Theory and Practice of Cryptography talk by Ben Adida
Wednesday, February 13th, 2008I just watched a very good talk on voting cryptosystems and the cryptographic principals and primitives behind them. I found the link here.
Archive for the ‘research’ Category
Important voting studies
Tuesday, February 12th, 2008Here’s a quick survey of some of the recent studies of voting system security.
California Secretary of State’s Top to Bottom Review
This study took place from March to August of 2007, and consisted of three efforts in parallel - documentation review, source code review, and red-team testing. It covered machines from four major vendors, Diebold Elections Systems (now Premier Elections Systems), Hart InterCivic, Sequoia Voting Systems, and Elections Systems and Software (ES&S).
Bruce Schneier summarized the results thus:
The state of California conducted a security review of their electronic voting machines earlier this year. This was a serious review, with real security researchers getting access to the source code. The report was issued last week, and the researchers were able to compromise all three machines — by Diebold Election Systems, Hart Intercivic, and Sequoia Voting Systems — multiple ways. (They said they could probably find more ways, if they had more time.)
Brennan Center Report
In 2005 the Brennan Center for Justice published a report with input from numerous voting system and security experts. They surveyed DRE, DRE+VVPAT and OpScan systems, and found problems common to all types and produced recommendations for how to mitigate those problems. The most serious common problem is that all systems are subject to code substitution attacks in which a device’s firmware is replaced with a malicious firmware image that can manipulate the stored vote according to the attacker’s wishes.
The recommendations were aimed at elections administrators, providing guidance on how jurisdictions could attempt to mitigate vulnerabilities procedurally, rather than offering technical recommendations.
GAO Report
The Government Accountability Office produced a report on electronic voting in 2005. Top concerns in their document include the lack of protection of audit records from tampering, the ability to modify the electronic ballot definition so that the voter is presented with an incorrect ballot, and vendors distributing uncertified software images.
UPDATE Thanks for Rick for jogging my memory.
An Analysis of an Electronic Voting System
This paper was published in 2003 highlighting numerous attack vectors against the Diebold Accuvote-TS. It was criticized by the vendor for not taking into account procedural controls to mitigate problems. The back and forth on this topic can be found at Avi Rubin’s site.
SAIC Report
After the above was published, the State of Maryland commissioned a report from SAIC on the Diebold Accuvote-TS. It supported many of the findings in the above paper, and had a long list of recommended changes to be applied to the Accuvote-TS. If anyone is aware of an official response from Diebold please post a link in the comments.
Questions for Vendors
While tracking down the links above, I stumbled across Dr. Rubin’s list of questions to ask your voting machine vendor.