Attacks on RFID-Based Electronic Voting Systems.

Yossef Oren; Avishai Wool

Attacks on RFID-Based Electronic Voting Systems.

Department of Software and Information Systems Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

Many secure systems, such as contactless credit cards and
secure entrance systems, are built with contactless smartcard RFID technologies. In many cases these systems are claimed to be secure based on
the assumption that readers and tags need to be in close proximity (about
5cm) in order to communicate. However, it is known that this proximity
assumption is false: Relay attacks are a class of hardware-based attacks
which compromise the safety of such systems by dramatically extending
the interrogation range of the contactless system. Interestingly, the proposed Israeli e-voting scheme is based on contactless smartcards. In this
work we show how the proposed system can be completely compromised
using low-cost relay attacks. Our attacks allow an adversary to read out
all votes already cast into the ballot box, supress the votes of one or several voters, rewrite votes at will and even completely disqualify all votes
in a single voting station. Our attacks are easy to mount, very difficult
to detect, and compromise both the confidentiality and the integrity of
the election system.

Original language	English GB
Pages (from-to)	422
Number of pages	1
Journal	IACR Cryptology ePrint Archive
Volume	2009
State	Published - 2009

Access to Document

Cite this

@article{3e635efa5fed4eee931c881dd8756a33,

title = "Attacks on RFID-Based Electronic Voting Systems.",

abstract = "Many secure systems, such as contactless credit cards andsecure entrance systems, are built with contactless smartcard RFID technologies. In many cases these systems are claimed to be secure based onthe assumption that readers and tags need to be in close proximity (about5cm) in order to communicate. However, it is known that this proximityassumption is false: Relay attacks are a class of hardware-based attackswhich compromise the safety of such systems by dramatically extendingthe interrogation range of the contactless system. Interestingly, the proposed Israeli e-voting scheme is based on contactless smartcards. In thiswork we show how the proposed system can be completely compromisedusing low-cost relay attacks. Our attacks allow an adversary to read outall votes already cast into the ballot box, supress the votes of one or several voters, rewrite votes at will and even completely disqualify all votesin a single voting station. Our attacks are easy to mount, very difficultto detect, and compromise both the confidentiality and the integrity ofthe election system.",

author = "Yossef Oren and Avishai Wool",

note = "DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",

year = "2009",

language = "אנגלית",

volume = "2009",

pages = "422",

journal = "IACR Cryptology ePrint Archive",

}

TY - JOUR

T1 - Attacks on RFID-Based Electronic Voting Systems.

AU - Oren, Yossef

AU - Wool, Avishai

N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2009

Y1 - 2009

N2 - Many secure systems, such as contactless credit cards andsecure entrance systems, are built with contactless smartcard RFID technologies. In many cases these systems are claimed to be secure based onthe assumption that readers and tags need to be in close proximity (about5cm) in order to communicate. However, it is known that this proximityassumption is false: Relay attacks are a class of hardware-based attackswhich compromise the safety of such systems by dramatically extendingthe interrogation range of the contactless system. Interestingly, the proposed Israeli e-voting scheme is based on contactless smartcards. In thiswork we show how the proposed system can be completely compromisedusing low-cost relay attacks. Our attacks allow an adversary to read outall votes already cast into the ballot box, supress the votes of one or several voters, rewrite votes at will and even completely disqualify all votesin a single voting station. Our attacks are easy to mount, very difficultto detect, and compromise both the confidentiality and the integrity ofthe election system.

AB - Many secure systems, such as contactless credit cards andsecure entrance systems, are built with contactless smartcard RFID technologies. In many cases these systems are claimed to be secure based onthe assumption that readers and tags need to be in close proximity (about5cm) in order to communicate. However, it is known that this proximityassumption is false: Relay attacks are a class of hardware-based attackswhich compromise the safety of such systems by dramatically extendingthe interrogation range of the contactless system. Interestingly, the proposed Israeli e-voting scheme is based on contactless smartcards. In thiswork we show how the proposed system can be completely compromisedusing low-cost relay attacks. Our attacks allow an adversary to read outall votes already cast into the ballot box, supress the votes of one or several voters, rewrite votes at will and even completely disqualify all votesin a single voting station. Our attacks are easy to mount, very difficultto detect, and compromise both the confidentiality and the integrity ofthe election system.

M3 - מאמר

VL - 2009

SP - 422

JO - IACR Cryptology ePrint Archive

JF - IACR Cryptology ePrint Archive

ER -

Attacks on RFID-Based Electronic Voting Systems.

Abstract

Access to Document

Fingerprint

Cite this