Voting is an essential feature of democracy, but electoral fraud unfortunately is as old as voting itself. Increasingly, however, the way we count our votes completely depends on the computer system. Those systems have to work correctly and securely or the outcome of the election could be in jeopardy. Many jurisdictions don’t have in place proper safeguards, which create new opportunities for fraud.
The goal of the report is to provide sound understanding of how computer security is critical to the election process in broadly applicable sense and what we need to do to keep the election secure.
2. Rights to vote is consider to be the major victory of the
democratic society.
Voting is an essential feature of the democracy.
Count our votes completely depends on the computer system,
which provide an opportunity of fraud.
Despite the fact that we are living in years of “cutting edge”
technologies, when it comes to Security in Voting system,
there is still much to be desired .
The goal of the coursework is to provide sound understanding
of how computer security is critical to the election process in
broadly applicable sense and what we need to do to keep the
election secure.
2
3. Security of term of adversarial problem is the core of
mindset. In fact we analyzed computer security study of
how the system behaves in a presence of adversary.
How to thinks as Attacker
Looking for weakest links in the system.
Identifying the assumptions that security system depends
on.
Thinking outside the box – not constrained by system
designer‘s worldview.
3
4. Thinking as a Defender
Defending system requires cultivating view as:
Technical aspects
Security policy (civil aspects of the system) we try to enforce.
What we are going to protect and what are the assets we trying to
insure and prevent?
What property we trying to enforce?
Treat models
Who are the attackers? Capability? Motivations?
What kind of attack we are trying to prevent?
Risk assessment
What is the weakness of the system?
What will successfully attacks cost us?
How likely?
4
5. Adapting security Mindset is a pre- setup requirement before even
start thinking of any secure system.
Integrity – the outcome of the election matches the actual voting.
Voting intent – the vote is cast in the exact way as it was made.
Votes are counted as cast.
There are room of errors in both cases (technical and less technical
requirements).Well design election system has to comply with:
secrecy
authentications
enfranchisement and availability
tension in the system
cost effectiveness
accessibility
Intelligibility (usability)
5
6. Matching state database with federal database can be
difficult due to its format.
Most states prohibit people, convicted of serious
crimes in further elections. This creates potential
issues as many people with same name can enter the
prohibited list and wouldn’t know until they arrived on
the Election Day.
6
7. Collected information as name, address, signature,
date of birth, telephone number, gender and ID
number stored in this massive database raised up the
question of who can access this data.
Other problem is that those fields are publicly
available and can usually be obtained and purchased
from the state website.
In many states the voter registration list is also used
to select people for jury duty which creates a trade-off
because people who try to avoid jury duty will also
avoid voter registration.
7
8. Another issue is that voting database is available to
parties and they can used it for campaign purposes
as one example is Obama’s campaign:
” Is Your Neighbor a Democrat?” by encouraging
volunteers to go out and campaign to registered
Democrats.
Commercial reuse of the data is another privacy
issues as companies can combine the voter’s
personal information for their business & marketing
purpose for example: home mortgage, credit card
debt etc.
8
9. 9
In order to log into the Washington D.C.
online registration system, we need the name
and date of birth of the voter.
10. 10
Date of birth is one of those fields collected during the voter registration
process and publicly available. By simple searching we can easily
discover voter registration record with voter's date of birth and other
relevant information. Having this in hand we can easily log on and
accessed to voter registration home page .
11. As the attacker's target is to misdirect the ballot, he will try
to update the voter’s address and will be asked for
Driving License number which also is not a piece of secret
information and can be easily retrieved .
11
12. This kind of attack is pretty scary especially in state
where voters participated in the election process
entirely by mail as we can imagine consequences of
wide scale attack where someone tried to automate this
process and change the voter’s registration information
automatically through large numbers of people right
before the deadline for mailing out those ballots.
Solution : One way that the state could protect against
that would be to mail out confirmation before changing
your address for example sending a card to the old and
the new address saying that the address has being
modified in the database. Washington State has not
implemented a protection like this but it seems like a
key part of the validation process in order to maintain
the integrity of the registration system.
12
14. For many years, Diebold - the makers of the
AccuVote TS was extremely secretive about
allowing anyone to do an independent security
evaluation of their machines or the software
running in them. Diebold even threaten election
officials who proposed to have their independent
security evaluation done.
14
15. All of that started to change in 2003, when
a voting activist named Bev Harris was
Google in for documents about the Diebold
machines and came across with a file
posted to a Diebold Internet server. This
file happened to be a copy of the complete
source code to the Diebold voting
machine.
15
16. 16
It’s turned out that they applied encryption incorrectly in a variety of
ways because of design errors. The most interesting of these errors,
the simplest one, was that all of the voting machines used exactly the
same encryption key – a terrible security practice ,because the criminal
can take that information and apply it to break the encryption on all of
the other Diebold voting machines in use nationwide. That key is
happened to be the string F2654hD4. That was the secret that was
protecting the integrity on all of these machines and once the code
leaked to the Diebold website anyone could decrypt any of the data
files from any of the machines.
17. The next problem was a ballot secrecy problem. It
had to do with the way ballots were stored on the
memory card. The machine made a record of every
time someone cast a vote; the votes were stored in a
file on the memory card. In the Diebold memory card
the votes were stored in order. If someone was just
observing at the polling place, watching the order in
which people went into the machine and cast their
votes and they had access to the memory card at
the end, they could determine exactly how every one
of those voters voted which is a major weakness in
ballot secrecy.
17
18. 18
Finally, the researchers looked at the software
development practice. The easiest way to
illustrate what it is mean by that is to have a look
at the some of the comments that were found in
the code comments and notes programmers
leaved inside the software source code .
19. All of these problems painted a pretty grim
picture of what's going on inside the Diebold
DREs, but the company's reaction paints an
even grimmer one.
First- denied the problems.
Secondary - claimed that the software that was
studied was not something used in actual
machines.
Third- personally attacked the researchers
involved.
19
20. 20
Every group that's had a look at the system has found
even more severe problems with security and
reliability. Here is an example of one of those
problems.
21. Many researchers’ opinion is that in order to
have voting security community, we have to add
paper as a form of defense. Paper can offer very
important security advantages, especially when
it's coupled with electronic system and makes
sense as computers are not always available,
reliable and correct, therefore any form of
physical backup of the votes’ records can be
useful disaster recovery strategy.
21