Paper 2009/422
Attacks on {RFID}-Based Electronic Voting Systems
Yossef Oren and Avishai Wool
Abstract
Many secure systems, such as contactless credit cards and secure entrance systems, are built with contactless smart-card RFID technologies. In many cases these systems are claimed to be secure based on the assumption that readers and tags need to be in close proximity (about 5cm) in order to communicate. However, it is known that this proximity assumption is false: Relay attacks are a class of hardware-based attacks which compromise the safety of such systems by dramatically extending the interrogation range of the contactless system. Interestingly, the proposed Israeli e-voting scheme is based on contactless smartcards. In this work we show how the proposed system can be completely compromised using low-cost relay attacks. Our attacks allow an adversary to read out all votes already cast into the ballot box, supress the votes of one or several voters, rewrite votes at will and even completely disqualify all votes in a single voting station. Our attacks are easy to mount, very difficult to detect, and compromise both the confidentiality and the integrity of the election system.
Note: Updated with comments from Yoram Oren, one of the designers of the election scheme
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- e-votingRFIDrelay attacks
- Contact author(s)
- evoting-iacr-eprint @ oy ne ro
- History
- 2009-09-21: revised
- 2009-09-01: received
- See all versions
- Short URL
- https://ia.cr/2009/422
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2009/422, author = {Yossef Oren and Avishai Wool}, title = {Attacks on {{RFID}}-Based Electronic Voting Systems}, howpublished = {Cryptology {ePrint} Archive, Paper 2009/422}, year = {2009}, url = {https://eprint.iacr.org/2009/422} }