Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Security and Trust for the Norwegian E-Voting Pilot Project E-valg 2011
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
Secure internet voting with code sheets
VOTE-ID'07 Proceedings of the 1st international conference on E-voting and identity
On e-vote integrity in the case of malicious voter computers
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Prêt à voter with confirmation codes
EVT/WOTE'11 Proceedings of the 2011 conference on Electronic voting technology/workshop on trustworthy elections
Improving remote voting security with codevoting
Towards Trustworthy Elections
A formal analysis of the norwegian e-voting protocol
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Transparency and technical measures to establish trust in norwegian internet voting
VoteID'11 Proceedings of the Third international conference on E-Voting and Identity
The secure platform problem taxonomy and analysis of existing proposals to address this problem
Proceedings of the 6th International Conference on Theory and Practice of Electronic Governance
Hi-index | 0.00 |
The security of the Norwegian Internet voting system depends strongly on the implemented verification code mechanism, which allows voters to verify if their vote has been cast and recorded as intended. For this to work properly, a secure and independent auxiliary channel for transmitting the verification codes to the voters is required. The Norwegian system assumes that SMS satisfies the necessary requirements for such a channel. This paper demonstrates that this is no longer the case today. If voters use smartphones or tablet computers for receiving SMS messages, a number of new attack scenarios appear. We show how an adversary may exploit these scenarios in systems providing vote updating and point out the consequences for the vote integrity in the Norwegian system. We also give a list of possible counter-measures and system enhancements to prevent and detect such attacks.