A team of researchers have developed a hacker-resistant device that could bring online voting to America. A prototype pin-pad device the size of a credit card, Du-Vote, reportedly allows citizens to securely vote in elections, even if their computer is completely controlled by nefarious hackers.
The technique is to divide knowledge of the user’s choice between multiple devices, each with their own unique security. A voting website contains names of candidates, but the hacker-resistant pin-pad device, which never connects to the Internet, contains a list of secret digits associated with each name.
Rather than enter the name of a candidate on a website, the user inputs a secret code from the Du-Vote. Even if a hacker completely controlled a citizen’s computer, and could change the name of a candidate entered on a website unbeknownst to the user, the malicious software wouldn’t know which digits to enter.
“In simple terms the credit card sized device helps to divide the security sensitive tasks between your computer and the device in a way that neither your computer nor the device learns how you voted,” explained University of Birmingham’s Gurchetan Grewal to me in an email.
What if a Hacker Controls the Du-Vote and the Citizen’s Computer?
The Du-Vote is protected against a variety of nightmare scenarios, including if hackers manage to infiltrate both the Du-Vote and a user’s computer.
The process includes a 100 percent hacker-proof technique: a coin flip. On the voting website, citizens are given two columns of random digits to choose from and asked to flip a coin to decide which column of digits they enter into the Du-Vote. For instance, if a coin flips heads and the citizen wants to elect Alice, she inputs all of the digits in Column A into the Du-Vote and just the top right cell of Column B “7970” (and vice versa if it lands on tails).
If a hacker managed to control the computer and the Du-Vote, the malicious software wouldn’t know the outcome of the coin flip and could end up guessing the wrong column. “That will cause the vote to be rejected,” explained co-author Mark Ryan. So, the vote gets rejected and could alert authorities to tampering.
There are already a few countries with online voting, most notably Estonia. But, Estonia has a national ID system that allows the federal government to regularly correspond with its citizens on a variety of sensitive issues. Americans are hesitant to adopt a federal national ID, making secure government interaction more difficult.
Short of adopting a national ID, the Du-Vote could be an alternative and bring us one step closer to online voting.