Researchers from different countries have discovered a vulnerability that
makes it possible to substitute one ballot for another without being detected
in the Swiss voting system.
The
company Scytl, together with the Swiss postal service have carried out the
development of this research and report that to exploit this
vulnerability one would need access to the IT system of
Swiss Post and know its infrastructure.
The
those in charge of this research, consider this flaw unacceptable and
believe it raises serious doubts about the integrity of the system.
The
systems responsible for verifying the legality of votes, are poorly
implemented. In addition, it is difficult to assess the security measures
implemented, ya que el diseño del sistema es enrevesado.
For
introducir un voto en el sistema cada votante debe introducir su fecha
de nacimiento y un código que Swiss Post les facilitó por correo. Una
vez el votante haga su elección, el programa cifrará su voto y será
enviado a los servidores de Swiss Post, donde se desencriptarán y se
mezclarán mediante un mecanismo criptográfico para anonimizarlos. Acto
seguido se procederá a contabilizarlos y desencriptarlos.
Este
proceso para anonimizar los votos se lleva a cabo mediante un esquema
de cuatro máquinas, las cuales se encargan de aplicar múltiples procesos
de cifrado y mezcla antes de enviarlos al último servidor. Este sistema
utiliza la “prueba de conocimiento cero”, con lo cual verifican que los
votes have not been tampered with and match those cast by the
voters.
In the event that this last point had
any type of failure, any attacker would be able to change the
votes without the knowledge proof detecting it.
Swiss
Post has subjected the system to various audits and although it seems that
the error was not deliberate, researchers raise questions about
why the failure was not detected in previous audits and whether other Scytl
systems are also affected.