The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election

  • J. Alex Halderman
  • Vanessa TeagueEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9269)


In the world’s largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community.


Vote System State Election Interactive Voice Response System Registration Server Legislative Council 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors thank David Adrian, Ed Felten, Rajeev Goré, Nadia Heninger, Harri Hursti, and Liz Minchin for assistance during this project. For their support and encouragement after we made our results public, we would also like to thank the tremendous community of election integrity scholars and advocates, including but not limited to: Duncan Buell, David Dill, Joseph Hall, Candice Hoke, David Jefferson, Noel Runyan, Ronald Rivest, Barbara Simons and Pamela Smith. This material is based in part upon work supported by the U.S. National Science Foundation under grants CNS-1345254 and CNS-1409505, and by the Morris Wellman Faculty Development Assistant Professorship.


  1. 1.
    ABC News. Computer voting may feature in March NSW election, February 2015.
  2. 2.
    Abendan, O.: How DNS changer Trojans direct users to threats. In: Trend Micro Threat Encyclopedia (2012)Google Scholar
  3. 3.
    Adida, B.: Helios: web-based open-audit voting. In: 17th USENIX Security Symposium, August 2008.
  4. 4.
    Adida, B., De Marneffe, O., Pereira, O., Quisquater, J.-J.: Electing a university president using open-audit voting: analysis of real-world use of Helios. In: Electronic Voting Technology Workshop (EVT) (2009)Google Scholar
  5. 5.
    Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J.A., Heninger, N., Springall, D., Thomé, E., Valenta, L., VanderSloot, B., Wustrow, E., Zanella-Béguelin, S., Zimmermann, P.: Imperfect forward secrecy: how Diffie-Hellman fails in practice, May 2015.
  6. 6.
    Ballani, H., Francis, P., Zhang, X.: A study of prefix hijacking and interception in the Internet. In: Proceedings of ACM SIGCOMM, August 2007Google Scholar
  7. 7.
    Bell, S., Benaloh, J., Byrne, M.D., DeBeauvoir, D., Eakin, B., Fisher, G., Kortum, P., McBurnett, N., Montoya, J., Parker, M., et al.: Star-vote: a secure, transparent, auditable, and reliable voting system. USENIX J. Election Technol. Syst. 1(1), 18–37 (2013)Google Scholar
  8. 8.
    Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zinzindohoue, J.K.: A messy state of the union: taming the composite state machines of TLS. In: 36th IEEE Symposium on Security and Privacy (2015)Google Scholar
  9. 9.
    Bilodeau, O., Dupuy, T.: Dissecting Linux/Moose: the analysis of a Linux router-based worm hungry for social networks, May 2015.
  10. 10.
    Carback, R., Chaum, D., Clark, J., Conway, J., Essex, A., Herrnson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E. et al.: Scantegrity II municipal election at Takoma Park: the first E2E binding governmental election with ballot privacy. In: Proceedings of the 19th USENIX Security Symposium (2010)Google Scholar
  11. 11.
    Culnane, C., Ryan, P.Y.A., Schneider, S., Teague, V.: vVote: A verifiable voting system. ACM Transactions on Information and System Security. To appear. Technical report at
  12. 12.
    Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: Tracking the FREAK attack.
  13. 13.
    Estonian Internet Voting Committee. Statistics about Internet voting in Estonia, May 2014.
  14. 14.
    Gjøsteen, K.: The Norwegian Internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) VoteID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  15. 15.
    Hastings, N., Peralta, R., Popoveniuc, S., Regenscheid, A.: Security considerations for remote electronic UOCAVA voting. National Institute of Standards and Technology, NISTIR 7770, February 2011.
  16. 16.
    Heninger, N.: Factoring as a service. Crypto 2013 rump session.
  17. 17.
    Kaminsky, D.: It’s the end of the cache as we know it. In: Toorcon (2008)Google Scholar
  18. 18.
    Kusters, R., Truderung, T., Vogt, A.: Clash attacks on the verifiability of e-voting systems. In: 33rd IEEE Symposium on Security and Privacy, pp. 395–409 (2012)Google Scholar
  19. 19.
    Marlinspike, M.: New tricks for defeating SSL in practice. Black Hat (2009).
  20. 20.
    McKay, R.: Flaws in iVote’s re-vote process which attempts to defeat coercers. BigPulse
  21. 21.
    NSW Electoral Commission. legislative council–final distribution of preferences (2015).
  22. 22.
    NSW Electoral Commission. Index of iVote reports.
  23. 23.
  24. 24.
    NSW Electoral Commission. iVote system security implementation statement, March 2015.
  25. 25.
    Räisänen, O.: The bank deal.
  26. 26.
    Ryan, P.Y.A., Teague, V.: Pretty good democracy. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 111–130. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  27. 27.
    Segaard, B., Christensen, D.A., Folkestad, B., Saglie, J.: Internettvalg: hva gjør og mener velgerne? (2014).
  28. 28.
    Springall, D., Finkenauer, T., Durumeric, Z., Kitcat, J., Hursti, H., MacAlpine, M., Halderman, J.A.: Security analysis of the Estonian internet voting system. In: ACM Conference on Computer and Communications Security (CCS), November 2014Google Scholar
  29. 29.
    Teague, V., Halderman, J.A.: Security flaw in New South Wales puts thousands of online votes at risk. Freedom to Tinker blog post, 22 March 2015.
  30. 30.
    Victorian Electoral Commission. Report to Parliament on the 2010 Victorian State election; Section 11: Statistical overview of the election (2011).
  31. 31.
    Wolchok, S., Wustrow, E., Isabel, D., Halderman, J.A.: Attacking the Washington, D.C. Internet voting system. In: 16th International Conference on Financial Cryptography and Data Security (FC), February 2012Google Scholar
  32. 32.
    Zagórski, F., Carback, R.T., Chaum, D., Clark, J., Essex, A., Vora, P.L.: Remotegrity: design and use of an end-to-end verifiable remote voting system. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 441–457. Springer, Heidelberg (2013) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.University of MichiganAnn ArborUSA
  2. 2.University of MelbourneMelbourneAustralia

Personalised recommendations