diff --git a/c/a5fdb7f1-6cec-4c6a-9534-a4b0559075b0.html b/c/a5fdb7f1-6cec-4c6a-9534-a4b0559075b0.html new file mode 100644 index 0000000..1a76361 --- /dev/null +++ b/c/a5fdb7f1-6cec-4c6a-9534-a4b0559075b0.html @@ -0,0 +1,119 @@ + +
+ + + + + + + + + + + + + + + + +I am writing a scientific paper on information security during online voting. I will provide you with paragraphs of text. Your task is to improve the writing and point out any inaccuracies if applicable. This section is about Attacks and their countermeasures +### FIRST PARAGRAPH ### +Attacks and their countermeasures + +In this section we will explore some attacks and how our model prevents these attacks. We assume a basic understanding of most well-known attacks. + +Eavesdropping + +By only eavesdropping on the network, you won’t get very far. The connection from client to intermediary is encrypted by TLS v1.3, but the voting data it is carrying is also encrypted with the public key of the backend server. The connection between the intermediary and the backend server does not tell us a lot, because the identity is removed by the intermediary. The only thing we can read is the encrypted voting data. However, Ccertain vulnerabilities can arise if eavesdropping is combined with other methods. Those vulnerabilities, this will be further discussed in the ‘Limitations and vulnerabilities’ section.
Next subsection ### +Traffic analysis + +Using traffic analysis alone is not enough to determine anything valuable. You could potentially know who voted based on the traffic between the client and the intermediary, but not what they voted. By analyzing the traffic between the intermediary and the backend, or the intermediary and the authentication server, you could determine the locations IP addresses of these servers. These servers have their own (services and) security systems in place to protect them. Security could be further enhanced by using Privacy-Enhanced Technologies (PETs) to allow for Traffic-flow confidentiality.
Next paragraph ### +The user needs to authenticate using its e-ID or the Iitsme® service, so when implemented correctly the security will depend on the respective service. All the packets received at the intermediary are signed by the authenticated user and will be checked. + +There are still some issues left but those will be discussed in the next section.
Write the last sentence which says that there will be a discussion about the existing vulerabilities in our system.
Replay + +Users can only vote once and the second and following votes will be ignored. Replaying will just be ignored and would only increase the traffic flow to the intermediary. Replaying packets from the intermediary to the backend has its issues which are further discussed at the next chaptersection.
Distributed Denial of Service (DDoS) + +Different systems can be put into place to prevent a DDoS attack. These systems need to be set up for the intermediary and the backend servers. Apart from using high bandwidth servers we could use different filtering and limiting techniques, caching, etc. SEE >> This is more of a server maintenance task than a real security problem. SUGGESTION >> The availability of the system and protection against DDOS attacks could/should be considered independently of the voting aspect. Existing techniques can be used.
Sybil attack + +The Sybil attack (Sybill, Wikipedia) is an attack where the attacker creates many pseudo-identities to gain a large influence in the reputation system. This attack is not feasible since every identity needs an e-ID or Itsme account, which is linked to an official, registered ID-card.