Voting Security

1
CSC 382/582 Computer Security

• Voting Security

2
Topics

• Why do we vote?
• Do we have a right to vote?
• How do we vote?
• Electronic voting

3
Why do we vote?

• Whats the purpose of democracy?
• Does democracy require voting?
• Does voting mean you live in a democracy?

4
Voting Rights

• Do we have a right to vote?

5
Voting Rights

• Non-discrimination is protected
• 15th (race)
• 19th (sex)
• 26th (age)
• But the SCOTUS majority concluded "the
  individual citizen has no federal constitutional
  right to vote for electors for the President of
  the United States." (Bush v. Gore, 531 U.S. 98,
  104 (2000))

6
Voting Methods

• Binary
• Ranked
• Condorcet
• Rated
• Proportional

7
Binary Methods

• Plurality
• First-past-the-post, largest number wins.
• Approval
• Vote for multiple candidates largest number
  wins.
• Runoff
• Multiple rounds of plurality until majority
  winner.
• Typical select top 2, then hold election with
  just those 2.
• Random
• People vote for their candidate.
• Randomly selected ballot determines winner.

8
Voting Criteria

• Majority criterion If there exists a majority
  preferring a single candidate, does he always win
  if that majority votes sincerely?
• Monotonicity criterion Is it impossible to
  cause a winning candidate to lose by ranking him
  higher, or to cause a losing candidate to win by
  ranking him lower?
• Consistency criterion If the electorate is
  divided in two and a choice wins in both parts,
  does it always win overall?
• Participation criterion Is it always better to
  vote honestly than to not vote?
• Condorcet criterion If a candidate beats every
  other candidate in pairwise comparison, does that
  candidate always win?
• Arrows Impossibility Theorem

9
Indirect Elections
Plurality in state select electors Winner
takes all in most states Majority of electoral
vote wins Congress selects if no majority
2004 Electoral College Map Bush (red), Kerry
(blue)
2004 Population cartogram 286 (Bush)-251 (Kerry)
10
Voting Details
11
History of Voting

• Voice Voting
• Ballots black pebble, white pebble
• Paper Ballots
• Australian Paper Ballot
• Lever Voting Machines
• Punched Card
• Optical Scanner
• DRE Machines

12
Types of Electronic Voting

• Paper-based voting
• Computer marks paper ballots, which are counted.
• Direct-recording electronic (DRE)
• Records vote count electronically.
• Networked DRE
• Uploads vote count electronically.
• Includes Internet voting.

13
Advantages of e-voting

• Accessibility
• Cheaper per election costs due to no paper
• Multi-lingual ballots
• Speed of tabulation
• Remote voting

14
Disadvantages of e-voting

• Voters could be tracked
• Lack of reliability
• Lack of verification
• Lack of transparency
• Undetectable fraud (Rices theorem)
• Wholesale fraud

15
Are Voting Machines Reliable?

• Columbus, OH An error while a Danaher /
  Guardian ELECTronic 1242 was plugged into a
  laptop to download results gave President Bush
  3,893 extra votes. http//www.usatoday.com/tech/n
  ews/techpolicy/evoting/2004-11-06-ohio-evote-troub
  le_x.htm
• Carteret Co., NC More early voters voted on
  Unilect Inc.s Patriot voting system than the
  system could handle resulting in the loss of more
  than 4,500 votes. http//www.usatoday.com/news/po
  liticselections/vote2004/2004-11-04-votes-lost_x.h
  tm
• Broward Co., FL ESS software on their machines
  only reads 32,000 votes at a precinct then it
  starts counting backwards (see this update)
  http//www.news4jax.com/politics/3890292/detail.ht
  ml
• Mecklenburg Co., NC More votes registered than
  voters http//www.charlotte.com/mld/charlotte/new
  s/politics/10094165.htm
• LaPorte County, IN - A bug in ESS software
  causes each precinct to be reported as only
  having (exactly) 300 voters each all reports add
  up to 22,000 voters in a county that has more
  than 79,000 registered voters.
  http//www.heraldargus.com/content/story.php?story
  id5304
• Utah County, UT - 33,000 straight-party ballots
  are not counted due to a programming error in
  punchcard counting equipment. http//deseretnews.
  com/dn/view/0,1249,595105309,00.html

16
Are Voting Machines Secure?

• As long as I count the votes, what are you
  going to do about it?
• William Marcy Boss Tweed, 1871

17
Diebold BallotStation

• Setup
• D/L ballot setup
• Pre-Election
• LA testing
• Election
• Voting
• Post-Election
• Print result tape
• Transfer votes

18
Attack Scenarios

• Transferring Votes
• Transfer vote from one candidate to another.
• Leaves total number of votes unchanged.
• Denial of Service
• Target precinct that votes for opponent.
• Malware shuts down or wipes machine.
• Forged administrative smartcard attack.

19
Injecting Attack Code

• Direct installation
• Replace EPROM.
• Exploit backdoor to install from smartcard.
• Reboot using smartcard with botloader.
• Voting machines use standard minibar keys.
• Virus
• Infects memory cards.
• Memory cards infect machines on boot.
• Software upgrades delivered via memory cards.

20
Concealing Voting Malware

• Timing
• Software only active in Election mode.
• Software only active on certain dates / times.
• Knock
• Software actives only after secret knock given.
• Hiding processes and files
• Rootkit techniques
• Virtualization

21
Mitigating Attacks

• Be like an XBox.
• Digital signatures for software updates
• Securing audit logs and counters
• Specialized hardware
• Cryptographic techniques
• Chain of custody for memory cards
• Voter verifiable paper trail

22
References

• Caltech/MIT Voting Project, Residual Votes
  Attributable to Technology, http//www.hss.caltec
  h.edu/voting/CalTech_MIT_Report_Version2.pdfsear
  ch22mit20caltech20uncounted20ballots22,
  2001.
• More e-voting problems, http//www.evoting-exper
  ts.com/, December 12, 2004.
• Ariel J. Feldman, J. Alex Halderman, Edward W.
  Felten, Security Analysis of the Diebold
  AccuVote-TS Voting Machine, http//itpolicy.princ
  eton.edu/voting, Sep 13, 2006.
• Douglas Jones, Illustrated Voting Machine
  History, http//www.cs.uiowa.edu/jones/voting/pi
  ctures/, 2003.
• Tadayoshi Kohno, Adam Stubblefield, Aviel D.
  Rubin, Dan S. Wallach, Analysis of an Electronic
  Voting System, IEEE Symposium on Security and
  Privacy, Oakland, CA, May, 2004
• Mark Newman, Election Result Maps,
  http//www-personal.umich.edu/mejn/election/,
  2004.
• Avi Rubin, Brave New Ballot, Morgan Road Books,
  2006.
• Kim Zetter, House Dems seek Election Inquiry,
  http//www.wired.com/news/evote/0,2645,65623,00.ht
  ml, Nov 5, 2004.
• http//en.wikipedia.org/wiki/Voting_system, 2006.