e voting and forensics prying open the black box
play

E-Voting and Forensics: Prying Open the Black Box Sean Peisert - PowerPoint PPT Presentation

May 28, 2023 •186 likes •551 views

E-Voting and Forensics: Prying Open the Black Box Sean Peisert Matt Bishop Candice Hoke Mark Graff David Jefferson given at EVT/WOTE09 Montreal, Canada August 10, 2009 Monday, August 10, 2009 Key Questions That We Address

  1. E-Voting and Forensics: Prying Open the Black Box Sean Peisert Matt Bishop Candice Hoke Mark Graff David Jefferson given at EVT/WOTE’09 Montreal, Canada August 10, 2009 Monday, August 10, 2009

  2. Key Questions That We Address • What questions can a forensic examination answer? • When should election administrators consider an election forensic examination? • How should they prepare for an examination? • Who should be included on the forensic team? • What sort of legal, contractual, and practical provisions may be needed? 2 Monday, August 10, 2009

  3. Key Questions We Do Not Answer • Study the merits of e-voting, or specific types of e-voting systems. • Analyze or discuss proposed voting systems. • Analyze specific auditing techniques. 3 Monday, August 10, 2009

  4. Some Causes of Problems in Voting • Malicious attacks can occur. • Many problems are caused by accident and are not malicious. • Someone trips over a power cord. • The polling place floods due to rainstorms. • Basic Problem: what happens when something goes wrong with an election? 4 Monday, August 10, 2009

  5. Questions Driving Election Forensics • Why don’t vote totals always reconcile? • Why does a system keep failing? • Are totals accurate and complete? • Can election officials certify the results? • Will the public accept the results? • Should candidates demand a recount? 5 Monday, August 10, 2009

  6. Issues With Election Forensics • No generally/broadly accepted logging/ auditing standards. • No generally/broadly accepted machine standards. • No concrete legal guidance from court precedents. • In forensic auditing, accountability and traceability are key. But votes cannot be tied to individual voters. 6 Monday, August 10, 2009

  7. Privacy and Security Must Be Balanced (Peisert, Bishop, & Yasinsac HICSS’09) • Election officials need to be able to count ballots • Forensic analysts need to be able to determine if and how a machine failed. • Cannot allow a voter to indicate to an auditor who they are (vote selling) • Cannot allow an auditor to determine who a voter is (voter coercion) • This leads to a direct conflict. 7 Monday, August 10, 2009

  8. What About VVPATs? • VVPATs are not audit trails (Yasinsac & Bishop, HICSS’08) • If a VVPAT shows an undervote: • could be malfunction • could be voter choice • If a VVPAT shows an over-vote: • probably malfunction, but where? • If a VVPAT shows an equal balance: • implies that any problem did not involve dropping or adding votes (but could simply be mis-recording votes) 8 Monday, August 10, 2009

  9. Questions a Forensic Examination Can Answer • How many votes did the problem affect? • How accurate are the canvass totals? • If the totals are wrong, can the investigation recover the data needed to correct the problem? • Is the voting equipment functioning according to documentation? • Were any procedural guidelines violated? • Which jurisdictions does the problem affect? • ...and others... 9 Monday, August 10, 2009

  10. Requirements • Accuracy • Availability • Secrecy • Anonymity 10 Monday, August 10, 2009

  11. Laocoön: A Model of Forensic Logging • Our approach: what data do we need to record in order to unknown end goals start of attack be able to analyze certain intermediate steps of intruder events? • Attack graphs of goals. • Goals can be attacker goals (i.e., “targets”) or defender goals (i.e., “security policies”) • Predicates represented by pre- conditions & post-conditions a b c d of events to accomplish goals. • Method of translating those conditions into logging requirements. 11 Monday, August 10, 2009

  12. Laocoön & E-Voting • Many violations of security policy on e- voting are easy to define precisely (e.g., changing or discarding cast votes) • Machines have (theoretically or ideally) limited modes of operation. 12 Monday, August 10, 2009

  13. Applying the Model to E-Voting: Start with E-Voting Requirements • Laws and requirements become security policies unknown end goals • Security policies define start of attack intermediate steps of intruder attack graphs • Attack graphs start with ultimate “goals” • Attack graphs are translated into detailed a b c d specifications and logging points implementations to guide logging 13 Monday, August 10, 2009

  14. Law to Policy • California Constitution, Article 2 (“Voting, initiative and referendum, and recall”) • Law: Sec. 7. Voting shall be secret. • Manual Voting Policy: the person who opens envelopes containing absentee ballots and removes the ballots is different than the person who tallies the ballots. • E-Voting Policy: information must not “leak” outside the system through any method other than the prescribed ballot. 14 Monday, August 10, 2009

  15. Policy to Goals • Examine the ballots for signs of unique identifiers. • Examine the setup of the e-voting machines to see if network cables, wireless devices, or physical sight lines could cause votes to be observed. • Interview poll workers to determine the locations of people during voting. 15 Monday, August 10, 2009

  16. Example: Laocoön & Over-Voting • Over-voting occurs when more candidates are selected than allowed in a given race. • At some point, the value of a bit changes. • What are the paths to that event? • Start with the entry to the system (e.g., touchscreen, supervisor screen, HW manipulation). • End at the data. • This places bounds on the intermediate steps. • Monitor those paths. 16 Monday, August 10, 2009

  17. Laocoön & Over-Voting Intermediate Steps Memory Touchscreen Card #1 Introduce "write" Supervisor Memory HW via USB syscall Screen Card #2 Hardware Swap Mem Memory Open Box Access Cards Card #3 Magnetic Manipulation 17 Monday, August 10, 2009

  18. Procedural Elements • What about methods of bypassing the logging system? • How tamperproof are logs? • What about denial-of-service? • What about human error? • What about DREs vs. optical scanners? 18 Monday, August 10, 2009

  19. Basic Concept • Repeated crashes, freezes, or auto-reboots may indicate a failure of the system. • This describes a goal state of the fault graph. • The model states that data to describe the system and failure should be recorded. 19 Monday, August 10, 2009

  20. What Data to Preserve • Laocoön prescribes the need to begin with the endpoint of the attack/fault graph and work backwards to understand prior indications. Thus: • Rule P1: Record indications of any failure, what happened, when it happened, and any error indicators. 20 Monday, August 10, 2009

  21. Laocoön and Data Preservation • System-level events • Commands capable of performing such actions • Human events • Who was using the machine? • Who had access to the machine? 21 Monday, August 10, 2009

  22. Laocoön and Data Preservation Intermediate Steps Memory Touchscreen Card #1 Introduce "write" Supervisor Memory HW via USB syscall Screen Card #2 Hardware Swap Mem Memory Open Box Access Cards Card #3 Magnetic Manipulation 22 Monday, August 10, 2009

  23. What Data to Preserve • Laocoön also prescribes the need to start at the beginning of the fault graph. So: • Rule P2: Record information about entry points into the system, including the locations from which people accessed the system. • Voter interface • Maintenance bays • Include non-voters, such as officials and vendors • Visual descriptions of the state of entry points • Locations of power cords, weather, etc... 23 Monday, August 10, 2009

  24. What Data to Preserve • Laocoön prescribes the need to record possible paths from initial states to error states. So: • Rule P3: Collect external data relevant to the state of the voting system • VVPATs • Audit logs • Memory cards • Removable peripherals (e.g., USB sticks) • Cables indicating network/telephone connections • Videotapes • People! • Chain of custody details 24 Monday, August 10, 2009

  25. What Data to Preserve • Laocoön prescribes the data necessary to analyze an event, and thus also the data not adhering to that standard. So: • Rule P4: Record any signs that the data is incomplete or may not be trustworthy • E.g., if a system is supposed to record all occurrences of X but does so only intermittently. 25 Monday, August 10, 2009

  26. Assurance and How to Preserve Data • Laocoön prescribes that data should be recoded at failure points (both temporally and physical proximity). • Rule A1: Preserve all artifacts as soon as the problem is discovered, in the state in which the problem was discovered. • Copies of data, clones, backups, memory • Precinct devices • Freezing evidence • Digital photographs • Network state 26 Monday, August 10, 2009

  27. Laocoön and Data Preservation Intermediate Steps Memory Touchscreen Card #1 Introduce "write" Supervisor Memory HW via USB syscall Screen Card #2 Hardware Swap Mem Memory Open Box Access Cards Card #3 Magnetic Manipulation 27 Monday, August 10, 2009

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

KCI-based MitM Attacks against TLS Prying Open Pandoras Box Clemens Hlauschek, Markus Gruber,

KCI-based MitM Attacks against TLS Prying Open Pandoras Box Clemens Hlauschek, Markus Gruber,

KCI-based MitM Attacks against TLS Prying Open Pandoras Box Clemens Hlauschek, Markus Gruber, Florian Fankhauser, Christian Schanes BS(l)idesVienna 0x7df whoami [ haku@bsidesbox ] % getent passwd whoami | awk F :

684 views • 33 slides
About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS

iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS

iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS Data Protection Hands-On! FORENSICS 101 Acquisition Analysis Reporting GOALS: 1. Assuming physical access to the device extract as much

763 views • 41 slides
Lockpicking Forensics datagram datagram.layerone@gmail.com Black Hat USA Briefings, 2009

Lockpicking Forensics datagram datagram.layerone@gmail.com Black Hat USA Briefings, 2009

Lockpicking Forensics datagram datagram.layerone@gmail.com Black Hat USA Briefings, 2009 Agenda How locks/picks work Normal wear Lock Analysis Key Analysis Investigative process Destructive entry still #1! How Locks Work

1.39k views • 117 slides
Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud in an Electronic Voting Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An Analysis of the Unlimited Reelection Vote in Venezuela Election Forensics Previous Research Ines

686 views • 45 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
Race and Voting in Florida 17.871 Spring 2012 1 Hypothetical Statistics about Voting Pct.

Race and Voting in Florida 17.871 Spring 2012 1 Hypothetical Statistics about Voting Pct.

Race and Voting in Florida 17.871 Spring 2012 1 Hypothetical Statistics about Voting Pct. Voted Race (of registered) Avg. age Black 56.2 38.2 Hispanic 62.2 45.2 White 68.2 52.2 Pct. Voted (of Age group registered) N 18-39 56.9

365 views • 7 slides
CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Forensics for Graphics Files Types of graphics file formats Type of data compression How to locate

362 views • 25 slides
2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive

884 views • 70 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu

Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu

Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu Open-Source Digital Forensics Conference 2014 This work is sponsored by the Assistant Secretary of Defense for Research and Engineering under Air

800 views • 50 slides
CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Overview of Mobile Forensics Originated in Europe and focused on the GSM SIM card. Roaming of Devices

694 views • 17 slides
NEST Kali Linux Tutorial: Maltego Maltego is an open source intelligence and forensics

NEST Kali Linux Tutorial: Maltego Maltego is an open source intelligence and forensics

NEST Kali Linux Tutorial: Maltego Maltego is an open source intelligence and forensics application. It will offer you timeous mining and gathering of information as well as the representation of this information in an easy to understand

477 views • 23 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics & Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
? ? ? Photo by A. Dunlap (Thanks to Aimee Dunlap for designing this lecture.) Open the Black Box

? ? ? Photo by A. Dunlap (Thanks to Aimee Dunlap for designing this lecture.) Open the Black Box

10/2/2012 Cognition as a Black Box What Do Animals Know? Information goes in Behavior Comes Out And how do we find out? ? ? ? Photo by A. Dunlap (Thanks to Aimee Dunlap for designing this lecture.) Open the Black Box by Putting the Animal

279 views • 8 slides
Cubical Exact Equality and Categorical Gluing J. Sterling 1 C. Angiuli 1 D. Gratzer 2 1 Department

Cubical Exact Equality and Categorical Gluing J. Sterling 1 C. Angiuli 1 D. Gratzer 2 1 Department

Cubical Exact Equality and Categorical Gluing J. Sterling 1 C. Angiuli 1 D. Gratzer 2 1 Department of Computer Science Carnegie Mellon University 2 Department of Computer Science Aarhus University Homotopy Type Theory 2019 Presenting

349 views • 32 slides
Bishop Steven L. Ullestad Celebrating Renewal ST. ELIZABETH OF HUNGARY SERVICE Pastor

Bishop Steven L. Ullestad Celebrating Renewal ST. ELIZABETH OF HUNGARY SERVICE Pastor

REPORT OF THE BISHOP Bishop Steven L. Ullestad Celebrating Renewal ST. ELIZABETH OF HUNGARY SERVICE Pastor Erzsbet Molnr Bis ishop Ernst Gamxamub Evangelical Lutheran Church in the Republic of Namibia. NEIA Synod Youth Ministry

412 views • 16 slides
Variational Laplace Autoencoders Yookoon Park, Chris Dongjoo Kim and Gunhee Kim Vision and

Variational Laplace Autoencoders Yookoon Park, Chris Dongjoo Kim and Gunhee Kim Vision and

Variational Laplace Autoencoders Yookoon Park, Chris Dongjoo Kim and Gunhee Kim Vision and Learning Lab Seoul National University, South Korea Introduction - Variational Autoencoders - Two Challenges of Amortized Variational Inference -

783 views • 16 slides
10701 Recitation 5 Duality and SVM Ahmed Hefny Outline Langrangian and Duality The

10701 Recitation 5 Duality and SVM Ahmed Hefny Outline Langrangian and Duality The

10701 Recitation 5 Duality and SVM Ahmed Hefny Outline Langrangian and Duality The Lagrangian Duality Examples Support Vector Machines Primal Formulation Dual Formulation Soft Margin and Hinge Loss Lagrangian

1.15k views • 50 slides
mqub,fqSqhiied okhlqi dp ruduSq SeSb okhlSkhq ogERFsBCgNE nRFgBC) isBAL nEBBT cBzNEA

mqub,fqSqhiied okhlqi dp ruduSq SeSb okhlSkhq ogERFsBCgNE nRFgBC) isBAL nEBBT cBzNEA

mqub,fqSqhiied okhlqi dp ruduSq SeSb okhlSkhq ogERFsBCgNE nRFgBC) isBAL nEBBT cBzNEA FCNyGF BO YBVCUNK AwULFRF wAz uGF CCURywGRBAF kARINEFRGL BO mwFQRAPGBAfi iNwGGUNfi HPHFG 0]W2fi W/0-

810 views • 65 slides
Attitudes to Accents in Britain Ideologies, phonetic detail and the reproduction of accent bias

Attitudes to Accents in Britain Ideologies, phonetic detail and the reproduction of accent bias

Attitudes to Accents in Britain Ideologies, phonetic detail and the reproduction of accent bias Erez Levon, Devyani Sharma, Amanda Cardoso, Yang Ye & Dominic Watt LSA Annual Meeting | 2 January 2020 The moment an Englishman opens his

818 views • 23 slides
Bagging and Boosting Amit Srinet Dave Snyder Outline Bagging Definition Variants Examples

Bagging and Boosting Amit Srinet Dave Snyder Outline Bagging Definition Variants Examples

Bagging and Boosting Amit Srinet Dave Snyder Outline Bagging Definition Variants Examples Boosting Definition Hedge() AdaBoost Examples Comparison Bagging Bootstrap Model Randomly generate L set of cardinality N from the original

474 views • 33 slides
Protocol-to-Origin Brian Sni ff en Mike Bishop Erik Nygren Rich Salz Current State Who might

Protocol-to-Origin Brian Sni ff en Mike Bishop Erik Nygren Rich Salz Current State Who might

Protocol-to-Origin Brian Sni ff en Mike Bishop Erik Nygren Rich Salz Current State Who might use it? Who might use it? How to use it safely HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 123 Protocol-To-Origin: cleartext

220 views • 6 slides

More recommend