Presentation is loading. Please wait.

Presentation is loading. Please wait.

October 22, 2008 CSC 682 Security Analysis of the Diebold AccuVote – TS Voting Machine Feldman, Halderman and Felten Presented by: Ryan Lehan.

Published byRosa Webb Modified over 8 years ago

Similar presentations

Presentation on theme: "October 22, 2008 CSC 682 Security Analysis of the Diebold AccuVote – TS Voting Machine Feldman, Halderman and Felten Presented by: Ryan Lehan."— Presentation transcript:

1 October 22, 2008 CSC 682 Security Analysis of the Diebold AccuVote – TS Voting Machine Feldman, Halderman and Felten Presented by: Ryan Lehan

2 Outline Overview of Diebold AccuVote-TS Voting Machine Overview of Diebold AccuVote-TS Voting Machine Vulnerability Points Vulnerability Points Hardware Hardware Software Software Classification of Attacks Classification of Attacks Delivery of Attacks Delivery of Attacks Conclusion Conclusion

3 Diebold AccuVote-TS Manufactured by Diebold Election Systems Manufactured by Diebold Election Systems Subsidiary of Diebold Subsidiary of Diebold Manufacturer of ATM Manufacturer of ATM Now Premier Election Systems Now Premier Election Systems DRE – Direct Recording Electronic Voting Machine DRE – Direct Recording Electronic Voting Machine Voters use machine to record and cast vote Voters use machine to record and cast vote Machine is used to tally the votes Machine is used to tally the votes Custom Software (Ballot Station) ran on top of Windows CE Custom Software (Ballot Station) ran on top of Windows CE

4 Vulnerability Points - Hardware – Please turn to page 6 Commonly used lightweight lock to secure access. Commonly used lightweight lock to secure access. EPROM (E) – Replace EPROM w/ malware EPROM (E) – Replace EPROM w/ malware PC Card Slot (S) – Used to replace existing software as well as load in malware PC Card Slot (S) – Used to replace existing software as well as load in malware Flash Ext Slot (G) – Used to load in malware Flash Ext Slot (G) – Used to load in malware Keyboard (R) & Mouse (U) Ports – Used to alter OS configuration Keyboard (R) & Mouse (U) Ports – Used to alter OS configuration Serial Keypad Connector (O) – Open communication port. Serial Keypad Connector (O) – Open communication port. Infrared Transmitter and Receiver (N) – Open communication port. Infrared Transmitter and Receiver (N) – Open communication port.

5 Vulnerability Points - Software - Boot Process Boot Process Software Updates Software Updates Scripting Scripting Authenticity / Authorization Authenticity / Authorization

6 Boot Process Bootloader is loaded into memory Bootloader is loaded into memory Location is determined by jumpers on the mainboard Location is determined by jumpers on the mainboard EPROM (E) EPROM (E) Onboard flash memory (C) Onboard flash memory (C) Flash memory module in the “ext flash” slot Flash memory module in the “ext flash” slot Looks at PC Card Slot for a memory card Looks at PC Card Slot for a memory card Looks for specially named files Looks for specially named files fboot.nb0 – Replacement bootloader, copied into onboard flash fboot.nb0 – Replacement bootloader, copied into onboard flash nk.bin – Replacement operating system image file nk.bin – Replacement operating system image file EraseFFX.bsq – Erases file system area of the flash EraseFFX.bsq – Erases file system area of the flash

7 Boot Process - 2 - OS (Windows CE) is decompressed, loaded into memory and then started. OS (Windows CE) is decompressed, loaded into memory and then started. OS uses a customized ‘taskman.exe’ OS uses a customized ‘taskman.exe’ Automatically launch ‘BallotStation.exe’ Automatically launch ‘BallotStation.exe’ However, if memory card in PC Card slot is present However, if memory card in PC Card slot is present Contains a file called ‘explorer.glb’, then it will launch Windows Explorer instead of ‘BallotStation.exe’ Contains a file called ‘explorer.glb’, then it will launch Windows Explorer instead of ‘BallotStation.exe’ Searches for script files ending with ‘.ins’ and runs them (with user confirmation) Searches for script files ending with ‘.ins’ and runs them (with user confirmation)

8 Software Updates Takes place in the boot loading process Takes place in the boot loading process Looks for specially named files on memory card Looks for specially named files on memory card Overwrites existing files in the onboard flash memory Overwrites existing files in the onboard flash memory No confirmation is needed No confirmation is needed Messages are printed on screen only Messages are printed on screen only

9 Scripts Scripts are loaded via a memory card in the PC Card slot Scripts are loaded via a memory card in the PC Card slot Execution of each script requires user confirmation Execution of each script requires user confirmation Found multiple stack-based buffer overflows in handling of the script files Found multiple stack-based buffer overflows in handling of the script files Suggesting malformed.ins files could by-pass user confirmation. Suggesting malformed.ins files could by-pass user confirmation.

10 Authenticity / Authorization At no time, during the boot loading or script execution, was there a check to validate the authenticity of any of the files on the memory card. At no time, during the boot loading or script execution, was there a check to validate the authenticity of any of the files on the memory card. At no time was a user, supervisor, or admin asked to login into the machine. At no time was a user, supervisor, or admin asked to login into the machine. Without authentication, authorization to perform updates and script execution is non-existent Without authentication, authorization to perform updates and script execution is non-existent

11 Classification of Attacks Vote Stealing Vote Stealing Alter votes in favor of a politician, party, or issue. Alter votes in favor of a politician, party, or issue. Does not alter the count of votes (discredits ballot stuffing). Does not alter the count of votes (discredits ballot stuffing). Denial of Service (DoS) Denial of Service (DoS) Prevents access to machine Prevents access to machine To vote by the individual. To vote by the individual. To access the voting results. To access the voting results. Purposeful Election Fraud Purposeful Election Fraud Make it look like the “other guy” did it, by forcing a 100% vote in favor of the “other guy”. Make it look like the “other guy” did it, by forcing a 100% vote in favor of the “other guy”. Creates distrust in the “other guy”. Creates distrust in the “other guy”.

12 Delivery of Attack EPROM EPROM Attack code is created and placed on an EPROM chip Attack code is created and placed on an EPROM chip Attacker gains access into the voting machine and physically replaces the EPROM chip Attacker gains access into the voting machine and physically replaces the EPROM chip Attacker changes the jumper settings so that the boot loader is loaded from the EPROM chip Attacker changes the jumper settings so that the boot loader is loaded from the EPROM chip

13 Delivery of Attack - 2 - Memory Card via PC Card Slot Memory Card via PC Card Slot Initial Delivery Initial Delivery Attack code is placed on to the memory card, including a self replicating virus Attack code is placed on to the memory card, including a self replicating virus Memory Card is inserted into PC card slot prior to booting voting machine Memory Card is inserted into PC card slot prior to booting voting machine A malware boot loader is installed via specially named file: fboot.nb0 A malware boot loader is installed via specially named file: fboot.nb0 The malware boot loader loads the OS in normal fashion as well as loads the attack code The malware boot loader loads the OS in normal fashion as well as loads the attack code

14 Delivery of Attack - 3 - Memory Card via PC Card Slot (cont.) Memory Card via PC Card Slot (cont.) Subsequent Delivery Subsequent Delivery When a non-infected memory card is inserted an infected machine, the attack code will copy itself from memory onto the memory card, thus infecting the memory card When a non-infected memory card is inserted an infected machine, the attack code will copy itself from memory onto the memory card, thus infecting the memory card When the infected memory card is removed and placed into a non-infected voting machine, the virus is copied onto the machine, infecting it as well. When the infected memory card is removed and placed into a non-infected voting machine, the virus is copied onto the machine, infecting it as well.

15 Conclusions Diebold AccuVote – TS electronic voting machine is a single self-contained unit. Diebold AccuVote – TS electronic voting machine is a single self-contained unit. Weak Security Weak Security Single point of failure Single point of failure Has no real time outside redundancies for recording votes and logs Has no real time outside redundancies for recording votes and logs Has multiple vulnerability points in both hardware and software Has multiple vulnerability points in both hardware and software Single self-contained unit eliminates the need for a distributed attack against multiple machines simultaneously Single self-contained unit eliminates the need for a distributed attack against multiple machines simultaneously No way to determine if an attack has taken place No way to determine if an attack has taken place Runs on general-purpose hardware and OS Runs on general-purpose hardware and OS Even though it was not mentioned, probably runs under Administrator privileges Even though it was not mentioned, probably runs under Administrator privileges Chain of Possession leaves the voting machine in an unsecure state. No fault of the machine. Chain of Possession leaves the voting machine in an unsecure state. No fault of the machine.

Download ppt "October 22, 2008 CSC 682 Security Analysis of the Diebold AccuVote – TS Voting Machine Feldman, Halderman and Felten Presented by: Ryan Lehan."

Similar presentations

Electronic Voting Systems

Electronic Voting Systems
Systems Software System Software Enables the applications software to interact with the computer and Helps the computer manage its internal and external.

Systems Software System Software Enables the applications software to interact with the computer and Helps the computer manage its internal and external.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
/// MELSEC Safety /// QS001CPU /// QS0J61BT12 /// QS0J65BTB2-12DT /// MELSEC Safety /// Mitsubishi Electric - MELSEC Safety - Training Documentation -

/// MELSEC Safety /// QS001CPU /// QS0J61BT12 /// QS0J65BTB2-12DT /// MELSEC Safety /// Mitsubishi Electric - MELSEC Safety - Training Documentation -
4/25/2015 6:17 PM Lecture 2: Voting Machine Study Access Control James Hook CS 591: Introduction to Computer Security.

4/25/2015 6:17 PM Lecture 2: Voting Machine Study Access Control James Hook CS 591: Introduction to Computer Security.
Electronic Voting: Danger and Opportunity J. Alex Halderman Department of Computer Science Center for Information Technology Policy Princeton University.

Electronic Voting: Danger and Opportunity J. Alex Halderman Department of Computer Science Center for Information Technology Policy Princeton University.
IP Office Install in Basic Mode Initial Steps. ©2009. All rights reserved. Overview of Process 1. Read all documents sent from Avatel concerning install.

IP Office Install in Basic Mode Initial Steps. ©2009. All rights reserved. Overview of Process 1. Read all documents sent from Avatel concerning install.
Analysis of an Electronic Voting System

Analysis of an Electronic Voting System
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.

Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Attacks to Databases October 2014.

Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Attacks to Databases October 2014.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.

1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
ECAM ANNUAL MEETING January 25 - 27, 2012 Updates to SEMS And Election Prep Presented by Madalan Lennep, PMP.

ECAM ANNUAL MEETING January , 2012 Updates to SEMS And Election Prep Presented by Madalan Lennep, PMP.
Iron Key and Portable Drive Security Zakary Littlefield.

Iron Key and Portable Drive Security Zakary Littlefield.
Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.

Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.
6/26/2015 6:12 PM Lecture 5: Integrity Models James Hook (Some materials from Bishop, copyright 2004) CS 591: Introduction to Computer Security.

6/26/2015 6:12 PM Lecture 5: Integrity Models James Hook (Some materials from Bishop, copyright 2004) CS 591: Introduction to Computer Security.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
WANs and Routers Routers. Router Description Specialized computer Like a general purpose PC, a router has:  CPU  Memory  System Bus Connecting Internal.

WANs and Routers Routers. Router Description Specialized computer Like a general purpose PC, a router has:  CPU  Memory  System Bus Connecting Internal.

Similar presentations

Ads by Google