Abstract
This paper studies the challenges of creating a mobile device based voting client. We discuss the issues related to standalone and mobile browser based voting applications. In both cases we discuss the problems of vote privacy, integrity and voting channel availability. We conclude that neither of the options can currently achieve the level of security PC-based voting clients can provide, with the attack surface being larger in the case of mobile browser based voting application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
The Android version of Firefox supports extensions and there exist third-party mobile browsers (e.g. Kiwi) that support Google Chrome extensions.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
References
Abdalla, M., et al.: Algorithms, key size and protocols report. Tech. rep. ECRYPT CSA (2018). https://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf
Cardillo, A., Essex, A.: The threat of SSL/TLS stripping to online voting. Proc. E-Vote-ID 2018, 35–50 (2018)
Cetinkaya, O.: Analysis of security requirements for cryptographic voting protocols (extended abstract). In: Proceedings ARES 2008, pp. 1451–1456. IEEE Computer Society (2008)
Corbet, S.: France Holds Local Elections Despite COVID-19 Outbreak Fears. Time, March 2020. https://time.com/5803469/france-local-elections-coronavirus/
Durumeric, Z., et al.: The security impact of HTTPS interception. In: Proceedings of NDSS 2017. The Internet Society (2017)
Eilu, E., Baguma, R.: Designing reality Fit M-voting. In: Proceedings of the 7th International Conference on Theory and Practice of Electronic Governance. ICEGOV 2013, pp. 326–329. ACM (2013)
Ekong, U.O., Ekong, V.: M-voting: a panacea for enhanced e-participation. Asian J. Inf. Technol. 9(2), 111–116 (2010)
Felt, A.P., et al.: Rethinking connection security indicators. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO, pp. 1–14. USENIX Association, June 2016. https://www.usenix.org/conference/soups2016/technical-sessions/presentation/porter-felt
Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N.: An analysis of pre-installed android software. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 197–213, May 2020
Heiberg, S., Willemson, J.: Modeling threats of a voting method. In: Design, Development, and Use of Secure Electronic Voting Systems, pp. 128–148. IGI Global (2014)
Helbach, J., Schwenk, J.: Secure internet voting with code sheets. In: Alkassar, A., Volkamer, M. (eds.) Vote-ID 2007. LNCS, vol. 4896, pp. 166–177. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77493-8_15
Hermanns, H.: Mobile democracy: mobile phones as democratic tools. Politics 28(2), 74–82 (2008)
Ikram, M., Vallina-Rodriguez, N., Seneviratne, S., Kâafar, M.A., Paxson, V.: An analysis of the privacy and security risks of android VPN permission-enabled apps. Proc. IMC 2016, 349–364 (2016)
Kellner, A., Horlboge, M., Rieck, K., Wressnegger, C.: False sense of security: a study on the effectivity of jailbreak detection in banking apps. In: Proceedings of IEEE EuroS&P 2019, pp. 1–14. IEEE (2019)
Kogeda, O.P., Mpekoa, N.: Model for a mobile phone voting system for South Africa. In: Proceedings of 15th Annual Conference on World Wide Web Applications, Cape Town, South Africa (2013)
Kondracki, B., Aliyeva, A., Egele, M., Polakis, J., Nikiforakis, N.: Meddling middlemen: empirical analysis of the risks of data-saving mobile browsers. In: 2020 IEEE S&P, pp. 1678–1692. IEEE, May 2020
Krimmer, R.: The evolution of e-voting: why voting technology is used and how it affects democracy. Ph.D. thesis, Tallinn University of Technology (2012)
Leith, D.J.: Web browser privacy: what do browsers say when they phone home? (2020), SCSS Technical Report, 24th February 2020
Luo, M., Laperdrix, P., Honarmand, N., Nikiforakis, N.: Time does not heal all wounds: a longitudinal analysis of security-mechanism support in mobile browsers. In: Proceedings of NDSS 2019. The Internet Society (2019)
Luo, M., Starov, O., Honarmand, N., Nikiforakis, N.: Hindsight: understanding the evolution of UI vulnerabilities in mobile browsers. In: Proceedings of the 2017 ACM CCS, CCS 2017, pp. 149–162. ACM (2017)
Mitrou, L., Gritzalis, D., Katsikas, S.K.: Revisiting legal and regulatory requirements for secure e-voting. In: Ghonaimy, A., El-Hadidi, M.T., Aslan, H.K. (eds.) Security in the Information Society: Visions and Perspectives, IFIP TC11 17\({}^{\text{th}}\) International Conference on Information Security (SEC2002), 7–9 May 2002, Cairo, Egypt. IFIP Conference Proceedings, vol. 214, pp. 469–480. Kluwer (2002)
Rajasegaran, J., Karunanayake, N., Gunathillake, A., Seneviratne, S., Jourjon, G.: A multi-modal neural embeddings approach for detecting mobile counterfeit apps. In: The World Wide Web Conference, WWW 2019, San Francisco, CA, USA, 13–17 May 2019, pp. 3165–3171. ACM (2019)
Reis, C., Moshchuk, A., Oskov, N.: Site isolation: process separation for web sites within the browser. In: 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, pp. 1661–1678. USENIX Association, August 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/reis
Salvador, D., Cucurull, J., Julià, P.: wraudit: a tool to transparently monitor web resources’ integrity. In: Groza, A., Prasath, R. (eds.) MIKE 2018. LNCS (LNAI), vol. 11308, pp. 239–247. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05918-7_21
Schryen, G.: Security aspects of internet voting. In: 37th Hawaii International Conference on System Sciences (HICSS-37 2004), CD-ROM/Abstracts Proceedings, 5–8 January 2004, Big Island, HI, USA. IEEE Computer Society (2004)
Scoccia, G.L., Kanj, I., Malavolta, I., Razavi, K.: Leave my apps alone! a study on how android developers access installed apps on user’s device. In: Proceedings of the 7th IEEE/ACM International Conference on Mobile Software Engineering and Systems (2020). http://www.ivanomalavolta.com/files/papers/MOBILESoft_iam_2020.pdf
Shapshak, T.: Africa not just a mobile-first continent - it’s mobile only (2012), CNN Business. https://edition.cnn.com/2012/10/04/tech/mobile/africa-mobile-opinion/index.html
Specter, M.A., Koppel, J., Weitzner, D.: The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in US Federal Elections (2020)
Thiel, D.: iOS Application Security: The Definitive Guide for Hackers and Developers. No Starch Press (2016). https://nostarch.com/iossecurity
Yoshida, K., Imai, H., Serizawa, N., Mori, T., Kanaoka, A.: Understanding the origins of weak cryptographic algorithms used for signing android apps. J. Inf. Process. 27, 593–602 (2019)
Acknowledgements
This paper has been supported by the Estonian Research Council under the grant number PRG920 and European Regional Development Fund through the grant number EU48684 and EXCITE centre of excellence. The authors are grateful to the Estonian Information System Authority and State Electoral Office for their support to the research process.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Financial Cryptography Association
About this paper
Cite this paper
Heiberg, S., Krips, K., Willemson, J. (2021). Mobile Voting – Still Too Risky?. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2021 International Workshops. FC 2021. Lecture Notes in Computer Science(), vol 12676. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-63958-0_23
Download citation
DOI: https://doi.org/10.1007/978-3-662-63958-0_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-63957-3
Online ISBN: 978-3-662-63958-0
eBook Packages: Computer ScienceComputer Science (R0)