Explore the intricacies of electronic voting systems and second factor authentication in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the challenges of balancing privacy, integrity, security, and usability in electronic voting. Examine the concept of verifiability against untrusted devices and the importance of cast-as-intended verifiability. Learn about proof of correctness and the potential vulnerabilities in second factor authentication. Discover a novel approach to improving security through the introduction of a second factor correctness protocol. Analyze the roles of various actors in this system, including corrupted devices and validation devices. Gain insights into the QR code generation process, device protocols, and confirmation mechanisms. Conclude with a discussion on future work and potential improvements in electronic voting security.
Overview
Syllabus
Introducción
INTRODUCTION TO ELECTRONIC VOTING
PRIVACY VS INTEGRITY
SECURITY VS PERFORMANCE
INTEGRITY VS USABILITY
INTEGRITY REQUIREMENTS
VERIFIABILITY AGAINST UNTRUSTED DEVICES
CAST-AS-INTENDED VERIFIABILITY
CHALLENGE THE SYSTEM
PROOF OF CORRECTNESS
SECOND FACTOR AUTHENTICATION
LOOKING FOR A BETTER SOLUTION
INITIAL IDEA
CORRUPTED DEVICE
ACTORS IN SECOND FACTOR CORRECTNESS
VALIDATION DEVICE
PROTOCOL OVERVIEW
QR CODE GENERATION
SFC DEVICE PROTOCOL
SFC CONFIRMATION
DEVIL IS IN THE DETAILS
FUTURE WORK
Taught by
Hack In The Box Security Conference
