Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Nicolas Nicolaou Voting Technology Research (VoTeR) Center.

Published byHelen Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Nicolas Nicolaou Voting Technology Research (VoTeR) Center."— Presentation transcript:

1 Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Nicolas Nicolaou Voting Technology Research (VoTeR) Center Department of Computer Science and Engineering University of Connecticut http://voter.engr.uconn.edu 24th Annual ACM Symposium on Applied Computing SAC 2009, Honolulu, Hawaii Joint work with: Seda Davtyan, Sotiris Kentros, Aggelos Kiayias, Laurent Michel, Alexander Russell, Narasimha Shashidhar, Andrew See and Alexander A. Shvartsman

2 Motivation  Electronic Voting Technologies  Direct Recording Electronic (DRE)  Touch Screen w/ or w/out printer, not directly voter-verifiable  Optical Scan (OS) tabulator  VVPAT – Voter Verifiable Paper Audit Trail  Used in over 50% of counties in 2008  Case Study, Premier AccuVote-OS (AVOS):  Wide use in US elections, but…  C an be tampered with if memory card is removed [Hursti’05]  Can be tampered with if memory card is sealed in [EVT’07]  Reports by other workers and CA, CT, FL, AL,…  Safe-use procedures can be followed, but all under the assumption that firmware is trusted 10/8/20152VoTeR Center – SAC’09

3 Question Can the Firmware of Voting Machines be Trusted? In particular: Can the Firmware of AccuVote tabulator be Trusted? 10/8/20153VoTeR Center – SAC’09 Work performed by the UConn VoTeR Center on request of the Connecticut Secretary of the State as a part of the overall effort to evaluate voting equipment, and to enable and perform effective technological audits, pre- and post-election.

4 Our Findings  Firmware of AVOS can be analyzed  Without access to vendor specifications or source code  Using off-the-shelf third party tools (<$300)  Under the contractual right to “display or disseminate all information and data related to election results”  Three firmware manipulations targeting:  Enabling Effective Auditing:  Faithful and fast memory dumping  Audit Improvement (also potential Privacy Violation):  “Leak” Ballot Contents  Revealing Weaknesses: Alteration of Election Result  Swapping candidate counters 10/8/20154VoTeR Center – SAC’09

5 Understanding the System  Election Management System (GEMS):  Ballot Design and Central Tabulation  Serial port communication with AVOS  Transferred data stored on the AVOS memory card  AVOS Terminal:  Hardware Components  Software Components  Firmware  Memory Card Contents 10/8/20155VoTeR Center – SAC’09

6 Hardware  External  LCD  Dot Matrix Printer  Ballot Reader  Input Buttons  128K 40 Pin Epson Memory Card  Internal  8Mhz MicroController  Emulates an Intel 80186  128K SRAM  128K Firmware EPROM 10/8/20156VoTeR Center – SAC’09

7 Software  Firmware  Version 1.96.6  Stored in a UV light erasable 128K EPROM  Responsible for all the functions of the terminal  Unencrypted / Unauthenticated: the terminal will boot modified firmware without a single warning  Memory Card contents  Programmed through GEMS  Election-specific programming  Election Data and Control Flags depending on the Elections 10/8/20157VoTeR Center – SAC’09

8 Understanding Memory Card Format  Crucial for Auditing purposes  Memory Card can be divided in 5 major sections:  Header  Log  Election Data  Bytecode (AccuBasic)  Counters 10/8/20158VoTeR Center – SAC’09

9 Gaining Access: Serial Port  Control over the transmission  One way communication from terminal via a serial line  Identified AVOS communication Methodology  Place byte to be sent in a buffer  Unmask the serial transmission interrupt to place the byte from the byte on the wire. 10/8/20159VoTeR Center – SAC’09

10 Manipulation 1: AVOS as a Card Reader  Goal: Transmit MC data from AVOS to PC  Improve Auditing  Obtain clean and faithful image of the card contents  Enable auditing of large number of cards  Motivation  AVOS built-in dumping procedure  Unfaithful transmission of the contents  Potential modification of the audit log  Too slow for mass auditing ( ~2min per card)  Card Reader/Writer are very hard to find and are slow  This type of memory cards discontinued ca. 1998  Even if available, the commercial reader can take 1/2 hour 10/8/201510VoTeR Center – SAC’09

11 Manipulation 1: AVOS as a Card Reader  Delivery of Memory Card Data:  Inject a function to read the memory card contents  Utilizing Memory Card access control  Transmit one byte at a time to the serial line  Utilizing Serial Port access control  Speeding Up Card Dumping:  Implemented standard Run Lengths Encoding algorithm  Large part of card data contains sequences of identical values  Reduced card dumping from 2min to 20sec  Enabled the dump and inspection of large number of cards  Avoid alteration of card contents, e.g., audit log 10/8/201511VoTeR Center – SAC’09

12 Manipulation 2: Leaking Ballot Data  Dual Significance of the Result:  Benign alteration of firmware: Enhance Hand Count Audit  Potential malicious alteration: Violation of Voter Privacy  Implementation  AVOS side:  Transmit the candidate counters after each ballot cast  PC side:  Wait for incoming counters  Upon receipt of counters compute the difference of current counter image and the locally stored counter image  Counter difference reveal the ballot votes 10/8/201512VoTeR Center – SAC’09

13 Manipulation 2: Leaking Ballot Data  Used in Hand Count Audit  Ballot as read by AVOS presented on the screen  Poll worker may verify validity of the ballot  Reduces audit time  Reduces audit errors  Reveals ballot read errors  Demonstrates Possible Violation of Voter Privacy  Using the same technique during the election  Extract order of the ballots cast  Next: Hybrid OS terminal that displays votes as cast  Voter could verify their votes as recorded by the machine 10/8/201513VoTeR Center – SAC’09

14 Manipulation 3: Swapping Candidate Counters  Time Bomb Attack during Election  Behave “nicely” during pre-election testing  “Hit” during the actual elections  Implementing vote swapping:  Swap votes for predefined candidates  If votes < threshold do not swap  Also avoids pre-election testing detection  Otherwise swap after the elections are closed  Swap is done at the closing of elections and before the election report is printed. 10/8/201514VoTeR Center – SAC’09

15  Demonstration T=10: Pre-Election Testing Manipulation 3: Swapping Candidate Counters Original Firmware Modified Firmware 10/8/201515VoTeR Center – SAC’09

16  Demonstration T=10: At Poll Closing Manipulation 3: Swapping Candidate Counters Original Firmware Modified Firmware 10/8/201516VoTeR Center – SAC’09

17 Conclusions and Discussion  Demonstrated 3 AVOS firmware manipulations  Used for: Fast and Faithful Memory Card dumping  Potential for: Leaking Ballot Data  Potential for: Swapping Candidate Counters  Our results underscore the need for  Pre and Post election audits  Incorporation of firmware cryptographic integrity check at the hardware level  Answer to our question:  Firmware of an e-voting terminal is not necessarily trustworthy 10/8/201517VoTeR Center – SAC’09

18 Thank you! Questions? 10/8/201518VoTeR Center – SAC’09

Download ppt "Taking Total Control of Voting Systems: Firmware Manipulations on an Optical Scan Voting Terminal Nicolas Nicolaou Voting Technology Research (VoTeR) Center."

Similar presentations

VoTeR CenterUniversity of Connecticut Pre-Election Testing and Post-Election Audit of Optical Scan Voting Terminal Memory Cards Voting Technology Research.

VoTeR CenterUniversity of Connecticut Pre-Election Testing and Post-Election Audit of Optical Scan Voting Terminal Memory Cards Voting Technology Research.
Electronic Voting Systems

Electronic Voting Systems
VoTeR Center University of Connecticut Voting Technology Research Center PI: Alexander Shvartsman Co-PIs: Aggelos Kiayias Laurent Michel Alexander Russell.

VoTeR Center University of Connecticut Voting Technology Research Center PI: Alexander Shvartsman Co-PIs: Aggelos Kiayias Laurent Michel Alexander Russell.
Voting Systems.  DS200 – new 2013  DS850 – new 2013  AutoMARK Voting Equipment.

Voting Systems.  DS200 – new 2013  DS850 – new 2013  AutoMARK Voting Equipment.
ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium 30-31 May 2012.

ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium May 2012.
Electronic Voting: Danger and Opportunity J. Alex Halderman Department of Computer Science Center for Information Technology Policy Princeton University.

Electronic Voting: Danger and Opportunity J. Alex Halderman Department of Computer Science Center for Information Technology Policy Princeton University.
BIOMETRIC VOTING SYSTEM

BIOMETRIC VOTING SYSTEM
Analysis of an Electronic Voting System

Analysis of an Electronic Voting System
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
CS-334: Computer Architecture

CS-334: Computer Architecture
1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.

1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.
Election Observer Training 2008 Elections Certification & Training Program 360.902.4180.

Election Observer Training 2008 Elections Certification & Training Program
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
UMBC CMSC-491/691 APRIL 24, 2006 COPYRIGHT © 2006 MICHAEL I. SHAMOS Certifying Voting Systems Michael I. Shamos, Ph.D., J.D. Institute for Software Research.

UMBC CMSC-491/691 APRIL 24, 2006 COPYRIGHT © 2006 MICHAEL I. SHAMOS Certifying Voting Systems Michael I. Shamos, Ph.D., J.D. Institute for Software Research.
Design and Development of High Performance PC Based Logic Analyzer MSc Project by Rab Nawaz 2001-03-0030 Advisor: Dr. Shahid Masud.

Design and Development of High Performance PC Based Logic Analyzer MSc Project by Rab Nawaz Advisor: Dr. Shahid Masud.
Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.

Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.
17-803/17-400 ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS 17-803/17-400 Electronic Voting Session 5: Direct Recording Electronic (DRE)

17-803/ ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS / Electronic Voting Session 5: Direct Recording Electronic (DRE)
17-803/17-400 ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS 17-803/17-400 Electronic Voting Session 6: The Diebold Reports Michael I.

17-803/ ELECTRONIC VOTING FALL 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS / Electronic Voting Session 6: The Diebold Reports Michael I.
E-Voting Machine - Design Presentation Group M1 Jessica Kim Chi Ho Yoon Jonathan Chiang Donald Cober Mon. Sept 8 Initial Design Secure Electronic Voting.

E-Voting Machine - Design Presentation Group M1 Jessica Kim Chi Ho Yoon Jonathan Chiang Donald Cober Mon. Sept 8 Initial Design Secure Electronic Voting.

Similar presentations

Ads by Google