electronic voting system security
DESCRIPTION
Electronic Voting System Security. CREATED BY HETAL PATEL PATRICIA PASQUEL CMPT 495 Computer & Data Security. Project Outline. Definition History Purpose of the system How the system works Vulnerabilities Kinds of attacks and attackers Goals of defense Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
Electronic Voting System Security
CREATED BYHETAL PATEL
PATRICIA PASQUELCMPT 495 Computer & Data
Security
Project Outline
Definition History Purpose of the system How the system works Vulnerabilities Kinds of attacks and attackers Goals of defense Conclusion
What is electronic voting system?
An electronic voting system is a voting system in which election data is recorded, stored and processed as digital information.
History
Results of Florida 2000 presidential elections were difficult to recount.
Florida 2000, difficult to recount
Electronic voting, impossible to recount
Major Events since Jan 2003
Jan, 2003. “Resolution on Electronic Voting” finalized and signed by 3 people.
Jan 2003. Santa Clara County (CA) Recommends Buying DREs. Computer Scientists Speak Out.
Feb 2003. CA Ad Hoc Task Force on Touch-Screen Voting Convened.
? Feb/Mar 2003. Rush Holt Introduces HR 2239 -- “Voter Confidence and Increased Accessibility Act” Requiring a Voter Verifiable Paper Trail.
May 2003. Task Force Recommends “Voter Verifiable Audit Trail” by 2010.
Major Events since Jan 2003
June, 2003. CA Secretary of State Kevin Shelley receives 6,000 letters -- 4,000 in favor of a voter verifiable paper trail.
July, 2003: Johns Hopkins/Rice Report finds serious security problems with Diebold software
Nov 2003: CA SoS Shelley announces paper trail requirement for California (2005/2006)
Jan 2004: SERVE program cancelled. Mar 2004: Various machine failures in primaries
Purpose of the System
Develop an easy to use client side programa. That will help all voters cast their vote b. Maintain a high level of security to avoid voter fraud.c. Allow of checking affirming the votes that are being made. Develop a servera. That allows for quick reports/updates pre and post elections
utilizing database.b. Handles large scale voting requests using queuing methods.c. Maintain high level of security to avoid voter fraud. Develop a dynamic voter registration system to allow for
the enfranchisement of more individuals.
How the system works
The voter must have a smart card or memory card.
Smart carda. Voting terminals are offline during elections.b. Voter get “voter card” after authenticationc. Insert cardd. Vote e. Machine cancels smart card and poll workers
reprogram it for the next user.
Smart Card Protocol
Terminal My password is (8 byte)
“Okay”
Are You Valid?
“Yea”
Cancel Yourself Please
“Okay”
Card
Voting Systems design criteria*
Authentication: Only authorized voters should be able to vote.
Uniqueness: No voter should be able to vote more than once.
Accuracy: Voting systems should record the votes correctly.
Integrity: Votes should not be able to be modified without detection.
Verifiability: Should be possible to verify that votes are correctly counted for in the final tally.
Voting Systems design criteria*
Audibility: There should be reliable and demonstrably authentic election records.
Reliability: Systems should work robustly, even in the face of numerous failures.
Secrecy: No one should be able to determine how any individual voted.
Non-coercibility: Voters should not be able to prove how they voted.
Flexibility: Equipment should allow for a variety of ballot question formats.
Convenience: Voters should be able to cast votes with minimal equipment and skills.
Voting Systems design criteria*
Certifiability: Systems should be testable against essential criteria.
Transparency: Voters should be able to possess a general understanding of the whole process.
Cost-effectiveness: Systems should be affordable and efficient.
* Internet Policy Institute, Report of the National Workshop on Internet Voting: Issues and Research Agenda, USA, March 2001.
Vulnerabilities
Is divided into two categories.
a. Technical
b. Social
Technical Vulnerabilities
a. Computer Code b. Cryptography use of the systemc. The way the code is designedd. Connection to the other computerse. Most well known attack targets are computers with
direct internet connections that hackers can exploit.f. Auditing Transparencyg. Voter cannot know if the machine recorded his vote
correctly.h. Observer cannot check to see if all ballots casts are
Voting Systems design criteria counted correctly.
Social Vulnerabilities
Policy
a. Goals and requirements for a system and how it is implemented.
Procedures
a. How access controls are developed Personnel
a. Inadequately skilled and trained
b. Insider attacks
Vulnerable Stages
VulnerabilityStage
XBackup copy
XXCounting results
XXSeparation of ballot papers for counting (where multiple ballots are cast on the same day)
XXLoading of votes from modules
XTransport of modules
XStorage of machines between polls
XXDevelopment of hardware/software
ErrorMalice
Who are potential attackers?
Hackers Candidates Foreign governments Criminal organizations
A Generic Attack
Programmer,system administrator, or janitor adds hidden vote-changing code.
Code can be concealed from inspections in hundreds of ways.
Code can be triggered only during real election. Using “cues”- date, voter behavior Explicitly by voter, poll worker, or wireless
network. Change small % of votes in plausible ways.
Kinds of attacks
Vote tampering ( changes the votes by adding, dropping or switching votes )
Disrupt voting (Malware can be used to cause voting machine to malfunction frequently)
Electronic interception Theft Modification of information during transportation or
transmission. Misuse of authority to tamper with or collect information
on software or election data.
Goals of Defense
Three goals of defense Protection Detection Reaction
Protection
a. Makes a target difficult or unattractive to attack.b. Physical securityc. Use of encryption and authentication
technologies ( prevents attackers from viewing, altering or substituting election data when it is transferred).
d. Procedural mechanisms ( include access controls, certification procedures, pre-election equipment testing).
Detection
a. Identifying that an attack is being or was attempted.
b. Auditing the “black box” system
c. Cryptographic protocols ( detects attempts at tampering).
Reaction
a. Responding to a detected attack in a timely and decisive manner so as to prevent it’s success or mitigate it’s effects.
b. If something suspicious occurs during voting or tallying , process can be stopped and situation investigated.
Secure Electronic voting : instead of conclusions
Election equipment should be proved reliable and secure before it is deployed.
Security experts and skillful judges needed Need for further experimentation Transparency in the voting process fosters voter
confidence. Software used should be open to public inspections. Measures of procedural security that are in a place but are
inadequate to cover all aspects of the electoral process. Solution to authentication lies within technologies of
public key cryptography.
End of the Show
Thank You All !