Electronic Poll Book Systems as Distributed Systems: Requirements and Challenges

Posted: May 20th, 2015 | Author: | Filed under: Other Publications | Tags: , , ,

Electronic poll books are computerized systems that replace paper-based voter lists, having the potential for speeding up Election Day check-in at the polling place, and making voter history records and voter lists more accurate by reducing human errors in dealing with printed voter lists and post-election transcription. At the same time, electronic poll books are non-trivial distributed computing systems, and ensuring correctness, security, integrity, fault-tolerance, and performance of such systems is a challenging engineering problem. This paper deals exclusively with the distributed system aspects of electronic poll book solutions and focuses on the obstacles that are inherent in any distributed system that must deal with failure and asynchrony while providing a consistent and dependable service. We review several requirements that need to be satisfied by electronic poll book systems, then we discuss selected important results from distributed computing research that the developers of electronic poll book systems need to be aware of. An important conclusion is that electronic poll book development is an attractive application domain for the research results in dependable distributed computing.

Electronic Poll Book Systems as Distributed Systems: Requirements and Challenges


A Systematic Approach to Analyzing Voting Terminal Event Logs

Posted: December 5th, 2014 | Author: | Filed under: Other Publications | Tags: , , , ,

A Systematic Approach to Analyzing Voting Terminal Event Logs
Laurent D. Michel, Alexander A. Shvartsman and Nikolaj Volgushev
2014 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE’14)
USENIX Journal of Election Technology and Systems (JETS), Volume 2, Number 2, April 2014 www.usenix.org/jets
August 18-19, 2014, San Diego, CA, USA www.usenix.org

Abstract
This paper presents a systematic approach to automating the analysis of event logs recorded by the electronic voting tabulators in the course of an election. An attribute context-free grammar is used to specify the language of the event logs, and to dis- tinguish compliant event logs (those that adhere to the defined proper conduct of an election) and non-compliant logs (those that deviate from the expected sequence of events). The attributes provide additional means for semantic analysis of the event logs by enforcing constraints on the timing of events and repetitions of events. The system is implemented with the help of commodity tools for lexical analysis and pars- ing of the logs. The system was rigorously tested against several thousand event logs collected in real elections in the State of Connecticut. The approach based on an at- tribute grammar proved to be superior to a previous approach that used state machine specifications. The new system is substantially easier to refine and maintain due to the very intuitive top-down specification. An unexpected benefit is the discovery of revealing and previously unknown deficiencies and defects in the event log recording systems of a widely used optical scan tabulator.

Download full paper:: evt14.pdf


Scaling Privacy Guarantees in Code-Verification Elections

Posted: July 19th, 2013 | Author: | Filed under: Other Publications | Tags: , , ,

Scaling Privacy Guarantees in Code-Verification Elections
Aggelos Kiayias and Anthi Orfanou
E-Voting and Identify, 4th International Conference (Vote-ID 2013)
Springer 2013 Lecture Notes in Computer Science, pp. 1-24
July 17-19, 2013, Guildford, UK www.voteid13.org

Abstract
Preventing the corruption of the voting platform is a major issue for any e-voting scheme. To address this, a number of recent protocols enable voters to validate the operation of their platform by utilizing a platform independent feedback: the voting system reaches out to the voter to convince her that the vote was cast as intended. This poses two major problems: first, the system should not learn the actual vote; second, the voter should be able to validate the system’s response without performing a mathematically complex protocol (we call this property “human verifiability”). Current solutions with convincing privacy guarantees suffer from trust scalability problems: either a small coalition of servers can entirely break privacy or the platform has a secret key which prevents the privacy from being breached. In this work we demonstrate how it is possible to provide better trust distribution without platform side secrets by increasing the number of feedback messages back to the voter. The main challenge of our approach is to maintain human verifiability: to solve this we provide new techniques that are based on either simple mathematical calculations or a novel visual cryptography technique that we call visual sharing of shape descriptions, which may be of independent interest.


Malicious Takeover of Voting Systems: Arbitrary Code Execution on Optical Scan Voting Terminals

Posted: March 22nd, 2013 | Author: | Filed under: Other Publications | Tags: , , , ,

Malicious Takeover of Voting Systems: Arbitrary Code Execution on Optical Scan Voting Terminals
Russell J. Jancewicz, Aggelos Kiayias, Laurent D. Michel, Alexander C. Russell and Alexander A. Shvartsman
In Proceedings of the 28th Symposium On Applied Computing (SAC 2013)
March 18-22, 2013, Coimbra, Portugal www.acm.org/conferences/sac/sac2013/

Abstract
This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system’s firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary code that exploits careless runtime memory management in the system’s firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the execution of the arbitrary code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

Download full paper:: abstract-acmsac2013.pdf