Posted: December 5th, 2014 | Author: voter | Filed under: Other Publications | Tags: 2014, analysis, event log, paper, research
A Systematic Approach to Analyzing Voting Terminal Event Logs
Laurent D. Michel, Alexander A. Shvartsman and Nikolaj Volgushev
2014 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE’14)
USENIX Journal of Election Technology and Systems (JETS), Volume 2, Number 2, April 2014 www.usenix.org/jets
August 18-19, 2014, San Diego, CA, USA www.usenix.org
This paper presents a systematic approach to automating the analysis of event logs recorded by the electronic voting tabulators in the course of an election. An attribute context-free grammar is used to specify the language of the event logs, and to dis- tinguish compliant event logs (those that adhere to the defined proper conduct of an election) and non-compliant logs (those that deviate from the expected sequence of events). The attributes provide additional means for semantic analysis of the event logs by enforcing constraints on the timing of events and repetitions of events. The system is implemented with the help of commodity tools for lexical analysis and pars- ing of the logs. The system was rigorously tested against several thousand event logs collected in real elections in the State of Connecticut. The approach based on an at- tribute grammar proved to be superior to a previous approach that used state machine specifications. The new system is substantially easier to refine and maintain due to the very intuitive top-down specification. An unexpected benefit is the discovery of revealing and previously unknown deficiencies and defects in the event log recording systems of a widely used optical scan tabulator.
Download full paper:: evt14.pdf
Posted: July 19th, 2013 | Author: voter | Filed under: Other Publications | Tags: 2013, paper, privacy, research
Scaling Privacy Guarantees in Code-Verification Elections
Aggelos Kiayias and Anthi Orfanou
E-Voting and Identify, 4th International Conference (Vote-ID 2013)
Springer 2013 Lecture Notes in Computer Science, pp. 1-24
July 17-19, 2013, Guildford, UK www.voteid13.org
Preventing the corruption of the voting platform is a major issue for any e-voting scheme. To address this, a number of recent protocols enable voters to validate the operation of their platform by utilizing a platform independent feedback: the voting system reaches out to the voter to convince her that the vote was cast as intended. This poses two major problems: first, the system should not learn the actual vote; second, the voter should be able to validate the system’s response without performing a mathematically complex protocol (we call this property “human verifiability”). Current solutions with convincing privacy guarantees suffer from trust scalability problems: either a small coalition of servers can entirely break privacy or the platform has a secret key which prevents the privacy from being breached. In this work we demonstrate how it is possible to provide better trust distribution without platform side secrets by increasing the number of feedback messages back to the voter. The main challenge of our approach is to maintain human verifiability: to solve this we provide new techniques that are based on either simple mathematical calculations or a novel visual cryptography technique that we call visual sharing of shape descriptions, which may be of independent interest.
Posted: March 22nd, 2013 | Author: voter | Filed under: Other Publications | Tags: 2013, paper, research, sac, security
Malicious Takeover of Voting Systems: Arbitrary Code Execution on Optical Scan Voting Terminals
Russell J. Jancewicz, Aggelos Kiayias, Laurent D. Michel, Alexander C. Russell and Alexander A. Shvartsman
In Proceedings of the 28th Symposium On Applied Computing (SAC 2013)
March 18-22, 2013, Coimbra, Portugal www.acm.org/conferences/sac/sac2013/
This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system’s firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary code that exploits careless runtime memory management in the system’s firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the execution of the arbitrary code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.
Download full paper:: abstract-acmsac2013.pdf
Posted: March 30th, 2012 | Author: voter | Filed under: Other Publications | Tags: 2012, paper, research, sac, security
Integrity of Electronic Voting Systems: Fallacious Use of Cryptography
Seda Davtyan, Aggelos Kiayias, Laurent Michel, Alexander Russell and Alexander Shvartsman
In Proceedings of the 27th Symposium On Applied Computing (SAC 2012)
March 26-30, 2012, Riva del Garda (Trento), Italy www.acm.org/conferences/sac/sac2012/
In recent years, electronic voting systems have been deployed in all U.S. elections. Despite the fact that cryptographic integrity checks are used in most such systems, several reports have documented serious security vulnerabilities of electronic voting terminals. We present an overview of the typical security and election vulnerabilities found in most, if not all, electronic election systems, and present a case study that illustrates such vulnerabilities. Our hands-on security analysis of the AccuVote TSx voting terminal — used by more than 12 million voters in over 350 jurisdictions in the U.S. — demonstrates certain new integrity vulnerabilities that are present in the system. We present two attacks based on these vulnerabilities: one attack swaps the votes of two candidates and another erases the name of one candidate from the slate. These attacks do not require modification of the operating system of the voting terminal (as was the case in a number of previous attacks) and are able to circumvent the cryptographic integrity checks implemented in the terminal. The attacks can be launched in a matter of minutes and require only a computer with the capability to mount a PCMCIA card file system (a default capability in most current operating systems). The attacks presented here were discovered through direct experimentation with the voting terminal and without access to any internal documentation or the source code from the manufacturer.
Download full paper:: sac2012.pdf