Improving election cybersecurity is becoming increasingly important as recent voter fraud and election hackings continue to shake the nation. Innovators and security organizations are looking into the endless possibilities of applying blockchains to enhance election cybersecurity. Blockchain technology holds an abundance of real-world applications, including finance, cryptocurrencies, health, real estate, and it is only a matter of time before it is applied to the voting process. Let’s look into just how blockchain security and threat modeling can be applied to voting security.
Real Life Threats to Voting Security
As we witnessed with the 2016 American presidential election, there are a number of real-life threats to voting security. The threats that occur include:
- Misinformation and information warfare
- Hacked voter registration databases
- Hacked voting hardware
- Compromised election reporting systems
- Post-election audit data breaches
Election officials are hard-pressed to ensure that the electoral process is secured from threats. Election personnel are targeted by a wide range of cybercrime, including social engineering tactics. One example is spearphishing, where hackers convince victims to open a corrupt file, or provide confidential, sensitive information (such as usernames and passwords). If the victim opens the file, a virus, e.g. malware, can spread throughout the attack surface. In some instances, where hackers deploy sophisticated viruses, the virus can take complete control of a computing system, ensure the virus survives while it wreaks havoc.
Blockchain Security Is More Than a Distributed Ledger
The distributed ledger’s security arises from two fundamental aspects of the blockchain technology:
Each record within the ledger is cryptographically hashed in a non-trivial way based on the state of the previous record. Removing or altering a single record anywhere in the chain – other than the last record added – will invariably and noticeably change every subsequent record.
Effectively attacking the last record committed to the ledger would require the simultaneous discovery and compromise of at least 51% of the existing blocks. Since there may be thousands or even millions of copies of the ledger, executing a practical attack is technically unfeasible.
However, blockchain technology is more than distributed ledger technology. Hence consideration of blockchain security cannot end with reliance in ledger immutability. At the most basic level, blockchain technology is a distributed peer-to-peer computing network. The network is composed of various node types:
- Client nodes start the transaction process through network “invocations” and “proposals” to the ordering service.
- Peer nodes determine transaction validity and maintain independent copies of the ledger. Some peers can have a special “endorser” role.
- Ordering-service nodes – sometimes called “orderers” – run the communication service that provides “atomic delivery” across the peer network.
There is a seven-step process for creation of a new blockchain record. The process begins with a client node that sends a “proposed transaction” in the form of chain code to “endorser” peers. This chain code could be embedded into a financial transaction or any other contract or data exchange. It could even be used to enable a secure e-voting ballot.
How Blockchain Technology Can Secure Elections
Recently, election officials have taken an interest in blockchain systems to heighten election security, restore public trust in the ballot box thereby increasing voter turnout. A blockchain-based voting platform makes the process anonymous, while storing data in a large number of different nodes. This process makes it difficult for hackers to tamper, say with an election system. This form of tech, also known as a distributed ledger, makes it a huge drain on hacker resources, and nearly impossible to pull off. The way blockchain would work on election day is by issuing each voter a digital credential (wallet) and a single vote (coin). The data would then be processed through hashing algorithms and distributed across a number of different locations.
Media Verification to Thwart Misinformation Campaigns
The spread of disinformation via social media is one surefire way to influence the general election. Bad actors will seek ways to influence the voting system, pulling at victims’ heart strings for an emotional response. There are some key questions to ask when a suspicious article shows up on your news feed. Verify the information to see if it’s been widely reported. If it hasn’t, there’s a good likelihood that the facts didn’t check out. You can also verify that the information comes from a credible author. If it doesn’t think twice about believing what you read.
Mobile Voting in Midterm and General Elections
Blockchain can also help to usher in a new era of online voting to secure midterm elections, even presidential elections. Internet voting can now be a possibility since blockchain makes voting immutable and more tamper-proof. One such example is Voatz, which is a mobile voting application that, with recently manufactured devices from Apple, Samsung and Google, users can do overseas blockchain voting that is secure. The results are stored by commissioned stakeholders (e.g., Secretary of State, board of election officials). Voatz uses your devices biometric features and a driver’s license scan to verify the identity and confirm their eligibility.
Using Blockchain and Threat Modeling to Secure the Voting Process
Beyond just understanding the basic blockchain voting security issues, enterprise threat modeling allows for in-depth “what-if” scenario analysis. In particular, we can threat model of both an existing e-voting system and a proposed blockchain-enabled system. Comparing the two threat models will help to quantify the effectiveness of blockchain to mitigate election cybersecurity threats.
The existing e-voting system threat model was created based on the findings of the Project EVEREST report 5 and the DEFCON 25 Voting Machine Hacking Village report 6. The threat model for the ES&S Unity voting system identified 163 potential threats. This constitutes the baseline for our “what-if” analysis. The next step is to create a threat model of our hypothetical enabled e-voting system based on a chained blockchain security threat model.
We assume voting takes place at traditional polling locations. However, rather than depending on special-use machines, our hypothetical e-voting system utilizes regular desktop or laptop computers through which voters interact with the blockchain e-ballot.
Once completed, the e-ballot is printed and reviewed by the voter before being stored on-site by poll workers. Simultaneously the e-ballot is processed and tallied for real-time election results. Though not necessary, additional security can be achieved through a scalable cloud-based e-ballot processing and storage microservices application.
Our blockchain-enabled e-voting system threat model identified 73 threats. This represents a 55% decrease in potential threats compared to the ES&S Unity e-voting system threat model. Clearly, blockchain security can be leveraged to improve election cybersecurity of the US voting system.
If you would like more information on how to use enterprise threat modeling and chained threat models to understand how to leverage blockchain security, click here to schedule a live presentation.