Embed Size (px)
Citation preview
TheStateofUSVotingSystemSecurityDEFCONVotingMachineHackingVillageJuly2017
JoshuaMFranklinNationalInstituteofStandardsandTechnology
ElectionFraudTypes- 1934
• Alteringballots• Ballotsubstitution• Falsecountsandreturns• Alteringreturns
• Registrationfraud• Repeating• Ballotboxstuffing• Assistancetovoters• Intimidation&violence
[1]Joseph Harris,1934
0 2
Bio
• ITSecurityEngineer,NIST• Enterprisemobility,telecommunications,evoting• 10+yearsintheelectionscommunity• Co-chairtheElectionCybersecurityWorkingGroup•MastersinInformationSecurityfromGeorgeMason
0 3
GettoKnowanAgency
• Federal:• ElectionAssistanceCommission(EAC)• NIST,DHS,andFBI
• State:SecretaryofState’soffice• Local:counties,cities,townships,parishes,hamlets
0 4
TypesofVotingSystems
• Votecapture&tabulation• DREs,central&precinctopticalscan,ballotmarkingdevice• Softwareassociatedwithelectionadministration
• Supportingelectionsystems• Voterregistration,epollbooks,electionnightreporting• Candidatefiling,pollworkertracking,ballottracking…
0 6
AChangingThreatModelOld&Busted
• Physicallyproximateattackers• Accidentalevents• Naturaldisasters• Eventsaffectingpublicconfidenceandtrust
NewHotness• Nationstateattackers• Phishing• Supportingelectionsystems• Everythingintheoldthreatmodel,plusCYBER
0 7
SecurityArchitecture
• Embeddedlegacysystem• Typicallyrunning*nixvariant
• Olderorproprietaryphysicalmedia• WorkingTCP/IPstackiscommon• Wirelessispossible• Requiredtostandthetestoftime(10- 15years)• JurisdictionthatcanpayMAYreceive1- 5updates
0 8
IndependentReviews
PrivilegeManagement– 3%CommonCWEs• CWE-306:MissingAuthenticationforCriticalFunction
• CWE-120:Classicbufferoverflow
• CWE-522:InsufficientlyProtectedCredentials
• CWE-345:InsufficientVerificationofDataAuthenticity
• CWE-311:Missingencryptionofsensitivedata
[10]– [27]
0 9
InnovationsinVotingSecurity
• RiskLimitingAudits[8]• SoftwareIndependence[6]• E2Everifiablecryptographicprotocols[9]• Recognitionofusabilityasasecurityissue
1 0
PaperisnotaPanacea
• Paperballotsprovidetamperdetectionandenableauditability• Papercanbemodified• Sealsandchainofcustodyneedverification• Routineauditsneedtobeperformed• Cyberhygiene
1 1
Testing&Certification
• EACrunsatestingandcertificationprogram•Moststatesdoaswell
• Votingsystemtestlabs(VSTLs)performtesting• Statesarenotrequiredtousecertifiedsystems• TestingvalidatesvotingmachinessubmittedforcertificationmeettheVVSG• Freelyavailabletestreports!www.eac.gov
1 2
CertificationProcess
VendorApplication
Kickoff
TestPlan
Testing
TestReport
CertificationDecision
MonitorFieldPerformance
Illustratesbestcasetestingscenario
1 4
VotingStandards
• VoluntaryVotingSystemGuidelines=VVSG[2]• Scopedtovotecaptureandtabulation• Notmandatedforuse• Littlesecurityfocusininitialdrafts• Largeoverhaulinsecurityrequirementssince2005
1 3
VVSGUpdates
1. 1990VSS2. 2002VSS3. 2005VVSG4. 2007Recommendations5. 2015VVSG6. Principles&Guidelines
underdevelopment
1 5
NewProposedStructure
• Principles• Highlevelsystemdesigngoals
• Guidelines• Broadsystemdesigndetailsforelectionofficials
• Requirements• Technicaldetailsfordesignanddevelopmentbyvendors
• TestAssertions• Technicalspecificationfortestingbylabs
1 6
SecurityPrinciples&Guidelines
• DataProtection• SoftwareIntegrity• PhysicalSecurity
• Auditability• BallotSecrecy• AccessControl• DetectionandMonitoring
[3]NIST&EACVotingTwiki
1 7
apt-getupgrade
• Routinemeaningfulaudits• Responsiblevulnerabilitydisclosure• Augmenthowwemanageelectionsecurity
• Riskassessment,threatmodeling,andcontingencyplanning
• Regular,externalscrutinyofsystemsisessential• Votingsystemsneedsoftwareupdates• Electionofficialsneedactionableguidance
1 8
HelpMakeaDifference
• Registertovote• Beapollworker•Workwithyourelectionofficial– notagainst• Jointhepublicworkinggroups
1 9
References1. ElectionAdministrationintheUnitedStates,1934,byJosephP.Harris
https://www.nist.gov/itl/election-administration-united-states-1934-joseph-p-harris-phd2. EAC,VoluntaryVotingSystemGuidelines,2017.
https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines3. NIST&EACSecurityPrinciples&Guidelines,2017.
http://collaborate.nist.gov/voting/bin/view/Voting/SecurityObjectives4. OfficeoftheDirectorofNationalIntelligence,AssessingRussianActivitiesandIntentionsin
RecentUSelections,ICA2017-01D, 2017.https://www.dni.gov/files/documents/ICA_2017_01.pdf
5. ACM,StatewideDatabasesofRegisteredVoters- StudyOfAccuracy,Privacy,Usability,Security,andReliabilityIssues,2006.http://usacm.acm.org/images/documents/vrd_report2.pdf
6. Rivest,Wack,OntheNotionofSoftware-Independence,2008.https://people.csail.mit.edu/rivest/RivestWack-OnTheNotionOfSoftwareIndependenceInVotingSystems.pdf
7. Jones,Simons,BrokenBallots,2012.http://brokenballots.com
8. Stark,AGentleIntroductiontoRiskLimitingAudits,2012.https://www.stat.berkeley.edu/~stark/Preprints/gentle12.pdf
9. Benaloh etal,End-to-endverifiability,2015.https://arxiv.org/pdf/1504.03778.pdf
2 0
References10. SAIC- RiskAssessmentReportDieboldAccuVote-TSVotingSystemandProcesses,200311. AnalysisofanElectronicVotingSystem,200412. RABA- TrustedAgentReportDieboldAccuVote-TSVotingSystem,200413. SecurityAnalysisoftheDieboldAccuBasic Interpreter,200614. SecurityAnalysisoftheDieboldAccuVote-TSVotingMachine,200615. DieboldTSx Evaluation,200616. ToptoBottomReview(TTBR),200717. EVEREST:EvaluationandValidationofElection-RelatedEquipment,StandardsandTesting,200718. SoftwareReviewandSecurityAnalysisoftheDieboldVotingMachineSoftware,200719. SoftwareReviewandSecurityAnalysisoftheES&SiVotronic 8.0.1.2VotingMachineFirmware,
200720. InsecuritiesandInaccuraciesoftheSequoiaAVCAdvantage9.00HDREVotingMachine,200821. SoftwareReviewandSecurityAnalysisofScytl RemoteVotingSoftware,200822. CanDREsProvideLong-LastingSecurity?TheCaseofReturn-OrientedProgrammingandtheAVC
Advantage,200923. SecurityAnalysisofIndia’sElectronicVotingMachines,201024. ExploitingtheClientVulnerabilitiesinInternetE-votingSystems:HackingHelios2.0asan
Example,201025. MarylandStateBoardofElectionsOnlineVoterServicesPenetrationTestingReport,201226. AttackingtheWashington,D.C.InternetVotingSystem,201227. SecurityAnalysisoftheEstonianInternetVotingSystem,2014
2 1
