On Fingerprinting Attacks and Length-Hiding Encryption

Gellert, Kai; Jager, Tibor; Lyu, Lin; Neuschulten, Tom

doi:10.1007/978-3-030-95312-6_15

Cited by 3 publications

(2 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We used several methods to learn about Simply Voting's application configuration. We performed an SSL test 6 to determine their supported and preferred encryption methods and analyzed the server headers sent to us while interacting with the demo application. We were able to determine the following relevant information about their server configuration:…”

Section: Technical Implementation Of the Server Applicationmentioning

confidence: 99%

See 1 more Smart Citation

Review Your Choices: When Confirmation Pages Break Ballot Secrecy in Online Elections

2022

View full text Add to dashboard Cite

Online voting systems typically display a confirmation screen allowing voters to confirm their selections before casting. This paper considers whether a network-based observer can extract information about voter selections from the length of the exchanged network data.We conducted a detailed analysis of the Simply Voting implementation, which had randomly varying lengths of exchanged data due to dynamic page content and gzip compression. We demonstrated that we could correctly guess a voter’s selection with accuracy values ranging up to 100% in some instances. Even on more complex ballots, we generally could still rule out some combinations of candidates. We conducted a coordinated disclosure with the vendor and worked with them to roll out a mitigation.To their credit, this discovery (and therefore its fix) was made possible by their willingness to provide a publicly accessible demo, which, as we will show, remains a rarity in the industry.

show abstract

Section: Technical Implementation Of the Server Applicationmentioning

confidence: 99%

“…Much discussion exists on the mitigation of length-based fingerprinting attacks, including adding padding to ensure the response is always of a fixed length. Gellert et al describe such as scheme as "perfect length-hiding padding", but also outline major performance tradeoffs [6].…”

Section: Fixed-length Responsesmentioning

confidence: 99%