[E-voting] encryption compromised by hardware
Michael McMahon
michael at hexmedia.com
Mon Nov 20 13:50:00 GMT 2006
Timothy Murphy wrote:
> On Monday 20 November 2006 08:58, A.J.Delaney at brighton.ac.uk wrote:
>
>
>> I'm not an expert in cryptography, but from what I understand if an
>> attacker has physical control over a machine all bets are off. There
>> is, effectively, no way to reliably encrypt data on a machine that an
>> attacker can run a priviledged application on.
>>
>
> That doesn't sound right to me.
> Do you have any reference for it?
>
>
>
It's true that a lot of so-called side channel attacks on cryptography
work by attacking the
physical implementation of algorithms, rather than their mathematical
properties.
Also, if you consider that encryption and decryption keys have to exist
in computer
memory in order for them to be used, and that privileged software is
able to access
memory used by other programs, then that implies that
encryption/decryption keys can
(in theory at least) be compromised.
As Aidan hinted at though, trusted computing platforms can mitigate this
risk, by basing their
trust ultimately on hardware components which perform cryptography,
but which
don't run any software. So, they would not be vulnerable to this kind of
threat.
Having said that, ultimately people (like me) who advocate crypto based
e-voting as a
potential solution, have always said that while they can provide a very
high level of confidence
in election accuracy and correctness, they can never provide
a 100% guarantee of vote secrecy (which is what the cryptography is
trying to do).
And of course the same is true for paper ballots.
So, as I've said before, you have to look at a proposed system in its
totality, and then
compare the risks (with paper ballots or whatever). Only then is the
comparison meaningful.
Michael
More information about the E-voting
mailing list