lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <SNT111-W11AACC4D6562EC9C8B5CA9B60D0@phx.gbl>
Date: Sun, 18 Apr 2010 01:01:31 +0300
From: D V <digivoter@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Digivote replay attack



There is no integrity control for the communication between a URN external magnetic card reader
(DVDEK) and a URN PC (DVURN). As the data cable with D25 and D9 connectors connecting
DVDEK and DVURN is a standard data cable, it is possible to replace it with a similar data cable
with a hidden micro controller embedded in the connector. This hidden micro controller plays the
role of man-in-the-middle. It intercepts all communication between the URN external magnetic card
reader and the URN PC. Each time it wants to discard a vote, the micro controller replaces the data
read from the voting magnetic card with the data from a previous voting magnetic card. Otherwise
it relays the original data. Modifying the data is impossible, as this will invalidate the 8 byte MAC
signature at the end of the voting magnetic card data and thus fraud will be detected by the URN
software. But replacing the data of one vote by another previous valid vote is possible without
triggering the fraud detection systems.

One scenario for discarding votes for political party A.
To discard votes for political party A, replace the data cable by a data cable with a embedded micro
controller programmed to act like this:

    1. Act transparently (relay all data without substitution) until a voting magnetic card is inserted
       that has not been inserted in a MAV PC (this is a initialized voting magnetic card with blanc
       vote, the Usage Flag in the data indicates that this card has not been inserted in a MAV PC).
       Store the data of this blanc voting magnetic card in the memory of the micro controller, and
       relay it to the URN PC. From now on, the micro controller acts as man-in-the-middle.
    2. In man-in-the-middle mode, intercept all data. If it is the data of a voting magnetic card for
       political party A, discard the data and relay the stored blanc voting magnetic card data to the
       URN PC. Relay all other data unmodified to the URN PC.

Mitigation: certify and seal the data cables.

http://en.wikipedia.org/wiki/Electronic_voting_in_Belgium
3E054CF44706D1DF82D4BECF86C86EFB

 		 	   		  
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ