Security analysis of the Australian Capital Territory's eVACS 2020/2024   paperless direct recording electronic voting system

Chris Culnane; Andrew Conway; Vanessa Teague; Ty Wilson-Brown

arXiv:2409.13570·cs.CR·September 23, 2024

Security analysis of the Australian Capital Territory's eVACS 2020/2024 paperless direct recording electronic voting system

Chris Culnane, Andrew Conway, Vanessa Teague, Ty Wilson-Brown

PDF

Open Access

TL;DR

This paper analyzes the security of Australia's eVACS electronic voting system, revealing cryptographic errors in its dependencies, and discusses the implications for election integrity and security.

Contribution

It identifies and discloses cryptographic vulnerabilities in the eVACS system's underlying libraries, highlighting the importance of security audits in electronic voting systems.

Findings

01

Cryptographic errors found in Ada Web Services Library used by eVACS

02

Disclosed vulnerabilities to AdaCore and electoral authorities

03

Implications for election security and trust in electronic voting

Abstract

This report describes the implications for eVACS of two cryptographic errors in the Ada Web Services Library that it depends on. We identified these errors in the course of examining and testing the 2024 eVACS code, which was made publicly available in March 2024. We disclosed the problems to AdaCore, and explained the implications at the time to the relevant electoral authorities.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsInternet Traffic Analysis and Secure E-voting · Privacy, Security, and Data Protection