Case Study: Election Partnerships

Posted: August 29th, 2007 | Author: | Filed under: Other Publications | Tags: , ,

Electiononline.org has issued a report concerning the various partnerships that are in place to assist election officials. Check the UCONN-partnership-report.pdf


An Authentication and Ballot Layout Attack against an Optical Scan Voting Terminal

Posted: August 6th, 2007 | Author: | Filed under: Other Publications | Tags: , , , , , ,

An Authentication and Ballot Layout Attack against an Optical Scan Voting Terminal
Aggelos Kiayias, Laurent Michel, Alexander Russell, Narasimha Shashidhar, Andrew See and Alexander A. Shvartsman
In Proceedings of the 2007 USENIX/ACCURATE Electronic Voting Workshop (EVT 07)
August 6, 2007, Boston, MA, USA www.usenix.org/events/evt07/

Abstract
Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vul- nerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting terminal (AV-OS). Previously known attacks direct to the AV-OS required physical access to the memory card and use of difficult to find hardware (card reader/writer).
Our attack bypasses these issues by using the serial port of the AV-OS terminal and reverse engineering the communication protocol, in essence, using the terminal itself as a reader/writer. Our analysis is based solely on reverse-engineering. We demonstrate how an attacker can exploit the serious security vulnerability of weak (non-cryptographic) authentication properties of the terminal. The attack payload delivers a tampered ballot layout that, depending on the scenario, allows swapping of candidate votes, neutralizing votes, or even shifting votes from one candidate to another.

Download full paper: evt07.pdf