SlideShare uma empresa Scribd logo

Security in digital voting system

Transferir como PPTX, PDF
M
Madlena Pavlova

Voting is an essential feature of democracy, but electoral fraud unfortunately is as old as voting itself. Increasingly, however, the way we count our votes completely depends on the computer system. Those systems have to work correctly and securely or the outcome of the election could be in jeopardy. Many jurisdictions don’t have in place proper safeguards, which create new opportunities for fraud. The goal of the report is to provide sound understanding of how computer security is critical to the election process in broadly applicable sense and what we need to do to keep the election secure.

Tecnologia
1 de 21
Data and Network Security Report Madlena Pavlova 1
Rights to vote is consider to be the major victory of the democratic society. Voting is an essential feature of the democracy. Count our votes completely depends on the computer system, which provide an opportunity of fraud. Despite the fact that we are living in years of “cutting edge” technologies, when it comes to Security in Voting system, there is still much to be desired . The goal of the coursework is to provide sound understanding of how computer security is critical to the election process in broadly applicable sense and what we need to do to keep the election secure. 2
Security of term of adversarial problem is the core of mindset. In fact we analyzed computer security study of how the system behaves in a presence of adversary. How to thinks as Attacker  Looking for weakest links in the system.  Identifying the assumptions that security system depends on.  Thinking outside the box – not constrained by system designer‘s worldview. 3
Thinking as a Defender Defending system requires cultivating view as: Technical aspects  Security policy (civil aspects of the system) we try to enforce.  What we are going to protect and what are the assets we trying to insure and prevent?  What property we trying to enforce? Treat models  Who are the attackers? Capability? Motivations?  What kind of attack we are trying to prevent? Risk assessment  What is the weakness of the system?  What will successfully attacks cost us?  How likely? 4
Adapting security Mindset is a pre- setup requirement before even start thinking of any secure system.  Integrity – the outcome of the election matches the actual voting.  Voting intent – the vote is cast in the exact way as it was made.  Votes are counted as cast. There are room of errors in both cases (technical and less technical requirements).Well design election system has to comply with:  secrecy  authentications  enfranchisement and availability  tension in the system  cost effectiveness  accessibility  Intelligibility (usability) 5
 Matching state database with federal database can be difficult due to its format.  Most states prohibit people, convicted of serious crimes in further elections. This creates potential issues as many people with same name can enter the prohibited list and wouldn’t know until they arrived on the Election Day. 6
 Collected information as name, address, signature, date of birth, telephone number, gender and ID number stored in this massive database raised up the question of who can access this data.  Other problem is that those fields are publicly available and can usually be obtained and purchased from the state website.  In many states the voter registration list is also used to select people for jury duty which creates a trade-off because people who try to avoid jury duty will also avoid voter registration. 7
 Another issue is that voting database is available to parties and they can used it for campaign purposes as one example is Obama’s campaign: ” Is Your Neighbor a Democrat?” by encouraging volunteers to go out and campaign to registered Democrats.  Commercial reuse of the data is another privacy issues as companies can combine the voter’s personal information for their business & marketing purpose for example: home mortgage, credit card debt etc. 8
9 In order to log into the Washington D.C. online registration system, we need the name and date of birth of the voter.
10 Date of birth is one of those fields collected during the voter registration process and publicly available. By simple searching we can easily discover voter registration record with voter's date of birth and other relevant information. Having this in hand we can easily log on and accessed to voter registration home page .
As the attacker's target is to misdirect the ballot, he will try to update the voter’s address and will be asked for Driving License number which also is not a piece of secret information and can be easily retrieved . 11
 This kind of attack is pretty scary especially in state where voters participated in the election process entirely by mail as we can imagine consequences of wide scale attack where someone tried to automate this process and change the voter’s registration information automatically through large numbers of people right before the deadline for mailing out those ballots.  Solution : One way that the state could protect against that would be to mail out confirmation before changing your address for example sending a card to the old and the new address saying that the address has being modified in the database. Washington State has not implemented a protection like this but it seems like a key part of the validation process in order to maintain the integrity of the registration system. 12
13
For many years, Diebold - the makers of the AccuVote TS was extremely secretive about allowing anyone to do an independent security evaluation of their machines or the software running in them. Diebold even threaten election officials who proposed to have their independent security evaluation done. 14
All of that started to change in 2003, when a voting activist named Bev Harris was Google in for documents about the Diebold machines and came across with a file posted to a Diebold Internet server. This file happened to be a copy of the complete source code to the Diebold voting machine. 15
16 It’s turned out that they applied encryption incorrectly in a variety of ways because of design errors. The most interesting of these errors, the simplest one, was that all of the voting machines used exactly the same encryption key – a terrible security practice ,because the criminal can take that information and apply it to break the encryption on all of the other Diebold voting machines in use nationwide. That key is happened to be the string F2654hD4. That was the secret that was protecting the integrity on all of these machines and once the code leaked to the Diebold website anyone could decrypt any of the data files from any of the machines.
The next problem was a ballot secrecy problem. It had to do with the way ballots were stored on the memory card. The machine made a record of every time someone cast a vote; the votes were stored in a file on the memory card. In the Diebold memory card the votes were stored in order. If someone was just observing at the polling place, watching the order in which people went into the machine and cast their votes and they had access to the memory card at the end, they could determine exactly how every one of those voters voted which is a major weakness in ballot secrecy. 17
18 Finally, the researchers looked at the software development practice. The easiest way to illustrate what it is mean by that is to have a look at the some of the comments that were found in the code comments and notes programmers leaved inside the software source code .
All of these problems painted a pretty grim picture of what's going on inside the Diebold DREs, but the company's reaction paints an even grimmer one.  First- denied the problems.  Secondary - claimed that the software that was studied was not something used in actual machines.  Third- personally attacked the researchers involved. 19
20 Every group that's had a look at the system has found even more severe problems with security and reliability. Here is an example of one of those problems.
Many researchers’ opinion is that in order to have voting security community, we have to add paper as a form of defense. Paper can offer very important security advantages, especially when it's coupled with electronic system and makes sense as computers are not always available, reliable and correct, therefore any form of physical backup of the votes’ records can be useful disaster recovery strategy. 21

Recomendados

Election Security 2020
Election Security 2020Election Security 2020
Election Security 2020Roger Johnston
 
Business Ethics: The impact of technology
Business Ethics: The impact of technologyBusiness Ethics: The impact of technology
Business Ethics: The impact of technologyRakesh Mehta
 
2600 v03 n06 (june 1986)
2600 v03 n06 (june 1986)2600 v03 n06 (june 1986)
2600 v03 n06 (june 1986)Felipe Prado
 
Digital footprints (preview)
Digital footprints (preview)Digital footprints (preview)
Digital footprints (preview)Neeraj Mahajan
 
Data Breach Visualization
Data Breach VisualizationData Breach Visualization
Data Breach VisualizationPavitraa Parthasarathy
 
Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Gol D Roger
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 

Recomendados

Election Security 2020
Election Security 2020Election Security 2020
Election Security 2020Roger Johnston
 
Business Ethics: The impact of technology
Business Ethics: The impact of technologyBusiness Ethics: The impact of technology
Business Ethics: The impact of technologyRakesh Mehta
 
2600 v03 n06 (june 1986)
2600 v03 n06 (june 1986)2600 v03 n06 (june 1986)
2600 v03 n06 (june 1986)Felipe Prado
 
Digital footprints (preview)
Digital footprints (preview)Digital footprints (preview)
Digital footprints (preview)Neeraj Mahajan
 
Data Breach Visualization
Data Breach VisualizationData Breach Visualization
Data Breach VisualizationPavitraa Parthasarathy
 
Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Gol D Roger
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Hai Nguyen
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domainppd1961
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftIJCNCJournal
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
 
Smartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasSmartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasGeoBellas
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Columbo Financial Focus Presentation
Columbo Financial Focus PresentationColumbo Financial Focus Presentation
Columbo Financial Focus PresentationGraeme McGowan
 
benfords Law
benfords Lawbenfords Law
benfords LawMark Luciani
 
Cyber law
Cyber lawCyber law
Cyber lawabiabel
 
Cybertorts
CybertortsCybertorts
Cybertortspanabaha
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetProf. (Dr.) Tabrez Ahmad
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and ThreatsBPalmer13
 
HiQ v Linkedin
HiQ v LinkedinHiQ v Linkedin
HiQ v LinkedinMatt Charney
 
Analysis the attack and E-commerce security
Analysis the attack and E-commerce securityAnalysis the attack and E-commerce security
Analysis the attack and E-commerce securityArmy Institute Of Business Administration,Savar
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threatsHarsh Kumar
 
FTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsFTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsPatton Boggs LLP
 
HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONS
HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONSHOW TO TRACK SOMEONES WHATSAPP CONVERSATIONS
HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONSBarbara_Shetty
 
Chuyên
ChuyênChuyên
Chuyênmayvanphong8x
 
Presentación
PresentaciónPresentación
PresentaciónJudith Rasnosky
 

Mais conteúdo relacionado

Mais procurados

Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Hai Nguyen
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domainppd1961
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftIJCNCJournal
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Tech and Law Center
 
Smartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasSmartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasGeoBellas
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Columbo Financial Focus Presentation
Columbo Financial Focus PresentationColumbo Financial Focus Presentation
Columbo Financial Focus PresentationGraeme McGowan
 
Cyber law
Cyber lawCyber law
Cyber lawabiabel
 
Cybertorts
CybertortsCybertorts
Cybertortspanabaha
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and ThreatsBPalmer13
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threatsHarsh Kumar
 
FTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsFTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsPatton Boggs LLP
 

Mais procurados (19)

Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domain
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theft
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
 
Smartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellasSmartphones are smarter than you thought geo bellas
Smartphones are smarter than you thought geo bellas
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Columbo Financial Focus Presentation
Columbo Financial Focus PresentationColumbo Financial Focus Presentation
Columbo Financial Focus Presentation
 
benfords Law
benfords Lawbenfords Law
benfords Law
 
Cyber law
Cyber lawCyber law
Cyber law
 
Cybertorts
CybertortsCybertorts
Cybertorts
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. Internet
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
 
HiQ v Linkedin
HiQ v LinkedinHiQ v Linkedin
HiQ v Linkedin
 
Analysis the attack and E-commerce security
Analysis the attack and E-commerce securityAnalysis the attack and E-commerce security
Analysis the attack and E-commerce security
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threats
 
FTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity NeedsFTC Balances Privacy, Connectivity Needs
FTC Balances Privacy, Connectivity Needs
 

Destaque

HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONS
HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONSHOW TO TRACK SOMEONES WHATSAPP CONVERSATIONS
HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONSBarbara_Shetty
 
Evidence of Research Support Services in Australian Academic Libraries
Evidence of Research Support Services in Australian Academic LibrariesEvidence of Research Support Services in Australian Academic Libraries
Evidence of Research Support Services in Australian Academic LibrariesSusanMRob
 
ORCID: Today and the Future
ORCID: Today and the FutureORCID: Today and the Future
ORCID: Today and the FutureSusanMRob
 
HOW TO CHECK IF SOMEONE DELETED WHATSAPP
HOW TO CHECK IF SOMEONE DELETED WHATSAPP HOW TO CHECK IF SOMEONE DELETED WHATSAPP
HOW TO CHECK IF SOMEONE DELETED WHATSAPP Barbara_Shetty
 

Destaque (8)

HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONS
HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONSHOW TO TRACK SOMEONES WHATSAPP CONVERSATIONS
HOW TO TRACK SOMEONES WHATSAPP CONVERSATIONS
 
Chuyên
ChuyênChuyên
Chuyên
 
Presentación
PresentaciónPresentación
Presentación
 
Evidence of Research Support Services in Australian Academic Libraries
Evidence of Research Support Services in Australian Academic LibrariesEvidence of Research Support Services in Australian Academic Libraries
Evidence of Research Support Services in Australian Academic Libraries
 
Resume 2014 x3
Resume 2014 x3Resume 2014 x3
Resume 2014 x3
 
ORCID: Today and the Future
ORCID: Today and the FutureORCID: Today and the Future
ORCID: Today and the Future
 
HOW TO CHECK IF SOMEONE DELETED WHATSAPP
HOW TO CHECK IF SOMEONE DELETED WHATSAPP HOW TO CHECK IF SOMEONE DELETED WHATSAPP
HOW TO CHECK IF SOMEONE DELETED WHATSAPP
 
Infografia
InfografiaInfografia
Infografia
 

Semelhante a Security in digital voting system

SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Electronic voting system security
Electronic voting system securityElectronic voting system security
Electronic voting system securityAdeel Javaid
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019ENC
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloJohn Intindolo
 
Online Voting System Using Fingerprint sensor and Blockchain
Online Voting System Using Fingerprint sensor and BlockchainOnline Voting System Using Fingerprint sensor and Blockchain
Online Voting System Using Fingerprint sensor and BlockchainIRJET Journal
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by RegulaRegula
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Madlena pavlova security_in__digital_voting_system
Madlena pavlova security_in__digital_voting_systemMadlena pavlova security_in__digital_voting_system
Madlena pavlova security_in__digital_voting_systemMadlena Pavlova
 
DEF CON 27 - Voting village - report defcon27 hires
DEF CON 27 - Voting village - report defcon27 hiresDEF CON 27 - Voting village - report defcon27 hires
DEF CON 27 - Voting village - report defcon27 hiresFelipe Prado
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsBradley Buchanan
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy ExamLisa Olive
 
Congressional Research Service ˜ The Library of CongressCR.docx
Congressional Research Service ˜ The Library of CongressCR.docxCongressional Research Service ˜ The Library of CongressCR.docx
Congressional Research Service ˜ The Library of CongressCR.docxdonnajames55
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 

Semelhante a Security in digital voting system (19)

SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Electronic voting system security
Electronic voting system securityElectronic voting system security
Electronic voting system security
 
India Legal 17 June 2019
India Legal 17 June 2019India Legal 17 June 2019
India Legal 17 June 2019
 
Project_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_IntindoloProject_Paper_ISSC455_Intindolo
Project_Paper_ISSC455_Intindolo
 
Online Voting System Using Fingerprint sensor and Blockchain
Online Voting System Using Fingerprint sensor and BlockchainOnline Voting System Using Fingerprint sensor and Blockchain
Online Voting System Using Fingerprint sensor and Blockchain
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Madlena pavlova security_in__digital_voting_system
Madlena pavlova security_in__digital_voting_systemMadlena pavlova security_in__digital_voting_system
Madlena pavlova security_in__digital_voting_system
 
DEF CON 27 - Voting village - report defcon27 hires
DEF CON 27 - Voting village - report defcon27 hiresDEF CON 27 - Voting village - report defcon27 hires
DEF CON 27 - Voting village - report defcon27 hires
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and Concerns
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
Congressional Research Service ˜ The Library of CongressCR.docx
Congressional Research Service ˜ The Library of CongressCR.docxCongressional Research Service ˜ The Library of CongressCR.docx
Congressional Research Service ˜ The Library of CongressCR.docx
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
AIDA ICITET
AIDA ICITETAIDA ICITET
AIDA ICITET
 

Último

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Security in digital voting system

  • 1. Data and Network Security Report Madlena Pavlova 1
  • 2. Rights to vote is consider to be the major victory of the democratic society. Voting is an essential feature of the democracy. Count our votes completely depends on the computer system, which provide an opportunity of fraud. Despite the fact that we are living in years of “cutting edge” technologies, when it comes to Security in Voting system, there is still much to be desired . The goal of the coursework is to provide sound understanding of how computer security is critical to the election process in broadly applicable sense and what we need to do to keep the election secure. 2
  • 3. Security of term of adversarial problem is the core of mindset. In fact we analyzed computer security study of how the system behaves in a presence of adversary. How to thinks as Attacker  Looking for weakest links in the system.  Identifying the assumptions that security system depends on.  Thinking outside the box – not constrained by system designer‘s worldview. 3
  • 4. Thinking as a Defender Defending system requires cultivating view as: Technical aspects  Security policy (civil aspects of the system) we try to enforce.  What we are going to protect and what are the assets we trying to insure and prevent?  What property we trying to enforce? Treat models  Who are the attackers? Capability? Motivations?  What kind of attack we are trying to prevent? Risk assessment  What is the weakness of the system?  What will successfully attacks cost us?  How likely? 4
  • 5. Adapting security Mindset is a pre- setup requirement before even start thinking of any secure system.  Integrity – the outcome of the election matches the actual voting.  Voting intent – the vote is cast in the exact way as it was made.  Votes are counted as cast. There are room of errors in both cases (technical and less technical requirements).Well design election system has to comply with:  secrecy  authentications  enfranchisement and availability  tension in the system  cost effectiveness  accessibility  Intelligibility (usability) 5
  • 6.  Matching state database with federal database can be difficult due to its format.  Most states prohibit people, convicted of serious crimes in further elections. This creates potential issues as many people with same name can enter the prohibited list and wouldn’t know until they arrived on the Election Day. 6
  • 7.  Collected information as name, address, signature, date of birth, telephone number, gender and ID number stored in this massive database raised up the question of who can access this data.  Other problem is that those fields are publicly available and can usually be obtained and purchased from the state website.  In many states the voter registration list is also used to select people for jury duty which creates a trade-off because people who try to avoid jury duty will also avoid voter registration. 7
  • 8.  Another issue is that voting database is available to parties and they can used it for campaign purposes as one example is Obama’s campaign: ” Is Your Neighbor a Democrat?” by encouraging volunteers to go out and campaign to registered Democrats.  Commercial reuse of the data is another privacy issues as companies can combine the voter’s personal information for their business & marketing purpose for example: home mortgage, credit card debt etc. 8
  • 9. 9 In order to log into the Washington D.C. online registration system, we need the name and date of birth of the voter.
  • 10. 10 Date of birth is one of those fields collected during the voter registration process and publicly available. By simple searching we can easily discover voter registration record with voter's date of birth and other relevant information. Having this in hand we can easily log on and accessed to voter registration home page .
  • 11. As the attacker's target is to misdirect the ballot, he will try to update the voter’s address and will be asked for Driving License number which also is not a piece of secret information and can be easily retrieved . 11
  • 12.  This kind of attack is pretty scary especially in state where voters participated in the election process entirely by mail as we can imagine consequences of wide scale attack where someone tried to automate this process and change the voter’s registration information automatically through large numbers of people right before the deadline for mailing out those ballots.  Solution : One way that the state could protect against that would be to mail out confirmation before changing your address for example sending a card to the old and the new address saying that the address has being modified in the database. Washington State has not implemented a protection like this but it seems like a key part of the validation process in order to maintain the integrity of the registration system. 12
  • 13. 13
  • 14. For many years, Diebold - the makers of the AccuVote TS was extremely secretive about allowing anyone to do an independent security evaluation of their machines or the software running in them. Diebold even threaten election officials who proposed to have their independent security evaluation done. 14
  • 15. All of that started to change in 2003, when a voting activist named Bev Harris was Google in for documents about the Diebold machines and came across with a file posted to a Diebold Internet server. This file happened to be a copy of the complete source code to the Diebold voting machine. 15
  • 16. 16 It’s turned out that they applied encryption incorrectly in a variety of ways because of design errors. The most interesting of these errors, the simplest one, was that all of the voting machines used exactly the same encryption key – a terrible security practice ,because the criminal can take that information and apply it to break the encryption on all of the other Diebold voting machines in use nationwide. That key is happened to be the string F2654hD4. That was the secret that was protecting the integrity on all of these machines and once the code leaked to the Diebold website anyone could decrypt any of the data files from any of the machines.
  • 17. The next problem was a ballot secrecy problem. It had to do with the way ballots were stored on the memory card. The machine made a record of every time someone cast a vote; the votes were stored in a file on the memory card. In the Diebold memory card the votes were stored in order. If someone was just observing at the polling place, watching the order in which people went into the machine and cast their votes and they had access to the memory card at the end, they could determine exactly how every one of those voters voted which is a major weakness in ballot secrecy. 17
  • 18. 18 Finally, the researchers looked at the software development practice. The easiest way to illustrate what it is mean by that is to have a look at the some of the comments that were found in the code comments and notes programmers leaved inside the software source code .
  • 19. All of these problems painted a pretty grim picture of what's going on inside the Diebold DREs, but the company's reaction paints an even grimmer one.  First- denied the problems.  Secondary - claimed that the software that was studied was not something used in actual machines.  Third- personally attacked the researchers involved. 19
  • 20. 20 Every group that's had a look at the system has found even more severe problems with security and reliability. Here is an example of one of those problems.
  • 21. Many researchers’ opinion is that in order to have voting security community, we have to add paper as a form of defense. Paper can offer very important security advantages, especially when it's coupled with electronic system and makes sense as computers are not always available, reliable and correct, therefore any form of physical backup of the votes’ records can be useful disaster recovery strategy. 21