Catalogue Search | MBRL
Are you sure you want to remove the book from the shelf?
{{itemTitle}}
9,854
result(s) for
"Specter, Michael"
Sort by:
A systematization of voter registration security
Voter registration is an essential part of almost any election process, and its security is a critical component of election security. Yet, despite notable compromises of voter registration systems, relatively little academic work has been devoted to securing voter registration systems, compared to research on other aspects of election security. In this paper, we present a systematic treatment of voter registration system security. We propose the first rigorous definitional framework for voter registration systems, describing the entities and core functionalities inherent in most voter registration systems, the jurisdictional policies that constrain specific implementations, and key security properties. Our definitions are configurable based on jurisdiction-specific parameters and policies. We provide a template for the structured presentation of detailed jurisdictional policy information, via a series of tables, and illustrate its application with detailed case studies of the voter registration systems of three US states and Panama. Throughout our research, with the aim of realism and practical applicability, we consulted current and former US election officials, civil society, and nonprofits in the elections space. We conclude with a list of critical questions regarding voter registration security.
Journal Article
Going from bad to worse: from Internet voting to blockchain voting
Abstract
Voters are understandably concerned about election security. News reports of possible election interference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide. This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures. Online voting may seem appealing: voting from a computer or smartphone may seem convenient and accessible. However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly, given the current state of computer security, any turnout increase derived from Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero day, and denial-of-service attacks continue to be effective. This article analyzes and systematizes prior research on the security risks of online and electronic voting, and shows that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce ‘additional’ problems for voting systems. Finally, we suggest questions for critically assessing security risks of new voting system proposals.
Journal Article
Security Research for the Public Good: A Principled Approach
Recent history is littered with examples of software vendors betraying user trust, exposing the public to exploitable code, data leaks, and invasive privacy practices. Undirected security research may be insufficient for preventing such foreseeable and preventable failures, as these problems are often the result of misaligned vendor incentives rather than the technical specifics of the systems themselves.This dissertation illustrates the utility of security research that is motivated explicitly by the goal of realigning incentives of market actors toward providing better security. We find that a research approach guided by a deep understanding of the economic, regulatory, and technical attributes of the actors involved is crucial for solving important societally-relevant problems in computer security. We present three case studies in applying this vision:Our first case study considers vulnerability discovery as applied to Internet voting. We perform a security analysis of the dominant Internet voting systems used in U.S. federal elections, including those used in the 2020 U.S. presidential race. We find that, despite decades of research in cryptography and voting, all deployed systems are of simplistic design and suffer basic security and privacy problems, supporting the conclusion that the market is in failure.Our second case study involves designing cryptography to disincentivize (rather than prevent) bad behavior through the example of deniability in messaging. We find that the evolution of the email ecosystem has inadvertently resulted in most messages being nonrepudiable, incentivizing email theft and public exposure of private data. We present cryptographic constructions that solve this problem while fitting in with email’s already complicated ecosystem.Our final case study involves government requests to mandate law enforcement access to encrypted data, colloquially known as ‘backdooring’ encryption. We perform a security analysis of technical proposals to provide such government exceptional access, and find that they would cause untenable security and privacy risks.Finally, we conclude with a discussion of security research as a public good, and provide direction for future work.
Dissertation
The Economics of Cryptographic Trust: Understanding Certificate Authorities
Certificate Authorities (CAs) play a crucial role in HTTPS, the mechanism that secures all of the web's most important communication; if it has a log-in page, it must use HTTPS. However, recent history is littered with instances of CAs unabashedly undermining the trust model of the web in favor of economic gain, causing catastrophic harm to users in the process. The purpose of this thesis is to understand how well user, domain owner, and browser vendor controls function in order to evaluate methods of realigning CA incentives.Using a compendium of past incidents of CA failure as a series of natural experiments, along with a large dataset of all publicly available certificate collections, we find that it is possible to causally link a very slight increase in domain owners leaving a CA when a CA acts inappropriately. We further find that the technical architecture of the CA system leaves users without effective control over which CAs they trust, and that browsers face certain difficulty in distrusting larger CAs. The end result is a system where large CAs can unilaterally undermine the trust model of the web without clear repercussion.
Dissertation
Security and Privacy Analysis of Tile's Location Tracking Protocol
We conduct the first comprehensive security analysis of Tile, the second most popular crowd-sourced location-tracking service behind Apple's AirTags. We identify several exploitable vulnerabilities and design flaws, disproving many of the platform's claimed security and privacy guarantees: Tile's servers can persistently learn the location of all users and tags, unprivileged adversaries can track users through Bluetooth advertisements emitted by Tile's devices, and Tile's anti-theft mode is easily subverted. Despite its wide deployment -- millions of users, devices, and purpose-built hardware tags -- Tile provides no formal description of its protocol or threat model. Worse, Tile intentionally weakens its antistalking features to support an antitheft use-case and relies on a novel \"accountability\" mechanism to punish those abusing the system to stalk victims. We examine Tile's accountability mechanism, a unique feature of independent interest; no other provider attempts to guarantee accountability. While an ideal accountability mechanism may disincentivize abuse in crowd-sourced location tracking protocols, we show that Tile's implementation is subvertible and introduces new exploitable vulnerabilities. We conclude with a discussion on the need for new, formal definitions of accountability in this setting.
Paper
Uncovering Relationships between Android Developers, User Privacy, and Developer Willingness to Reduce Fingerprinting Risks
The major mobile platforms, Android and iOS, have introduced changes that restrict user tracking to improve user privacy, yet apps continue to covertly track users via device fingerprinting. We study the opportunity to improve this dynamic with a case study on mobile fingerprinting that evaluates developers' perceptions of how well platforms protect user privacy and how developers perceive platform privacy interventions. Specifically, we study developers' willingness to make changes to protect users from fingerprinting and how developers consider trade-offs between user privacy and developer effort. We do this via a survey of 246 Android developers, presented with a hypothetical Android change that protects users from fingerprinting at the cost of additional developer effort. We find developers overwhelmingly (89%) support this change, even when they anticipate significant effort, yet prefer the change be optional versus required. Surprisingly, developers who use fingerprinting are six times more likely to support the change, despite being most impacted by it. We also find developers are most concerned about compliance and enforcement. In addition, our results show that while most rank iOS above Android for protecting user privacy, this distinction significantly reduces among developers very familiar with fingerprinting. Thus there is an important opportunity for platforms and developers to collaboratively build privacy protections, and we present actionable ways platforms can facilitate this.
Paper
Cryptographic Verifiability for Voter Registration Systems
Voter registration systems are a critical - and surprisingly understudied - element of most high-stakes elections. Despite a history of targeting by adversaries, relatively little academic work has been done to increase visibility into how voter registration systems keep voters' data secure, accurate, and up to date. Enhancing transparency and verifiability could help election officials and the public detect and mitigate risks to this essential component of electoral processes worldwide. This work introduces cryptographic verifiability for voter registration systems. Based on consultation with diverse expert stakeholders that support elections systems, we precisely define the requirements for cryptographic verifiability in voter registration and systematize the practical challenges that must be overcome for near-term deployment. We then introduce VRLog, the first system to bring strong verifiability to voter registration. VRLog enables election officials to provide a transparent log that (1) allows voters to verify that their registration data has not been tampered with and (2) allows the public to monitor update patterns and database consistency. We also introduce VRLog\\(^x\\), an enhancement to VRLog that offers cryptographic privacy to voter deduplication between jurisdictions - a common maintenance task currently performed in plaintext or using trusted third parties. Our designs rely on standard, efficient cryptographic primitives, and are backward compatible with existing voter registration systems. Finally, we provide an open-source implementation of VRLog and benchmarks to demonstrate that the system is practical - capable of running on low-cost commodity hardware and scaling to support databases the size of the largest U.S. state voter registration systems.
Paper
The era of echinacea
Argues that the popularity of alternative medicine is unscientific and even dangerous. Consumers' obsession with vitamins and antioxidants is misguided; the vitamin industry is booming, but vitamins make little or no difference to health, and while a diet rich in antioxidants is associated with lower chronic disease rates, there is no evidence that supplements containing them are effective. Folic acid supplements, while of value for pregnant women, have been shown to increase the risk of prostate cancer in men; finally, ayurvedic medicine and other alternative medicines like homeopathy have not been shown to work, and in fact contain dangerous levels of toxins.
Journal Article