Voter Education Facilitator's Handbook for Voter Registration
Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center
description
Transcript of Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center
![Page 1: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/1.jpg)
Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal
Nicolas Nicolaou
Voting Technology Research (VoTeR) CenterDepartment of Computer Science and Engineering
University of Connecticuthttp://voter.engr.uconn.edu
24th Annual ACM Symposium on Applied ComputingSAC 2009, Honolulu, Hawaii
Joint work with:Seda Davtyan, Sotiris Kentros, Aggelos Kiayias, Laurent Michel, Alexander Russell, Narasimha Shashidhar, Andrew See andAlexander A. Shvartsman
![Page 2: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/2.jpg)
Motivation Electronic Voting Technologies
Direct Recording Electronic (DRE) Touch Screen w/ or w/out printer, not directly voter-
verifiable Optical Scan (OS) tabulator
VVPAT – Voter Verifiable Paper Audit Trail Used in over 50% of counties in 2008
Case Study, Premier AccuVote-OS (AVOS): Wide use in US elections, but…
Can be tampered with if memory card is removed [Hursti’05]
Can be tampered with if memory card is sealed in [EVT’07] Reports by other workers and CA, CT, FL, AL,…
Safe-use procedures can be followed, but all under the assumption that firmware is trusted
04/22/232 VoTeR Center – SAC’09
![Page 3: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/3.jpg)
Question
Can the Can the FirmwareFirmware of Voting of Voting Machines be Machines be TrustedTrusted??
In particular: Can the In particular: Can the FirmwareFirmware of AccuVote tabulator be of AccuVote tabulator be
TrustedTrusted??
04/22/233 VoTeR Center – SAC’09
Work performed by the UConn VoTeR Center on request of the Connecticut Secretary of the State as a part of the overalleffort to evaluate voting equipment, and to enable and performeffective technological audits, pre- and post-election.
![Page 4: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/4.jpg)
Our Findings Firmware of AVOS can be analyzed
Without access to vendor specifications or source code Using off-the-shelf third party tools (<$300) Under the contractual right to “display or disseminate
all information and data related to election results” Three firmware manipulations targeting:
Enabling Effective Auditing: Faithful and fast memory dumping
Audit Improvement (also potential Privacy Violation): “Leak” Ballot Contents
Revealing Weaknesses: Alteration of Election Result Swapping candidate counters
04/22/234 VoTeR Center – SAC’09
![Page 5: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/5.jpg)
Understanding the System Election Management System (GEMS):
Ballot Design and Central Tabulation Serial port communication with AVOS
Transferred data stored on the AVOS memory card
AVOS Terminal: Hardware Components Software Components
Firmware Memory Card Contents
04/22/235 VoTeR Center – SAC’09
![Page 6: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/6.jpg)
Hardware External
LCD Dot Matrix Printer Ballot Reader Input Buttons 128K 40 Pin Epson
Memory Card
Internal 8Mhz MicroController
Emulates an Intel 80186
128K SRAM 128K Firmware EPROM
04/22/236 VoTeR Center – SAC’09
![Page 7: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/7.jpg)
Software Firmware
Version 1.96.6 Stored in a UV light erasable 128K EPROM Responsible for all the functions of the terminal Unencrypted / Unauthenticated: the terminal will
boot modified firmware without a single warning
Memory Card contents Programmed through GEMS Election-specific programming
Election Data and Control Flags depending on the Elections
04/22/237 VoTeR Center – SAC’09
![Page 8: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/8.jpg)
Understanding Memory Card Format
Crucial for Auditing purposes Memory Card can be divided in 5 major
sections: Header Log Election Data Bytecode (AccuBasic) Counters
04/22/238 VoTeR Center – SAC’09
![Page 9: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/9.jpg)
Gaining Access: Serial Port Control over the transmission
One way communication from terminal via a serial line
Identified AVOS communication Methodology Place byte to be sent in a buffer Unmask the serial transmission interrupt to place
the byte from the byte on the wire.
04/22/239 VoTeR Center – SAC’09
![Page 10: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/10.jpg)
Manipulation 1: AVOS as a Card Reader Goal: Transmit MC data from AVOS to PC
Improve Auditing Obtain clean and faithful image of the card contents Enable auditing of large number of cards
Motivation AVOS built-in dumping procedure
Unfaithful transmission of the contents Potential modification of the audit log Too slow for mass auditing ( ~2min per card)
Card Reader/Writer are very hard to find and are slow This type of memory cards discontinued ca. 1998 Even if available, the commercial reader can take 1/2 hour
04/22/2310 VoTeR Center – SAC’09
![Page 11: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/11.jpg)
Manipulation 1: AVOS as a Card Reader Delivery of Memory Card Data:
Inject a function to read the memory card contents Utilizing Memory Card access control
Transmit one byte at a time to the serial line Utilizing Serial Port access control
Speeding Up Card Dumping: Implemented standard Run Lengths Encoding algorithm
Large part of card data contains sequences of identical values Reduced card dumping from 2min to 20sec
Enabled the dump and inspection of large number of cards
Avoid alteration of card contents, e.g., audit log
04/22/2311 VoTeR Center – SAC’09
![Page 12: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/12.jpg)
Manipulation 2: Leaking Ballot Data Dual Significance of the Result:
Benign alteration of firmware: Enhance Hand Count Audit
Potential malicious alteration: Violation of Voter Privacy
Implementation AVOS side:
Transmit the candidate counters after each ballot cast PC side:
Wait for incoming counters Upon receipt of counters compute the difference of current
counter image and the locally stored counter image Counter difference reveal the ballot votes
04/22/2312 VoTeR Center – SAC’09
![Page 13: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/13.jpg)
Manipulation 2: Leaking Ballot Data Used in Hand Count Audit
Ballot as read by AVOS presented on the screen Poll worker may verify validity of the ballot
Reduces audit time Reduces audit errors Reveals ballot read errors
Demonstrates Possible Violation of Voter Privacy Using the same technique during the election Extract order of the ballots cast
Next: Hybrid OS terminal that displays votes as cast Voter could verify their votes as recorded by the
machine
04/22/2313 VoTeR Center – SAC’09
![Page 14: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/14.jpg)
Manipulation 3: Swapping Candidate Counters Time Bomb Attack during Election
Behave “nicely” during pre-election testing “Hit” during the actual elections
Implementing vote swapping: Swap votes for predefined candidates If votes < threshold do not swap
Also avoids pre-election testing detection Otherwise swap after the elections are closed
Swap is done at the closing of elections and before the election report is printed.
04/22/2314 VoTeR Center – SAC’09
![Page 15: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/15.jpg)
Demonstration T=10: Pre-Election Testing
Manipulation 3: Swapping Candidate Counters
Original Firmware Modified Firmware
04/22/2315 VoTeR Center – SAC’09
![Page 16: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/16.jpg)
Demonstration T=10: At Poll Closing
Manipulation 3: Swapping Candidate Counters
Original Firmware Modified Firmware
04/22/2316 VoTeR Center – SAC’09
![Page 17: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/17.jpg)
Conclusions and Discussion Demonstrated 3 AVOS firmware manipulations
Used for: Fast and Faithful Memory Card dumping Potential for: Leaking Ballot Data Potential for: Swapping Candidate Counters
Our results underscore the need for Pre and Post election audits Incorporation of firmware cryptographic integrity
check at the hardware level
Answer to our question: Firmware of an e-voting terminal Firmware of an e-voting terminal
is is notnot necessarily trustworthy necessarily trustworthy 04/22/2317 VoTeR Center – SAC’09
![Page 18: Nicolas Nicolaou Voting Technology Research ( VoTeR ) Center](https://reader033.fdocuments.us/reader033/viewer/2022051002/56815c85550346895dca9b90/html5/thumbnails/18.jpg)
Thank you!
Questions?
04/22/2318 VoTeR Center – SAC’09