VoTeR CenterUniversity of Connecticut Automating Voting Terminal Event Log Analysis Tigran Antonyan, Seda Davtyan, Sotirios Kentros, Aggelos Kiayias, Laurent.

Slides:



Advertisements
Similar presentations
VoTeR CenterUniversity of Connecticut Pre-Election Testing and Post-Election Audit of Optical Scan Voting Terminal Memory Cards Voting Technology Research.
Advertisements

VoTeR Center University of Connecticut Voting Technology Research Center PI: Alexander Shvartsman Co-PIs: Aggelos Kiayias Laurent Michel Alexander Russell.
Voting Systems.  DS200 – new 2013  DS850 – new 2013  AutoMARK Voting Equipment.
Will Your Vote Count? Will your vote count? Voting machine choices N.C. Coalition for Verified Voting Joyce McCloy Pros and Cons of voting.
2012 CIRCUIT COURT CLERK’S ASSOCIATION FALL MEETING BALLOT SPECIFICATIONS BALLOT ERRORS Dale R. Simmons, Co-General Counsel Indiana Election Division.
A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.
ELECTION DAY ACTIVITIES. Checklist of contents of the box PCOS machine and its power adaptor Thirteen (13) rolls of official thermal paper Three (3)
M100 M100 Overview Preparation & Testing. M100 Overview  The M100 is a computerized tabulator that optically reads then counts and totals specially designed.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.
Election Observer Training 2008 Elections Certification & Training Program
UMBC CMSC-491/691 APRIL 24, 2006 COPYRIGHT © 2006 MICHAEL I. SHAMOS Certifying Voting Systems Michael I. Shamos, Ph.D., J.D. Institute for Software Research.
Voting Machines Failing the World *Voting machines around the world are failing in Colorado as well as 34 other states. *This could be crucial in the upcoming.
Voting Machines Failing the World The true issue for these electronic voting machines is that the government has not been a full out supporter of this.
Resources Needed for Post-Election Audits: People, Time, and Money Robert Kibrick, Legislative Analyst Verified Voting Foundation Gail Pellerin, County.
Optical Scan Ballot. January Prior to Primary Election Establish Election Precincts Establish Election Precincts Absentee precincts Absentee precincts.
Voting System Qualification How it happens and why.
TESTING THE SECRUITY OF ELECTRONIC VOTING SYSTEM Presented By: NIPUN NANDA
Ballot Processing Systems February, 2005 Submission to OASIS EML TC and True Vote Maryland by David RR Webber.
Resolution Boards The Mississippi Secretary of State’s Office Elections Division 2012.
Today’s Lecture application controls audit methodology.
Absentee Ballot Central Count General Introduction Step by step procedure Forms Tool Kit Dale Simmons, Co-General Counsel: (317) or (800)
Voting Systems.  DS200  DS850  AutoMARK Voting Equipment.
Demystifying the Independent Test Authority (ITA)
Chapter 7: The Electoral Process Section 2
Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.
TOWARDS OPEN VOTE VERIFICATION METHOD IN E-VOTING Ali Fawzi Najm Al-Shammari17’th July2012 Sec Vote 2012.
Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Nicolas Nicolaou Voting Technology Research (VoTeR) Center.
California Secretary of State Voting Systems Testing Summit November 28 & 29, 2005, Sacramento, California Remarks by Kim Alexander, President, California.
VoTeR CenterUniversity of Connecticut Determining the Causes of AccuVote Optical Scan Voting Terminal Memory Card Failures Tigran Antonyan, Nicolas Nicolaou,
Objectives Analyze how the administration of elections in the United States helps make democracy work. Define the role of local precincts and polling places.
5.2 Scope: This standard defines common data interchange formats for event records for voting systems. Voting systems, including election administration.
1 Introduction to Software Testing. Reading Assignment P. Ammann and J. Offutt “Introduction to Software Testing” ◦ Chapter 1 2.
Idaho Procedures M100 OPTICAL SCAN PRECINCT TABULATOR.
Political Process 3.6 Politics and Government. E- voting Electronic voting systems for electorates have been in use since the 1960s when punched card.
David Adams ATLAS DIAL: Distributed Interactive Analysis of Large datasets David Adams BNL August 5, 2002 BNL OMEGA talk.
How to Count Your Ballots Christina Worrell Adkins Election Law Seminar December 2015.
WHY THE vvpat has failed
WHAT CONSTITUTES A VOTE? Annual Training for County Election Officials
VVPAT Building Confidence in U.S. Elections. WHAT IS VVPAT ? Voter-verifiable paper audit trail Requires the voting system to print a paper ballot containing.
12/9-10/2009 TGDC Meeting The VVSG Version 1.1 Overview John P. Wack National Institute of Standards and Technology
DS200 PROCEDURES SPEAKER TOUCH SCREEN DISPLAY
Idaho Procedures M650 GREEN LIGHT OPTICAL SCAN TABULATOR.
Poll Managers Closing the Polls 2015 ECAM Convention Presented by: Mississippi Secretary of State’s Office Elections Division.
Association of World Election Bodies Contents ICT–based Election Management Voter Registration and Identification Voting and Counting Examples.
Closing Procedures: Duties of the County Executive Committee 2015 County Party Executive Committee Certification Presented by: Mississippi Secretary of.
Closing Procedures: Duties of the Election Commission 2015 ECAM Convention Presented by: Mississippi Secretary of State’s Office Elections Division.
2015 Touch Screen Voting Device Training For AVPM and Non-AVPM TSX Counties Presented by: Derrick Cooper Elections Systems Training Specialist Mississippi.
1 Touch Screen Voting Device Training Election Systems & Software.
TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.
Touch Screen Voting Device Training Election Systems & Software Presented by: Bill Lowe.
1 Election Day Operations for TSX Counties Prepared and Presented by: Matt Grubbs, Director of Elections/HAVA.
2012 Touch Screen Voting Device Training The Mississippi Secretary of State’s Office, Elections Division 2012 Prepared and presented by: The Secretary.
The VVSG 2005 Revision Overview EAC Standards Board Meeting February 26-27, 2009 John P. Wack NIST Voting Program National Institute.
MEMORANDUM DATE:December 5, 2012 TO:Ledyard Town Council FROM:Registrars of Voters SUBJECT:Emergency contingency plan for elections. This plan is being.
E-Voting Application using Internal Vtoken Bowo Prasetyo Isolated e-Voting System in a Precinct Secured with Vote Sealing and Paper Audit Trail December.
Transaction processing systems
EVoting 23 October 2006.
Canvassing, Reporting and Preserving Results
Texas Secretary of State Elections Division
Texas Secretary of State Elections Division
Texas Secretary of State Elections Division
Texas Secretary of State Elections Division
Canvassing, Reporting and Preserving Results
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
Texas Secretary of State Elections Division
Chapter 7: The Electoral Process Section 2
Chapter 7: The Electoral Process Section 2
Chapter 7: The Electoral Process Section 2
Chapter 7: The Electoral Process Section 2
Presentation transcript:

VoTeR CenterUniversity of Connecticut Automating Voting Terminal Event Log Analysis Tigran Antonyan, Seda Davtyan, Sotirios Kentros, Aggelos Kiayias, Laurent Michel, Nicolas Nicolaou, Alexander Russell, Alexander A. Shvartsman Voting Technology Research (VoTeR) Center University of Connecticut Presented by Nicolas Nicolaou Work funded by the Connecticut Secretary of the State Office

VoTeR Center University of Connecticut Why Auditing? 10/9/2015EVT/WOTE 092 [

VoTeR Center University of Connecticut Motivation  Electronic Voting Technologies  Direct Recording Electronic (DRE)  Optical Scan (OS) tabulator  VVPAT – Voter Verifiable Paper Audit Trail  Used in over 50% of counties in 2008  Terminal Usage in Election Procedures  “Safe” Storage  No Interaction (?)  Polling Place  Officials (Before Election)  Voters + Officials (During Elections)  Officials (After Elections)  Is the interaction with the terminal benign and does it follow the election procedures? “Safe” storage (No Interaction) Officials Interaction Voters+ Officials Interaction Officials Interaction 10/9/20153EVT/WOTE 09

VoTeR Center University of Connecticut Question 10/9/2015EVT/WOTE 094 How can someone check the Actions and their Validity, performed on an E-Voting Terminal during an Election Process? Can we devise an Automated Procedure to perform this check?

VoTeR Center University of Connecticut The Event Log 10/9/2015EVT/WOTE 095  What is an Event Log  A list of Timestamped Entries  Actions performed on the terminal, and  Time/Date associated with any recorded action  What actions are recorded?  Where an Event Log is found  In every E-voting Terminal with Logging Capabilities  Usually Dedicated Memory Space  Event Logs are useful for:  Monitoring actions on e-voting terminals  Before, During and After the elections  Report environmental effects  i.e. Power Failure

VoTeR Center University of Connecticut Why Auditing the Event Log? 10/9/2015EVT/WOTE 096  Detect Expected Event Histories  Compliant with electoral procedures  Detect Irregular Event Histories  Deviation form electoral procedures  Malfunction of machines  Reveal any malicious intent  To Improve Electoral Procedures  Minimize procedural uncertainties  Increase the chance of detecting malicious actions Event Log Audit is Essential for any Election Process Every E-Voting System should provide an Event Log

VoTeR Center University of Connecticut The Need for Independent Log Audit  E-Voting Systems with Logging Capabilities  Print Event Log  Provide Software to read and analyze the Event Log  Usually Developed by the Vendor  Issues  Printing Module  Module Defects  Wrong Sequence of events  Manual Parse of the printout  Time Consuming and Inaccurate  Vendor Software  Reliability  What are the analysis criteria?  Conflict of Interest?  Is it trustworthy? 10/9/2015EVT/WOTE 097

VoTeR Center University of Connecticut Our Approach  Understand and Parse the Log  Input: Event Log raw data and format  Output: Exact Action sequence recorded in the Log  Examine log sequences in light of predefined Action Rules  Rules can be customized by  Voting Terminal: Actions it can record  Election Process: Sequence of Actions it contains  Report whether Log Sequences satisfy the Rules 10/9/2015EVT/WOTE 098

VoTeR Center University of Connecticut Case Study: AccuVote (AV-OS) 10/9/2015EVT/WOTE 099  Premier’s Accu-Vote Optical Scan tabulator  Provides inherent VVPB/VVPAT  But is not perfect:  Tampering with Memory cards [Hursti’05], [EVT’07]  Firmware manipulations [SAC’09]  Reports by others and CA, CT, FL, AL,…  Provides Logging Capabilities  Printing the Event Log for Auditing  Print Module is Defective  Suffers from other Deficiencies

VoTeR Center University of Connecticut Case Study: AccuVote OS (AV-OS)  Physical Characteristics  Firmware Version  Input Devices  Yes/No Buttons  Optical Scanner  Output Devices  Printer  LCD  Memory Card  Contains Election Data  Divided in 5 sections  Contents of the MC obtained by build-in extraction module 10/9/2015EVT/WOTE 0910 Header Event Log Election Data Bytecode (AccuBasic) Counters

VoTeR Center University of Connecticut Applying Our Approach: AV-OS Logs 10/9/2015EVT/WOTE 0911  Design and Implement a Procedure for AccuVote OS Event Log Audit  Parse, analyze and evaluate event logs  Automated Log Analyzer  General for other E-Voting Systems  Discover AV-OS event log Defects and Deficiencies  Used in the Event Log Audit in the CT Presidential Elections of November 2008

VoTeR Center University of Connecticut Log Audit Procedure at a Glance 10/9/2015EVT/WOTE 0912  Understand the contents of the AV-OS Event Log  Model AV-OS as a finite state machine (FSM)  AV-OS states  State transitions (Actions)  Logged Events  Specify the electoral process  Augment FSM Actions with Time-Sensitive information based on the definition of the electoral process.  Develop Analysis Tool  Parse AVOS Event Log  Compare the Event Action Sequence over Time- Sensitive Action Sequence Rules

VoTeR Center University of Connecticut AV-OS Event Log Entries 10/9/2015EVT/WOTE 0913  Log entries: 512  Circular Buffer  AV-OS Event Log has two types of entries:  Action entries  Date entries  Action entries consist of  Time of occurrence  Action name  Date entries only follow:  INITIALIZED action  SESSION START action

VoTeR Center University of Connecticut Event Types Recorded by AV-OS 10/9/2015EVT/WOTE 0914 Action Name Action Description AUDIT REPORT Appears when an Audit Report is printed. BAL COUNT END After the ender card is inserted in an election, this action appears. BAL COUNT START Appears when the first ballot is cast in an election. BAL TEST START Records the beginning of a test election. CLEAR COUNTERS Appears when the counters are set to zero. COUNT RESTARTED Appears if the machine is reset during an election, after at least one ballot is cast. DOWNLOAD END Recorded during the download of data is ended. DOWNLOAD START Recorded during the download of data is started. DUPLICATE CARD Appears when a card is duplicated. Present in the master card and the copy. ENDER CARD Records when an ender card is inserted, signifying the end of an election. INITIALIZED The 1st action in the Log. Date action appears when one programs the card. MEM CARD RESET A memory card reset returns a card in ’not set’ status, if it was set for election. OVERRIDE Records an override by a poll worker. Used for the insertion of overvoted ballots. POWER FAIL If the machine is unplugged or a power failure occurs, this action is recorded. PREP FOR ELECT Recorded when the card is set for election. SESSION START Date action. Appears every time you reset the machine. TOTALS REPORT Appears when a Totals Report is printed. UNVOTED BAL TST Appears when an unvoted ballot test is performed. UPLOAD END When an upload is completed, this action is recorded. UPLOAD ERROR Appears when an upload error is detected. UPLOAD STARTED Marks the beginning of an upload. VOTED BAL TEST Appears when an voted ballot test is performed. ZERO TOT REPORT Appears when a Zero Totals Report is printed.

VoTeR Center University of Connecticut Modeling AV-OS as a FSM 10/9/2015EVT/WOTE 0915  States:  Preserved after a restart  Blank State  Loaded Election State  Set for Election with Zero Counters  Set for Election with Non-Zero Counters  Print Totals Report  Election Closed  Not preserved after restart  Voted Ballot Test  Unvoted Ballot Test  Test Election with Zero Counters  Test Election with Non-Zero Counters  Transitions denoted by a triple  U: User action  A: Ensuing Sequence of Machine Actions  L: Sequence of Logged Events

VoTeR Center University of Connecticut Example – Set For Election State 10/9/2015EVT/WOTE 0916 Set For Election / Zero Counters Restart Machine || Print Zero Totals Report || Session Start, Zero Totals Report Ender Card || End Election, Print Totals Report || Ender Card, Bal Count Start, Ballot Count End Cast Ballot || Cast Vote || Bal Count Start Set For Election / Non-Zero Counters Print Totals Report Override || Cast Vote || Override, Bal Count Start

VoTeR Center University of Connecticut Specify the Election Process 10/9/201517EVT/WOTE 09

VoTeR Center University of Connecticut Time-Sensitivity of the Election Process 10/9/2015EVT/WOTE 0918  Card Programming and Pre-Election testing by Provider  3-4 weeks before the elections  Pre-Election Testing and Setting for Election in the Precincts  1-2 weeks before the elections  Expected Sequence of timed events on Election Day:  SESSION START-DATE, ZERO TOTALS REPORT  Before the polls open  BALLOT COUNT STARTS  After the polls open  Any number of OVERRIDE events  While the polls are open  ENDER CARD, BALLOT COUNT END, TOTALS REPORT  When the polls close

VoTeR Center University of Connecticut Automating the Event Log Analysis 10/9/2015EVT/WOTE 0919  Define a set of Time Sensitive Rules  Derived from FSM and Election Process  Rules defined in an XML file  Easily customizable  Analysis Tool  Input: Set of Rules and AV-OS Event Log  Output: Return “Expected” or “Irregular”

VoTeR Center University of Connecticut Examples of Flagged Events 10/9/2015EVT/WOTE 0920 A.Expected Election Run B.Restart During the Election Process C.Power Failure and Restart During the Election Process

VoTeR Center University of Connecticut AV-OS Event Log Defects/Deficiencies 10/9/2015EVT/WOTE 0921  Printing an Overflowed Event Log  “Totals Report” Recording Deficiency  Date recording Deficiency

VoTeR Center University of Connecticut Printing Defect Demonstration  Printing Enumerates Events  Let an action event be denoted as  n: action name  t: time it occurred  Let assume #entries=522  Date Entries = 11  Action Entries = 511  10 first entries overwritten  Print starts from 11 th entry Expected Behavior Erroneous Behavior Event Log Actions Seq Buffer & & /9/2015EVT/WOTE 0922 Expected Printout:,,…,,…, Erroneous Printout,…,,…,,,…, Duplicates Beginning of buffer First Not- Overwritten Entry

VoTeR Center University of Connecticut “Totals Report” Recording Deficiency  Closing Election  Ender Card  Totals Report  Another Copy?  Totals Report Event  Not logged unless “NO” is pressed  Single appearance in the log event  Effects  Event is not logged  Controversy on the validity of printed totals report  Single appearance of the event affects  Auditing Process  Electoral Process 10/9/2015EVT/WOTE 0923

VoTeR Center University of Connecticut Date recording Deficiency  Deficiency  Entries followed by date  INITIALIZE  SESSION START  If >24 hours elapse from the date recording without any actions occurring  Cannot determine whether the next event occurred on the same date.  Effects  Modification of the results  I.e., leave the terminal ON for a day, cast more votes and close it the next day at the expected time 10/9/2015EVT/WOTE 09 Did these events happen on Nov 04, 2008? ?

VoTeR Center University of Connecticut Our Log Audit Procedure in Practice  Connecticut Nov 2008 Presidential Elections  We collected Event Logs from 421 AV-OS memory cards  279 used in the elections  Corresponding to random selection of 30% of all precincts  142 from back-up cards not used in the elections 10/9/2015EVT/WOTE 0925

VoTeR Center University of Connecticut Findings  314 out of 421 contain the expected sequences  15 (3.6%) had >10 SESSION START events  41 (9.7%) contained card duplication events  29 (6.9%) had a ZERO TOTALS REPORT printed before the date of the election.  24 (5.7%) were initialized between 10/27/2008 and 10/30/2008.  Our pre-election audit included only cards programmed until 10/26/2008  2 event logs had an additional ZERO TOTALS REPORT event during the election day. 10/9/2015EVT/WOTE 0926

VoTeR Center University of Connecticut Findings (Cont…)  1 event log had ELECTION CLOSE event at 22:08.  6 event logs had PREP ELECTION event the day of the election.  4 event logs had a MEMORY CARD RESET event.  1 event log had an UPLOAD STARTED event.  2 event logs had test elections on 10/31/08 and 1 event log showed a test election on 11/03/08.  1 event log had a test election on 11/26/08 and an election executed on 12/04/08.  Findings Suggest  No serious security problem or malicious intent  Prescribed procedures are not followed uniformly 10/9/2015EVT/WOTE 0927

VoTeR Center University of Connecticut Summary  Proposed and Developed an Automated Procedure for Event Log Analysis  Modeling AV-OS in terms of FSM  Time-Sensitive Action Rules  A tool to compare the actions in the logs over the defined rules  Our tool may be adjusted and used with other systems  Discovered some defects and deficiencies in AV-OS logging procedures  Printing an Overflowed Event Log  “Totals Report” Recording Deficiency  Date recording Deficiency  Used the automated tool in log analysis for CT Nov 2008 elections  Findings suggest no malicious intent but reveal non-uniformity in the electoral procedures 10/9/2015EVT/WOTE 0928

VoTeR Center University of Connecticut Conclusions  Our Results Suggest  Full scale event log analysis is feasible  It provides information about  Usage of the machines  Deviation from procedures.  Should included in any procedural audit  Part of Post-Election Audit  Event Logs should be a part of any E- Voting Terminal 10/9/2015EVT/WOTE 0929

VoTeR CenterUniversity of Connecticut Thank You. Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.