hac k a vote studying se c ur ity issue s with e voting
play

Hac k- a- Vote : Studying Se c ur ity Issue s with E - Voting Da - PowerPoint PPT Presentation

Apr 27, 2023 •274 likes •542 views

Hac k- a- Vote : Studying Se c ur ity Issue s with E - Voting Da n Wa lla c h Ric e Unive rsity Collabor ator s: Jo na tha n Ba nne t Da vid W. Pric e Alg is Rudys Justin Sing e r Pe r c e ption vs. r e ality Pe r c e ption vs. r

  1. Hac k- a- Vote : Studying Se c ur ity Issue s with E - Voting Da n Wa lla c h Ric e Unive rsity Collabor ator s: Jo na tha n Ba nne t Da vid W. Pric e Alg is Rudys Justin Sing e r

  2. Pe r c e ption vs. r e ality Pe r c e ption vs. r e ality � Vo te r fe e ls tha t � Vo te wa s c o unte d � Vo te wa s priva te � No b o dy e lse c a n vo te mo re tha n o nc e � No b o dy c a n a lte r o the rs’ vo te s � Pe o ple b e lie ve tha t the ma c hine wo rks c o rre c tly � T he se ha ve to do with pe rc e ptio n It is also impor tant that the se pe r c e ptions ar e tr ue .

  3. Re lianc e on c e r tific ation I nde pe nde nt T e sting Autho ritie s � Allo we d to se e the c o de � No b o dy e lse lo o ks � Ce rtify sa tisfa c tio n o f F E C sta nda rds � Re q uire d b y ma ny sta te s Re sult: “F aith- base d voting”

  4. Inspir ation Ha ve a n e -vo ting syste m to “de mo nstra te ” inside r fla ws � Orig ina l ide a fro m Da vid Dill � Orig ina l c o de b y Da vid W. Pric e � Writte n summe r 2003 � Ab o ut 2000 line s o f Ja va Unne c e ssa ry a fte r Die b o ld finding s

  5. Se c ond applic ation? Ho w a b o ut in-c la ss use ? � Old pro je c t: “sma rt c a rd so da � ma c hine ” 1) de sig n & fo rma lly mo de l c rypto pro to c o l 2) swa p with o the r g ro ups 3) imple me nt with re a l c a rds � Re a l sma rt c a rds a re pa inful

  6. Hac k- a- Vote pr oje c t Re mo ve “c he a ting ” c o de ~150 line s, mo stly in o ne file T hre e pha se a ssig nme nt 1) Be e vil (2 we e ks) 2) Be a n I T A (1 we e k) 3) De sig n / fo rma lly mo de l b e tte r ve rsio n o f Die b o ld sma rtc a rd (2.5 we e ks)

  7. Be e vil? � Stude nts’ ro le : c o rrupt de ve lo pe r inside ve ndo r � Co de must still pa ss te sts � “Minima l” c o de c ha ng e s � Multiple ha c ks e nc o ura g e d � Co de sho uld a ppe a r “no rma l” De live rable s: Co de + Writte n Re po rt

  8. Be an IT A? � Swa p c o de fro m g ro ups � E ve ry g ro up a udits two ve rsio ns � Ho no r c o de : no running diff � I mpe rfe c t simula tio n o f re a l I T As � Stude nt fa milia rity with c o de � Sma lle r c o de b a se De live rable s: Writte n Re po rt

  9. Be tte r smar tc ar d pr otoc ols? � L e c ture s ha ve pre pa re d stude nts yptyc fo r pro to c o l mo de lling � c r � (Re la tive ly) usa b le type c he c ke r c ryptyc .c s.de pa ul.e du De live rable s: Mo de l + Writte n Re po rt

  10. Die bold’s smar t c ar d pr otoc ol d is ( 8 byte s ) My passwor T e rmina l Ca rd “Okay” Ar e you valid? “Yup” Canc e l your se lf, ple ase . “Okay”

  11. nte rCivic e Sla te e Hac k- a- Vote softwar nspira tio n: Ha rt I I

  12. e Slate pr otoc ol (hope fully) Valid? 1234 ne twor k Pin: 1234 Base station Voting mac hine … Pin: 1234

  13. Hac k- a- Vote live de mo

  14. Hac k- a- Vote de sign

  15. Hac k- a- Vote de sign

  16. Hac k- a- Vote de sign

  17. Hac k- a- Vote de sign

  18. Wide gamut of attac ks � Ma nipula te e le c tio n re sults � Vio la te vo te r a no nymity � Cra sh / Do S vo ting ma c hine

  19. Cle ve r hac ks � Ove rlo a d equals() / hashCode() � Va ria b le with sa me na me a s c la ss � Unusua l c o ntro l flo ws � Re use c o nsta nts in the c o de � Ne two rk po rt: 1776 � Use a s b a c kdo o r PI N � “Sta rt o ve r” a lso sub mits a vo te

  20. De e pe r hac ks � We a k ra ndo m numb e r g e ne ra to r � E a sie r to g ue ss va lid PI Ns � RNG fo r vo te shuffle se e de d with te rmina l I D � Atta c ke r c a n undo shuffle � Only c he a t if te rmina l I D > 2 � L e ss like ly to o c c ur in te sting

  21. Did the IT As c atc h the hac ks? Ha c k Atte mpts F ound F ound onc e twic e Mo dify a lre a dy- 6 6 5 c a st vo te s Ca st multiple 7 7 6 vo te s Vio la te vo te r 4 3 2 a no nymity De nia l o f se rvic e 4 3 2

  22. Implic ations for r e al IT As � Ca n re a l I T As do b e tte r? + T he y c a n run diff + T he y c a n pe rfo rm “pa ra lle l te sting ” – Co de b a se s a re muc h la rg e r – Are the y e xpe c ting T ro ja n Ho rse s? – Ho w c lo se ly do the y re a d the c o de ? � Ve ry little suppo rt fro m to o ls

  23. Uglie r issue s for c e r tific ation � T o o lc ha in ta mpe ring (T ho mpso n) � T a mpe ring with “e mb e dde d” OS � Audite d c o de = a c tua l c o de in ma c hine ?

  24. Public ity I E E E S e c urity & Privac y, Jan/ F e b 2004 � Re printe d in Co mpute r Use r � Sto ry o n lo c a l T V ne ws � I mpa c t o n ve ndo rs / I T As?

  25. Choose Hac k- a- Vote ! ic e .e du/ ~dwallac h / c o urse s/ www.c s.r c o mp527_f2003/ vo te pro je c t.html BSD-style lic e nse T rust us, it wo rks fine

Recommend

REGISTER TO VOTE | MAKE A VOTING PLAN VISIT WMICH.EDU/VOTE TO LEARN HOW. MAKE A VOTING PLAN:

REGISTER TO VOTE | MAKE A VOTING PLAN VISIT WMICH.EDU/VOTE TO LEARN HOW. MAKE A VOTING PLAN:

BRONCOS VOTE EARLY REGISTER TO VOTE | MAKE A VOTING PLAN VISIT WMICH.EDU/VOTE TO LEARN HOW. MAKE A VOTING PLAN: Registration: Visit wmich.turbovote.org to get help with voter registration and voting by mail, and sign up for election

62 views • 5 slides
STRIKE AUTHORIZATION VOTE SEIU 503 OUS NEGOTIATIONS September 2013 WHAT ARE WE VOTING ABOUT?

STRIKE AUTHORIZATION VOTE SEIU 503 OUS NEGOTIATIONS September 2013 WHAT ARE WE VOTING ABOUT?

STRIKE AUTHORIZATION VOTE SEIU 503 OUS NEGOTIATIONS September 2013 WHAT ARE WE VOTING ABOUT? Whether or not to authorize our SEIU Bargaining Team to call for a strike WHY IS THIS VOTE NEEDED? Because OUS has failed to offer us

235 views • 23 slides
Lagrangian E-Voting: e-Voting Concept Our contribution Verifiability on Demand and Strong

Lagrangian E-Voting: e-Voting Concept Our contribution Verifiability on Demand and Strong

Lagrangian E-Voting Lagrangian E-Voting: e-Voting Concept Our contribution Verifiability on Demand and Strong Privacy Scheme Description Registration Ballot Structure Casting a Vote ukasz Krzywiecki, Mirosaw Kutyowski Mixing

708 views • 66 slides
An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques Traor July 8-12 th 2014 Interdisciplinary Analysis of Voting Rules Outline Outline Outline Outline Context Problematic / Security

515 views • 37 slides
Absentee and Early Voting in America Who can vote? All U.S. Citizens except: Citizens under the

Absentee and Early Voting in America Who can vote? All U.S. Citizens except: Citizens under the

Absentee and Early Voting in America Who can vote? All U.S. Citizens except: Citizens under the age of 18 Some prisoners and convicted felons (depending on the state of residence) In some states, U.S. citizens who have never resided

301 views • 12 slides
The Right to Vote protects all other rights The right of voting for representatives is the

The Right to Vote protects all other rights The right of voting for representatives is the

The Right to Vote protects all other rights The right of voting for representatives is the primary right by which other rights are protected. To take away this right is to reduce a man to slavery, for slavery consists in being subject to the

930 views • 90 slides
How do senators vote? -Issues - Strategies -Affiliation - Influence Voting Behavior 1

How do senators vote? -Issues - Strategies -Affiliation - Influence Voting Behavior 1

4/30/18 CSCI 3210: Computational Game Theory The Power of Context: Ideal Points with Social Interactions Ref: Irfan & Gordon Mohammad T. Irfan How do senators vote? -Issues - Strategies -Affiliation - Influence Voting Behavior 1

314 views • 15 slides
Getting Out the Vote: Information and Voting Behavior Yi-Yi Chen Washington University in St.

Getting Out the Vote: Information and Voting Behavior Yi-Yi Chen Washington University in St.

Getting Out the Vote: Information and Voting Behavior Yi-Yi Chen Washington University in St. Louis October 19, 2013 228, One Million People Hand-In-Hand to Protect Taiwan Figure: Two million Taiwanese formed a 500-kilometer long human chain

636 views • 17 slides
Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted

Human Factors in Coercion-Resistant Internet Voting Oksana Kulyk I voted for A I voted for A +1 vote for B +1 vote for A ITU CIST 29/05/2019 1 Coercion in Internet Voting Internet voting is an unsupervised channel

580 views • 22 slides
HAVA HAVA Help America Vote Act Help America Vote Act What Every Voter Should Know Why Is HAVA

HAVA HAVA Help America Vote Act Help America Vote Act What Every Voter Should Know Why Is HAVA

HAVA HAVA Help America Vote Act Help America Vote Act What Every Voter Should Know Why Is HAVA Necessary? Between 4 million and 6 million votes in the 2000 election were lost due to problems with ballots, voting machines and registration

746 views • 36 slides
Voting Series Part One: Registering People Experiencing Homelessness to Vote Friday September 11

Voting Series Part One: Registering People Experiencing Homelessness to Vote Friday September 11

Voting Series Part One: Registering People Experiencing Homelessness to Vote Friday September 11 at 1pm Eastern Presenters Katherine Cavanaugh, Consumer Advocate, National Health Care for the Homeless Council, Baltimore, MD Megan

171 views • 6 slides
Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few security properties [KohnoStubblefieldRubinWallach2004] compared to what is desirable: Eligibility: only eligible voters can vote, and only once.

406 views • 7 slides
Estimating the Margin of Victory for Instant-Runoff Voting* David Cary * also known as

Estimating the Margin of Victory for Instant-Runoff Voting* David Cary * also known as

Estimating the Margin of Victory for Instant-Runoff Voting* David Cary * also known as Ranked-Choice Voting, preferential voting, and the alternative vote 1 v7 Overview Why estimate? What are we talking about? Estimates

683 views • 45 slides
An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques Traor 21 June 2016 COST Action IC1205 Industry Day Outline Context Problematic / Security issues Some challenges in Electronic

621 views • 41 slides
Vote-Independence: A Powerful Privacy Notion for Voting Protocols Jannik Dreier, Pascal

Vote-Independence: A Powerful Privacy Notion for Voting Protocols Jannik Dreier, Pascal

Introduction Intuitive Definitions Formal Definitions Analysis and Case Studies Conclusion Vote-Independence: A Powerful Privacy Notion for Voting Protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Universit Grenoble 1, CNRS,

1.12k views • 58 slides
Avon Pension Fund Fund Manager Vote Monitoring Paul Hewitt Manifest Information Services Ltd

Avon Pension Fund Fund Manager Vote Monitoring Paul Hewitt Manifest Information Services Ltd

Avon Pension Fund Fund Manager Vote Monitoring Paul Hewitt Manifest Information Services Ltd September 2012 Agenda Background: Manifest and Vote Monitoring Governance Issues in 2011 Voting Fund Managers and Voting Q&A 2 Manifest &

397 views • 15 slides
The Future of Voting in The Future of Voting in California: The People, the California: The

The Future of Voting in The Future of Voting in California: The People, the California: The

United States Election Assistance Commission Making every vote count. The Future of Voting in The Future of Voting in California: The People, the California: The People, the Equipment, the Cost. Equipment, the Cost. Taking Stock of the

397 views • 17 slides
MAKING VOTING ACCESSIBLE P L A I N L A N G U A G E & P L A I N I N T E R A C T I O N

MAKING VOTING ACCESSIBLE P L A I N L A N G U A G E & P L A I N I N T E R A C T I O N

MAKING VOTING ACCESSIBLE P L A I N L A N G U A G E & P L A I N I N T E R A C T I O N WHAT IF ANYONE COULD VOTE ON ANY DEVICE? Dana Chisnell, Usability Works Drew Davies, Oxide Designs Kathryn Summers, University of Baltimore

533 views • 22 slides
The United Nations Voting Dataset Exploratory Data Analysis: Case Study UN Voting Dataset Roll

The United Nations Voting Dataset Exploratory Data Analysis: Case Study UN Voting Dataset Roll

EXPLORATORY DATA ANALYSIS: CASE STUDY The United Nations Voting Dataset Exploratory Data Analysis: Case Study UN Voting Dataset Roll call ID Session (year) Vote Country code rcid session vote ccode Each row is a country- 46 2 1 2

461 views • 26 slides
Introduction to Mechanism Design Lirong Xia Voting game of strategic voters > > Alice

Introduction to Mechanism Design Lirong Xia Voting game of strategic voters > > Alice

Introduction to Mechanism Design Lirong Xia Voting game of strategic voters > > Alice Strategic vote > > Bob Strategic vote > > Carol Strategic vote Game theory is predictive How to design the rule of the

554 views • 11 slides
Introduction to Mechanism Design Lirong Xia Voting game of strategic voters > > Alice

Introduction to Mechanism Design Lirong Xia Voting game of strategic voters > > Alice

Introduction to Mechanism Design Lirong Xia Voting game of strategic voters > > Alice Strategic vote > > Bob Strategic vote > > Carol Strategic vote Game theory is predictive How to design the rule of the

484 views • 13 slides
EAC Voting System Risk Assessment: EAC Voting System Risk Assessment: What is it? How can it save

EAC Voting System Risk Assessment: EAC Voting System Risk Assessment: What is it? How can it save

United States Election Assistance Commission Making every vote count. EAC Voting System Risk Assessment: EAC Voting System Risk Assessment: What is it? How can it save Money? What is it? How can it save Money? Miami, FL January 29, 2009

365 views • 11 slides
Le vote lectronique : un dfi pour la vrification formelle Steve Kremer Loria, Inria Nancy

Le vote lectronique : un dfi pour la vrification formelle Steve Kremer Loria, Inria Nancy

Le vote lectronique : un dfi pour la vrification formelle Steve Kremer Loria, Inria Nancy 1 / 17 Electronic voting Elections are a security-sensitive process which is the cornerstone of modern democracy Electronic voting promises

773 views • 40 slides
The Paradox of Multiple Elections 13 voters are asked to each vote yes or no on three issues: 3

The Paradox of Multiple Elections 13 voters are asked to each vote yes or no on three issues: 3

Voting in Combinatorial Domains COMSOC 2011 Voting in Combinatorial Domains COMSOC 2011 The Paradox of Multiple Elections 13 voters are asked to each vote yes or no on three issues: 3 voters each vote for YNN, NYN, NNY. 1 voter each

652 views • 6 slides

More recommend