Presentation is loading. Please wait.

Presentation is loading. Please wait.

Voting Machine Technology Tom Trumpbour Computer Software Consultant United States.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Voting Machine Technology Tom Trumpbour Computer Software Consultant United States."— Presentation transcript:

1 Voting Machine Technology Tom Trumpbour Computer Software Consultant United States

2 History of Voting Machines Uniform Paper Ballots Voters make choices in private by marking boxes, then dropping ballot in sealed box First uniform paper ballots were used in Victoria Australia in 1856. Were used in the US for the first time in the State of New York in 1889. Currently less than 2 percent of voting in the US

3 History of Voting Machines Mechanical Lever Machines Lever closes privacy curtain which initializes for voter; horizontal levers are turned which are finalized when opening privacy curtain with lever. Counts with dials which move 1/10 th for each digit. First used in Lockport, New York in 1892 Every major US city used by 1930’s Over half of US votes by 1960’s; now 20%

4 History of Voting Machines Punchcards Voters punch holes in cards which are put in ballot box and later computer tabulated at precinct. First used in Georgia in 1964 Two types: votematic (names correspond to numbers) and datavote (names next to holes to be punched) In 1996 used by estimated 37 percent of US

5 History of Voting Machines Optical Scan Much like tests taken with number 2 pencils where one blackens the choice and is later tabulated by a machine Began use in the early 1980’s but exact origin unknown Used by about 24 percent of US by late 1990’s

6 History of Voting Machines Direct Recording Electronic (DRE) Like lever machines, most do not currently rely on paper. End user touches screen or push buttons. Stores results to memory, disk or smart card. Began use in the 1970’s By late 1990’s used by about 8 percent of the US. Today over 25 percent. Bulk of this talk will concentrate on DRE’s

7 Voting Machine Reliability Statistics Residual vote for machines from 1988-2000 Optically Scanned1.3% Lever Machines1.4% Paper Ballots1.5% Punch Card2.5% DRE2.7%

8 Diebold Code on Public FTP Site Code was discovered on Diebold’s ftp site January 2003 While Diebold officials seemed un- concerned about proprietary code on the Internet, they took it off upon discovery Diebold has not taken action about mirrored code available publicly

9 Code Highlights The code is for the terminal voting machines, AccuVote-TS and not the GEMS back-end management system Code was written in C++, which if not in tight control, is vulnerable to buffer overflow attacks The terminals are configured under several Microsoft Windows environments (i.e. 95)

10 Design Summary The ballot is configured and stored to a file which can be installed by removable media or via an outside connection System is initialized and voters vote with smart cards, to be reset after voting Ender or administrator smart card gives ok to send results to be tallied at GEMS

11 Vulnerabilities CE mounting drive as directory-take out drive and just create directory One can program a smart card-as multiple voters or for administrative functions Encryption not used or used properly. Reporting to GEMS does not use any encryption

12 Vulnerabilities Phone lines, Internet, wireless all ways for man-in-the-middle attacks No change control process to prevent coders from adding malicious code Two methods for DoS attacks: Admin or ender card and ballot definition from remote Pin numbers are unprotected, stored on card Password and key are hard coded in source

13 Vulnerabilities Fail back to use manufacturer’s default password on smart card Configuration is done in the clear within the registry; i.e. terminal serial and COM port Candidate order on ballot matters The database is MS Access; not very robust like SQL Server or Oracle Database design lacks referential integrity

14 Vulnerabilities Code Samples SMC_ERROR CCLXSmartCard::Open(CCardReader* pReader) {... [removed code]... // Now initiate access to the card // If failed to access the file then have unknown card if (SelectFile(0x3d40) != SMC_OK) st = SMC_UNKNOWNCARD; // Else if our password works then all done else if (Verify(0x80, 8, {0xed, 0x0a, 0xed, 0x0a, 0xed, 0x0a, 0xed, 0x0a}) == SMC_OK) st = SMC_OK; // Else if manufactures password works then try to change password else if(Verify(0x80, 8, {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}) == SMC_OK) { st = ChangeCode(8, {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}, 8, {0xed, 0x0a, 0xed, 0x0a, 0xed, 0x0a, 0xed, 0x0a}); // Else have a bad card } else st = SMC_BADCARD; return st; }

15 Vulnerabilities Code Samples Audit Log Encryption: #define DESKEY ((des_key*)"F2654hD4") DesCBCEncrypt((des_c_block*)tmp, (des_c_block*) record.m_Data, totalSize, DESKEY, NULL, DES_ENCRYPT);

16 Vulnerablilites Code Comments /* *Parse the file until the EOF Token. If we get too many errors *at this level, we abort. */ /* A simple token is anything that starts with a character that *cannot be part of an identifier. Here we do a brute force *search of every sub-string starting with this character up *to 9 characters in length. * XXX Why the magic 9??? */

17 Vulnerablilites Code Comments /*XXX Okay, I don't like this one bit. Its really tough to tell where m_AudioPlayer should live. CBallotWnd is not bad, since that is where it is used most, and CBallotWnd is always around when you need to play audio. Its also the only window that is (currently) interested in OnAudioFinished messages. *Except* it seems, the CLanuageSelDlg. The solution chosen is to construct the CBallotWnd early and fire up VIBS with InitAudio(). Its probably fair to ask why CInstructionDlg is a child of CBallotDlg but not CLanguageSelDlg. CBallotDlg might be a better place for m_AudioPlayer. A reorganization might be in order here. */ { /* XXX ERROR ERROR ERROR */

18 Web Resources http://www.countthevote.org/temptsx/cvs.tar http://www.blackboxvoting.org http://www.eff.org/Activism/E-voting/ http://www.wired.com/news/evote

Download ppt "Voting Machine Technology Tom Trumpbour Computer Software Consultant United States."

Similar presentations

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
Electronic Voting Systems

Electronic Voting Systems
PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.

PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
1099 Pro, Inc. – Software for 2004 1099 Pro Enterprise Edition Features.

1099 Pro, Inc. – Software for Pro Enterprise Edition Features.
The Citizen in Government Electing Leaders ~~~~~ The Right to Vote

The Citizen in Government Electing Leaders ~~~~~ The Right to Vote
Registration Must register at least 25 days before the election You can register by mail, or at post offices, DMVs, libraries, and schools Must submit.

Registration Must register at least 25 days before the election You can register by mail, or at post offices, DMVs, libraries, and schools Must submit.
Analysis of an Electronic Voting System

Analysis of an Electronic Voting System
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.

Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Chapter 9 A Installing Linux. Synopsis What is needed. How to access the BIOS and boot a CD/DVD. How to repartition the hard drive. The Linux installation.

Chapter 9 A Installing Linux. Synopsis What is needed. How to access the BIOS and boot a CD/DVD. How to repartition the hard drive. The Linux installation.
Electronic Voting Network Security 1 Edward Bigos George Duval D. Seth Hunter Katie Schroth.

Electronic Voting Network Security 1 Edward Bigos George Duval D. Seth Hunter Katie Schroth.
Voting Machines Failing the World *Voting machines around the world are failing in Colorado as well as 34 other states. *This could be crucial in the upcoming.

Voting Machines Failing the World *Voting machines around the world are failing in Colorado as well as 34 other states. *This could be crucial in the upcoming.
Presentation by Christine McElroy

Presentation by Christine McElroy
Electronic Voting Linh Nguyen. Electronic Voting  Voting Technologies  The Florida 2000 Election  Direct Recording Electronic Devices (DREs)‏ - Diebold.

Electronic Voting Linh Nguyen. Electronic Voting  Voting Technologies  The Florida 2000 Election  Direct Recording Electronic Devices (DREs)‏ - Diebold.
Voting Machines Failing the World The true issue for these electronic voting machines is that the government has not been a full out supporter of this.

Voting Machines Failing the World The true issue for these electronic voting machines is that the government has not been a full out supporter of this.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Backup and Recovery Part 1.

Backup and Recovery Part 1.

Similar presentations

Ads by Google