Abstract
Online elections make a natural target for distributed denial of service attacks. Election agencies wary of disruptions to voting may procure DDoS protection services from a cloud provider. However, current DDoS detection and mitigation methods come at the cost of significantly increased trust in the cloud provider. In this paper we examine the security implications of denial-of-service prevention in the context of the 2017 state election in Western Australia, revealing a complex interaction between actors and infrastructure extending far beyond its borders. Based on the publicly observable properties of this deployment, we outline several attack scenarios including one that could allow a nation state to acquire the credentials necessary to man-in-the-middle a foreign election in the context of an unrelated domestic law enforcement or national security operation, and we argue that a fundamental tension currently exists between trust and availability in online elections.
Cite
CITATION STYLE
Culnane, C., Eldridge, M., Essex, A., & Teague, V. (2017). Trust implications of DDoS protection in online elections. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10615 LNCS, pp. 127–145). Springer Verlag. https://doi.org/10.1007/978-3-319-68687-5_8
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
