Scytl security protocols ensure clients are unaffected by Poodle bug

Scytl, the worldwide leader in secure online voting and election modernization today announced that its end-to-end security protocols and encryption ensure that none of its online voting implementations are affected by the exposed vulnerability in SSL or attacks similar to the Poodle bug.

Unlike other online voting technology solutions, Scytl does not rely solely on communication channel security or channel encryption (SSL encryption) but instead, implements full and in depth end-to-end encryption and security protocols. The Poodle bug enables hackers in a man-in-the-middle scenario to decrypt the SSL communication channel when using SSL 3.0, as well as trick the server and the browser to enforce SSL 3.0, the version that has been compromised.

Why the Poodle bug does not affect Scytl Online Voting implementations:

• With Scytl Online Voting solutions, votes are encrypted on the client device where the voting takes place. The moment before the vote leaves the client device it is both encrypted and digitally signed. The transmission of the vote in its encrypted and digitally signed format keeps it secure from being “eavesdropped” in case of any attack on the communication channel. This, unfortunately, is not the case with other online voting technology where the vote is not encrypted before being sent through the SSL channel, leaving it open with full details on voting options, related user id´s or passwords, and vulnerable to communication channel attacks, such as the Poodle bug.
• The authentication mechanisms implemented by Scytl are based on key roaming and passwords used to open key containers, passwords that are never sent through the network, and do not use session cookies – most common targets for Poodle bug attacks – like other Internet voting platforms. This ensures it is not possible to capture passwords if for whatever reason the SSL communication channel encryption is compromised.
• As an additional security measure, Scytl is disabling SSL 3.0 on its voting servers, an SSL protocol that is more than 15 years old. This could affect voters who are using out dated versions of various browsers (such as Internet Explorer 6.0 and Opera 4.0), and not allow them to connect to their voting platform. A moot point as these outdate versions are not only not supported by their respective internet browser providers but by the online voting platforms implemented by clients. In addition, the main internet browser vendors are updating their browser protocols do disable the use of SSL 3.0.

Electoral commissions, governing bodies and private organizations looking for secure, private and auditable online voting, need to ensure that their elections are free from vulnerability from attacks such as the Poodle bug with proven end-to-end security protocols and encryption be it voter side or server side.

About Scytl

Scytl is the global leader in secure election management and electronic voting solutions. Specializing in election modernization technologies, Scytl offers the first end-to-end election management and voting platform, providing the highest security and transparency standards currently available. Scytl has capitalized on its more than 18 years of research to develop election-specific cryptographic security technology protected by more than 40 international patents and patent applications, positioning Scytl as the company with the largest patent portfolio of the industry.

Scytl’s solutions have been successfully used in over 35 countries across the globe over the last 10 years, including Canada, the United States, Mexico, Ecuador, France, Norway, Switzerland, Bosnia-Herzegovina, the UAE, India, Iceland and Australia. Scytl is headquartered in Barcelona, Spain with strategic offices the United States, Canada, Brazil, Peru and Greece as well as field offices in the UK, Ukraine, Mexico, Malaysia, India, Bangladesh and Australia. For more information, visit www.scytl.com