security of voting systems
play

Security of Voting Systems Ronald L. Rivest MIT CSAIL Given at: - PowerPoint PPT Presentation

Aug 28, 2023 •355 likes •882 views

Security of Voting Systems Ronald L. Rivest MIT CSAIL Given at: GWU Computer Science Dept. November 9, 2009 Voting is Easy ??? "What's one and one and one and one and one and one and one and one and one and one?"

  1. Security of Voting Systems Ronald L. Rivest MIT CSAIL Given at: GWU Computer Science Dept. November 9, 2009

  2. Voting is Easy… ???  "What's one and one and one and one and one and one and one and one and one and one?" "I don't know," said Alice. "I lost count." “She can't do addition," said the Red Queen.

  3. There are three kinds of people working on elections: 1. those who can count 2. and those who can’t. ?

  4. Outline  Voting technology survey  What is being used now ?  Voting Requirements  Security Threats  Security Strategies and Principles  New voting systems proposals: “Twin” and “Scantegrity II”

  5. Voting Tech Survey  Public voting  Paper ballots  Lever machines  Punch cards  Optical scan  DRE (Touch-screen)  DRE + VVPAT (paper audit trail)  Vote by mail (absentee voting)  Internet voting (?)  New voting methods (“end-to-end”), involving invisible ink, multiple ballots, scratch-off, cryptography, and other innovations…

  6. Public Voting The County Election. Bingham. 1846.

  7. Paper Ballots  Lincoln ballot, 1860, San Francisco  “Australian ballot”, 1893, Iowa city

  8. Lever Machines  Invented in 1892.  Production ceased in 1982.  See “Behind the Freedom Curtain” (1957)

  9. Punch card voting  Invented 1960’s, based on computerized punch card.  Now illegal, by HAVA (Help America Vote Act) of 2002.

  10. The famous “butterfly ballot”

  11. A “dimpled chad” ???

  12. Optical scan (“opscan”) First used in 1962

  13. DRE (“Touchscreen”)  Direct Recording by Electronics  First used in 1970’s  Essentially, a stand-alone computer

  14. DRE + VVPAT  DRE+Voter-Verified Paper Audit Trail.  First used in 2003.

  15. Vote By Mail  Often used for absentee voting, but some states use it as default.  Typically uses opscan ballots.

  16. Internet voting (?)  Risks combining the worst features of vote-by-mail (voter coercion) with the problems of DRE’s (software security) and then adding new vulnerabilities (DDOS attacks from foreign powers?)…  Why?? Because we can ?????  Still, interesting experiments being carried out (e.g. Helios [Adida], Civitas [Clarkson/Chong/Myers]).

  17. What is being used?

  22. Voting System Requirements

  23. Voting is a hard problem  Voter Registration - each eligible voter votes at most once  Voter Privacy – no one can tell how any voter voted, even if voter wants it; no “receipt” for voter  Integrity – votes can’t be changed, added, or deleted; tally is accurate.  Availability – voting system is available for use when needed  Ease of Use  Accessibility – for voters with disabilities  Assurance – verifiable integrity

  24. Security threats

  25. Who are potential adversaries?  Political zealots (want to fix result)  Voters (may wish to sell their votes)  Election officials (may be partisan)  Vendors (may have evil “insider”)  Foreign powers (result affects them too!) Really almost anybody!

  26. Threats to Voting Security  Dead people voting  Ballot-box stuffing  Coercion/Intimidation/Buying votes  Replacing votes or memory cards  Mis-counting  Malicious software  Viruses on voting machines – California top-to-bottom review (one team led by Matt Blaze) found serious problems of this sort…  …

  27. Some possible strategies…

  28. Can’t voter have a “receipt”?  Why not let voter take home a “receipt” confirming how she voted?  A receipt showing her choices would allow a voter to sell her vote (or to be coerced).  Not acceptable!  Note weakness in vote-by-mail…  Need to ban cell-phone cameras!

  29. Why not all-electronic voting?  DRE’s contain large amounts of software (e.g. 500,000 lines of code, not counting code for Windows CE, etc.)  Software is exceedingly hard to build, test, and evaluate. Particularly if someone malicious is trying to hide their tracks.  In the end, hard to provide assurance that votes are recorded as the voter intended.

  30. Voter-Verified Paper Audit Trails  Examples: opscan, DRE+VVPAT, electronic ballot markers  Allow voter to verify, without depending on software, that at least one (paper) record of her vote is correct. This paper record is, of course, not taken home, but cast.  Paper trail allows for recounts and audits.  Post-election audit can compare statistical sample of paper ballots with corresponding electronic records.

  31. Software Independence  Notion introduced by TGDC for new voting system standards (“VVSG”) for the EAC.  TGDC = Technical Guidelines Development Committee  VVSG = Voluntary Voting System Guidelines = federal certification standards  EAC = Election Assistance Commission  Proposed standard mandates that all voting systems be software independent.

  32. Software Independence  A voting system is “ software dependent ” if an undetected error in the software can cause an undetectable change in the reported election outcome.  A voting system is “software independent” (SI) if it is not software dependent.  With SI system, you can’t rig election just by changing the software.  VVPAT systems are SI.  There are others (e.g. “end-to-end”)

  33. New voting system proposals

  34. New voting systems: “end to end”  Uses web so voter can check that her ballot was counted as she intended (this is hard to do right---she shouldn’t be able to “sell her vote”).  May use mathematics (“cryptography”) to enable such verification without violating voter privacy.

  35. New voting systems: “end-to-end”  Provide “end-to-end” integrity: – Votes verifiably “ cast as intended” – Votes verifiably “ collected as cast” – Votes verifiably “ counted as collected”  VVPAT only gets the first of these; once ballot is cast, what happens thereafter depends on integrity of “chain of custody” of ballots.  “End-to-end” systems provide SI + verifiable chain of custody and tally.

  36. “Twin” (Rivest & Smith)  “academic” proposal  NYT op-ed 1/7/08 by Poundstone in favor  Each paper ballot has a copy (“twin”) made that is put in “mixer bin”  Voter casts original paper ballot (which is scanned and published on web), and takes home from mixer bin a copy of some previous voter’s ballot as a “receipt”.  Voter may check that receipt is on web.

  37. Twin Paper ballot Ballot Box Web site Scanner/copier Ballot copy present? Receipt

  38. Twin integrity  Verifiably cast as intended  Verifiably collected as cast: voters check that earlier voter’s ballot is posted  Verifiably counted as collected: anyone can tally posted ballots  Usability unproven

  39. Scantegrity II (Chaum, et al.)  Marries traditional opscan with modern cryptographic (end-to-end) methods.  Uses: – Invisible ink for “confirmation codes” – Web site – Crypto (back end)  Ballots can be scanned by ordinary scanners.  Ballots can be recounted by hand as usual.  Takoma Park 11/03/09.

  40. Scantegrity II details  Special pen marks oval, but shows previously invisible confirmation code.  CC’s are random.  Voter can copy & take home CC’s.  Officials also post revealed CC’s.  Voters can confirm posting (uses ballot serial number for lookup), and protest if incorrect.

  41. Scantegrity II integrity  Officials create two permutations: CC’s  mid’s  candidates CC’s mid’s Candidates 2X Tom 251 F7 Tom PN Dick 302 CA Dick

  42. Scantegrity II integrity  Election officials commit to (encrypt and post) all values and edges on web: CC’s mid’s Candidates 2X Tom 251 F7 Tom PN Dick 302 CA Dick

  43. Scantegrity II integrity  EO’s open chosen CC’s and mark related nodes; post tally; voter checks CC’s and tally. CC’s mid’s Candidates 2X Tom 0 251 F7 Tom PN Dick 2 302 CA Dick

  44. Scantegrity II integrity  “randomized partial checking” confirms check marks consistent CC’s mid’s Candidates 2X Tom 0 251 F7 Tom PN Dick 2 302 CA Dick

  45. Scantegrity II integrity  Cast as intended: as in opscan  Collected as cast: voter can check that his CC’s are posted correctly.  Counted as cast: ballot production audit, checkmark consistency check, and public tally of web site give verifiably correct result.

  46. Takoma Park election 11/3/09  Two races per ward; six wards.  One poll site. 1722 voters. 66 verified on-line.  Election ran smoothly.  Absentee votes; early votes; provisional votes; spoiled ballots; ballot audits; privacy sleeves; write- ins; IRV; external auditors; two scanners; spanish+english; …

  47. David Chaum + scanner

  48. Ballot and confirmation codes

  49. Scantegrity II team David Chaum Auditors & survey: TP officials: Rick Carback Jeremy Clark Ben Adida Jessie Carpenter John Conway Lilley Coney Anne Sergeant Aleks Essex Filip Zagorski Jane Johnson Alex Florescu Lynn Baumeister Barrie Hoffman Cory Jones Travis Mayberry Stefan Popoveniuc Vivek Relan Ron Rivest Peter Ryan Jan Rubio Emily Shen Alan Sherman Bhushan Sonawane Poorvi Vora …

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few security properties [KohnoStubblefieldRubinWallach2004] compared to what is desirable: Eligibility: only eligible voters can vote, and only once.

406 views • 7 slides
Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich),

Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich),

Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich), Hari K. Prasad, Kankipati, Sakhamuri, Yagati (NetIndia), Rop Gonggrijp "Reaffirm it's belief in the infallibility of the EVMs" Goals

1.02k views • 53 slides
Voting: Issues, Problems, and Systems, Continued 9 March 2012 Voting III 9 March 2012 1/1 Last

Voting: Issues, Problems, and Systems, Continued 9 March 2012 Voting III 9 March 2012 1/1 Last

Voting: Issues, Problems, and Systems, Continued 9 March 2012 Voting III 9 March 2012 1/1 Last Time Weve discussed several voting systems and conditions which may or may not be satisfied by a system. Well review them. But first,

781 views • 52 slides
ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith

ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith

Slide 1 The Simpsons Slide 2 ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith asmithziegler@gmail.com | twitter.com/asmithziegler Slide 3 PROBLEMS Slide 4 www.electionsatrisk.org www.ivotedmovie.com Jason Grant

432 views • 32 slides
Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Saghar Estehghari 1 Yvo Desmedt 1 , 2 1 Department of Computer Science University College London, UK 2 Research Center for Information Security

572 views • 28 slides
Security of Voting Systems Ronald L. Rivest MIT CSAIL 6.857 Spring 2015 L21 April 27, 2015

Security of Voting Systems Ronald L. Rivest MIT CSAIL 6.857 Spring 2015 L21 April 27, 2015

Security of Voting Systems Ronald L. Rivest MIT CSAIL 6.857 Spring 2015 L21 April 27, 2015 Voting is Easy ??? "What's one and one and one and one and one and one and one and one and one and one?" "I don't

693 views • 51 slides
Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Electronic voting System security of electronic voting Stephen McCamant Exercise sets 2

424 views • 10 slides
The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President, Research & Product Development Sequoia Voting Systems __________________________________________________ California Secretary of State public

461 views • 6 slides
Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System security of electronic voting Electronic voting Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering

420 views • 5 slides
Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi Puiggali VP Research & Development Jordi.Puiggali@scytl.com Index Auditability in e-voting Types of verifiability Verifiability methods

719 views • 27 slides
Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard

Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard

Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard Schfer/Tobias J. Schulz Agenda Introduction 1 2 Blockchain-based e-voting systems 3 Legal framework in Germany 4 Discussion 5 Summary/Outlook 2

353 views • 21 slides
Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University

Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University

Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University Joint with Bingsheng Zhang (Lancaster University) e-voting E-voting encompasses a broad range of voting systems that apply electronic

425 views • 16 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Voting in the Age of COVID-19 Barbara Simons Indiana A crazy quilt of polling place voting

Voting in the Age of COVID-19 Barbara Simons Indiana A crazy quilt of polling place voting

Voting in the Age of COVID-19 Barbara Simons Indiana A crazy quilt of polling place voting technologies More than of state uses paperless systems Insecure and old technology ~ uses hand marked paper ballots (ideal)

494 views • 34 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of Cryptography Prof. Nadim Kobeissi 1.8a Electronic Voting 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Properties of an

879 views • 20 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Mozambique INCEPTION WORKSHOP THE GEF DUGONG AND SEAGRASS CONSERVATION PROJECT 20-21 October

Mozambique INCEPTION WORKSHOP THE GEF DUGONG AND SEAGRASS CONSERVATION PROJECT 20-21 October

PROTECTING DUGONGS CONSERVING SEAGRASS CHANGE FOR COMMUNITIES COUNTRY PRESENTATION: Mozambique INCEPTION WORKSHOP THE GEF DUGONG AND SEAGRASS CONSERVATION PROJECT 20-21 October 2015 Colombo, Sri Lanka && & Dugongos.org

322 views • 16 slides
A Year of Transition 2019 Realtors and Developers Breakfast Presented by : Kyle Benham Director,

A Year of Transition 2019 Realtors and Developers Breakfast Presented by : Kyle Benham Director,

A Year of Transition 2019 Realtors and Developers Breakfast Presented by : Kyle Benham Director, Economic Development Services November 6, 2019 The Team Economic Development Services Kyle Benham Director, Economic Development Services

788 views • 44 slides
FINANCIAL STATEMENTS for the period 4 January to 31 December 2016 Echo Polska Properties

FINANCIAL STATEMENTS for the period 4 January to 31 December 2016 Echo Polska Properties

CONDENSED CONSOLIDATED FINANCIAL STATEMENTS for the period 4 January to 31 December 2016 Echo Polska Properties N.V.(Incorporated in The Netherlands) (Company number 64965945) | JSE share code: EPP | ISIN: NL0011983374 | (EPP or the

592 views • 55 slides
Laser Technology of the future OUR TECHNOLOGIES laser WELDING 2d laser CUTTING 3d laser

Laser Technology of the future OUR TECHNOLOGIES laser WELDING 2d laser CUTTING 3d laser

Who we are? Prepared with the most advanced technological background and unique machines coupled with the work done by our experts and senior engineers Our aim is to achieve the highest quality from custom-made prototypes to high-volume complex

597 views • 21 slides
2016 Annual Report Thomas S. Mowle El Paso County Public Trustee Appointed 2/1/2008 2016 Annual

2016 Annual Report Thomas S. Mowle El Paso County Public Trustee Appointed 2/1/2008 2016 Annual

2016 Annual Report Thomas S. Mowle El Paso County Public Trustee Appointed 2/1/2008 2016 Annual Report Public Trustee System Current Trends in Foreclosures and Releases Report on Operations and Finances Public Trustee System

505 views • 24 slides
BUDGET & FINANCE COMMITTEE MEETING OF THE PUTNAM COUNTY LEGISLATURE HELD AT PUTNAM GOLF,

BUDGET & FINANCE COMMITTEE MEETING OF THE PUTNAM COUNTY LEGISLATURE HELD AT PUTNAM GOLF,

BUDGET & FINANCE COMMITTEE MEETING OF THE PUTNAM COUNTY LEGISLATURE HELD AT PUTNAM GOLF, INC. 187 HILL STREET MAHOPAC, NEW YORK 10541 Thursday October 1, 2015 7:00 P.M. The

59 views • 4 slides
Pacific County Shoreline Master Program Update November 5, 2014 November 12, 2014 Outline

Pacific County Shoreline Master Program Update November 5, 2014 November 12, 2014 Outline

Pacific County Shoreline Master Program Update November 5, 2014 November 12, 2014 Outline SMA Background/Context Shoreline Jurisdiction Shoreline Analysis Report Open Q& A discussion session Shoreline Management Act

621 views • 41 slides
Heatherhill Cricket Club Bruce Reserve, Margate Avenue, Frankston Founded 1957 Affiliated

Heatherhill Cricket Club Bruce Reserve, Margate Avenue, Frankston Founded 1957 Affiliated

Presentation Night Season 2016/2017 Heatherhill Cricket Club Bruce Reserve, Margate Avenue, Frankston Founded 1957 Affiliated Mornington Peninsula Cricket Association Presentation Night Season 2016-2017 Presidents Report Club Sponsors

433 views • 19 slides

More recommend