Explore a security analysis of the e-voting protocol used in the 2022 French legislative election for overseas citizens, the largest political election utilizing e-voting worldwide. Delve into the researchers' process of building system and threat model specifications through studying the French legal framework and reverse-engineering the voter-accessible code base. Discover two critical design-level and implementation-level vulnerabilities that allow attackers to compromise election integrity and ballot privacy. Learn about five attack variants and their corresponding fixes, which were acknowledged and implemented by relevant stakeholders for future elections. Gain insights into the challenges and lessons learned when applying e-voting protocols to large-scale political elections, and consider the broader implications for e-voting security.
Overview
Syllabus
USENIX Security '23 - Reversing, Breaking, and Fixing the French Legislative Election E-Voting...
Taught by
USENIX