Printers may leak the printed information through side-channels: a verifiable electronic voting glitch ?

Filipe Rosado da-Fonseca

Abstract: Printers have their efficiency enhanced by being programmed not to move their print head to locations of the paper's printing area where information is not printed. Owing to this, relations can be established between the path that the print head takes to print some document (printing path) and the printed information. If the attacker is capable of acquiring the data that characterizes the printing path, for instance, through side-channels, then the latter relations may be very valuable into helping him into guessing the printed information. For this attack to be feasible, the printed information must be characterized by an unique printing path. This is, the printing path taken by each one of the possible values that are printed by the protocol to attack must be distinguishable from the other ones. A protocol in which this requirement is verified is the electronic election's protocol, in case Paper Verifiable Audit Trails (PVATs) are used. Successfully attacking this protocol opens the door to vote coercion, intimidation, and vote selling. To make this alert sound, examples of this attack are shown here. To prevent it, some countermeasures are proposed here.

Keywords: Electronic elections, electronic voting machine, paper ballot, paper verifiable audit trail, side-channels, sound analysis, power analysis, optical analysis, electromagnetic analysis, printers.


Notes: 1 - This paper is mentioned on the "The 4th Annual Year on Ideas" of the "The New York Times Magazine", December 12, 2004 (see the article "Acoustic Keyboard Eavesdropping" of the above described magazine).

You are here: