How to Hack a Sketchy e-voting System

The quintessence of an e-voting transaction is to be secure. In the e-voting context, security issues are very subtle. This is because there are features that clash with each other. For example, guaranteeing anonymity makes it harder to track election fraud. In addition, security in e-voting is highly related to the type of the technology used during the process. In distance e-voting, the voter can cast his vote from his personal computer by sending it to a central server via the Internet. The electronic, network-based nature of the latter makes it susceptible to a wide range of attacks. Continue reading

The Scary Reality of Identity Theft

One of the most basic philosophical questions stems from attempting to identify oneself, with the first step of proving you actually exist. René Descartes provides a proof with

Cogito ergo sum

meaning, “I think, therefore I am.” The intuition is that the mere fact of thinking forms a proof that you exist. But who or what are you exactly? What identifies you? How can we definitively prove you are what you claim to be? Who you claim to be? The problem of identity is an incredibly hard one—how do you know a letter in the mail is from the person that signed it? How do you know a text was written by the owner of a certain phone? How do you know an email comes from the person that owns an email address? This is a fundamental problem that faces the fields of computer science and cryptography, and it is incredibly hard to solve.

Continue reading

Security Bugs in Large Software Ecosystems

In a previous blog post, I discussed about the occurrence of security bugs through software evolution. In this post we will examine their existence in a large software ecosystem. To achieve this, together with four other colleagues (Vasilios Karakoidas, Georgios Gousios, Panos Louridas and Diomidis Spinellis) we used the FindBugs static analysis tool, to analyze all the projects that exist in the Maven central repository (approximately 260GB of interdependent project versions).

Continue reading

Some Thoughts (And Questions) About U.S. v. Cotterman – Part 2 of 2

So, in my first post about the recent Ninth Circuit opinion U.S. v. Cotterman, I introduced the opinion’s idea of a “forensic computer search” and asked some questions about what that category might include, and whether it’s a coherent bar for a heightened level of Fourth Amendment privacy protection at the United States border.

This post is more of the “what have we learned?” side of the discussion. I think that the privacy problems identified in the opinion reveal one underlying idea:

Continue reading

Some Thoughts (And Questions) About U.S. v. Cotterman – Part 1 of 2

Last week, the Ninth Circuit released its decision in U.S. v. Cotterman, articulating a new and fascinating standard for border searches of electronic devices. An en banc majority held that government agents need “reasonable suspicion” to justify “forensic examination” of electronic devices at the border. The ruling has been characterized as a win for digital privacy rights – as a general rule, no suspicion whatsoever is required to search people and property at the border. This jump from “no suspicion required” to “reasonable suspicion required” limits when the government can do “forensic examinations,” and grants an exceptional level of protection to electronic devices.

Continue reading