90 likes | 193 Views
Security flaws in existing voting systems. by Slavik Krassovsky. Introduction. HAVA $3.9 billion appropriated in states aid DRE Vendors: Diebold ES&S MicroVote WINvote Sequoia Hart InterCivic. DRE Machine Architecture. Certification process. Is done per FEC guidelines ITAs Ciber
E N D
Security flaws in existing voting systems by Slavik Krassovsky
Introduction • HAVA • $3.9 billion appropriated in states aid • DRE Vendors: • Diebold • ES&S • MicroVote • WINvote • Sequoia • Hart InterCivic
Certification process • Is done per FEC guidelines • ITAs • Ciber • Wyle • SysTest • Off-the-shelf hardware and software is exempt
Media reported problems • 01/04, Broward County, Florida: • 134 out of 10,844 votes are missing • 11/03, Boone County, Indiana: • 144,000 votes were cast but Boone County contains fewer than 19,000 • 01/04, Hinds County, Mississippi: • Machines stayed down all day
Diebold • Analyzed by researches: • Hardcoded DES key • No Smart card authentication • Unsecure smart card deactivation • Hardcoded PIN • Etc...
Attacks on the machine Undetectable rigging Attacks
Other problems • No way to verify that their votes were recorded correctly • No way to publicly count the votes • No meaningful recounts are possible
Conclusion • Some problems can be solved by strict certification • But some problems are inherent • It’s best to look for alternatives