Security in Digital Voting system

Security in Digital Voting systemData and Network Security Report Madlena Pavlova 1

Why I choose Security in Digital Voting system as topic of the coursework?

Rights to vote is consider to be the major victory of the democratic society.

Voting is an essential feature of the democracy.

Count our votes completely depends on the computer system, which provide an opportunity of fraud.

Despite the fact that we are living in years of cutting edge technologies, when it comes to Security in Voting system, there is still much to be desired .

The goal of the coursework is to provide sound understanding of how computer security is critical to the election process in broadly applicable sense and what we need to do to keep the election secure.

2

Brief overview of Security Mindset Security of term of adversarial problem is the core of mindset. In fact we analyzed computer security study of how the system behaves in a presence of adversary.

How to thinks as Attacker Looking for weakest links in the system.Identifying the assumptions that security system depends on. Thinking outside the box not constrained by system designers worldview.

3

Brief overview of Security Mindset( Continue) Thinking as a Defender

Defending system requires cultivating view as:

Technical aspects

Security policy (civil aspects of the system) we try to enforce.What we are going to protect and what are the assets we trying to insure and prevent?What property we trying to enforce? Treat models

Who are the attackers? Capability? Motivations? What kind of attack we are trying to prevent?

Risk assessment

What is the weakness of the system?What will successfully attacks cost us?How likely?

4

Security Requirements Adapting security Mindset is a pre- setup requirement before even start thinking of any secure system.

Integrity the outcome of the election matches the actual voting. Voting intent the vote is cast in the exact way as it was made.Votes are counted as cast.

There are room of errors in both cases (technical and less technical requirements).Well design election system has to comply with:

secrecyauthenticationsenfranchisement and availability tension in the systemcost effectivenessaccessibility Intelligibility (usability)

5

Voting security procedure -Validating of data authenticationMatching state database with federal database can be difficult due to its format.

Most states prohibit people, convicted of serious crimes in further elections. This creates potential issues as many people with same name can enter the prohibited list and wouldnt know until they arrived on the Election Day.

6

Voting security procedure-Tension between security and privacy Collected information as name, address, signature, date of birth, telephone number, gender and ID number stored in this massive database raised up the question of who can access this data.

Other problem is that those fields are publicly available and can usually be obtained and purchased from the state website.

In many states the voter registration list is also used to select people for jury duty which creates a trade-off because people who try to avoid jury duty will also avoid voter registration.

7

Tension between security and privacy-Commercial reuse of the data Another issue is that voting database is available to parties and they can used it for campaign purposes as one example is Obamas campaign: Is Your Neighbor a Democrat? by encouraging volunteers to go out and campaign to registered Democrats.Commercial reuse of the data is another privacy issues as companies can combine the voters personal information for their business & marketing purpose for example: home mortgage, credit card debt etc.

8

Who can modify and change the data- Washington D.C.Case study

9In order to log into the Washington D.C. online registration system, we need the name and date of birth of the voter.

Who can modify and change the data- Washington D.C. Case study

10Date of birth is one of those fields collected during the voter registration process and publicly available. By simple searching we can easily discover voter registration record with voter's date of birth and other relevant information. Having this in hand we can easily log on and accessed to voter registration home page .

Who can modify and change the data- Washington D.C.Case study As the attacker's target is to misdirect the ballot, he will try to update the voters address and will be asked for Driving License number which also is not a piece of secret information and can be easily retrieved .

11

Who can modify and change the data- Washington D.C.Case studyThis kind of attack is pretty scary especially in state where voters participated in the election process entirely by mail as we can imagine consequences of wide scale attack where someone tried to automate this process and change the voters registration information automatically through large numbers of people right before the deadline for mailing out those ballots.

Solution : One way that the state could protect against that would be to mail out confirmation before changing your address for example sending a card to the old and the new address saying that the address has being modified in the database. Washington State has not implemented a protection like this but it seems like a key part of the validation process in order to maintain the integrity of the registration system.

12

Security and privacy advancement and glitches -Trustworthy technology 13

Inside the voting black box

For many years, Diebold - the makers of the AccuVote TS was extremely secretive about allowing anyone to do an independent security evaluation of their machines or the software running in them. Diebold even threaten election officials who proposed to have their independent security evaluation done.

14

Diebold case study All of that started to change in 2003, when a voting activist named Bev Harris was Google in for documents about the Diebold machines and came across with a file posted to a Diebold Internet server. This file happened to be a copy of the complete source code to the Diebold voting machine.

15

Diebold case study 16

Its turned out that they applied encryption incorrectly in a variety of ways because of design errors. The most interesting of these errors, the simplest one, was that all of the voting machines used exactly the same encryption key a terrible security practice ,because the criminal can take that information and apply it to break the encryption on all of the other Diebold voting machines in use nationwide. That key is happened to be the string F2654hD4. That was the secret that was protecting the integrity on all of these machines and once the code leaked to the Diebold website anyone could decrypt any of the data files from any of the machines.

Diebold case study The next problem was a ballot secrecy problem. It had to do with the way ballots were stored on the memory card. The machine made a record of every time someone cast a vote; the votes were stored in a file on the memory card. In the Diebold memory card the votes were stored in order. If someone was just observing at the polling place, watching the order in which people went into the machine and cast their votes and they had access to the memory card at the end, they could determine exactly how every one of those voters voted which is a major weakness in ballot secrecy.

17

Diebold case study 18

Finally, the researchers looked at the software development practice. The easiest way to illustrate what it is mean by that is to have a look at the some of the comments that were found in the code comments and notes programmers leaved inside the software source code .

Diebold case study All of these problems painted a pretty grim picture of what's going on inside the Diebold DREs, but the company's reaction paints an even grimmer one. First- denied the problems. Secondary - claimed that the software that was studied was not something used in actual machines. Third- personally attacked the researchers involved.19

Diebold case study20

Every group that's had a look at the system has found even more severe problems with security and reliability. Here is an example of one of those problems.

Recommendations Many researchers opinion is that in order to have voting security community, we have to add paper as a form of defense. Paper can offer very important security advantages, especially when it's coupled with electronic system and makes sense as computers are not always available, reliable and correct, therefore any form of physical backup of the votes records can be useful disaster recovery strategy.21