Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of an Electronic Voting System

Published byEsteban Wallwork Modified over 9 years ago

Similar presentations

Presentation on theme: "Analysis of an Electronic Voting System"— Presentation transcript:

1 Analysis of an Electronic Voting System
TADAYOSHI KOHNO ADAM STUBBLEFIELD† AVIEL D. RUBIN‡ DAN S. WALLACH§ February 27, 2004 Presented by: Aldo Villanueva

2 Outline Palm Beach Fiasco Introducing DRE History of Diebold
Vulnerabilities of Diebold DRE Summary

3 Palm Beach Ballot Fiasco

4 Palm Beach Ballot Fiasco

5 DRE “Direct Recording Electronic”
Eliminate paper ballots from the voting process. Process: The voter arrives to the voting place and prove he’s allowed to vote there. He gets a token (PIN or smartcard). Enters the token in the voting terminal and votes for its candidate. DRE System presents the voter’s election and gives a final chance to make changes.

6 History 1995: I-Mark Systems
1997: Global Election Systems acquired I-Mark 2002: Diebold acquired GES and change the name to Diebold Election System 2006: Diebold removed its name from the voting machines for “strategic” reasons 2007: Diebold changed its name to "Premier Election Solutions"

7 Analysis of the Diebold’s AccuVote-TS DRE voting system
The source code for Diebold’s AccuVote-TS DRE voting system was analyzed. There were several vulnerabilities found.

8 Vulnerability No. 1: Smartcards
The smartcards used in the voting process are very easy to fake since they don’t perform any cryptographic operations. Attacker could: Cast multiple votes End the elections early

9 Vulnerability No. 2: Tampering
System configuration : impersonating any other voting terminal. Ballot definitions: changing the order of the candidates only in the interface Election results: modifying the voting records file stored on the device

10 Vulnerability No. 3: Impersonating legitimate voting terminals
Voting terminals are configured to upload voting totals to a system after an election. An adversary able to pose as a legitimate voting terminal to the tabulating authority could report false vote counts.

11 Vulnerability No. 4: Key management
If an attacker with access to the source code learns the key, he can read and modify voting and auditing records. In the Diebold system, from the CVS logs, we see this particular key has been used without change since December 1998.

12 Vulnerability No. 5: Linking voters to their votes
Each vote is written sequentially to the file recording the votes. It’s easy for the attacker (poll worker) to access the voting records, to link voters with their votes.

13 Vulnerability No. 6: Audit logs
The whole audit log is encrypted using an insecure method. At the time that the logging occurs, the log can also be printed to an attached printer. An attacker could create discrepancies between the printed log and the log stored on the terminal by unplugging the printer (or, by simply cutting the cable).

14

15 Other vulnerabilities
An attacker can delay the start of an election: DoS attack against the election management’s server preventing the voting terminals from acquiring their ballot definition in time. Poor software engineering: Uses C++ No documentation  Top-to-bottom code review would be nearly impossible.

16 Summary Significant security flaws:
Voters can trivially cast multiple ballots Administrative functions can be performed by regular voters Threats posed by insiders such as poll workers, software developers, etc.

17 SECURITY ANALYSIS OF THE DIEBOLD ACCUVOTE – TS VOTING MACHINE
Ariel J. Feldman J. Alex Halderman Edward W. Felten September 13, 2006 Presented by: Jiseong Noh

18 Outline Overview of Diebold AccuVote-TS Voting Machine Design Points
Boot Processes Vulnerability Points Attack Scenarios Mitigation of the vulnerabilities Conclusion

19 Diebold AccuVote-TS Manufactured by Diebold Election Systems
Sold to Election Systems & Software in 2009 DRE – Direct Recording Electronic Voting Machine Voters use machine to cast vote Machine is used to record the votes (*) 32% of the USA registered voters used DRE in 2008 About 16 Million voters used Accuvote-TS in 2010 Custom election software runs on top of Windows CE (*)

20 Design Points Serial port Processor RAM Touch Screen Smart Card Reader
Audio jack Removable Flash Printer On-board Flash EPROM Open to Public Key Access Inside Box

21 Design Points Similar to a general-purpose hand-held PC
(CPU) (RAM) Similar to a general-purpose hand-held PC A CPU, 32MB RAM, 16MB internal flash storage Touchscreen LCD display Two PC card slots – one for memory card, other for modem card OS uses a customized software Automatically runs Voting Program Searches for special files in memory card to administer or update the system Searches for script files with user confirmation (Flash)

22 Boot Process Boot loader loads itself into RAM
Boot Location determined by jumpers on the board Onboard Flash Memory (default) EPROM Ext Flash slot Boot loader looks for special file names fboot.nb0: replacement boot loader nk.bin: replacement of operating system EraseFFX.bsq: erases file system on-board flash *** Does not verify file authenticity!

23 Boot Process Windows CE image loads and start Customized task manager
Automatically runs Voting program If memory card is present and contains explorer.glb Runs windows explorer instead of voting program runs script files (. with user confirmation

24 Vulnerability Points (H/W)
Lightweight Lock: easily picked up without a key Easy Access to Memory Card

25 Vulnerability Points (H/W)
EPROM(E): Replace EPROM with malware PC Card Slot(S): Used to replace existing software with malware using Memory Card Serial Keypad Connector(O): open communication port Infrared Port(N): open communication port

26 Vulnerability Points (S/W)
Authenticity problem Never checks to validate the authenticity of files on the memory card on booting or updating software Buffer Overflow malformed script files could bypass the confirmation

27 Attack Types Stealing Votes Denial-of-Service
Malicious processes runs in parallel with voting program Change votes for a favored candidate Total count of votes does not change Denial-of-Service Destroys all records of the election Makes the voting machine inoperable

28 Delivery of Malicious Code
EPROM Attack code is placed on an EPROM chip Attacker replaces the EPROM chip and changes the jumper settings to boot from EPROM Memory card on PC Card Slot Attack code is placed on the memory card Memory card is inserted before voting machine booted Malicious boot loader containing virus is installed on the machine The machine is now infected

29 Delivery of Malicious Code
Memory card on PC Card Slot (continue)

30 Mitigation of Vulnerabilities
Modifications to DRE Software and Hardware Digitally sign all software updates Verify the signature of software updates before installing them Ask user confirmation of any software updates Use specialized hardware to maintain tamper-proof logs Physical Access Controls Sealing the machine and memory card with tamper-evident seals

31 Summary DREs are like desktop PC, in the security point of view
Diebold AccuVote-TS has many serious vulnerabilities Weak physical security Runs on general-purpose H/W and OS No way to check if an attack occurred Virus attack possible – no need for distributed attack DREs have their advantages; however, they should overcome these problems to make reliable votes

32 Bankruptcy of Diebold Papers which criticize DRE, particularly Diebold Systems 2003: Analysis of an Electronic Voting System 2004: Trusted Agent Report Diebold AccuVote-TS Voting System 2006: Security Analysis Of The Diebold AccuVote - TS Voting Machine Bad Reputation  Changed the name multiple times May 19, 2010 Dominion Voting Systems acquired Premier Elections Solutions.

33 Conclusions Voting equipment vendors say closed-source nature of the systems makes them more secure. Authors think that an open process would result better. The best solution will be a computerized voting system with ballot paper.

Download ppt "Analysis of an Electronic Voting System"

Similar presentations

Electronic Voting Systems

Electronic Voting Systems
4/25/2015 6:17 PM Lecture 2: Voting Machine Study Access Control James Hook CS 591: Introduction to Computer Security.

4/25/2015 6:17 PM Lecture 2: Voting Machine Study Access Control James Hook CS 591: Introduction to Computer Security.
Electronic Voting: Danger and Opportunity J. Alex Halderman Department of Computer Science Center for Information Technology Policy Princeton University.

Electronic Voting: Danger and Opportunity J. Alex Halderman Department of Computer Science Center for Information Technology Policy Princeton University.
ELECTION DAY ACTIVITIES. Checklist of contents of the box PCOS machine and its power adaptor Thirteen (13) rolls of official thermal paper Three (3)

ELECTION DAY ACTIVITIES. Checklist of contents of the box PCOS machine and its power adaptor Thirteen (13) rolls of official thermal paper Three (3)
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.

Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.

1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.
FINAL TESTING AND SEALING ACTIVITIES. The BEI shall check the contents of the PCOS box based on the checklist found inside the PCOS: Checklist of contents.

FINAL TESTING AND SEALING ACTIVITIES. The BEI shall check the contents of the PCOS box based on the checklist found inside the PCOS: Checklist of contents.
Voting Machine Technology Tom Trumpbour Computer Software Consultant United States.

Voting Machine Technology Tom Trumpbour Computer Software Consultant United States.
Electronic Voting Network Security 1 Edward Bigos George Duval D. Seth Hunter Katie Schroth.

Electronic Voting Network Security 1 Edward Bigos George Duval D. Seth Hunter Katie Schroth.
17-803/17-400 ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS 17-803/17-400 Electronic Voting Session 5: Direct Recording Electronic (DRE)

17-803/ ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS / Electronic Voting Session 5: Direct Recording Electronic (DRE)
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Electronic Voting Linh Nguyen. Electronic Voting  Voting Technologies  The Florida 2000 Election  Direct Recording Electronic Devices (DREs)‏ - Diebold.

Electronic Voting Linh Nguyen. Electronic Voting  Voting Technologies  The Florida 2000 Election  Direct Recording Electronic Devices (DREs)‏ - Diebold.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
17-803/17-400 ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS 17-803/17-400 Electronic Voting Session 6: The Diebold Reports Michael I.

17-803/ ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS / Electronic Voting Session 6: The Diebold Reports Michael I.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
WANs and Routers Routers. Router Description Specialized computer Like a general purpose PC, a router has:  CPU  Memory  System Bus Connecting Internal.

WANs and Routers Routers. Router Description Specialized computer Like a general purpose PC, a router has:  CPU  Memory  System Bus Connecting Internal.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Similar presentations

Ads by Google