- This seminar has passed.
Reversing, Breaking, and Fixing the French Legislative Election E-Voting Protocol
30 November 2022 @ 3:00 pm - 4:00 pm
Abstract: In June 2022, French citizens abroad voted online during the French legislatives election to chose the new members of Parliament. In this work, we conducted a security analysis of the system under use. Due to a lack of system and threat model specifications, we first built and contributed such specifications by studying the French legal framework and by reverse-engineering the code base accessible to the voters. Our analysis reveals that this protocol is affected by two design-level and implementation-level vulnerabilities. We show how those allow a standard voting server attacker and even more so a channel attacker to defeat the election integrity and ballot privacy. We propose and discuss fixes to prevent those attacks. Our specifications, the attacks, and the fixes were acknowledged by the relevant stakeholders during our responsible disclosure. Beyond this specific protocol, we draw general conclusions and lessons from this instructive experience where an e-voting protocol meets the real-world constraints of a large-scale and political election.
This is a joint seminar with FM-SEC.
Attendance via Zoom (ID: 953 1026 1776, Passcode: 929160)
Livestream via YouTube
Presenter
-
Alexandre Debant (Inria Nancy)Since September 2022 I am a full-time researcher at Inria Nancy Grand Est in the Pesto team. I joined this team two years ago as a post-doctoral researcher after a PhD thesis at Inria Rennes under the supervision of S. Delaune. I work on the design of cryptographic protocols and their formal analyses. This includes both theoretical contributions to overcome the limitations of existing models and verification tools, and concrete contribution when studying the security of real-world systems. For two years now, I made a focus on e-voting systems.