:11:55,399 and however, they didn't provide 312 00:11:55,400 --> 00:11:57,739 these certificates, they didn't provide 313 00:11:57,740 --> 00:11:59,899 them on purpose because it wouldn't be 314 00:11:59,900 --> 00:12:02,059 realistic to provide them right. 315 00:12:02,060 --> 00:12:04,129 So you could you couldn't test the admin 316 00:12:04,130 --> 00:12:06,289 interface at all, you maybe through post 317 00:12:06,290 --> 00:12:07,399 exploitation. 318 00:12:07,400 --> 00:12:09,799 So all that was left was the voting 319 00:12:09,800 --> 00:12:11,899 workflow, which brings 320 00:12:11,900 --> 00:12:13,549 us to the pit scope 321 00:12:15,050 --> 00:12:16,639 to illustrate it. 322 00:12:16,640 --> 00:12:18,709 We started out with around 323 00:12:18,710 --> 00:12:20,990 a quarter million lines of code, right? 324 00:12:22,610 --> 00:12:25,069 We put it through a public intrusion 325 00:12:25,070 --> 00:12:27,169 test and 326 00:12:27,170 --> 00:12:28,970 we get this. 327 00:12:29,990 --> 00:12:30,889 This isn't cut off. 328 00:12:30,890 --> 00:12:32,239 These are nine Reston points. 329 00:12:32,240 --> 00:12:33,409 That was the pit scope. 330 00:12:34,490 --> 00:12:36,679 Yeah, nine nine Reston 331 00:12:36,680 --> 00:12:39,079 points, which were 332 00:12:39,080 --> 00:12:40,099 very interesting. 333 00:12:40,100 --> 00:12:42,289 We looked at them. Surely they must be 334 00:12:42,290 --> 00:12:44,539 very secure. I mean, security must 335 00:12:44,540 --> 00:12:45,669 be tight there. 336 00:12:45,670 --> 00:12:47,839 So but 337 00:12:47,840 --> 00:12:49,909 even with that scope, we still found some 338 00:12:49,910 --> 00:12:50,839 stuff. 339 00:12:50,840 --> 00:12:51,840 Um? 340 00:12:52,370 --> 00:12:54,859 Turns out they used the exfoliators 341 00:12:54,860 --> 00:12:57,199 forages, which transmit your IP address. 342 00:12:57,200 --> 00:12:59,599 You can change some client sites, and 343 00:12:59,600 --> 00:13:01,339 they relied on these headers for their 344 00:13:01,340 --> 00:13:03,619 internal Splunk logs, so you could 345 00:13:03,620 --> 00:13:05,689 just spoof some arbitrary IP 346 00:13:05,690 --> 00:13:07,669 addresses into their logs into their 347 00:13:07,670 --> 00:13:09,079 internal logs. 348 00:13:09,080 --> 00:13:11,239 This one was also accepted as 349 00:13:11,240 --> 00:13:13,249 one of the few vulnerabilities of the 350 00:13:13,250 --> 00:13:15,799 system, which is really interesting, 351 00:13:15,800 --> 00:13:17,059 even with narrow scope. 352 00:13:18,410 --> 00:13:20,569 Yeah. And 353 00:13:20,570 --> 00:13:22,789 do you do you remember the 354 00:13:22,790 --> 00:13:24,919 University of Verifiability from 355 00:13:24,920 --> 00:13:26,149 the beginning? 356 00:13:26,150 --> 00:13:27,859 Yeah, apparently it's been broken as 357 00:13:27,860 --> 00:13:30,379 well. Some researchers found that 358 00:13:30,380 --> 00:13:32,179 apparently if you had access to the 359 00:13:32,180 --> 00:13:34,279 system and if you could change the 360 00:13:34,280 --> 00:13:35,929 votes, then theoretically, under some 361 00:13:35,930 --> 00:13:37,999 circumstances, you could also do 362 00:13:38,000 --> 00:13:40,189 it undetectable and 363 00:13:40,190 --> 00:13:42,559 so much for the e-voting 364 00:13:42,560 --> 00:13:43,969 solution. Apparently, they weren't 365 00:13:43,970 --> 00:13:46,130 allowed to continue with it anymore. 366 00:13:47,150 --> 00:13:49,699 And what holds the future? 367 00:13:49,700 --> 00:13:51,889 Um, currently there were discussions 368 00:13:51,890 --> 00:13:54,349 about e-voting moratorium in Switzerland, 369 00:13:54,350 --> 00:13:56,599 where they wanted to halt all e-voting 370 00:13:56,600 --> 00:13:59,169 projects for five years. 371 00:13:59,170 --> 00:14:01,279 And I've also seen developments made 372 00:14:01,280 --> 00:14:02,569 by big corporations. 373 00:14:02,570 --> 00:14:05,029 Microsoft recently released E-voting 374 00:14:05,030 --> 00:14:07,309 Library written Plan C 375 00:14:07,310 --> 00:14:08,690 must be interesting to look at 376 00:14:09,800 --> 00:14:11,899 and yeah, it still features a 377 00:14:11,900 --> 00:14:14,150 lot of interesting research area. 378 00:14:15,560 --> 00:14:17,809 So in conclusion, 379 00:14:17,810 --> 00:14:20,029 e-voting is interesting, but with great 380 00:14:20,030 --> 00:14:22,339 power comes great responsibility. 381 00:14:22,340 --> 00:14:24,889 And if you want to 382 00:14:24,890 --> 00:14:27,049 develop an e-voting system, 383 00:14:27,050 --> 00:14:29,179 please put sufficient care into it. 384 00:14:29,180 --> 00:14:30,180 Thank you. 385 00:14:40,760 --> 00:14:41,760 Is there any? 386 00:14:48,840 --> 00:14:50,569 I look at 387 00:14:50,570 --> 00:14:52,909 is there any questions, if yes, 388 00:14:52,910 --> 00:14:55,039 go to the microphones, to the left 389 00:14:55,040 --> 00:14:56,040 or the right. 390 00:15:02,080 --> 00:15:03,080 Do doing. 391 00:15:07,050 --> 00:15:08,149 Yeah. To the left, 392 00:15:09,510 --> 00:15:10,169 do it. 393 00:15:10,170 --> 00:15:12,869 Did you have a chance to 394 00:15:12,870 --> 00:15:14,969 take a look at the source code from the 395 00:15:14,970 --> 00:15:16,679 Geneva solution as well? 396 00:15:16,680 --> 00:15:17,680 Only the post? 397 00:15:21,020 --> 00:15:23,119 So this post system, 398 00:15:23,120 --> 00:15:25,459 I didn't audit the Geneva system, 399 00:15:25,460 --> 00:15:27,829 however, I looked at it from 400 00:15:27,830 --> 00:15:29,809 a trust. From the perspective, Geneva did 401 00:15:29,810 --> 00:15:31,459 a lot of things right there. 402 00:15:31,460 --> 00:15:33,709 They open sourced it properly. 403 00:15:33,710 --> 00:15:35,869 They provided lots of documentation and 404 00:15:35,870 --> 00:15:37,579 it just seemed a little bit more fitting. 405 00:15:37,580 --> 00:15:39,529 So I just looked at it from a program 406 00:15:39,530 --> 00:15:41,689 perspective. From it, they made it 407 00:15:41,690 --> 00:15:42,749 easier for researchers. 408 00:15:42,750 --> 00:15:44,729 They had also buildable system. 409 00:15:44,730 --> 00:15:46,699 They provided Docker containers. 410 00:15:46,700 --> 00:15:49,099 So that's for the Geneva system. 411 00:15:49,100 --> 00:15:51,139 But I can't make any assumptions from a 412 00:15:51,140 --> 00:15:52,140 code perspective 413 00:15:54,050 --> 00:15:55,249 on the right. 414 00:15:55,250 --> 00:15:56,149 Yes. 415 00:15:56,150 --> 00:15:57,219 So thanks a lot. 416 00:15:57,220 --> 00:15:59,629 And do you know why you couldn't 417 00:15:59,630 --> 00:16:01,879 build the source code? 418 00:16:01,880 --> 00:16:04,759 Was it a part of source code missing 419 00:16:04,760 --> 00:16:06,529 or something like that? 420 00:16:06,530 --> 00:16:08,779 So basically, the source code relied on 421 00:16:08,780 --> 00:16:10,159 internal build server 422 00:16:11,510 --> 00:16:13,609 at SkyTruth. So if you wanted to build 423 00:16:13,610 --> 00:16:15,379 it, you would need to have all the 424 00:16:15,380 --> 00:16:17,269 correct components, right? 425 00:16:17,270 --> 00:16:18,709 And you would basically need to 426 00:16:18,710 --> 00:16:21,289 reconstruct the build process 427 00:16:21,290 --> 00:16:23,419 for you. So and since 428 00:16:23,420 --> 00:16:24,859 they didn't provide that, it would have 429 00:16:24,860 --> 00:16:27,079 been very, very complicated 430 00:16:27,080 --> 00:16:28,909 and some people tried exactly that to 431 00:16:28,910 --> 00:16:31,519 figure out which components were used and 432 00:16:31,520 --> 00:16:33,349 write your own build scripts. 433 00:16:33,350 --> 00:16:35,449 But the problem was that there wasn't 434 00:16:35,450 --> 00:16:36,740 enough time to do that. 435 00:16:38,900 --> 00:16:40,969 OK. To the left. 436 00:16:40,970 --> 00:16:43,579 Hello. Um, if, um, 437 00:16:43,580 --> 00:16:45,739 if there were no vulnerability with 438 00:16:45,740 --> 00:16:48,199 this universal verifiability, 439 00:16:48,200 --> 00:16:49,339 wouldn't would. 440 00:16:49,340 --> 00:16:51,499 Then Switzerland had online 441 00:16:51,500 --> 00:16:53,999 voting. And can you tell me about 442 00:16:54,000 --> 00:16:56,329 the bit more about this universal 443 00:16:56,330 --> 00:16:58,159 verifiability vulnerability? 444 00:16:58,160 --> 00:17:00,499 What access to the systems 445 00:17:00,500 --> 00:17:02,659 should have the operator operator 446 00:17:02,660 --> 00:17:04,578 have to use it? 447 00:17:04,579 --> 00:17:06,769 So basically, 448 00:17:06,770 --> 00:17:08,868 you're saying that 449 00:17:08,869 --> 00:17:10,939 what are the effects of the universal 450 00:17:10,940 --> 00:17:12,559 verifiability vulnerabilities? 451 00:17:14,569 --> 00:17:16,818 If, if, if this problem 452 00:17:16,819 --> 00:17:19,039 wouldn't have appeared, then Switzerland 453 00:17:19,040 --> 00:17:21,429 would have had online voting for 454 00:17:21,430 --> 00:17:23,209 for the elections in October, right? 455 00:17:23,210 --> 00:17:25,219 Quite possibly. 456 00:17:25,220 --> 00:17:26,779 Quite possibly. I mean, there were a lot 457 00:17:26,780 --> 00:17:29,419 of other problems like especially 458 00:17:29,420 --> 00:17:31,609 the one with the source code that 459 00:17:31,610 --> 00:17:34,009 wasn't open source and some parts 460 00:17:34,010 --> 00:17:35,719 were missing. You couldn't build it. 461 00:17:35,720 --> 00:17:38,209 Usually, the 462 00:17:38,210 --> 00:17:40,309 texts from the government said that you 463 00:17:40,310 --> 00:17:42,859 should be able to build it, and 464 00:17:42,860 --> 00:17:44,210 maybe this would have 465 00:17:45,380 --> 00:17:47,989 cost problems, but it was certainly 466 00:17:47,990 --> 00:17:50,149 an important factor that it can 467 00:17:50,150 --> 00:17:51,150 be built. 468 00:17:51,780 --> 00:17:53,119 Yeah, that it can be employed 469 00:17:54,140 --> 00:17:55,140 and. 470 00:17:56,030 --> 00:17:57,889 Yeah, then a big thanks, the big 471 00:17:57,890 --> 00:17:58,890 applause, 472 00:18:00,320 --> 00:18:01,320 so.