security analysis of india s electronic voting systems
play

Security Analysis of India's Electronic Voting Systems Scott - PowerPoint PPT Presentation

Nov 30, 2022 •466 likes •1.02k views

Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich), Hari K. Prasad, Kankipati, Sakhamuri, Yagati (NetIndia), Rop Gonggrijp "Reaffirm it's belief in the infallibility of the EVMs" Goals

  1. Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich), Hari K. Prasad, Kankipati, Sakhamuri, Yagati (NetIndia), Rop Gonggrijp "Reaffirm it's belief in the infallibility of the EVMs"

  2. Goals • To evaluate the claims of the Indian Election Commission that the EVM is "infallible" and "tamper-proof" • Show the significant vulnerabilities in the EVMs and possible attack vectors

  3. Electronic Voting in India • The first EVMs proposed in the 1980s but were not adopted nationwide • However, the systems style is used to this day • The first nationwide EVMs were used in the 90s and have been updated a few times

  4. Electronic Voting in India • The Election Commission brought together a committee of engineers • They assured the committee that the machine was completely secure

  5. Electronic Voting in India • The Election Commission brought together a committee of engineers • They assured the committee that the machine was completely secure • "Today the Commission once again completely reaffirms its faith in the infallibility of the EVMs. These are fully tamper-proof, as ever"

  6. Electronic Voting in India • The Election Commission brought together a committee of engineers • They assured the committee that the machine was completely secure • "Today the Commission once again completely reaffirms its faith in the infallibility of the EVMs. These are fully tamper-proof, as ever" • Unfortunately, none of the committee members had any security background

  7. Challenges for Voting Machines in India • Cost for mass production

  8. Challenges for Voting Machines in India • Cost for mass production • Illiteracy

  9. Challenges for Voting Machines in India • Cost for mass production • Illiteracy • Lack of Reliable power

  10. Challenges for Voting Machines in India • Cost for mass production • Illiteracy • Lack of Reliable power • Technology intimidation

  11. Challenges for Voting Machines in India • Cost for mass production • Illiteracy • Lack of Reliable power • Technology intimidation • Any solution needs to be able to stand up to these requirements

  12. EVM Operation

  13. Consist of 2 Parts

  14. Consist of 2 Parts

  15. Control Unit • Holds a microprocessor that controls the ballot machines • Built in 7-segment LEDs for candidate # and vote count • Constantly polls the ballot machine the check if there is a new vote

  16. Ballot Machine • Lists the candidates in the election • Relays information back to the control unit • Uses two EPLDs instead of a CPU to interpret control signals • Gives visual and audio feedback to confirm correct vote (a red light and a beep)

  17. Software • Software is installed in order to be permanent and secret • But can't be read or written to • Is it gone forever?

  18. Software • Software is installed in order to he electronically erasable • But can't be read or written too • No • A well funded adversary can examine the chip under a microscope

  19. Pre-Election Process • Election officials place paper names for the candidates in the ballot machine • Name and party (logo)

  20. Pre-Election Process • # of candidates entered into the control unit • A public mock election is held • Publicly zero the ballot count in the control unit • Machines are sealed to prevent tampering

  21. Pre-Election Process • # of candidates entered into the control unit • A public mock election is held • Publicly zero the ballot count in the control unit • Machines are sealed to prevent tampering

  22. Election – Ballot • Voters are identified and given a black mark to prevent double voting • In the booth: • A green light indicates 'ready' • Press the button for the candidate of your choice • A beep confirms you voted • A red light shows who you voted for

  23. Election – Control Unit • Press the ballot button to start allowing ballots • The control unit queries each ballot machine • Ballot machine checks EPLD (electronically programmable device) for a cast vote • If yes, send vote to control unit • If no, query the next ballot machine

  24. How can this system be compromised?

  25. Tampering with Software • Despite the fact that the software is not readable or writable, manufacturer or employees can compile different code • Without much chance of being caught • For a well funded adversary, the chip can also be taken apart and examined under a microscope • Reverse engineering from there is relatively straightforward

  26. Substitute the CPU • One of the claims made by the commission that evaluated these were that visual inspection would make attacks obvious

  27. Substitute the CPU • One of the claims made by the commission that evaluated these were that visual inspection would make attacks obvious • But if the CPU is swapped at assembly, or in the supply chain, or by corrupt employees it's hard to detect • Even harder to at the polling place since it is enclosed in a casing

  28. Substitute the CPU • The CPU can be programmed to miscount the votes when tallied • EPLDs on the ballot machine too • Since there is no cryptography used, altering data is trivial and leaves no trace of misconduct • Its simple design and commodity hardware makes it easy to replicate functionality

  29. One Step Further – Swap the entire board • Swapping the CPU requires soldering and some non-trivial effort • A new board is easier to manufacture and trust between devices makes it easy • With the simple design of the EVM, replicating the functionality of the control unit is not difficult

  30. Swap the Entire Board – How? • Between the election period and the tallying period, an adversary could replace a few voting machines • Between elections, EVMs were stored in places like high schools and insecure warehouses • Getting access during this time is possible

  31. Swap the Whole Thing • Without any authenticity checks, swapping the device would also go unnoticed • But hard to replicate plastic housing of board Tampering with the State • Electrical components on either machine or between the two machines can be attached to modify device communication • Masking/simulating votes • Reading directly from EEPROM

  32. Attacks Carried Out

  33. Dishonest Display – What • Add a separate, hidden microcontroller to the board that changes the output of the LED • Instead of modifying the voting operation, just change what the official sees by calculating incorrectly

  34. Dishonest Display – What • A microcontroller with other parts can be swapped any point before the votes are tallied, perhaps years before • Manufacturer maintenance or election insiders routinely have access to machines

  35. Dishonest Display – How? • A microcontroller, bluetooth module and a chip antenna circuit is added • Power supplied by EVM • Hidden underneath the existing LEDs with 2mm clearance • Microcontroller reads select lines for for the LEDs • Circuit tracks the total number of votes

  36. Dishonest Display – How? • A signaling mechanism over Bluetooth radio is used to choose favored candidate • Can be performed by ordinary phones • The device looks for device with name "MAGIXX" • The PIC stores the candidate in non-volatile memory until tallying

  37. Dishonest Display – Detection?

  38. Dishonest Display – Detection • To combat tallies that look fraudulent an algorithm is created to calculate how many votes to steal • Minimum threshold of votes • Maintain consistency properties of reported results • Enough that people can disclose their votes • Subtract proportional amount from each candidate and add to favored candidate

  39. Clip-on Memory Manipulator – What • The votes are stored in EEPROM on the control unit once the voting is complete • A large gap between voting and tallying leaves the units vulnerable to tampering • Tamper with the memory in EEPROM to modify/extract the ballots • Data is stored sequentially and unencrypted

  40. Clip-on Memory Manipulator – How? • I2C serial protocol is used for communication between CPU and EEPROM • By holding the CPU in reset state, I/O signals are forced high-Z, allowing communication even when not in use • A microcontroller clip is attached to the pins of the EEPROM and gets power from the EVM

  41. Clip-on Memory Manipulator – Stealing Votes • The clip has a rotary to choose a candidate to favor and modify their tally • A vote stealing program computes how many votes to steal and rewrites the ballots • Program handle failures by writing to one array at a time and marking dirty bits

  42. Clip-on Memory Manipulator – Secrecy • Ballots are stored in EEPROM in the order they are cast • Attacker can examine public register to discover the order of voters • Correlating the two completely compromises voter secrecy

  43. Apparent Safeguards • It's hard to compromise a million machines

  44. Apparent Safeguards • It's hard to compromise a million machines • Tightly contested elections can determine majority in parliament

  45. Apparent Safeguards • It's hard to compromise a million machines • Tightly contested elections can determine majority in parliament • Physical security from personnel

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with Ben Smyth Steve Kremer Imperial College 21 April 2010 Outline Potential & current situation 1 Desired properties 2 Example 3 Modelling

958 views • 60 slides
Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of Birmingham based on joint work with Ben Smyth Steve Kremer Mounira Kourjieh IFIP WG 1.3, Udine, Italy September 2009 Outline Electronic voting Applied

695 views • 30 slides
ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith

ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith

Slide 1 The Simpsons Slide 2 ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith asmithziegler@gmail.com | twitter.com/asmithziegler Slide 3 PROBLEMS Slide 4 www.electionsatrisk.org www.ivotedmovie.com Jason Grant

432 views • 32 slides
Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for Voting Over the Internet, Indrajit Ray, (revisited) Indrakshi Ray, Natarajan Narasimhamurthi Paul Valiant extending work by Dale Neal &

441 views • 5 slides
Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Electronic voting System security of electronic voting Stephen McCamant Exercise sets 2

424 views • 10 slides
The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President, Research & Product Development Sequoia Voting Systems __________________________________________________ California Secretary of State public

461 views • 6 slides
Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System security of electronic voting Electronic voting Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering

420 views • 5 slides
An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques Traor July 8-12 th 2014 Interdisciplinary Analysis of Voting Rules Outline Outline Outline Outline Context Problematic / Security

515 views • 37 slides
Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3 #4 #5 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify

576 views • 53 slides
Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos

Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos

Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center Overview Motivation Related Work Protocol Examples Analysis Motivation The

621 views • 29 slides
Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud in an Electronic Voting Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An Analysis of the Unlimited Reelection Vote in Venezuela Election Forensics Previous Research Ines

686 views • 45 slides
Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify that the election was

901 views • 62 slides
Electronic Voting CS 161: Computer Security Prof. David Wagner April 18, 2016 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 18, 2016 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 18, 2016 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify that the election was

1.13k views • 65 slides
Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of Birmingham joint work with St ephanie Delaune and Steve Kremer LSV Cachan, France SoCS Seminar November 2007 Outline Electronic voting Electronic

763 views • 33 slides
An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques Traor 21 June 2016 COST Action IC1205 Industry Day Outline Context Problematic / Security issues Some challenges in Electronic

621 views • 41 slides
Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Tamperproofing Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

345 views • 12 slides
ACR 3413 BASIC STRUCTURAL ENGINEERING 3 Lecture 1 Univers rsit ity y Putra a Malaysia ysia

ACR 3413 BASIC STRUCTURAL ENGINEERING 3 Lecture 1 Univers rsit ity y Putra a Malaysia ysia

ACR 3413 BASIC STRUCTURAL ENGINEERING 3 Lecture 1 Univers rsit ity y Putra a Malaysia ysia - Communication - Talk to Architect, M&E Engineer and Other Consultants of their Requirements Item Verti tical Load {V} Horizon zonta tal

572 views • 40 slides
Maximilian Michels @stadtlegende max@crate.io mxm@apache.org 2 W H Y A R E W E TA L K I N G

Maximilian Michels @stadtlegende max@crate.io mxm@apache.org 2 W H Y A R E W E TA L K I N G

C R AT E D B : A S E A R C H E N G I N E O R A D ATA B A S E ? B O T H ! H O W W E B U I LT A S Q L D ATA B A S E O N T O P O F E L A S T I C S E A R C H A N D L U C E N E Maximilian Michels @stadtlegende max@crate.io

740 views • 29 slides
Challenges for numerical relativity and gravitational-wave source modeling Emanuele Berti, Johns

Challenges for numerical relativity and gravitational-wave source modeling Emanuele Berti, Johns

Challenges for numerical relativity and gravitational-wave source modeling Emanuele Berti, Johns Hopkins University ICERM Workshop Advances and challenges in computational relativity September 14 2020 Focus of this talk: what

923 views • 60 slides
What is tamperproofing? Ensure that a program executes as intended, even in the presence of an

What is tamperproofing? Ensure that a program executes as intended, even in the presence of an

What is tamperproofing? Ensure that a program executes as intended, even in the presence of an adversary who tries to disrupt, monitor, or change the execution. A tamperproofing algorithm 1 makes tampering difficult 1/78 What is

1.84k views • 147 slides
Lecture Outline Protocols for detecting manipulation How to think about

Lecture Outline Protocols for detecting manipulation How to think about

Lecture Outline Protocols for detecting manipulation How to think about architecture In general systems terms For security implications Tussles in architectures that affect multiple stakeholders Ethane: the

636 views • 37 slides
Security aid in producing vulnerability free code (bounds primary topic of the paper for today

Security aid in producing vulnerability free code (bounds primary topic of the paper for today

Security aid in producing vulnerability free code (bounds primary topic of the paper for today protect code from people with access to hardware checking, no-execute bit) aid in producing vulnerability free code (bounds secondary topic of the

193 views • 18 slides
Inference in Belief Networks CMPUT 366: Intelligent Systems P&M 8.4 Lecture Outline

Inference in Belief Networks CMPUT 366: Intelligent Systems P&M 8.4 Lecture Outline

Inference in Belief Networks CMPUT 366: Intelligent Systems P&M 8.4 Lecture Outline 1. Recap 2. Factors 3. Variable Elimination 4. Efficiency Recap: Belief Networks Definition: A belief network (or Bayesian network )

1.27k views • 23 slides

More recommend