找回密码
 立即注册
首页 区块链新闻 查看内容
  • QQ空间

麻省理工学院和哈佛大学的专家对区块链投票提出了警告

2020-11-18 21:40

 

当前的美国政治气候使本月的投票格外引人关注,COVID-19大流行使得亲自投票成为一项艰巨甚至致命的任务。虽然爱沙尼亚自2005年起就支持电子投票,但其他国家越来越倾向于探索其他解决方案,甚至包括区块链和分布式账本技术(DLT)。不过,最近由麻省理工学院(MIT)和哈佛大学(Harvard)的技术专家撰写的一份名为《从糟糕到更糟:从互联网投票到区块链投票》的研究草案提出了相反的建议。


仅就电子投票而言,这些系统被认为是极其脆弱的,例如通过系统攻击或设备开发。这是坏人修改硬件、软件或任何其他设备来访问系统或其信息的地方。在投票环境中,这些参与者可以完全控制投票系统和用户交互。攻击的执行成本非常低,而且可扩展,因此一旦开发出来,就可以多次使用。最重要的是,这些可以以几乎完全无法察觉的方式执行。


这就是人们可能认为区块链和DLT的安全功能可以解决这个问题的地方。但是区块链本身就带来了多个问题。


首先,区块链只有在每个人都同意它工作的情况下才能工作。假设有相当多的选民和矿工决定破坏这个系统。在这种情况下,他们可能会创建区块链的多个版本,使用户无法确定哪个是正确的链。


此外,区块链似乎不能无缝地遵守安全投票系统的要求,包括无记名投票和选民验证其选择的能力。


作者还指出,在被许可的区块链中,与大型公有区块链相比,中断率通常更低。服务器数量的减少增加了所有服务器都受到攻击的可能性,特别是在它们运行同一操作系统或同一软件的情况下。


另一个问题是关键管理。如果投票者丢失了他们的私钥,他们将不能投票。如果一个坏参与者获得了访问该密钥的权限,他们可以在没有人知道的情况下为用户投票。在一些例子中,加密货币用户丢失了他们的私钥,因此丢失了他们所有的加密货币。两位作者还提到了2014年的Mt Gox黑客事件,当时由于密钥管理不善,该交易所损失了价值约4.6亿美元的加密货币。


当然,用于访问基于区块链的投票系统的设备和网络基础设施,比如手机,可能会受到漏洞的影响。作者认为区块链只会产生更多的问题,比如附加的软件复杂性和bug修复的挑战。由于区块链的分散化本质,改变任何协议来解决漏洞要比集中式系统花费更多的时间和精力。


文章列举了调查结果:


“区块链并不能解决所有电子投票系统所面临的基本安全问题。

电动、在线和区块链投票系统比现有的纸质投票系统更容易出现严重故障。

向系统中添加新技术可能会产生新的攻击可能性。”


这些发现可能并不令人惊讶。麻省理工学院(MIT)的研究人员今年2月发布的一份报告指出,Voatz基于区块链的选举投票应用程序存在多个安全漏洞,允许“对手更改、停止或暴露用户的投票”。尽管如此,在今年7月,一个认证投票系统测试实验室Pro V&V对Voatz进行了认可,认为它符合投票系统联邦法律。


同月,莫斯科和下诺夫哥罗德的俄罗斯公民有机会就一项宪法修改进行电子投票,该技术基于区块链。然而,用于远程投票的门户网站最终崩溃,俄罗斯媒体报道的选民详情也被窃取。


麻省理工学院的作者们认为,电子投票本身就很容易受到严重的安全漏洞的攻击,甚至可能“破坏选举的公正性——从而破坏民主的合法性”。

 

The current American political climate has made voting particularly topical this month, with the COVID-19 pandemic making in-person voting a daunting and even deadly task. While Estonia has supported electronic voting since 2005, other nations are increasingly tempted to explore alternative solutions, even Blockchain and distributed ledger technology (DLT). However, a recent draft study titled ‘Going from Bad to Worse: From Internet Voting to Blockchain Voting’ written by technology experts from MIT and Harvard, recommends the opposite.

In regards to just electronic voting, these systems are seen as extremely vulnerable, for example through system attacks or device exploitations. This is where a bad actor modifies hardware, software, or any other equipment to access the system or its information. In a voting environment, these actors may have total control over the voting systems and user interactions. Attacks can be extremely cheap to execute and scalable, and so can be used many times once developed. Most importantly, these can be executed in an almost entirely undetectable manner.

This is where one might think the security capabilities of Blockchain and DLT could solve the problem. But Blockchain poses multiple issues on its own.

Firstly, Blockchain only works if everyone agrees to it working. Suppose a significant number of voters and miners decide to disrupt the system. In that case, they could potentially create multiple versions of a blockchain, confusing users as to which one is the correct chain.

Furthermore, Blockchain does not appear to seamlessly adhere to secure voting system requirements, including a secret ballot and the voter’s ability to verify their selection. 

The authors also point out that in permissioned blockchains, there are often fewer severs compared to large pubic blockchains. Fewer servers increase the possibility of all of them becoming compromised, ‘especially if they run on the same operating system or run the same software.’

Another issue is key management. If a voter loses their private key, they won’t be able to vote. If a bad actor gains access to that key, they can vote for the user without anyone knowing it. There are examples where cryptocurrency users lost their private keys and, therefore all their cryptocurrency. The authors also reference the 2014 Mt Gox hack, where the exchange lost around $460 million worth of cryptocurrency due to poor key management.

Then, of course, the very devices and network infrastructures used to access the blockchain-based voting system, like a mobile phone, can be subject to vulnerabilities. The authors argue that Blockchain just ends up creating more issues, such as additional software complexity and challenges with bug fixing. Due to Blockchain’s decentralized nature, changing any protocol to address vulnerabilities takes much more time and effort than centralized systems.

The articles ummarizes its findings:

  1. “Blockchain does not solve the fundamental security problems suffered by all electronic voting systems.
  2. Electric, online, and blockchain-based voting systems are more vulnerable to serious failures than available paper-ballot-based alternatives.
  3. Adding new technologies to systems may create new potential for attacks.”

These findings might not come as a surprise. MIT researchers released a report this February identifying multiple security vulnerabilities in Voatz’s blockchain-based election voting app, which would allow ‘adversaries to alter, stop, or expose a user’s vote.’ Despite this, in July this year, a certified Voting System Test Laboratory, Pro V&V, gave Voatz an endorsement in its compliance with the voting system federal law.

In the same month, Russian citizens in Moscow and Nizhny Novgorod had the opportunity to vote electronically on a constitutional change, the technology was based on Blockchain. However, the web portal for the remote voting ended up crashing, and Russian press reporting voter details had been stolen.

The MIT authors argue that electronic voting in and of itself is so inherently vulnerable to serious security flaws that it may even ‘undermine election integrity – and thereby, democratic legitimacy’.

 

来自: Ledger Insights