Abstract: When Israel’s Ministry of Internal Affairs decided to move to electronic voting, it chose to replace the traditional paper ballot with secure contactless smartcards. The system was designed around HF RFID technology to make voting stations easier to use and less prone to mechanical faults. However, in doing so the system was exposed to a powerful class of hardware-based attacks called relay attacks, which can extend the interrogation range of HF RFID tags far beyond the nominal range of 5 centimetres. We show how a low-budget adversary armed with a relay device can read out all votes already cast into the ballot box, suppress the votes of one or several voters, rewrite votes at will and even completely disqualify all votes in a single voting station. Our attacks are easy to mount, very difficult to detect, and compromise both the confidentiality and the integrity of the election system.

©2010 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.


Topic Group - Physical attacks on RFID: [IACR ePrint '09 (RFID e-Voting)] [IEEE RFID '10 (RFID e-Voting)] [Smart SysTech'12 (RFID Jamming)] [ESORICS '13 (RFID Range Extension)]