electronic voting
play

Electronic Voting CS 161: Computer Security Prof. David Wagner April - PowerPoint PPT Presentation

Mar 15, 2024 •278 likes •901 views

Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify that the election was

  1. Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013

  2. Security Goals for an Election • Integrity: No election fraud • Transparency: Everyone – especially the loser – must be able to verify that the election was conducted appropriately • Privacy: No one learns how the voter has voted • Secret ballot: Voter cannot prove how she voted #2

  3. #3

  4. #4

  6. #6

  7. Another anomaly during the 2000 election From: Lana Hires Subject: 2000 November Election I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb". #7

  8. #8

  9. #9

  10. Question: What are the security requirements for electronic voting machines? 1. Machine must allow each authorized voter to vote exactly once; must prevent tampering with votes after they are cast. 2. Machine should be verifiably trustworthy. 3. Machine must randomize the order in which votes were cast. 4. Machine must not give voter a “ receipt ” . C Security goals for an election: Integrity, Transparency, Privacy, Secret ballot #10

  11. Nov 4, 2002: State of Georgia votes on Diebold DREs. March 18, 2003: Diebold source code leaks. July 23, 2003: Tadayoshi Kohno, Adam Stubblefield, Avi Rubin, Dan Wallach, “ Analysis of an Electronic Voting System ” . #11

  12. The voter authorization protocol QueryStatus ACTIVE (0x01) smartcard (record vote) SetStatus CANCELED (0x08) Status = CANCELED Succeeded #12

  13. The voter authorization protocol [Are you a valid card?] QueryStatus [Yup.] ACTIVE (0x01) smartcard (record vote) [Please cancel yourself.] SetStatus CANCELED (0x08) Status = CANCELED [Ok.] Succeeded #13

  14. Attack! QueryStatus ACTIVE (0x01) (record vote) SetStatus CANCELED (0x08) malicious Succeeded smartcard QueryStatus ACTIVE (0x01) (record another vote) SetStatus CANCELED (0x08) Succeeded #14

  15. Authenticating election officials What kind of card are you? An administrator card. What’s the secret PIN? 2301 What’s the secret PIN? 2301 Ok, you have admin access. #15

  16. Source code excerpts #define DESKEY ((des_key*)"F2654hD4") DESCBCEncrypt((des_c_block*)tmp, (des_c_block*)record.m_Data, totalSize, DESKEY, NULL, DES_ENCRYPT); #16

  17. Source code excerpts // LCG - Linear Congruential Generator - // used to generate ballot serial numbers // A psuedo-random-sequence generator // (per Applied Cryptography, Bruce Schneier) int lcgGenerator(int lastSN) { return ((lastSN*1366) + 150889)%714025; } “ Unfortunately, linear congruential generators cannot be used for cryptography. ” — Applied Cryptography, p.369 #17

  18. #18

  19. #19

  20. Fall 2003, Ohio "I am committed to helping Ohio deliver its electoral votes to the president.” -- Wally O’Dell CEO of Diebold #20

  21. #21

  22. California Top-to-Bottom Review In 2007, California Secretary of State Debra Bowen commissions a review of California’s voting systems. 43 experts (led by David Wagner & Matt Bishop) examine voting systems used nationally. #22

  23. Technical findings of the CA TTBR All voting systems examined have serious security problems: • None followed sound engineering principles expected of security-critical systems. • All were vulnerable to viral attacks: one outsider could subvert all voting machines countywide #23

  24. Example flaw (Diebold/Premier system) Bug: The code that reads data off the memory card has buffer overrun vulnerabilities. Attack: 1. Attacker writes malicious code onto 1 card 2. When central PC reads votes off card on election night, it gets infected 3. Infected PC writes malicious code onto all cards used in the next election, infecting entire county #24

  25. Quotes from the reports “ We found pervasive security weaknesses throughout the Sequoia software. Virtually every important software security mechanism is vulnerable to circumvention. ” “ Our study of the Diebold source code found that the system does not meet the requirements for a security-critical system. It is built upon an inherently fragile design and suffers from implementation flaws that can expose the entire voting system to attacks. ” “ The Hart software and devices appear to be susceptible to a variety of attacks which would allow an attacker to gain control of some or all of the systems in a county. [..] Many of these attacks can be mounted in a manner that makes them extremely hard to detect and correct. We expect that many of them could be carried out in the field by a single individual, without extensive effort, and without long-term access to the equipment. ” #25

  26. Outcome of the CA TTBR Bowen decertifies most touchscreen e-voting machines and imposes strict new procedural protections. Result: Most Californians now vote on paper ballots. #26

  27. Trojan Horses and the Insider Threat Ronald Dale Harris Employee, Gaming Control Board, 1983-1995 Arrested, Jan 15,1995 Convicted, Sept 23, 1997, for rigging slot machines #27

  28. Attempted Trojan Horse in Linux Kernel … schedule(); goto repeat; } if ((options == (__WCLONE|__WALL)) && current->uid = 0)) retval = -EINVAL; retval = -ECHILD; ??? end_wait4: current->state = TASK_RUNNING; … #28

  30. Trojan Horses and Voting Machines Malicious logic hidden by an insider might, e.g., record votes incorrectly to favor one candidate. How would we defend a voting system against this kind of insider threat? Potential solutions: • Verify that the software is free of Trojans and will work correctly on all future elections. (beyond the state of the art) Voting on Satan’s computer. • Assume sw might contain Trojans. Verify that sw worked correctly in this particular election. (voter-verified paper records + random audits) #30

  31. #31

  32. #32

  33. #33

  35. Statistical audit • After election, randomly choose 1% of machines and manually recount the paper records on those machines. If paper count ≠ electronic count, there was fraud. • If » 100 machines cheat, detection is likely. Consequently: If paper count = electronic count, then no more than ~100 machines cheated. The tallies are t 1 , …, t n Prover Verifier Show me the paper for machine i. (Elec. Official) (skeptical voter) (voter-verified paper audit trail) #35

  36. Conclusions • E-voting security is hard, but... • E-voting can be made secure and trustworthy, if it can be audited. • Technical principles: - Two-person control, separation of duties - Statistical audit - Security against malicious insiders #36

  37. Lessons • Understand security requirements before you design & deploy an information system. • Independent review is valuable. • Sometimes technical threats can be handled through non-technical defenses. • Seek independent, end-to-end checks that the system is working properly. • Securing systems against malicious insiders is extremely challenging. • Business structure determines the technology that is built & deployed. If buyers cannot measure how secure a product is, be prepared for market failures. #37

  38. Extra Material

  39. #39

  40. Can I get a volunteer? David Wagner, UC Berkeley

  41. Interactive proofs Here are two cloths. David Wagner, UC Berkeley

  42. Interactive proofs Imagine that I am red-green color-blind… David Wagner, UC Berkeley

  43. Interactive proofs How could you prove to me that you can distinguish the red cloth from the green cloth, if I am red-green color-blind? David Wagner, UC Berkeley

  44. An interactive proof or “ same ” “ swapped ” or Verifier Prover David Wagner, UC Berkeley

  45. Sudoku

  46. Sudoku

  47. Goal: Prove the puzzle is solvable I’m convinced! But I haven’t learned It can be solved! anything about the solution. Darn. Verifier Prover David Wagner, UC Berkeley

  48. You prepare your proof 1 → e 2 → h 3 → c 4 → f 5 → i 6 → d 7 → b 8 → a 9 → g

  49. You prepare your proof a c i f e d g h b 1 → e h g d a i b f c e 2 → h f e b h g c d i a 3 → c i d g e c f b a h 4 → f 5 → i e h c d b a i f g 6 → d b f a i h g e d c 7 → b 8 → a d i h b a e c g f 9 → g g a e c f i h b d c b f g d h a e i

  50. You prepare your proof a c i f e d g h b 1 → e h g d a i b f c e 2 → h f e b h g c d i a 3 → c i d g e c f b a h 4 → f 5 → i e h c d b a i f g 6 → d b f a i h g e d c 7 → b 8 → a d i h b a e c g f 9 → g g a e c f i h b d c b f g d h a e i

  51. My turn: I keep you honest a c i f e d g h b 1 → e h g d a i b f c e 2 → h f e b h g c d i a 3 → c i d g e c f b a h 4 → f 5 → i e h c d b a i f g 6 → d b f a i h g e d c 7 → b 8 → a d i h b a e c g f 9 → g g a e c f i h b d c b f g d h a e i

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for Voting Over the Internet, Indrajit Ray, (revisited) Indrakshi Ray, Natarajan Narasimhamurthi Paul Valiant extending work by Dale Neal &

441 views • 5 slides
Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of Birmingham joint work with St ephanie Delaune and Steve Kremer LSV Cachan, France SoCS Seminar November 2007 Outline Electronic voting Electronic

763 views • 33 slides
Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction /

Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction /

Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction / Voting Voting using mix-nets Randomized Partial Checking (Jakobsson/Juels/Rivest USENIX 02) Pedagogic variant of Chaums proposal Voting

758 views • 36 slides
Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo, Amira Barki, Solenn Brunet and Jacques Traor 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING16 February 26th, 2016

532 views • 23 slides
Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale electronic voting protocol: Primarily Internet-based Users voting from their own devices (such as home PC/laptop) Aimed toward actual

721 views • 21 slides
Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of Birmingham based on joint work with Ben Smyth Steve Kremer Mounira Kourjieh IFIP WG 1.3, Udine, Italy September 2009 Outline Electronic voting Applied

695 views • 30 slides
Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud in an Electronic Voting Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An Analysis of the Unlimited Reelection Vote in Venezuela Election Forensics Previous Research Ines

686 views • 45 slides
TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules

TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules

TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules Russell A. Fink, Alan T. Sherman, and Richard Carback Direct Recording Electronic (DRE) Higher usability compared to paper ballot Multi-language

299 views • 15 slides
The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President, Research & Product Development Sequoia Voting Systems __________________________________________________ California Secretary of State public

461 views • 6 slides
An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques Traor 21 June 2016 COST Action IC1205 Industry Day Outline Context Problematic / Security issues Some challenges in Electronic

621 views • 41 slides
Usable Verifiable Remote Electronic Voting case study HELIOS 18.07.2012 SecVote Dagstuhl

Usable Verifiable Remote Electronic Voting case study HELIOS 18.07.2012 SecVote Dagstuhl

Usable Verifiable Remote Electronic Voting case study HELIOS 18.07.2012 SecVote Dagstuhl Comments Based on research results from the project Usable Verifiability in Remote Electronic Voting Project funded by Research conducted

769 views • 59 slides
A network voting system using a mix-net in a Japanese private organization Kazue Sako NEC

A network voting system using a mix-net in a Japanese private organization Kazue Sako NEC

A network voting system using a mix-net in a Japanese private organization Kazue Sako NEC Corporation 2004.5.27 Background: Electronic Voting in Japan Law established in 2001, effective 2002 voting at polling place for local

195 views • 16 slides
Some Thoughts on Electronic Voting Ronald L. Rivest MIT CSAIL DIMACS Voting Workshop May 26,

Some Thoughts on Electronic Voting Ronald L. Rivest MIT CSAIL DIMACS Voting Workshop May 26,

Some Thoughts on Electronic Voting Ronald L. Rivest MIT CSAIL DIMACS Voting Workshop May 26, 2004 "What's one and one and one and one and one and one and one and one and one and one?" "I don't know," said Alice.

378 views • 23 slides
Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University

Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University

Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University Joint with Bingsheng Zhang (Lancaster University) e-voting E-voting encompasses a broad range of voting systems that apply electronic

425 views • 16 slides
Electronic Voting for the 2018 Municipal Election Special Committee of the Whole March 6, 2017

Electronic Voting for the 2018 Municipal Election Special Committee of the Whole March 6, 2017

Electronic Voting for the 2018 Municipal Election Special Committee of the Whole March 6, 2017 Purpose Continuation of discussion of internet voting from the January 30, 2017 Special Committee of the Whole Outline Presentation from

559 views • 17 slides
005 - Data Graphics EPIB 607 - FALL 2020 Sahir Rai Bhatnagar Department of Epidemiology,

005 - Data Graphics EPIB 607 - FALL 2020 Sahir Rai Bhatnagar Department of Epidemiology,

005 - Data Graphics EPIB 607 - FALL 2020 Sahir Rai Bhatnagar Department of Epidemiology, Biostatistics, and Occupational Health McGill University sahir.bhatnagar@mcgill.ca slides compiled on September 11, 2020 1 / 30 . Objective

899 views • 30 slides
Chapter 3: Modifying Pictures using Loops We perceive light different from how it actually is

Chapter 3: Modifying Pictures using Loops We perceive light different from how it actually is

Chapter 3: Modifying Pictures using Loops We perceive light different from how it actually is Color is continuous Visible light is in the wavelengths between 370 and 730 nanometers Thats 0.00000037 and 0.00000073 meters But we

997 views • 80 slides
Comp/Phys/Mtsc 715 Lecture 5: Trichromacy, Color Spaces, Properties of Color 1/24/2012 Color

Comp/Phys/Mtsc 715 Lecture 5: Trichromacy, Color Spaces, Properties of Color 1/24/2012 Color

1/23/2012 Comp/Phys/Mtsc 715 Lecture 5: Trichromacy, Color Spaces, Properties of Color 1/24/2012 Color Comp/Phys/Mtsc 715 Taylor 1 Example Videos Segmentation and visualization of neurons Astro Visualization (the Millennium Run)

465 views • 23 slides
433-380 Graphics and Computation Department of Computer Science and Software Engineering, The

433-380 Graphics and Computation Department of Computer Science and Software Engineering, The

433-380 Graphics and Computation Department of Computer Science and Software Engineering, The University of Melbourne slides by Adrian Pearce, includes some slides adapted from Les Kitchen and figures from Foley and Rowe texts. 433-380 A.

586 views • 30 slides
Colors in R STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley gastonsanchez.com

Colors in R STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley gastonsanchez.com

Colors in R STAT 133 Gaston Sanchez Department of Statistics, UCBerkeley gastonsanchez.com github.com/gastonstat/stat133 Course web: gastonsanchez.com/stat133 Colors in R 2 Colors in plots Colors on objects In R plots, many objects can

1.04k views • 92 slides
1 The Hum an Eye The Hum an Eye The eye: The center of the retina is a densely packed region

1 The Hum an Eye The Hum an Eye The eye: The center of the retina is a densely packed region

Basics Of Color CS 4 7 3 1 : Com put e r Gr a phics Elements of color: Lect ure 2 4 : Color Science Em m anuel Agu W hat is color? I ntroduction Color description: Red, greyish blue, white, dark green Computer Scientist:

293 views • 7 slides
#1ineveryclassroom - - - - -50 shades of muddy green David Featonby Science on Stage UK and Eu

#1ineveryclassroom - - - - -50 shades of muddy green David Featonby Science on Stage UK and Eu

#1ineveryclassroom - - - - -50 shades of muddy green David Featonby Science on Stage UK and Eu da.featonby@gmail.com Louise Maule North Tyneside Learning Trust Louise.maule@ntlp.org.uk @LouiseMaule1 Colour is complex ! People use colour

787 views • 53 slides
MA162: Finite mathematics . Jack Schmidt University of Kentucky April 23, 2012 Schedule: HW

MA162: Finite mathematics . Jack Schmidt University of Kentucky April 23, 2012 Schedule: HW

. MA162: Finite mathematics . Jack Schmidt University of Kentucky April 23, 2012 Schedule: HW 7C due Fri, April 27, 2012 Final exam, Wed May 2, 2012 from 8:30pm to 10:30pm Today we will review the practice exam. Final Exam Breakdown

110 views • 9 slides

More recommend