Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Erik Nordin Fredrik Holgersson Emilie Barse Security assessment.

Published byAustin Bash Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Erik Nordin Fredrik Holgersson Emilie Barse Security assessment."— Presentation transcript:

1 1 Erik Nordin erik.b.nordin@combitech.se Fredrik Holgersson fredrik.holgersson@combitech.se Emilie Barse emilie.barse@combitech.se Security assessment of the E-valg system

2 Agenda  Evalg 2011 - Introduction  Technical solution  Security assessment and results  What happens next?

3 Introduction to Evalg 2011 On monday evening, September 12th 2011, experts and observers from around the world gathered in the auditorium of the government district, building R5, to witness the counting process of Norway's first electronic election for local governments. This presentation deals with project experience, technical solution, results and future...

4 Introduction film (7 min)

5 Customer  Ministry of local government and regional development [Kommunal- og regionaldepartementet (KRD)]  Christian Bull / responsible for security in Evalg project

6 Technical solution

7 V: voter P: voter's computer B: the ballot box R: the receipt generator D: the decryption service A: the auditor  ElGamal  Schnorr proof of knowledge V: party1, party2, … 4l5+&sdkjf 5648d”k(nj 8318 V: party --- ---------- 8318->party OK!

8 Locations B Brønnøysund D Oslo R Tønsberg

9 Zero knowledge proof

10 EDB Ergogroup  Developed e-voting solution via the Internet.  EDB ErgoGroup SYSteam is one of the leading IT players with approximately 10 000 employees and annual sales of almost SEK 16 billion. The company is listed on the Oslo Stock Exchange with headquarters in Oslo and has a significant presence in both the Norwegian and Swedish market with 135 offices in 16 countries worldwide.  http://www.edbergogroup.com/ http://www.edbergogroup.com/

11 Scytl  Spanish company  Subcontractor to EDB ErgoGroup  Implementation of the security functions  Scytl, worldwide leader in the development of secure solutions for electoral modernization.  http://www.scytl.com/

12 Combitech  Swedish IT consulting company  Independent security evaluations  http://www.combitech.se/

13 Security assessment  Transparency vs. Secrecy?  Source Code and documentation  Testing Methodology/Restrictions  Results  http://source.evalg.stat.no

14 Iterative development process iteration 1iteration 2 iteration 3iteration 4iteration 5iteration 6 Actual review begins Ergo+SyctlCAB

15 Security review  Source code review  General purpose code review  Verification of the implementation of cryptographic protocols  Penetration tests  External  Internal  (Log analysis)  Post election/test review

16 Source code review The codebase ~160.000 lines of code  Java – Admin, Authentication, Vote, Counting and Cryptography Aim: Identify flaws that could lead to:  stored votes being manipulated  invalid votes entered  voting in another persons stead  removal of valid votes (selectively)  breach of the secrecy of the vote  manipulation of the counting process

17 Methods Automated – Sonar/Checkstyle/Findbugs  Identify possible low hanging fruit  Sql-injection, cross site scripting…  Error-/Exception handling Manual – Eclipse, Understand  Accessmethods  Error-/Exceptionhandling  Traceability/Accountability  User interaction/input  Database interaction (querys and connections)  Implementation of the cryptographic protocol  (Overall source code state – well formated, comments, structure, variable/attribute usage, …)

18 SQL Injection? sql = " select e.election_group_id, e.election_id, e.contest_id, v.voter_id" + " FROM voter v" + " JOIN contest_area ca ON true" + " JOIN mv_area ac ON ac.mv_area_pk = ca.mv_area_pk" + " JOIN mv_area a ON text2ltree(a.area_path) <@ text2ltree(ac.area_path) AND a.area_level = 5" + " JOIN mv_election e ON e.election_event_pk = " + electionEventPk + " AND v.country_id::text = a.country_id::text" + " AND v.county_id::text = a.county_id::text" + " AND v.municipality_id::text = a.municipality_id::text" + " AND v.borough_id::text = a.borough_id::text" + " AND v.polling_district_id::text = a.polling_district_id::text" + " AND v.date_of_birth <= COALESCE(e.contest_end_date_of_birth, e.election_end_date_of_birth)" + " JOIN voting cv ON cv.voter_pk = v.voter_pk AND cv.election_group_pk = e.election_group_pk" + " WHERE e.election_level = 3" + " and v.election_event_pk = " + electionEventPk + " and v.municipality_id = '" + municipalityId + "'" + " and cv.approved" + " and ca.contest_pk = e.contest_pk" // order by is slow + " order by v.voter_id, e.election_id";

19 SQL Injection? sql = " select e.election_group_id, e.election_id, e.contest_id, v.voter_id" + " FROM voter v" + " JOIN contest_area ca ON true" + " JOIN mv_area ac ON ac.mv_area_pk = ca.mv_area_pk" + " JOIN mv_area a ON text2ltree(a.area_path) <@ text2ltree(ac.area_path) AND a.area_level = 5" + " JOIN mv_election e ON e.election_event_pk = " + electionEventPk + " AND v.country_id::text = a.country_id::text" + " AND v.county_id::text = a.county_id::text" + " AND v.municipality_id::text = a.municipality_id::text" + " AND v.borough_id::text = a.borough_id::text" + " AND v.polling_district_id::text = a.polling_district_id::text" + " AND v.date_of_birth <= COALESCE(e.contest_end_date_of_birth, e.election_end_date_of_birth)" + " JOIN voting cv ON cv.voter_pk = v.voter_pk AND cv.election_group_pk = e.election_group_pk" + " WHERE e.election_level = 3" + " and v.election_event_pk = " + electionEventPk + " and v.municipality_id = '" + municipalityId + "'" + " and cv.approved" + " and ca.contest_pk = e.contest_pk" + " order by v.voter_id, e.election_id";

20 Penetration testing - logical view of network

21

22

23

24

25 Goal of penetration test  A secure and robust production system  Test applications in their final environment  Identify weaknesses in the realization of the design  Find forgotten test ”features”  Create a check list of vulnerabilities that needs to be eliminated or mitigated  … and it is always nice to get a root prompt

26 Penetration test  Methodology  OSSTMM (Open Source Security Testing Methodology Manual)  Penetration testing framework (http://www.vulnerabilityassessment.co.uk/)  Tools:  Port scanning - Nmap  Vulnerability scanning - Nessus, Openvas  Web application testing - BurpSuite, Nikto, W3AF  Network traffic analysis - Wireshark, TCPdump, Urlsnarf  ARP spoofing - Ettercap  Port redirection, File transfer - Netcat  Platforms och services:  Mainly Linux based system with web applications

27 External penetration test  Port scanning  Vulnerability scanning  Testing the web application server and client software

28 Internal penetration test  Two sites tested at the same time  Test the separation between the sites and towards the Internet  Check that no sensitive data is sent in clear text  Generell security assessment – patch level, unnecessary services, …  Segmentation of internal systems

29 Pentest – exampels of result ARP spoofing ARP spoofing – necessary to be able to sniff network traffic between servers and check that no sensitive traffic was sent in clear text IP-filters prevented direct access to some servers – sniffing made it possible to see which servers they allowed access from 101hacker.com

30 Kodgranskning – exempel på xss The vulnerable link which was identified during the test is the following: https://195.43.61.60/voting/applet/error.do?eeid=VALG200 7&errorCode=welcomeController.error.eeid&lang=XSS (replacing XSS with a malicious script)

31 XSS - description

32 Log analysis  Splunk  Collects web application logs  Debugging  Forensic/incident investigation

33 What happens next?

34 Election results County Percentage of voters who voted electronically Percentage of voters who voted in advance E-voters percent of voters who voted in advance Bodø29,07 %41,40 %70,21 % Bremanger20,96 %30,87 %67,89 % Hammerfest25,89 %41,44 %62,47 % Mandal19,78 %30,41 %65,04 % Radøy31,15 %38,55 %80,82 % Re22,46 %29,58 %75,92 % Sandnes27,00 %33,89 %79,68 % Tynset31,60 %39,86 %79,28 % Vefsn21,54 %33,55 %64,20 % Ålesund26,42 %37,60 %70,26 % Total26,40 %36,43 %72,48 % Norway22,20 %

35 More information  Project web site: http://e-valg.dep.no  The source code is available on the Internet: http://source.evalg.stat.no  The election system: http://evalg.stat.no  24/7 monitoring  Christian Bull was interviewed in Computer Sweden 2012-04- 23 http://computersweden.idg.se/2.2683/1.444711

36 The future  2017: Full scale national election in Norway?  Common criteria evaluation?  Sweden?

37 Is E-valg secure?

38 Is E-valg more secure than current systems?

39 Questions?

40

Download ppt "1 Erik Nordin Fredrik Holgersson Emilie Barse Security assessment."

Similar presentations

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.

Approaches to meeting the PCI Vulnerability Management and Penetration Testing Requirements Clay Keller.
1 Henrik Nore, Project Manager E-vote2011project Norway COE workshop observation - Oslo 18.03.2010.

1 Henrik Nore, Project Manager E-vote2011project Norway COE workshop observation - Oslo
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Investigation in Computerised Environment. Causes for fraud in computerised environment Lack of technical knowledge at supervisory level Improper exercise.

Investigation in Computerised Environment. Causes for fraud in computerised environment Lack of technical knowledge at supervisory level Improper exercise.
Digital Firm (II) Soetam Rizky. Before we start……… Digital firm ? B2B, B2C, C2C ? E-Commerce advantages ? Prospectus of digital firm ?

Digital Firm (II) Soetam Rizky. Before we start……… Digital firm ? B2B, B2C, C2C ? E-Commerce advantages ? Prospectus of digital firm ?
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, 18-19 March 2010.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav.

Input Validation For Free Text Fields ADD Project Members: Hagar Offer & Ran Mor Academic Advisor: Dr Gera Weiss Technical Advisors: Raffi Lipkin & Nadav.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Netop Remote Control Trusted. Secure. Experienced.

Netop Remote Control Trusted. Secure. Experienced.
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN121051 Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

Similar presentations

Ads by Google