Electronic Voting System Security

CREATED BYHETAL PATEL

PATRICIA PASQUELCMPT 495 Computer & Data

Security

Project Outline Definition History Purpose of the system How the system works Vulnerabilities Kinds of attacks and attackers Goals of defense Conclusion

What is electronic voting system? An electronic voting system is a voting system in which

election data is recorded, stored and processed as digital information.

History Results of Florida 2000 presidential elections were

difficult to recount.

Florida 2000, difficult to recount

Electronic voting, impossible to recount

Major Events since Jan 2003 Jan, 2003. “Resolution on Electronic Voting” finalized and

signed by 3 people. Jan 2003. Santa Clara County (CA) Recommends Buying

DREs. Computer Scientists Speak Out. Feb 2003. CA Ad Hoc Task Force on Touch-Screen Voting

Convened. ? Feb/Mar 2003. Rush Holt Introduces HR 2239 -- “Voter

Confidence and Increased Accessibility Act” Requiring a Voter Verifiable Paper Trail.

May 2003. Task Force Recommends “Voter Verifiable Audit Trail” by 2010.

Major Events since Jan 2003 June, 2003. CA Secretary of State Kevin Shelley receives

6,000 letters -- 4,000 in favor of a voter verifiable paper trail.

July, 2003: Johns Hopkins/Rice Report finds serious security problems with Diebold software

Nov 2003: CA SoS Shelley announces paper trail requirement for California (2005/2006)

Jan 2004: SERVE program cancelled. Mar 2004: Various machine failures in primaries

Purpose of the System Develop an easy to use client side programa. That will help all voters cast their vote b. Maintain a high level of security to avoid voter fraud.c. Allow of checking affirming the votes that are being made. Develop a servera. That allows for quick reports/updates pre and post elections

utilizing database.b. Handles large scale voting requests using queuing methods.c. Maintain high level of security to avoid voter fraud. Develop a dynamic voter registration system to allow for the

enfranchisement of more individuals.

How the system works The voter must have a smart card or memory

card. Smart carda. Voting terminals are offline during elections.b. Voter get “voter card” after authenticationc. Insert cardd. Vote e. Machine cancels smart card and poll workers

reprogram it for the next user.

Smart Card Protocol

Terminal My password is (8 byte)

“Okay”

Are You Valid? “Yea”

Cancel Yourself Please “Okay”

Card

Voting Systems design criteria* Authentication: Only authorized voters should be able to

vote. Uniqueness: No voter should be able to vote more than

once. Accuracy: Voting systems should record the votes

correctly. Integrity: Votes should not be able to be modified without

detection. Verifiability: Should be possible to verify that votes are

correctly counted for in the final tally.

Voting Systems design criteria* Audibility: There should be reliable and demonstrably authentic

election records. Reliability: Systems should work robustly, even in the face of

numerous failures. Secrecy: No one should be able to determine how any individual

voted. Non-coercibility: Voters should not be able to prove how they

voted. Flexibility: Equipment should allow for a variety of ballot

question formats. Convenience: Voters should be able to cast votes with minimal

equipment and skills.

Voting Systems design criteria* Certifiability: Systems should be testable against essential

criteria. Transparency: Voters should be able to possess a general

understanding of the whole process. Cost-effectiveness: Systems should be affordable and

efficient. * Internet Policy Institute, Report of the National

Workshop on Internet Voting: Issues and Research Agenda, USA, March 2001.

Vulnerabilities

Is divided into two categories.a. Technical b. Social

Technical Vulnerabilitiesa. Computer Code b. Cryptography use of the systemc. The way the code is designedd. Connection to the other computerse. Most well known attack targets are computers with direct

internet connections that hackers can exploit.f. Auditing Transparencyg. Voter cannot know if the machine recorded his vote

correctly.h. Observer cannot check to see if all ballots casts are Voting

Systems design criteria counted correctly.

Social Vulnerabilities

Policy a. Goals and requirements for a system and how it

is implemented. Proceduresa. How access controls are developed Personnela. Inadequately skilled and trainedb. Insider attacks

Vulnerable Stages

VulnerabilityStage

XBackup copy

XXCounting results

XXSeparation of ballot papers for counting (where multiple ballots are cast on the same day)

XXLoading of votes from modules

XTransport of modules

XStorage of machines between polls

XXDevelopment of hardware/software

ErrorMalice

Who are potential attackers?

Hackers Candidates Foreign governments Criminal organizations

A Generic Attack Programmer,system administrator, or janitor

adds hidden vote-changing code. Code can be concealed from inspections in

hundreds of ways. Code can be triggered only during real election. Using “cues”- date, voter behavior Explicitly by voter, poll worker, or wireless

network. Change small % of votes in plausible ways.

Kinds of attacks Vote tampering ( changes the votes by adding, dropping or

switching votes ) Disrupt voting (Malware can be used to cause voting

machine to malfunction frequently) Electronic interception Theft Modification of information during transportation or

transmission. Misuse of authority to tamper with or collect information on

software or election data.

Goals of Defense

Three goals of defense Protection Detection Reaction

Protection

a. Makes a target difficult or unattractive to attack.b. Physical securityc. Use of encryption and authentication

technologies ( prevents attackers from viewing, altering or substituting election data when it is transferred).

d. Procedural mechanisms ( include access controls, certification procedures, pre-election equipment testing).

Detection

a. Identifying that an attack is being or was attempted.

b. Auditing the “black box” systemc. Cryptographic protocols ( detects attempts at

tampering).

Reaction

a. Responding to a detected attack in a timely and decisive manner so as to prevent it’s success or mitigate it’s effects.

b. If something suspicious occurs during voting or tallying , process can be stopped and situation investigated.

Secure Electronic voting : instead of conclusions

Election equipment should be proved reliable and secure before it is deployed.

Security experts and skillful judges needed Need for further experimentation Transparency in the voting process fosters voter confidence. Software used should be open to public inspections. Measures of procedural security that are in a place but are

inadequate to cover all aspects of the electoral process. Solution to authentication lies within technologies of public

key cryptography.

End of the Show

Thank You All !