J. Alex Halderman

Recent attacks against elections in the U.S. and Europe demonstrate that nation-state attackers are becoming more aggressive, even as campaigning and voting are becoming increasingly reliant on computers. How much has changed since 2016, when the U.S. experienced unprecedented attacks on its election infrastructure? What has to happen to ensure that the 2020 presidential election is secure? In this talk, I'll give a progress report on election security in the U.S. and around the world, informed by results from my own research and my work with legislators and election officials over the past two years. I'll also hold a mock election with a current U.S. voting machine to demonstrate how cyberattacks on election infrastructure could potentially change the results of national elections. Finally, I'll explain what everyone can do to get involved and help safeguard the foundations of democracy.

Strengthening election cybersecurity is essential for safeguarding democracy. For over 15 years, I and other computer scientists have been warning about the vulnerable state of election security, but attacks against recent elections in the U.S. and Europe demonstrate that sophisticated attackers are becoming more aggressive, even as campaigning and voting become increasingly reliant on computers. Since 2016, I’ve been working with election officials and members of congress to strengthen election cybersecurity. In this talk, I’ll give a progress report about what’s happened since then and what still needs to happen to secure future elections. While many U.S. states have made progress at securing some aspects of their election infrastructure, and Congress provided $380M in new funding to the strengthen elections, significant vulnerabilities remain that put the integrity of future elections at risk. To demonstrate the ongoing threat, I’ll hold a mock election on stage with a real U.S. voting machine still used in 18 states, and show how remote attacks could potentially affect the outcome of a close national contest. Finally, I’ll explain how defenses developed by researchers over the past decade could provide practical and cost-effective safeguards. Unfortunately, they have yet to be widely deployed due to a lack of resources and political leadership. I’ll describe legislative efforts in the U.S. and other countries that could, if successful, go a long way to making elections secure. I’ll also explain what technologists and other concerned humans can do to help secure elections at all levels.

The 2016 U.S. presidential election was preceded by unprecedented cyberattacks and produced a result that surprised many people in the U.S. and abroad. Was it hacked? To find out, we teamed up with scientists and lawyers from around the country—and a presidential candidate—to initiate the first presidential election recounts motivated primarily by e-voting security concerns. In this talk, we will explain how the recounts took place, what we learned about the integrity of the election, and what needs to change to ensure that future U.S. elections are secure.

Other people: Matt Bernhard

Earlier this year, we discovered that Diffie-Hellman key exchange – cornerstone of modern cryptography – is less secure in practice than the security community believed. In this talk, we’ll explain how the NSA is likely exploiting this weakness to allow it to decrypt connections to at least 20% of HTTPS websites, 25% of SSH servers, and 66% of IPsec VPNs.

Unlike the NSA, most of us don’t have a billion-dollar budget, but thanks to 1990s-era U.S. crypto backdoors, even attackers with much more modest resources can break the crypto for a sizable fraction of web sites. We’ll explain these flaws and how to defend yourself, and we’ll demonstrate how you too can experiment with Diffie-Hellman cryptanalysis from the comfort of your local hacker space. Diffie-Hellman key exchange lets two parties negotiate a shared secret key in the presence of an eavesdropper who can see every message they exchange. This bit of cryptographic magic underlies the security of the Internet, from TLS to SSH, IPsec, Tor, OTR, and beyond. Diffie-Hellman is widely believed to offer „perfect forward secrecy“ – after you’re done communicating, you can „forget" your secret key and not even the NSA can later reconstruct it. In recent years, this property led to the security community (us included!) promoting Diffie-Hellman over other crypto techniques as a defense against mass surveillance. We were wrong. We’re really sorry. In this talk, we’ll explain how a confluence of number theory, lazy implementations, and aging protocols has created a world where anyone willing to spend a few hundred million dollars is likely able to passively decrypt a huge fraction of Internet traffic. We’ll then go back for a close reading of the Snowden documents that were published at 31C3 and show how such a cryptanalytic exploit lines up exactly with several of the NSA’s most powerful known decryption capabilities. For those who prefer a more hands-on approach, we’ll tell you how you too can experiment with breaking Diffie-Hellman for the „export-grade“ 512-bit key sizes that were mandated in the 1990s by U.S. crypto regulations. About 8% of popular HTTPS sites still support these weakened keys for use with legacy browsers, but we discovered a TLS protocol flaw, which we named the Logjam attack, that allowed a man-in-the-middle to trick all modern browsers into accepting them. We’re pretty sure your browser has shipped a security update to fix this by now... We’ll conclude the talk by discussing what went wrong with communication between mathematical cryptographers and security practitioners, how we can prevent this from happening again, and what flavors of cryptography you should really be using to defend yourself. (Hint: It starts with „elliptic“ and ends with „curve“.)

Other people: Nadia Heninger

Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections — up to 30% of all voters cast their ballots online. This makes the security of Estonia's Internet voting system of interest to technologists and citizens the world over. Over the past year, I helped lead the first rigorous, independent security evaluation of the system, based on election observation, code review, and laboratory testing. The findings are alarming: there are staggering gaps in Estonia's procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers. Our investigation confirmed the viability of these attacks in the lab, but the Estonian government has chosen to downplay them. We urgently recommend that Estonia discontinue use of the system before the country suffers a major attack.

When Estonia introduced its online voting system in 2005, it became the first country to offer Internet voting nationally. Today, people around the world look to Estonia's example, and some wonder why they can't vote online too. Nevertheless, the system remains controversial. While many Estonians view Internet voting as a source of national pride, one major political party has repeatedly called for it to be abandoned. Over the past year, I took part in the first rigorous and fully independent security analysis of the Estonian Internet voting system. My team observed operations during the October 2013 and May 2014 elections, conducted interviews with the system developers and election officials, assessed the software through source code review and reverse engineering, and performed tests on a reproduction of the complete system in our lab. The threats facing national elections have shifted significantly since the Estonian system was designed more than a decade ago. State-level cyberattacks, once a largely hypothetical threat, has become a well documented reality, and attacks by foreign states are now a credible threat to a national online voting system. To test the feasibility of such attacks, we reproduced the I-voting system and played the role of a sophisticated attacker during a mock election. We developed client-side attacks that silently steal votes on voters' own computers We also demonstrated server-side attacks that target introduce malware into the vote counting server, allowing a foreign power or dishonest insider to shifting results in favor of their preferred candidate. These risks are even more serious because of deviations from procedure and serious lapses in operational security that we observed during real elections. Election workers downloaded security-critical software over unsecured Internet connections, typed server root passwords in full view of observers and public video cameras, and prepared election software for distribution to the public on insecure personal computers, among other examples. These actions indicate a dangerously inadequate level of professionalism in security administration that leaves the whole system open to attack and manipulation. When we made our study public in Estonia, government responses ranged from dismissive to absurd. Officials discounted them, and the President and Prime Minister insinuated that we had been bought off by a rival political party. We hope that the country can separate technical reality from politics in time to avert a major attack. For other countries that are considering adopting Internet voting, we hope that the weaknesses of the Estonian system can be an important cautionary lesson.

Internet-wide network scanning has powerful security applications, including exposing new vulnerabilities, tracking their mitigation, and exposing hidden services. Unfortunately, probing the entire public address space with standard tools like Nmap requires either months of time or large clusters of machines. In this talk, I'll demonstrate ZMap, an open-source network scanner developed by my research group that is designed from the ground up to perform Internet-wide scans efficiently. We've used ZMap with a gigabit Ethernet uplink to survey the entire IPv4 address space in under 45 minutes from a single machine, more than 1300 times faster than Nmap. I'll explain how ZMap's architecture enables such high performance. We'll then work through a series of practical examples that explore the security applications of very fast Internet-scale scanning, both offensive and defensive. I'll talk about results and experiences from conducting more than 300 Internet-wide scans over the past 18 months, including new revelations about the state of the HTTPS CA ecosystem. I'll discuss the reactions our scans have generated--on one occasion we were mistaken for an Iranian attack against U.S. banks and we received a visit from the FBI--and I'll suggest guidelines and best practices for good Internet citizenship while scanning.

Internet-scale network surveys collect data by probing large subsets of the public IP address space. While such scanning behavior is often associated with botnets and worms, it also has proved to be a powerful methodology for security research. Recent studies, beginning with the EFF's SSL Observatory, have demonstrated that Internet-wide scanning can help reveal new kinds of vulnerabilities, monitor deployment of mitigations, and shed light on previously opaque distributed ecosystems. Unfortunately, this methodology has been more accessible to attackers than to researchers without access to botnets or willingness to spread self-replicating code. Comprehensively scanning the public address space with off-the-shelf tools like Nmap requires weeks of time or many machines. To make Internet-wide scanning more accessible, my research team recently introduced ZMap, an open-source network scanner that is designed from the ground up to perform Internet-scale port scans. In our tests using a gigabit Ethernet uplink, ZMap scans the entire IPv4 address space in under 45 minutes from a single machine, more than 1300 times faster than Nmap. By the time of the talk, we'll have switched to a 10 gigE uplink, which should theoretically support scanning the entire address space in under 5 minutes. I'll explain how ZMap's architecture enables such high performance by taking advantage of fast modern hardware and recent improvements to the Linux kernel. We'll work through a series of practical examples that explore the security applications of very fast Internet-scale scanning, both offensive and defensive, and I'll share experiences from conducting more than 300 Internet-wide scans over the past 18 months, totaling well over 1 trillion probes. I'll describe how we completed hundreds of scans targeting every public HTTPS server (each scan larger than the entire SSL Observatory) in order to shed light on the growth of HTTPS deployments and expose security problems within the HTTPS ecosystem, such as misissued CA certs and widespread server misconfiguration. I'll show how high-speed scanning can be used to expose vulnerable hosts, using IPMI and UPnP vulnerabilities as recent examples. Malicious attackers could abuse this capability to exploit 0day vulnerabilities affecting millions of hosts within hours of a problem's discovery, and better defenses are badly needed. Finally, I'll discuss applications to Internet freedom, including discovering unadvertised services such as hidden Tor bridges (used for censorship resistance) and Bluecoat devices (used for state-sponsored censorship). High-speed scanning can be a powerful tool in the hands of security researchers, but users must be careful not to cause harm by inadvertently overloading networks or causing unnecessary work for network administrators. I'll discuss the complaints and other reactions my group's scanning has generated--on one occasion we were mistaken for an Iranian DoS attack on U.S. banks, and we received a visit from the FBI--and I'll suggest several guidelines and best practices for good Internet citizenship while scanning. We are living in a unique period in the history of the Internet: widely available networks are becoming fast enough to quickly and exhaustively scan the IPv4 address space, yet IPv6 (with its much larger address space) has not yet been widely deployed. I hope this talk will help researchers make the most of this window of opportunity.