1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.

Slides:



Advertisements
Similar presentations
I Think I Voted. E-voting vs. Democracy Prof. David L. Dill Department of Computer Science Stanford University
Advertisements

Electronic Voting Systems
Lessons from Security Failures In Nontraditional Computing Environments J. Alex Halderman.
The Battle for Accountable Voting Systems Prof. David L. Dill Department of Computer Science Stanford University
Juan E. Gilbert, Ph.D. Human Centered Computing Lab Auburn University Computer Science and Software Engineering The Prime Voting System: Multimodality.
Making Sure Every Vote Counts in the Digital Era: The Need for Standards Mandating Voter-Verified Paper Ballots Sarah Rovito 2007 WISE Intern August 3,
Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.
Will Your Vote Count? Will your vote count? Voting machine choices N.C. Coalition for Verified Voting Joyce McCloy Pros and Cons of voting.
A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.
4/25/2015 6:17 PM Lecture 2: Voting Machine Study Access Control James Hook CS 591: Introduction to Computer Security.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Electronic Voting: Danger and Opportunity J. Alex Halderman Department of Computer Science Center for Information Technology Policy Princeton University.
VVPAT BY KRISTEN DUARTE & JESSICA HAWKINS. WHAT IS VVPAT? An add-on to electronic voting machines that allows voters to get a printed version of their.
Analysis of an Electronic Voting System
TGDC Meeting, Jan 2011 Evaluating risk within the context of the voting process Ann McGeehan Director of Elections Office of the Texas Secretary of State.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
Election Observer Training 2008 Elections Certification & Training Program
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Electronic Voting Network Security 1 Edward Bigos George Duval D. Seth Hunter Katie Schroth.
Kickoff Meeting „E-Voting Seminar“
Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.
17-803/ ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS / Electronic Voting Session 2: Paper Trails Michael I. Shamos,
August 6, 2007Electronic Voting Technology 2007 On Estimating the Size and Confidence of a Statistical Audit Javed A. Aslam College of Computer and Information.
Electronic Voting Linh Nguyen. Electronic Voting  Voting Technologies  The Florida 2000 Election  Direct Recording Electronic Devices (DREs)‏ - Diebold.
Voting Machines Failing the World The true issue for these electronic voting machines is that the government has not been a full out supporter of this.
Voting System Qualification How it happens and why.
TESTING THE SECRUITY OF ELECTRONIC VOTING SYSTEM Presented By: NIPUN NANDA
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Data and Applications Security Secure Electronic Voting Machines Lecture #30 Dr. Bhavani Thuraisingham The University of Texas at Dallas April 23, 2008.
Election Administration. Ensuring legitimacy of the government Legitimacy: acceptance of the right of public officials to hold office and to promulgate.
October 22, 2008 CSC 682 Security Analysis of the Diebold AccuVote – TS Voting Machine Feldman, Halderman and Felten Presented by: Ryan Lehan.
Chapter 7: The Electoral Process Section 2
1 J. Alex Halderman Legal Challenges in Security Research J. Alex Halderman Center for Information Technology Policy Department of Computer Science Princeton.
E-Voting Dissent Sara Wilson, Katie Noto, John Massie, Will Sutherland, Molly Cooper.
CIT 380: Securing Computer Systems
Digital Democracy: A look at Voting Machines Presented by Justin Dugger April 2003.
Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Nicolas Nicolaou Voting Technology Research (VoTeR) Center.
California Secretary of State Voting Systems Testing Summit November 28 & 29, 2005, Sacramento, California Remarks by Kim Alexander, President, California.
CSC 382/582: Computer SecuritySlide #1 CSC 382/582: Computer Security Voting Security.
EE515/IS523 Think Like an Adversary Lecture 8 Usability/Software Failures Yongdae Kim.
Andreas Steffen, , LinuxTag2009.ppt 1 LinuxTag 2009 Berlin Verifiable E-Voting with Open Source Prof. Dr. Andreas Steffen Hochschule für Technik.
Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005.
Electronic Voting: The 2004 Election and Beyond Prof. David L. Dill Department of Computer Science Stanford University
NIST Voting Program Activities Update February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
Objectives Analyze how the administration of elections in the United States helps make democracy work. Define the role of local precincts and polling places.
Electronic Voting Machine Insecurity Michael Plasmeier theplaz.com.
Idaho Procedures M100 OPTICAL SCAN PRECINCT TABULATOR.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Political Process 3.6 Politics and Government. E- voting Electronic voting systems for electorates have been in use since the 1960s when punched card.
Electronic Voting: Danger and Opportunity
VVPAT Building Confidence in U.S. Elections. WHAT IS VVPAT ? Voter-verifiable paper audit trail Requires the voting system to print a paper ballot containing.
Election Reform The Open Voting Consortium. Elections are important Voting is how we ultimately control.our government Many elections are decided by just.
12/9-10/2009 TGDC Meeting The VVSG Version 1.1 Overview John P. Wack National Institute of Standards and Technology
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
The VVSG 2005 Revision Overview EAC Standards Board Meeting February 26-27, 2009 John P. Wack NIST Voting Program National Institute.
Ronald L. Rivest MIT NASEM Future of Voting Meeting June 12, 2017
Evaluating risk within the context of the voting process
EVoting 23 October 2006.
E-voting …and why it’s good..
Election Audit?? What in the world?.
Improving Reliability of Direct Recording Electronic Voting Systems
Election Security Best Practices
ISI Day – 20th Anniversary
Texas Secretary of State Elections Division
Election Security Best Practices
Chapter 7: The Electoral Process Section 2
Chapter 7: The Electoral Process Section 2
Chapter 7: The Electoral Process Section 2
Chapter 7: The Electoral Process Section 2
Presentation transcript:

1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy Department of Computer Science Princeton University

2 J. Alex Halderman

3 J. Alex Halderman

4 J. Alex Halderman

5 J. Alex Halderman 2000 Recount Debacle Legislative response: Help America Vote Act Provided $3.9 billion to states to upgrade voting machines by November 2006

6 J. Alex Halderman DREs to the Rescue? Direct Recording Electronic – Store votes in internal memory

7 J. Alex Halderman DREs are Computers Bugs Rootkits Viruses Attacks

8 J. Alex Halderman

9 J. Alex Halderman

10 J. Alex Halderman Diebold’s History of Secrecy Uses NDAs to prevent states from allowing independent security audits Source code leaked in 2003, researchers at Johns Hopkins found major flaws Diebold responded with vague legal threats, personal attacks, disinformation campaign Internal s leaked in 2003 reveal poor security practices by developers Diebold tried to suppress sites with legal threats

11 J. Alex Halderman We Get a Machine (2006) Obtained legally from an anonymous private party Software is 2002 version, but certified and used in actual elections First complete, public, independent security audit of a DRE

12 J. Alex Halderman Research Goals Conduct independent security audit Confirm findings of previous researchers (Hursti, Kohno et al.) Verify threats by implementing attack demos Who wants to know? Voters, candidates, election officials, policy makers, researchers

13 J. Alex Halderman 16 MB Flash 128 KB EPROM SH3 CPU32 MB SDRAM Removable Flash Memory Card

14 J. Alex Halderman Bootloader WinCE 3.0 Kernel BallotStation (Internal Flash or EPROM) (Internal Flash)

15 J. Alex Halderman

16 J. Alex Halderman Our Findings Malicious software running on the machine can steal votes undetectably, altering all backups and logs Anyone with physical access to the machine or memory card can install malicious code in as little as one minute Malicious code can spread automatically and silently from machine to machine in the form of a voting machine virus

17 J. Alex Halderman Vulnerabilities Malicious software running on the machine can steal votes undetectably, altering all backups and logs Anyone with physical access to the machine or memory card can install malicious code in as little as one minute Malicious code can spread automatically and silently from machine to machine in the form of a voting machine virus

18 J. Alex Halderman (Video Demonstration)

19 J. Alex Halderman Correct result: George 5, Benedict 0

20 J. Alex Halderman

21 J. Alex Halderman Bootloader WinCE 3.0 Kernel BallotStationStuffer

22 J. Alex Halderman Stealing Votes Stuffer Primary Vote RecordBackup Vote RecordAudit Log (President: George) (President: Benedict) (President: George) … (President: Benedict) (President: George) …

23 J. Alex Halderman

24 J. Alex Halderman Vulnerabilities Malicious software running on the machine can steal votes undetectably, altering all backups and logs Anyone with physical access to the machine or memory card can install malicious code in as little as one minute Malicious code can spread automatically and silently from machine to machine in the form of a voting machine virus

25 J. Alex Halderman

26 J. Alex Halderman EXPLORER.GLB

27 J. Alex Halderman Bootloader WinCE 3.0 Kernel BallotStation EBOOT.NB0

28 J. Alex Halderman Bootloader WinCE 3.0 Kernel BallotStation EBOOT.NB0

29 J. Alex Halderman 128 KB EPROM Jumper Table EBOOT.NB0

30 J. Alex Halderman Weakness in Depth Manually install using Explorer Replace boot firmware Replace boot EPROM

31 J. Alex Halderman

32 J. Alex Halderman The Key

33 J. Alex Halderman

34 J. Alex Halderman Weakness in Depth Key Commonly Available Lock Easy-to-Pick Key Pictured on Web Site

35 J. Alex Halderman Tamper-Evident Seals?

36 J. Alex Halderman Vulnerabilities Malicious software running on the machine can steal votes undetectably, altering all backups and logs Anyone with physical access to the machine or memory card can install malicious code in as little as one minute Malicious code can spread automatically and silently from machine to machine in the form of a voting machine virus

37 J. Alex Halderman EBOOT.NB0 The Viral Lifecycle: Infection VIRUS.EXE 

38 J. Alex Halderman The Viral Lifecycle: Propagation EBOOT.NB0 VIRUS.EXE What if the viral firmware sees EBOOT.NB0? Hidden  Ignore it Non-hidden  Fake a firmware update

39 J. Alex Halderman Voting Machine Virus

40 J. Alex Halderman Viral Spread

41 J. Alex Halderman Are all DREs this bad?

42 J. Alex Halderman

43 J. Alex Halderman

44 J. Alex Halderman Memory Organization Diebold AccuVoteSequoia AVC Firmware Ballots Votes Ballots Votes Firmware EPROM (RO) Flash Memory (RW) NV-RAM (RW)

45 J. Alex Halderman We can do better!

46 J. Alex Halderman Why Vote Electronically? Voters prefer it Faster reporting Fewer undervotes Improved accessibility Potentially increased security*

47 J. Alex Halderman Low-Tech vs. High-Tech Paper Ballots Low-cost cheating (ballot stuffing) Small scale tampering (individual precincts) Electronic Voting High-cost cheating (viral attacks) Large scale tampering (counties or states) Leverage these complementary failure modes for greater security.

48 J. Alex Halderman Paper to the Rescue Voter-Verified Paper Audit Trails (VVPAT) DRE prints a paper ballot, voter verifies and places in a ballot box At a few random precincts, paper ballots counted to ensure machines totals are accurate If discrepancies found, paper ballots can be counted more widely

49 J. Alex Halderman Software Independence “A voting system is software-independent if an undetected change or error in its software cannot cause an undetectable change or error in an election outcome.” — Ron Rivest and John Wack DREs + VVPATs Electronic Ballot Marking systems Optical Scan systems Cryptographic schemes

50 J. Alex Halderman Proposed Legislation H.R. 811: Voter Confidence and Increased Accessibility Act (Rush Holt, D-NJ) Amends HAVA to require VVPATs –Paper ballots would be the official record –Random manual recounts in 3%+ of precincts Opens voting software and source code to public inspection Additional $300 million for states

51 J. Alex Halderman Future Work Retrofits for existing systems Improved procedural safeguards Policies for recovering from failures Hardware-assisted security Cryptographically assured voting Techniques for ballot secrecy

52 J. Alex Halderman

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.