e voting and forensics prying open the black box
play

E-Voting and Forensics: Prying Open the Black Box Sean Peisert - PowerPoint PPT Presentation

May 28, 2023 •186 likes •551 views

E-Voting and Forensics: Prying Open the Black Box Sean Peisert Matt Bishop Candice Hoke Mark Graff David Jefferson given at EVT/WOTE09 Montreal, Canada August 10, 2009 Monday, August 10, 2009 Key Questions That We Address

  1. E-Voting and Forensics: Prying Open the Black Box Sean Peisert Matt Bishop Candice Hoke Mark Graff David Jefferson given at EVT/WOTE’09 Montreal, Canada August 10, 2009 Monday, August 10, 2009

  2. Key Questions That We Address • What questions can a forensic examination answer? • When should election administrators consider an election forensic examination? • How should they prepare for an examination? • Who should be included on the forensic team? • What sort of legal, contractual, and practical provisions may be needed? 2 Monday, August 10, 2009

  3. Key Questions We Do Not Answer • Study the merits of e-voting, or specific types of e-voting systems. • Analyze or discuss proposed voting systems. • Analyze specific auditing techniques. 3 Monday, August 10, 2009

  4. Some Causes of Problems in Voting • Malicious attacks can occur. • Many problems are caused by accident and are not malicious. • Someone trips over a power cord. • The polling place floods due to rainstorms. • Basic Problem: what happens when something goes wrong with an election? 4 Monday, August 10, 2009

  5. Questions Driving Election Forensics • Why don’t vote totals always reconcile? • Why does a system keep failing? • Are totals accurate and complete? • Can election officials certify the results? • Will the public accept the results? • Should candidates demand a recount? 5 Monday, August 10, 2009

  6. Issues With Election Forensics • No generally/broadly accepted logging/ auditing standards. • No generally/broadly accepted machine standards. • No concrete legal guidance from court precedents. • In forensic auditing, accountability and traceability are key. But votes cannot be tied to individual voters. 6 Monday, August 10, 2009

  7. Privacy and Security Must Be Balanced (Peisert, Bishop, & Yasinsac HICSS’09) • Election officials need to be able to count ballots • Forensic analysts need to be able to determine if and how a machine failed. • Cannot allow a voter to indicate to an auditor who they are (vote selling) • Cannot allow an auditor to determine who a voter is (voter coercion) • This leads to a direct conflict. 7 Monday, August 10, 2009

  8. What About VVPATs? • VVPATs are not audit trails (Yasinsac & Bishop, HICSS’08) • If a VVPAT shows an undervote: • could be malfunction • could be voter choice • If a VVPAT shows an over-vote: • probably malfunction, but where? • If a VVPAT shows an equal balance: • implies that any problem did not involve dropping or adding votes (but could simply be mis-recording votes) 8 Monday, August 10, 2009

  9. Questions a Forensic Examination Can Answer • How many votes did the problem affect? • How accurate are the canvass totals? • If the totals are wrong, can the investigation recover the data needed to correct the problem? • Is the voting equipment functioning according to documentation? • Were any procedural guidelines violated? • Which jurisdictions does the problem affect? • ...and others... 9 Monday, August 10, 2009

  10. Requirements • Accuracy • Availability • Secrecy • Anonymity 10 Monday, August 10, 2009

  11. Laocoön: A Model of Forensic Logging • Our approach: what data do we need to record in order to unknown end goals start of attack be able to analyze certain intermediate steps of intruder events? • Attack graphs of goals. • Goals can be attacker goals (i.e., “targets”) or defender goals (i.e., “security policies”) • Predicates represented by pre- conditions & post-conditions a b c d of events to accomplish goals. • Method of translating those conditions into logging requirements. 11 Monday, August 10, 2009

  12. Laocoön & E-Voting • Many violations of security policy on e- voting are easy to define precisely (e.g., changing or discarding cast votes) • Machines have (theoretically or ideally) limited modes of operation. 12 Monday, August 10, 2009

  13. Applying the Model to E-Voting: Start with E-Voting Requirements • Laws and requirements become security policies unknown end goals • Security policies define start of attack intermediate steps of intruder attack graphs • Attack graphs start with ultimate “goals” • Attack graphs are translated into detailed a b c d specifications and logging points implementations to guide logging 13 Monday, August 10, 2009

  14. Law to Policy • California Constitution, Article 2 (“Voting, initiative and referendum, and recall”) • Law: Sec. 7. Voting shall be secret. • Manual Voting Policy: the person who opens envelopes containing absentee ballots and removes the ballots is different than the person who tallies the ballots. • E-Voting Policy: information must not “leak” outside the system through any method other than the prescribed ballot. 14 Monday, August 10, 2009

  15. Policy to Goals • Examine the ballots for signs of unique identifiers. • Examine the setup of the e-voting machines to see if network cables, wireless devices, or physical sight lines could cause votes to be observed. • Interview poll workers to determine the locations of people during voting. 15 Monday, August 10, 2009

  16. Example: Laocoön & Over-Voting • Over-voting occurs when more candidates are selected than allowed in a given race. • At some point, the value of a bit changes. • What are the paths to that event? • Start with the entry to the system (e.g., touchscreen, supervisor screen, HW manipulation). • End at the data. • This places bounds on the intermediate steps. • Monitor those paths. 16 Monday, August 10, 2009

  17. Laocoön & Over-Voting Intermediate Steps Memory Touchscreen Card #1 Introduce "write" Supervisor Memory HW via USB syscall Screen Card #2 Hardware Swap Mem Memory Open Box Access Cards Card #3 Magnetic Manipulation 17 Monday, August 10, 2009

  18. Procedural Elements • What about methods of bypassing the logging system? • How tamperproof are logs? • What about denial-of-service? • What about human error? • What about DREs vs. optical scanners? 18 Monday, August 10, 2009

  19. Basic Concept • Repeated crashes, freezes, or auto-reboots may indicate a failure of the system. • This describes a goal state of the fault graph. • The model states that data to describe the system and failure should be recorded. 19 Monday, August 10, 2009

  20. What Data to Preserve • Laocoön prescribes the need to begin with the endpoint of the attack/fault graph and work backwards to understand prior indications. Thus: • Rule P1: Record indications of any failure, what happened, when it happened, and any error indicators. 20 Monday, August 10, 2009

  21. Laocoön and Data Preservation • System-level events • Commands capable of performing such actions • Human events • Who was using the machine? • Who had access to the machine? 21 Monday, August 10, 2009

  22. Laocoön and Data Preservation Intermediate Steps Memory Touchscreen Card #1 Introduce "write" Supervisor Memory HW via USB syscall Screen Card #2 Hardware Swap Mem Memory Open Box Access Cards Card #3 Magnetic Manipulation 22 Monday, August 10, 2009

  23. What Data to Preserve • Laocoön also prescribes the need to start at the beginning of the fault graph. So: • Rule P2: Record information about entry points into the system, including the locations from which people accessed the system. • Voter interface • Maintenance bays • Include non-voters, such as officials and vendors • Visual descriptions of the state of entry points • Locations of power cords, weather, etc... 23 Monday, August 10, 2009

  24. What Data to Preserve • Laocoön prescribes the need to record possible paths from initial states to error states. So: • Rule P3: Collect external data relevant to the state of the voting system • VVPATs • Audit logs • Memory cards • Removable peripherals (e.g., USB sticks) • Cables indicating network/telephone connections • Videotapes • People! • Chain of custody details 24 Monday, August 10, 2009

  25. What Data to Preserve • Laocoön prescribes the data necessary to analyze an event, and thus also the data not adhering to that standard. So: • Rule P4: Record any signs that the data is incomplete or may not be trustworthy • E.g., if a system is supposed to record all occurrences of X but does so only intermittently. 25 Monday, August 10, 2009

  26. Assurance and How to Preserve Data • Laocoön prescribes that data should be recoded at failure points (both temporally and physical proximity). • Rule A1: Preserve all artifacts as soon as the problem is discovered, in the state in which the problem was discovered. • Copies of data, clones, backups, memory • Precinct devices • Freezing evidence • Digital photographs • Network state 26 Monday, August 10, 2009

  27. Laocoön and Data Preservation Intermediate Steps Memory Touchscreen Card #1 Introduce "write" Supervisor Memory HW via USB syscall Screen Card #2 Hardware Swap Mem Memory Open Box Access Cards Card #3 Magnetic Manipulation 27 Monday, August 10, 2009

Recommend

KCI-based MitM Attacks against TLS Prying Open Pandoras Box Clemens Hlauschek, Markus Gruber,

KCI-based MitM Attacks against TLS Prying Open Pandoras Box Clemens Hlauschek, Markus Gruber,

KCI-based MitM Attacks against TLS Prying Open Pandoras Box Clemens Hlauschek, Markus Gruber, Florian Fankhauser, Christian Schanes BS(l)idesVienna 0x7df whoami [ haku@bsidesbox ] % getent passwd whoami | awk F :

684 views • 33 slides
About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS

iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS

iOS Forensics with Open-Source Tools Andrey Belenko AGENDA Basics iOS Security iOS Data Protection Hands-On! FORENSICS 101 Acquisition Analysis Reporting GOALS: 1. Assuming physical access to the device extract as much

763 views • 41 slides
Lockpicking Forensics datagram datagram.layerone@gmail.com Black Hat USA Briefings, 2009

Lockpicking Forensics datagram datagram.layerone@gmail.com Black Hat USA Briefings, 2009

Lockpicking Forensics datagram datagram.layerone@gmail.com Black Hat USA Briefings, 2009 Agenda How locks/picks work Normal wear Lock Analysis Key Analysis Investigative process Destructive entry still #1! How Locks Work

1.39k views • 117 slides
Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud in an Electronic Voting Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An Analysis of the Unlimited Reelection Vote in Venezuela Election Forensics Previous Research Ines

686 views • 45 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
Race and Voting in Florida 17.871 Spring 2012 1 Hypothetical Statistics about Voting Pct.

Race and Voting in Florida 17.871 Spring 2012 1 Hypothetical Statistics about Voting Pct.

Race and Voting in Florida 17.871 Spring 2012 1 Hypothetical Statistics about Voting Pct. Voted Race (of registered) Avg. age Black 56.2 38.2 Hispanic 62.2 45.2 White 68.2 52.2 Pct. Voted (of Age group registered) N 18-39 56.9

365 views • 7 slides
CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Forensics for Graphics Files Types of graphics file formats Type of data compression How to locate

362 views • 25 slides
2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive

884 views • 70 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu

Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu

Live Disk Forensics on Bare Metal Hongyi Hu and Chad Spensky {hongyi.hu,chad.spensky}@ll.mit.edu Open-Source Digital Forensics Conference 2014 This work is sponsored by the Assistant Secretary of Defense for Research and Engineering under Air

800 views • 50 slides
CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Overview of Mobile Forensics Originated in Europe and focused on the GSM SIM card. Roaming of Devices

694 views • 17 slides
NEST Kali Linux Tutorial: Maltego Maltego is an open source intelligence and forensics

NEST Kali Linux Tutorial: Maltego Maltego is an open source intelligence and forensics

NEST Kali Linux Tutorial: Maltego Maltego is an open source intelligence and forensics application. It will offer you timeous mining and gathering of information as well as the representation of this information in an easy to understand

477 views • 23 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics & Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
? ? ? Photo by A. Dunlap (Thanks to Aimee Dunlap for designing this lecture.) Open the Black Box

? ? ? Photo by A. Dunlap (Thanks to Aimee Dunlap for designing this lecture.) Open the Black Box

10/2/2012 Cognition as a Black Box What Do Animals Know? Information goes in Behavior Comes Out And how do we find out? ? ? ? Photo by A. Dunlap (Thanks to Aimee Dunlap for designing this lecture.) Open the Black Box by Putting the Animal

279 views • 8 slides
SQL Server Database Forensics Kevvie Fowler , GCFA Gold, CIS S P, MCTS , MCDBA, MCS D, MCS E

SQL Server Database Forensics Kevvie Fowler , GCFA Gold, CIS S P, MCTS , MCDBA, MCS D, MCS E

SQL Server Database Forensics Kevvie Fowler , GCFA Gold, CIS S P, MCTS , MCDBA, MCS D, MCS E Black Hat USA 2007 S QL S erver Forensics | Why are Databases Critical Assets? Why are databases critical assets? Databases hold critical

435 views • 39 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de

Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de

Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de la A N S S I scurit des systmes dinformation Introduction Forensics: context Forensics: memory Forensics: filesystem Reverse

545 views • 36 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
Electing a University President using Open-Audit Voting Ben Adida , Olivier de Marneffe ,

Electing a University President using Open-Audit Voting Ben Adida , Olivier de Marneffe ,

Electing a University President using Open-Audit Voting Ben Adida , Olivier de Marneffe , Olivier Pereira Jean-Jacques Quisquater Harvard University Universit e catholique de Louvain August 11, 2009 UCL Crypto Group EVT/WOTE 09 -

426 views • 20 slides
CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Email System Components User agents / Webmail: Composing, editing, and reading mail messages. Mail

687 views • 49 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
Michigan Votes in 2020 Voter registration, absentee voting, and Election Day New Voting Laws New

Michigan Votes in 2020 Voter registration, absentee voting, and Election Day New Voting Laws New

Michigan Votes in 2020 Voter registration, absentee voting, and Election Day New Voting Laws New Michigan Voting Laws Prop 3 of 2018 added several voting policies to the Michigan constitution, including: straight-ticket voting, automatic

510 views • 15 slides

More recommend