Security Failures in Electronic Voting Machines - PowerPoint PPT Presentation

1 / 52
About This Presentation
Title:

Security Failures in Electronic Voting Machines

Description:

Software is 2002 version, but certified and used in actual elections ... Voters, candidates, election officials, policy makers, researchers. 13 J. Alex Halderman ... – PowerPoint PPT presentation

Number of Views:141
Avg rating:3.0/5.0
Slides: 53
Provided by: cseU9
Category:

less

Transcript and Presenter's Notes

Title: Security Failures in Electronic Voting Machines


1
Security Failures in Electronic Voting Machines
  • Ariel Feldman Alex Halderman Edward Felten
  • Center for Information Technology Policy
  • Department of Computer Science
  • Princeton University

2
http//itpolicy.princeton.edu
3
(No Transcript)
4
(No Transcript)
5
2000 Recount Debacle Legislative
response Help America Vote Act Provided 3.9
billion to statesto upgrade voting machines by
November 2006
6
DREs to the Rescue?
  • Direct Recording Electronic Store votes in
    internal memory

7
DREs are Computers
Rootkits
Viruses
Attacks
Bugs
8
(No Transcript)
9
(No Transcript)
10
Diebolds History of Secrecy
  • Uses NDAs to prevent states from allowing
    independent security audits
  • Source code leaked in 2003, researchers at Johns
    Hopkins found major flaws
  • Diebold responded with vague legal
    threats,personal attacks, disinformation
    campaign
  • Internal emails leaked in 2003 reveal poor
    security practices by developers
  • Diebold tried to suppress sites with legal threats

11
We Get a Machine(2006)
  • Obtained legally from an anonymous private party
  • Software is 2002 version, but certified and used
    in actual elections
  • First complete, public, independent security
    audit of a DRE

12
Research Goals
  • Conduct independent security audit
  • Confirm findings of previous researchers(Hursti,
    Kohno et al.)
  • Verify threats by implementing attack demos

Who wants to know? Voters, candidates,
election officials, policy makers, researchers
13
SH3 CPU
32 MB SDRAM
128 KB EPROM
16 MB Flash
Removable Flash Memory Card
14
BallotStation
(Internal Flash)
WinCE 3.0 Kernel
(Internal Flash)
Bootloader
(Internal Flash or EPROM)
15
(No Transcript)
16
Our Findings
  • Malicious software running on the machine can
    steal votes undetectably, altering all backups
    and logs
  • Anyone with physical access to the machine or
    memory card can install malicious code in as
    little as one minute
  • Malicious code can spread automatically and
    silently from machine to machine in the form of a
    voting machine virus

17
Vulnerabilities
  • Malicious software running on the machine can
    steal votes undetectably, altering all backups
    and logs
  • Anyone with physical access to the machine or
    memory card can install malicious code in as
    little as one minute
  • Malicious code can spread automatically and
    silently from machine to machine in the form of a
    voting machine virus

18
(Video Demonstration)
19
Correct result George 5, Benedict 0
20
(No Transcript)
21
BallotStation
Stuffer
WinCE 3.0 Kernel
Bootloader
22
Stealing Votes
Primary Vote Record
Backup Vote Record
Audit Log
(President George) (President
Benedict) (President George)
(President Benedict) (President
Benedict) (President George)
Stuffer
23
(No Transcript)
24
Vulnerabilities
  • Malicious software running on the machine can
    steal votes undetectably, altering all backups
    and logs
  • Anyone with physical access to the machine or
    memory card can install malicious code in as
    little as one minute
  • Malicious code can spread automatically and
    silently from machine to machine in the form of a
    voting machine virus

25
(No Transcript)
26
EXPLORER.GLB
27
BallotStation
WinCE 3.0 Kernel
EBOOT.NB0
Bootloader
28
BallotStation
WinCE 3.0 Kernel
EBOOT.NB0
Bootloader
29
128 KB EPROM
EBOOT.NB0
Jumper Table
30
Weakness in Depth
  • Manually install using Explorer
  • Replace boot firmware
  • Replace boot EPROM

31
(No Transcript)
32
The Key
33
(No Transcript)
34
Weakness in Depth
  • Key Commonly Available
  • Lock Easy-to-Pick
  • Key Pictured on Web Site

35
Tamper-Evident Seals?
36
Vulnerabilities
  • Malicious software running on the machine can
    steal votes undetectably, altering all backups
    and logs
  • Anyone with physical access to the machine or
    memory card can install malicious code in as
    little as one minute
  • Malicious code can spread automatically and
    silently from machine to machine in the form of a
    voting machine virus

37
The Viral Lifecycle Infection
ÿ
EBOOT.NB0
VIRUS.EXE
EBOOT.NB0
VIRUS.EXE
38
The Viral Lifecycle Propagation
EBOOT.NB0
VIRUS.EXE
  • What if the viral firmware sees EBOOT.NB0?
  • Hidden ? Ignore it
  • Non-hidden ? Fake a firmware update

39
Voting Machine Virus
40
Viral Spread
41
Are all DREs this bad?
42
(No Transcript)
43
(No Transcript)
44
Memory Organization
  • Diebold AccuVote

Sequoia AVC
Firmware
Firmware Ballots Votes
EPROM (RO)
Flash Memory (RW)
Ballots Votes
NV-RAM (RW)
45
We can do better!
46
Why Vote Electronically?
  • Voters prefer it
  • Faster reporting
  • Fewer undervotes
  • Improved accessibility
  • Potentially increased security

47
Low-Tech vs. High-Tech
  • Paper Ballots
  • Low-cost cheating(ballot stuffing)
  • Small scale tampering(individual precincts)
  • Electronic Voting
  • High-cost cheating(viral attacks)
  • Large scale tampering(counties or states)

Leverage these complementary failure modes for
greater security.
48
Paper to the Rescue
  • Voter-Verified Paper Audit Trails (VVPAT)
  • DRE prints a paper ballot, voter verifies and
    places in a ballot box
  • At a few random precincts, paper ballots counted
    to ensure machines totals are accurate
  • If discrepancies found, paper ballots can be
    counted more widely

49
Software Independence
A voting system is software-independent if an
undetected change or error in its software cannot
cause an undetectable change or error in an
election outcome.
Ron Rivest and John Wack
  • DREs VVPATs
  • Electronic Ballot Marking systems
  • Optical Scan systems
  • Cryptographic schemes

50
Proposed Legislation
  • H.R. 811 Voter Confidence and IncreasedAccessibi
    lity Act (Rush Holt, D-NJ)
  • Amends HAVA to require VVPATs
  • Paper ballots would be the official record
  • Random manual recounts in 3 of precincts
  • Opens voting software and source code to public
    inspection
  • Additional 300 million for states

51
Future Work
  • Retrofits for existing systems
  • Improved procedural safeguards
  • Policies for recovering from failures
  • Hardware-assisted security
  • Cryptographically assured voting
  • Techniques for ballot secrecy

52
http//itpolicy.princeton.edu/voting
Write a Comment
User Comments (0)
About PowerShow.com