250 likes | 388 Views
Electronic Voting System Security. CREATED BY HETAL PATEL PATRICIA PASQUEL CMPT 495 Computer & Data Security. Project Outline. Definition History Purpose of the system How the system works Vulnerabilities Kinds of attacks and attackers Goals of defense Conclusion.
E N D
Electronic Voting System Security CREATED BY HETAL PATEL PATRICIA PASQUEL CMPT 495 Computer & Data Security
Project Outline • Definition • History • Purpose of the system • How the system works • Vulnerabilities • Kinds of attacks and attackers • Goals of defense • Conclusion
What is electronic voting system? • An electronic voting system is a voting system in which election data is recorded, stored and processed as digital information.
History • Results of Florida 2000 presidential elections were difficult to recount. Florida 2000, difficult to recount Electronic voting, impossible to recount
Major Events since Jan 2003 • Jan, 2003. “Resolution on Electronic Voting” finalized and signed by 3 people. • Jan 2003. Santa Clara County (CA) Recommends Buying DREs. Computer Scientists Speak Out. • Feb 2003. CA Ad Hoc Task Force on Touch-Screen Voting Convened. • ? Feb/Mar 2003. Rush Holt Introduces HR 2239 -- “Voter Confidence and Increased Accessibility Act” Requiring a Voter Verifiable Paper Trail. • May 2003. Task Force Recommends “Voter Verifiable Audit Trail” by 2010.
Major Events since Jan 2003 • June, 2003. CA Secretary of State Kevin Shelley receives 6,000 letters -- 4,000 in favor of a voter verifiable paper trail. • July, 2003: Johns Hopkins/Rice Report finds serious security problems with Diebold software • Nov 2003: CA SoS Shelley announces paper trail requirement for California (2005/2006) • Jan 2004: SERVE program cancelled. • Mar 2004: Various machine failures in primaries
Purpose of the System • Develop an easy to use client side program • That will help all voters cast their vote • Maintain a high level of security to avoid voter fraud. • Allow of checking affirming the votes that are being made. • Develop a server • That allows for quick reports/updates pre and post elections utilizing database. • Handles large scale voting requests using queuing methods. • Maintain high level of security to avoid voter fraud. • Develop a dynamic voter registration system to allow for the enfranchisement of more individuals.
How the system works • The voter must have a smart card or memory card. • Smart card • Voting terminals are offline during elections. • Voter get “voter card” after authentication • Insert card • Vote • Machine cancels smart card and poll workers reprogram it for the next user.
Smart Card Protocol Terminal My password is (8 byte) “Okay” Are You Valid? “Yea” Cancel Yourself Please “Okay” Card
Voting Systems design criteria* • Authentication: Only authorized voters should be able to vote. • Uniqueness: No voter should be able to vote more than once. • Accuracy: Voting systems should record the votes correctly. • Integrity: Votes should not be able to be modified without detection. • Verifiability: Should be possible to verify that votes are correctly counted for in the final tally.
Voting Systems design criteria* • Audibility: There should be reliable and demonstrably authentic election records. • Reliability: Systems should work robustly, even in the face of numerous failures. • Secrecy: No one should be able to determine how any individual voted. • Non-coercibility: Voters should not be able to prove how they voted. • Flexibility: Equipment should allow for a variety ofballot question formats. • Convenience: Voters should be able to cast votes with minimal equipment and skills.
Voting Systems design criteria* • Certifiability: Systems should be testable against essential criteria. • Transparency: Voters should be able to possess a general understanding of the whole process. • Cost-effectiveness: Systems should be affordable and efficient. • * Internet Policy Institute, Report of the National Workshop on Internet Voting: Issues and Research Agenda, USA, March 2001.
Vulnerabilities • Is divided into two categories. • Technical • Social
Technical Vulnerabilities • Computer Code • Cryptography use of the system • The way the code is designed • Connection to the other computers • Most well known attack targets are computers with direct internet connections that hackers can exploit. • Auditing Transparency • Voter cannot know if the machine recorded his vote correctly. • Observer cannot check to see if all ballots casts are Voting Systems design criteria counted correctly.
Social Vulnerabilities • Policy • Goals and requirements for a system and how it is implemented. • Procedures • How access controls are developed • Personnel • Inadequately skilled and trained • Insider attacks
Stage Vulnerability Malice Error Development of hardware/software X X Storage of machines between polls X Backup copy X Transport of modules X Loading of votes from modules X X Separation of ballot papers for counting (where multiple ballots are cast on the same day) X X Counting results X X Vulnerable Stages
Who are potential attackers? • Hackers • Candidates • Foreign governments • Criminal organizations
A Generic Attack • Programmer,system administrator, or janitor adds hidden vote-changing code. • Code can be concealed from inspections in hundreds of ways. • Code can be triggered only during real election. • Using “cues”- date, voter behavior • Explicitly by voter, poll worker, or wireless network. • Change small % of votes in plausible ways.
Kinds of attacks • Vote tampering ( changes the votes by adding, dropping or switching votes ) • Disrupt voting (Malware can be used to cause voting machine to malfunction frequently) • Electronic interception • Theft • Modification of information during transportation or transmission. • Misuse of authority to tamper with or collect information on software or election data.
Goals of Defense Three goals of defense • Protection • Detection • Reaction
Protection • Makes a target difficult or unattractive to attack. • Physical security • Use of encryption and authentication technologies ( prevents attackers from viewing, altering or substituting election data when it is transferred). • Procedural mechanisms ( include access controls, certification procedures, pre-election equipment testing).
Detection • Identifying that an attack is being or was attempted. • Auditing the “black box” system • Cryptographic protocols ( detects attempts at tampering).
Reaction • Responding to a detected attack in a timely and decisive manner so as to prevent it’s success or mitigate it’s effects. • If something suspicious occurs during voting or tallying , process can be stopped and situation investigated.
Secure Electronic voting : instead of conclusions • Election equipment should be proved reliable and secure before it is deployed. • Security experts and skillful judges needed • Need for further experimentation • Transparency in the voting process fosters voter confidence. • Software used should be open to public inspections. • Measures of procedural security that are in a place but are inadequate to cover all aspects of the electoral process. • Solution to authentication lies within technologies of public key cryptography.
End of the Show Thank You All !