Seda Davtyan, Aggelos Kiayias, Laurent Michel, Alexander Russell and Alexander Shvartsman
In Proceedings of the 27th Symposium On Applied Computing (SAC 2012)
March 26-30, 2012, Riva del Garda (Trento), Italy www.acm.org/conferences/sac/sac2012/
In recent years, electronic voting systems have been deployed in all U.S. elections. Despite the fact that cryptographic integrity checks are used in most such systems, several reports have documented serious security vulnerabilities of electronic voting terminals. We present an overview of the typical security and election vulnerabilities found in most, if not all, electronic election systems, and present a case study that illustrates such vulnerabilities. Our hands-on security analysis of the AccuVote TSx voting terminal — used by more than 12 million voters in over 350 jurisdictions in the U.S. — demonstrates certain new integrity vulnerabilities that are present in the system. We present two attacks based on these vulnerabilities: one attack swaps the votes of two candidates and another erases the name of one candidate from the slate. These attacks do not require modification of the operating system of the voting terminal (as was the case in a number of previous attacks) and are able to circumvent the cryptographic integrity checks implemented in the terminal. The attacks can be launched in a matter of minutes and require only a computer with the capability to mount a PCMCIA card file system (a default capability in most current operating systems). The attacks presented here were discovered through direct experimentation with the voting terminal and without access to any internal documentation or the source code from the manufacturer.
Download full paper: sac2012.pdf