Pre-Election Audit of Memory Cards for the November 5, 2013 Connecticut Elections

Posted: March 12th, 2014 | Author: | Filed under: Pre Election | Tags: , , , ,

The Center for Voting Technology Research (VoTeR Center) at the School of Engineering of the University of Connecticut performed pre-election audit of the memory cards for the Accu-Vote Optical Scan (av-os) tabulators that were used in the November 5, 2013 elections. The cards were programmed by LHS Associates of Salem, New Hampshire, and shipped to Connecticut districts.

Cards were submitted for two reasons per instructions from the SOTS Office (a) one of the four cards per district was to be selected randomly and submitted directly for the purpose of the audit, and (b) any card was to be submitted if it appeared to be unusable. Given that cards in category (a) were to be randomly selected, while all cards in category (b) were supposed to be submitted, and that the cards were submitted without consistent categorization of the reason, this report considers all unusable cards to fall into category (b).

The VoTeR Center received 62 memory cards from 53 districts. This is a relatively small sample of cards. Among these 62 cards, 41 (66.1%) fall into category (a). All of these 41 cards were correct. There are 21 cards (33.9% of all cards) that were found to be unusable by the av-os, thus falling into category (b). In particular, 19 cards contained apparently random (or ‘junk’) data, 2 cards were unusable by av-os, but did not contain random data (this requires further investigation). All these cards were unreadable by the tabulators and could not have been used in an election. Given that such cards were not selected randomly, we estimate that for pre-election audit the percentage of unusable cards is between 0.6% and 9.9% and this range is consistent with the results for prior audits.
Read the rest of this entry »

Scaling Privacy Guarantees in Code-Verification Elections

Posted: July 19th, 2013 | Author: | Filed under: Other Publications | Tags: , , ,

Scaling Privacy Guarantees in Code-Verification Elections
Aggelos Kiayias and Anthi Orfanou
E-Voting and Identify, 4th International Conference (Vote-ID 2013)
Springer 2013 Lecture Notes in Computer Science, pp. 1-24
July 17-19, 2013, Guildford, UK

Preventing the corruption of the voting platform is a major issue for any e-voting scheme. To address this, a number of recent protocols enable voters to validate the operation of their platform by utilizing a platform independent feedback: the voting system reaches out to the voter to convince her that the vote was cast as intended. This poses two major problems: first, the system should not learn the actual vote; second, the voter should be able to validate the system’s response without performing a mathematically complex protocol (we call this property “human verifiability”). Current solutions with convincing privacy guarantees suffer from trust scalability problems: either a small coalition of servers can entirely break privacy or the platform has a secret key which prevents the privacy from being breached. In this work we demonstrate how it is possible to provide better trust distribution without platform side secrets by increasing the number of feedback messages back to the voter. The main challenge of our approach is to maintain human verifiability: to solve this we provide new techniques that are based on either simple mathematical calculations or a novel visual cryptography technique that we call visual sharing of shape descriptions, which may be of independent interest.

Computer Assisted Post Election Audits

Posted: June 21st, 2013 | Author: | Filed under: Other Publications | Tags: ,

Computer Assisted Post Election Audits
Tigran Antonyan, Theodore Bromley, Laurent Michel, Alexander Russell, Alexander Shvartsman and Suzanne Stark
State Certification Testing of Voting Systems National Conference
June 20-21, 2013, Harrisburg, PA, USA

The introduction of electronic voting technology in Connecticut necessitated the development of new policies and procedures by the Secretary of the State (SOTS) Office to safeguard the integrity and security of the new electoral process. Forming a partnership with the University of Connecticut, SOTS Office developed a comprehensive approach that extended the existing electoral procedures to incorporate the use of the new optical scan electronic voting equipment. The new procedures include pre- and post- election audits of the voting equipment programming, and hand-counted post-election audits in 10% of randomly selected districts. Observing that the hand-counted audits are expensive, time-consuming, labor-intensive, and error-pone, it was decided to explore a semi-automated approach to post-election ballot audits. A semi-automated approach was chosen over a completely automated one due to the risks and inadequacy of the latter. Supported by the U.S. EAC and the State of Connecticut, an Audit Station was developed for the purpose of conducting computer-assisted post-election audits. The Audit Station speeds up the audit process, increases audit accuracy, and most importantly, empowers the human auditors to have complete control over the audit down to the interpretation of each voted “bubble.” In essence, the Audit Station does not take the place of a hand count, but augments it by presenting scanned ballot images with useful data for the auditors to consider or to contrast with the official paper ballots. The system is also auditable; upon the completion of the audit it exports the recorded ballot interpretations and the overall results that allow direct comparison with physical ballots and independent validation. The system is implemented using inexpensive commercial off-the-self components, and is equipped with a projector that enables the auditors (and the public) to easily observe the audit process and to control and override it as necessary. The system was recently used in successful pilots in four Connecticut municipailites.

Download full paper:: AS-2013.pdf

Malicious Takeover of Voting Systems: Arbitrary Code Execution on Optical Scan Voting Terminals

Posted: March 22nd, 2013 | Author: | Filed under: Other Publications | Tags: , , , ,

Malicious Takeover of Voting Systems: Arbitrary Code Execution on Optical Scan Voting Terminals
Russell J. Jancewicz, Aggelos Kiayias, Laurent D. Michel, Alexander C. Russell and Alexander A. Shvartsman
In Proceedings of the 28th Symposium On Applied Computing (SAC 2013)
March 18-22, 2013, Coimbra, Portugal

This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system’s firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary code that exploits careless runtime memory management in the system’s firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the execution of the arbitrary code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

Download full paper:: abstract-acmsac2013.pdf