Diego F. Aranha
Associate Professor at Aarhus University
14th February 2024, 4:00pm - 5:00pm (GST)
Title: | A decade probing the Brazilian voting machine |
Abstract: | This talk summarizes several years of work analyzing the security of the voting software used in Brazilian elections by more than 140 million voters. It is mainly based on results obtained in restricted hacking challenges organized by the Superior Electoral Court (SEC), the national electoral authority. In such occasions, multiple serious vulnerabilities (hard-coded cryptographic keys and insufficient integrity checks, among others) were detected in the voting software, which when combined compromised the main security properties of the equipment, namely ballot secrecy and software integrity. We trace the history of the vulnerabilities, providing some perspective about how the system evolved and what the future may hold. As far as we know, this was the most in-depth compromise of an official large-scale voting system ever performed under such severely restricted conditions. |
Bio: | Diego F. Aranha is an Associate Professor in the Department of Computer Science at Aarhus University. His professional experience is in Cryptography and Computer Security, with a special interest in the efficient implementation of cryptographic algorithms and security analysis of real-world systems. He received the Google Latin America Research Award for research on privacy twice, and the MIT TechReview's Innovators Under 35 Brazil Award for his work in analyzing and improving the Brazilian electronic voting system. |