Security flaws in existing voting systems

1
Security flaws in existing voting systems

• by Slavik Krassovsky

2
Introduction

• HAVA
• 3.9 billion appropriated in states aid
• DRE Vendors
• Diebold
• ESS
• MicroVote
• WINvote
• Sequoia
• Hart InterCivic

3
DRE Machine Architecture
4
Certification process

• Is done per FEC guidelines
• ITAs
• Ciber
• Wyle
• SysTest
• Off-the-shelf hardware and software is exempt

5
Media reported problems

• 01/04, Broward County, Florida
• 134 out of 10,844 votes are missing
• 11/03, Boone County, Indiana
• 144,000 votes were cast but Boone County contains
  fewer than 19,000
• 01/04, Hinds County, Mississippi
• Machines stayed down all day

6
Diebold

• Analyzed by researches
• Hardcoded DES key
• No Smart card authentication
• Unsecure smart card deactivation
• Hardcoded PIN
• Etc...

7
Attacks

• Attacks on the machine
• Undetectable rigging

8
Other problems

• No way to verify that their votes were recorded
  correctly
• No way to publicly count the votes
• No meaningful recounts are possible

9
Conclusion

• Some problems can be solved by strict
  certification
• But some problems are inherent
• Its best to look for alternatives