[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Sign-in] [Mail] [Setup] [Help]
Status: Not Logged In; Sign In
(s)Elections See other (s)Elections Articles Title: Evaluating the Security of Electronic Voting Systems Are your votes really counted? Electronic voting systems have been introduced to improve the voting process. Since their inception, they have been controversial, because both the technologists and the general public realized that they were losing direct control over an important part of the voting process: counting the votes. A quote attributed to Stalin says: "Those who cast the votes decide nothing. Those who count the votes decide everything." It is clear that voting systems represent a critical component of a democracy. Although the consequences of a malfunctioning electronic voting system are not as readily apparent as those for air traffic control or nuclear power plant control systems, they are just as important, because the well-being of a society depends on them. While most critical systems are continuously scrutinized and evaluated for safety and correctness, electronic voting systems are not subject to the same level of scrutiny. A number of recent studies have shown that most (if not all) of the electronic voting systems being used today are fatally flawed, and that their quality does not match the importance of the task that they are supposed to carry out. In the Summer of 2007, the Security Group of UCSB participated in the Top-To-Bottom Review (TTBR) of the electronic voting systems used in California. This was a first-of-its-kind review, where the evaluators had unprecedented access to the systems' source code, hardware, and associated documentation. Our team focused on the security analysis of the Sequoia voting system. Our public report can be found here (a local copy can be found here). We found a number of major flaws that can be exploited to compromise the integrity, confidentiality, and availability of the voting process. In particular, we developed a virus-like software that can spread across the voting system, modifying the firmware of the voting machines. The modified firmware is able to steal votes even in the presence of a Voter-Verified Paper Audit Trail (VVPAT). We wrote a paper that describes our methodology and our findings: We also prepared a movie that shows how the virus-like attack would be carried out, and exemplifies the different scenarios that our malicious firmware would exploit. The video shows how one can use a simple USB key to infect the laptop used to prepare the cards that initialize the various voting devices. As a result, the cards are loaded with a malicious software component. When a card is inserted in a voting terminal, the malicious software exploits a vulnerability in the terminal loading procedure and installs a modified firmware, effectively "brainwashing" the terminal. Later, when the terminal is used by the voters to cast their votes, the firmware uses a number of different techniques to modify the contents of the ballots being cast. The movie also shows that the physical security measures being used to limit access to essential parts of the voting systems are ineffective. The movie cannot be downloaded from this page anymore, because after we were featured on Slashdot the Department web server maxed out. However somebody uploaded the video on YouTube. Post Comment Private Reply Ignore Thread Top Page Up Full Thread Page Down Bottom/Latest Begin Trace Mode for Comment # 2.
#1. To: Split, Original_Intent, critter, lodwick, rotara (#0)
Duh! The electronic voting machines in the 2000 election had a higher error rate than the punch cards did and were also involved in the close but non confrontation race in New Mexico yet there was still this call to use them to replace the chads. Why? They don't need viruses to scew the vote. Many of the memory cards are replace mid vote. Again, why? It is quite obvious that our elections are rigged.
The electoral system is rigged from beginning to end; heads they win, tails you lose. When all else fails they'll fudge the vote tallies.
There are no replies to Comment # 2. End Trace Mode for Comment # 2.
Top Page Up Full Thread Page Down Bottom/Latest |
||
[Home]
[Headlines]
[Latest Articles]
[Latest Comments]
[Post]
[Sign-in]
[Mail]
[Setup]
[Help]
|