1Electronic VotingDan Boneh John MitchellCS 155 June 1, 2004Issues Voting system security requirements• Secret ballot, reliable counting, voter anonymity, … Voting technology• History: Paper ballots, lever machines, …• Direct Recording Electronic (DRE) systems Case studies• Diebold case study• Internet voting (retracted by gov’t) Cryptographic approaches Politics• Voting Rights Act bills H.R. 3295 and S. 565 • California Secretary of State Kevin Shelley• IEEE Standards committeeVoting Principles Voter eligibility• No voter should have more than one vote Secret Ballot• Votes cast in secret• Voter should be confident that vote cast correctly Reliable counting• Public system, typically with officials from all parties• Ability to recountSome election officials may prefer not to do this Anonymity• Voter should not leave voting booth with any proof of the way he/she votedRecent History 2000 Presidential Election• Hanging chad, contested absentee votes Help America Vote Act (HAVA, HR 3295, Oct 02)• Mandates voting process reform in all states• Voters must be able to verify ballots before they are cast • “permanent paper record with a manual audit capacity” • voter must have “opportunity to change the ballot or correct any error before the permanent paper is produced“ Electronic voting• Touchscreen, Direct Recording Electronic (DRE) systems• Proponents argue HAVA requirements are met if the voter verifies a screen version of the ballot, and if a paper report can be printed later for audit purposesPunch card device Punched card2Other alternativesMechanical lever machines• Voter flips mechanical levers• Machine reports votes• Tamper-proof counter similar to car odometerOptical scan of paper ballots• Like our teaching evaluations …• Fairly reliable counting method• Requires pencil and paper ballotsLever machineTouch-screen voting Usability• Customized ballot• Easy to read, vote• Accessible to blindwear headphones Vote counting• DRE system provides quick count Voter “authentication”• smartcard reader (lower-right corner)Diebold AccuVote-TS http://www.sos.state.ga.us/How votes are castIEEE SpectrumOct 2002Problems with electronic voting Washington Post 11/6/2003• Software glitch in November’s election in Virginia• Advanced Voting Solutions touchscreen machines• “Voters in three precincts reported that when they attempted to vote for [Thompson], the machines initially displayed an ‘x’ next to her name but then, after a few seconds, the ‘x’ disappeared. In response to Thompson's complaints, county officials tested one of the machines in question yesterday and discovered that it seemedto subtract a vote for Thompson in about ‘one out of a hundred tries,’ said Margaret K. Luca, secretary of the county Board of Elections. ”http://www.washingtonpost.com/wp-dyn/articles/A6291-2003Nov5.html Indianapolis Star 11/9• Software glitch in November’s election– 19,000 registered voters– 144,000 votes tallied– actual number of votes cast was 5,352• MicroVote touchscreen machineshttp://www.indystar.com/articles/6/091021-1006-009.htmlVoter Verified Audit TrailIEEE SpectrumOct 2002Case Study: Diebold machineT. Kohno, A. Stubblefield, A. Rubin, D. Wallach3Basis for study Proprietary system• Certification mandated by election laws– Without public review: Security through obscurity Diebold system leaked• AccuVote-TS DRE voting system, Oct 2000 - April 2002• Available on open ftp server• Identified by activist Bev Harris• Some zip files, cvs repository– DMCA concern over zip “encryption”– Available on New Zealand site No access to Diebold’s back-end election management systemSome problems Encrypted votes and audit logs• 56-bit DES in CBC mode with static IVs • #define DESKEY ((des_key*)"F2654hD4")• Unkeyed public function (CRC) for integrity No authentication of smartcard to voting terminalInsufficient code reviewSample comment in code// LCG - Linear Conguential Generator// used to generate ballot serial numbers// A psuedo-random-sequence generator // (per Applied Cryptography, // by Bruce Schneier, Wiley, 1996)- BallotResults.cppDiebold Election SystemsUnfortunately, linear congruential generators cannot be used for cryptography”Page 369Applied Cryptography, by Bruce SchneierOther examples“this is a bit of a hack for now.”AudioPlayer.cpp“the BOOL beeped flag is a hack so we don't beep twice. This is really a result of the key handling being gorped.”WriteIn.cpp“the way we deal with audio here is a gross hack.”BallotSelDlg.cpp“need to work on exception *caused by audio*. I think they will currently result in double-fault.”BallotDlg.cppvoid CBallotRelSet::Open(const CDistrict* district, const CBaseunit* baseunit,const CVGroup* vgroup1, const CVGroup* vgroup2){ASSERT(m_pDB != NULL);ASSERT(m_pDB->IsOpen());ASSERT(GetSize() == 0);ASSERT(district != NULL);ASSERT(baseunit != NULL);if (district->KeyId() == -1) {Open(baseunit, vgroup1);} else {const CDistrictItem* pDistrictItem = m_pDB->Find(*district);if (pDistrictItem != NULL) {const CBaseunitKeyTable& baseunitTable = pDistrictItem->m_BaseunitKeyTable;int count = baseunitTable.GetSize();for (int i = 0; i < count; i++) {const CBaseunit& curBaseunit = baseunitTable.GetAt(i);if (baseunit->KeyId() == -1 || *baseunit == curBaseunit) {const CBallotRelationshipItem* pBalRelItem = NULL;while ((pBalRelItem = m_pDB->FindNextBalRel(curBaseunit, pBalRelItem))){if (!vgroup1 || vgroup1->KeyId() == -1 ||(*vgroup1 == pBalRelItem->m_VGroup1 && !vgroup2) ||(vgroup2 && *vgroup2 == pBalRelItem->m_VGroup2 &&*vgroup1 == pBalRelItem->m_VGroup1))Add(pBalRelItem);}}}m_CurIndex = 0;m_Open = TRUE;}}}Zero CommentsZero CommentsCode FragmentOther problemsBallot definition file on removable media unprotectedSmartcards use no cryptographyVotes kept in sequential orderSeveral glaring errors in cryptographyInadequate security engineering practicesDefault Security PINs of 1111 on administrator cardsWindows Operating System• tens of millions of lines of code• new “critical” security bug announced every week4Insider threat Easy to hide code in large software packages Virtually impossible to detect back doors Skill level needed to hide malicious code is much lower than needed to find it Anyone with access to
View Full Document