See my full CV or Google Scholar for more information.
Security Analysis of the Democracy Live Online Voting System
Michael A. Specter,
and J. Alex Halderman
2021
To appear, Usenix Security 2021!
Press:
The New York Times,
Ars Technica,
Ars Technica (again),
AAAS
[Abstract +]
[PDF]
Democracy Live’s OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and online voting. Three states—Delaware, West Virginia, and New Jersey—recently announced that they would allow certain voters to cast votes online using OmniBallot, but, despite the well established risks of Internet voting, the system has never before undergone a public, independent security review.
We reverse engineered the client-side portion of OmniBallot, as used in Delaware, in order to detail the system’s operation and analyze its security. We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare. In addition, Democracy Live, which had no privacy policy prior to our work, receives sensitive personally identifiable information—including the voter’s identity, ballot selections, and browser fingerprint—that could be used to target political ads or disinformation campaigns. Even when OmniBallot is used to mark ballots that will be printed and returned in the mail, the software sends the voter’s identity and ballot choices to Democracy Live, an unnecessary risk that jeopardizes the secret ballot.
We recommend changes to make the platform safer for ballot delivery and marking. However, we conclude that using OmniBallot for electronic ballot return represents a severe risk to election security and could allow attackers to alter election results without detection. In response to our findings, Delaware and New Jersey have halted use of OmniBallot, but it remains available in other jurisdictions, as do similar online voting methods that are likely to face the same serious risks.
KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures
Michael A. Specter,
Sunoo Park,
and Matthew Green
2021
To appear, Usenix Security 2021!
[Abstract +]
[PDF]
Email breaches are commonplace, and they expose a wealth of personal, business, and political data whose release may have devastating consequences. Such damage is compounded by email’s strong attributability: today, any attacker who gains access to your email can easily prove to others that the stolen messages are authentic, a property arising from a necessary anti-spam/anti-spoofing protocol called DKIM. This greatly increases attackers’ capacity to do harm by selling the stolen information to third parties, blackmail, or publicly releasing intimate or sensitive messages — all with built-in cryptographic proof of authenticity.
This paper introduces non-attributable email, which guarantees that a wide class of adversaries are unable to convince discerning third parties of the authenticity of stolen emails. We formally define non-attributability, and present two system proposals — KeyForge and TimeForge — that provably achieve non-attributability while maintaining the important spam/spoofing protections currently provided by DKIM. Finally, we implement both and evaluate their speed and band- width performance overhead. We demonstrate the practicality of KeyForge, which achieves reasonable verification overhead while signing faster and requiring 42% less bandwidth per message than DKIM’s RSA-2048.
Going from Bad to Worse: From Internet Voting to Blockchain Voting
Sunoo Park,
Michael A. Specter,
Neha Narula,
and Ronald L. Rivest
2020
In Submission
[PDF]
The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in US Federal Elections
Michael A. Specter,
James Koppel,
and Daniel Weitnzer
In 29th USENIX Security Symposium (USENIX Security 20)
2020
Acceptance Rate: 16.1%
Press:
The New York Times,
The Verge,
Vice,
Vice (again),
CNN,
Fortune,
The Economist,
FiveThirtyEight,
Commended in Senator Ron Wyden’s Keynote at DEFCON
[Abstract +]
[PDF]
In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz." Although there is no public formal description of Voatz’s security model, the company claims that election security and integrity are maintained through the use of a permissioned blockchain, biometrics, a mixnet, and hardware-backed keystorage modules on the user’s device. In this work, we present the first public security analysis of Voatz, based on a reverse engineering of their Android application and the minimal available documentation of the system. We performed a clean-room reimplementation of Voatz’s server and present an analysis of the election process as visible from the app itself.
We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot. We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality. Our findings serve as a concrete illustration of the common wisdom against Internet voting,and of the importance of transparency to the legitimacy of elections.
The PACT Protocol Specification
Ronald L. Rivest,
Jon Callas,
Ran Canetti,
Kevin Esvelt,
Daniel Kahn Gillmor,
Yael Tauman Kalai,
Anna Lysyanskaya,
Adam Norige,
Ramesh Raskar,
Adi Shamir,
Israel Shen,
Michael A. Specter,
Vanessa Teague,
Ari Trachtenberg,
Mayank Varia,
Marc Viera,
Daniel Weitzner,
John Wilkinson,
and Marc Zissman
2020
[Abstract +]
[PDF]
We describe here the PACT (Private Automated Contact Tracing) protocol, a simple, decentralized approach to using smartphones for contact tracing based on Bluetooth proximity. Users of this scheme do not reveal anything about themselves, unless they volunteer to do so.In particular, users can volunteer to donate their private data to a (trusted) health authority, whocan then use this data to further control the spread of the virus, but this is discretionary to the users.
The Economics of Cryptographic Trust: Understanding Certificate Authorities
Michael Alan Specter,
2016
Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications
Harold Abelson,
Ross Anderson,
Steven M. Bellovin,
Josh Benaloh,
Matt Blaze,
Whitfield Diffie,
John Gilmore,
Matthew Green,
Susan Landau,
Peter G. Neumann,
Ronald L. Rivest,
Jeffrey I Schiller,
Bruce Schneier,
Michael A. Specter,
and Daniel J. Weitzner
Journal of Cybersecurity
2015
Published in: Oxford University Press, and the Communications of the ACM
Names listed alphabetically.
Press:
The New York Times,
TechCrunch,
Ars Technica,
MIT Technology Review,
Cited by Congresswoman Anna Eshoo & Senator Ron Wyden,
[Abstract +]
[PDF]
Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels "going dark," these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates.
We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse "forward secrecy" design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated,hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.
Security Analysis of Wearable Fitness Devices (Fitbit)
Britt Cyr,
Webb Horn,
Daniela Miao,
and Michael A. Specter
Massachusetts Institute of Technology
2014
Explaining Explanations: An Overview of Interpretability of Machine Learning
Leilani H. Gilpin,
David Bau,
Ben Z. Yuan,
Ayesha Bajwa,
Michael A. Specter,
and Lalana Kagal
In 2018 IEEE 5th International Conference on data science and advanced analytics (DSAA)
Acceptance Rate: 20%