security analysis of india s electronic voting systems
play

Security Analysis of India's Electronic Voting Systems Scott - PowerPoint PPT Presentation

Nov 30, 2022 •466 likes •1.02k views

Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich), Hari K. Prasad, Kankipati, Sakhamuri, Yagati (NetIndia), Rop Gonggrijp "Reaffirm it's belief in the infallibility of the EVMs" Goals

  1. Security Analysis of India's Electronic Voting Systems Scott Wolchok, Wustrow, Halderman (UMich), Hari K. Prasad, Kankipati, Sakhamuri, Yagati (NetIndia), Rop Gonggrijp "Reaffirm it's belief in the infallibility of the EVMs"

  2. Goals • To evaluate the claims of the Indian Election Commission that the EVM is "infallible" and "tamper-proof" • Show the significant vulnerabilities in the EVMs and possible attack vectors

  3. Electronic Voting in India • The first EVMs proposed in the 1980s but were not adopted nationwide • However, the systems style is used to this day • The first nationwide EVMs were used in the 90s and have been updated a few times

  4. Electronic Voting in India • The Election Commission brought together a committee of engineers • They assured the committee that the machine was completely secure

  5. Electronic Voting in India • The Election Commission brought together a committee of engineers • They assured the committee that the machine was completely secure • "Today the Commission once again completely reaffirms its faith in the infallibility of the EVMs. These are fully tamper-proof, as ever"

  6. Electronic Voting in India • The Election Commission brought together a committee of engineers • They assured the committee that the machine was completely secure • "Today the Commission once again completely reaffirms its faith in the infallibility of the EVMs. These are fully tamper-proof, as ever" • Unfortunately, none of the committee members had any security background

  7. Challenges for Voting Machines in India • Cost for mass production

  8. Challenges for Voting Machines in India • Cost for mass production • Illiteracy

  9. Challenges for Voting Machines in India • Cost for mass production • Illiteracy • Lack of Reliable power

  10. Challenges for Voting Machines in India • Cost for mass production • Illiteracy • Lack of Reliable power • Technology intimidation

  11. Challenges for Voting Machines in India • Cost for mass production • Illiteracy • Lack of Reliable power • Technology intimidation • Any solution needs to be able to stand up to these requirements

  12. EVM Operation

  13. Consist of 2 Parts

  14. Consist of 2 Parts

  15. Control Unit • Holds a microprocessor that controls the ballot machines • Built in 7-segment LEDs for candidate # and vote count • Constantly polls the ballot machine the check if there is a new vote

  16. Ballot Machine • Lists the candidates in the election • Relays information back to the control unit • Uses two EPLDs instead of a CPU to interpret control signals • Gives visual and audio feedback to confirm correct vote (a red light and a beep)

  17. Software • Software is installed in order to be permanent and secret • But can't be read or written to • Is it gone forever?

  18. Software • Software is installed in order to he electronically erasable • But can't be read or written too • No • A well funded adversary can examine the chip under a microscope

  19. Pre-Election Process • Election officials place paper names for the candidates in the ballot machine • Name and party (logo)

  20. Pre-Election Process • # of candidates entered into the control unit • A public mock election is held • Publicly zero the ballot count in the control unit • Machines are sealed to prevent tampering

  21. Pre-Election Process • # of candidates entered into the control unit • A public mock election is held • Publicly zero the ballot count in the control unit • Machines are sealed to prevent tampering

  22. Election – Ballot • Voters are identified and given a black mark to prevent double voting • In the booth: • A green light indicates 'ready' • Press the button for the candidate of your choice • A beep confirms you voted • A red light shows who you voted for

  23. Election – Control Unit • Press the ballot button to start allowing ballots • The control unit queries each ballot machine • Ballot machine checks EPLD (electronically programmable device) for a cast vote • If yes, send vote to control unit • If no, query the next ballot machine

  24. How can this system be compromised?

  25. Tampering with Software • Despite the fact that the software is not readable or writable, manufacturer or employees can compile different code • Without much chance of being caught • For a well funded adversary, the chip can also be taken apart and examined under a microscope • Reverse engineering from there is relatively straightforward

  26. Substitute the CPU • One of the claims made by the commission that evaluated these were that visual inspection would make attacks obvious

  27. Substitute the CPU • One of the claims made by the commission that evaluated these were that visual inspection would make attacks obvious • But if the CPU is swapped at assembly, or in the supply chain, or by corrupt employees it's hard to detect • Even harder to at the polling place since it is enclosed in a casing

  28. Substitute the CPU • The CPU can be programmed to miscount the votes when tallied • EPLDs on the ballot machine too • Since there is no cryptography used, altering data is trivial and leaves no trace of misconduct • Its simple design and commodity hardware makes it easy to replicate functionality

  29. One Step Further – Swap the entire board • Swapping the CPU requires soldering and some non-trivial effort • A new board is easier to manufacture and trust between devices makes it easy • With the simple design of the EVM, replicating the functionality of the control unit is not difficult

  30. Swap the Entire Board – How? • Between the election period and the tallying period, an adversary could replace a few voting machines • Between elections, EVMs were stored in places like high schools and insecure warehouses • Getting access during this time is possible

  31. Swap the Whole Thing • Without any authenticity checks, swapping the device would also go unnoticed • But hard to replicate plastic housing of board Tampering with the State • Electrical components on either machine or between the two machines can be attached to modify device communication • Masking/simulating votes • Reading directly from EEPROM

  32. Attacks Carried Out

  33. Dishonest Display – What • Add a separate, hidden microcontroller to the board that changes the output of the LED • Instead of modifying the voting operation, just change what the official sees by calculating incorrectly

  34. Dishonest Display – What • A microcontroller with other parts can be swapped any point before the votes are tallied, perhaps years before • Manufacturer maintenance or election insiders routinely have access to machines

  35. Dishonest Display – How? • A microcontroller, bluetooth module and a chip antenna circuit is added • Power supplied by EVM • Hidden underneath the existing LEDs with 2mm clearance • Microcontroller reads select lines for for the LEDs • Circuit tracks the total number of votes

  36. Dishonest Display – How? • A signaling mechanism over Bluetooth radio is used to choose favored candidate • Can be performed by ordinary phones • The device looks for device with name "MAGIXX" • The PIC stores the candidate in non-volatile memory until tallying

  37. Dishonest Display – Detection?

  38. Dishonest Display – Detection • To combat tallies that look fraudulent an algorithm is created to calculate how many votes to steal • Minimum threshold of votes • Maintain consistency properties of reported results • Enough that people can disclose their votes • Subtract proportional amount from each candidate and add to favored candidate

  39. Clip-on Memory Manipulator – What • The votes are stored in EEPROM on the control unit once the voting is complete • A large gap between voting and tallying leaves the units vulnerable to tampering • Tamper with the memory in EEPROM to modify/extract the ballots • Data is stored sequentially and unencrypted

  40. Clip-on Memory Manipulator – How? • I2C serial protocol is used for communication between CPU and EEPROM • By holding the CPU in reset state, I/O signals are forced high-Z, allowing communication even when not in use • A microcontroller clip is attached to the pins of the EEPROM and gets power from the EVM

  41. Clip-on Memory Manipulator – Stealing Votes • The clip has a rotary to choose a candidate to favor and modify their tally • A vote stealing program computes how many votes to steal and rewrites the ballots • Program handle failures by writing to one array at a time and marking dirty bits

  42. Clip-on Memory Manipulator – Secrecy • Ballots are stored in EEPROM in the order they are cast • Attacker can examine public register to discover the order of voters • Correlating the two completely compromises voter secrecy

  43. Apparent Safeguards • It's hard to compromise a million machines

  44. Apparent Safeguards • It's hard to compromise a million machines • Tightly contested elections can determine majority in parliament

  45. Apparent Safeguards • It's hard to compromise a million machines • Tightly contested elections can determine majority in parliament • Physical security from personnel

Recommend

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with Ben Smyth Steve Kremer Imperial College 21 April 2010 Outline Potential & current situation 1 Desired properties 2 Example 3 Modelling

958 views • 60 slides
Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of Birmingham based on joint work with Ben Smyth Steve Kremer Mounira Kourjieh IFIP WG 1.3, Udine, Italy September 2009 Outline Electronic voting Applied

695 views • 30 slides
ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith

ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith

Slide 1 The Simpsons Slide 2 ELECTION (IN)SECURITY fixing broken electronic voting systems April Smith asmithziegler@gmail.com | twitter.com/asmithziegler Slide 3 PROBLEMS Slide 4 www.electionsatrisk.org www.ivotedmovie.com Jason Grant

432 views • 32 slides
Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for Voting Over the Internet, Indrajit Ray, (revisited) Indrakshi Ray, Natarajan Narasimhamurthi Paul Valiant extending work by Dale Neal &

441 views • 5 slides
Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Electronic voting System security of electronic voting Stephen McCamant Exercise sets 2

424 views • 10 slides
The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President,

The Future of Electronic Voting Systems presented by: Eric D. Coomer, PhD Vice President, Research & Product Development Sequoia Voting Systems __________________________________________________ California Secretary of State public

461 views • 6 slides
Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System

Outline Elections and their security CSci 5271 Introduction to Computer Security System security of electronic voting Electronic voting Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering

420 views • 5 slides
An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques Traor July 8-12 th 2014 Interdisciplinary Analysis of Voting Rules Outline Outline Outline Outline Context Problematic / Security

515 views • 37 slides
Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3

Elections, Computer Security, and Electronic Voting CS161 4/19/2010 David Wagner #1 #2 #3 #4 #5 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify

576 views • 53 slides
Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos

Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos

Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center Overview Motivation Related Work Protocol Examples Analysis Motivation The

621 views • 29 slides
Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An

Detecting Voter Fraud in an Electronic Voting Detecting Voter Fraud Context in an Electronic Voting Context Introduction: Relevance of An Analysis of the Unlimited Reelection Vote in Venezuela Election Forensics Previous Research Ines

686 views • 45 slides
Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 25, 2013 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify that the election was

901 views • 62 slides
Electronic Voting CS 161: Computer Security Prof. David Wagner April 18, 2016 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 18, 2016 Security Goals for

Electronic Voting CS 161: Computer Security Prof. David Wagner April 18, 2016 Security Goals for an Election Integrity: No election fraud Transparency: Everyone especially the loser must be able to verify that the election was

1.13k views • 65 slides
Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of Birmingham joint work with St ephanie Delaune and Steve Kremer LSV Cachan, France SoCS Seminar November 2007 Outline Electronic voting Electronic

763 views • 33 slides
An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques

An introduction to electronic voting Application to single transferable vote Orange Labs Jacques Traor 21 June 2016 COST Action IC1205 Industry Day Outline Context Problematic / Security issues Some challenges in Electronic

621 views • 41 slides
A Comprehensive Analysis Of Quantum E-voting Protocols M. Arapinis, N. Lamprou, E. Kashefi, A.

A Comprehensive Analysis Of Quantum E-voting Protocols M. Arapinis, N. Lamprou, E. Kashefi, A.

A Comprehensive Analysis Of Quantum E-voting Protocols M. Arapinis, N. Lamprou, E. Kashefi, A. Pappa 29 August 2018 Electronic Voting compared to manual procedures, could provide: higher voter participation better accuracy enhanced

478 views • 29 slides
Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction /

Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction /

Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction / Voting Voting using mix-nets Randomized Partial Checking (Jakobsson/Juels/Rivest USENIX 02) Pedagogic variant of Chaums proposal Voting

758 views • 36 slides
Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few security properties [KohnoStubblefieldRubinWallach2004] compared to what is desirable: Eligibility: only eligible voters can vote, and only once.

406 views • 7 slides
Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo, Amira Barki, Solenn Brunet and Jacques Traor 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING16 February 26th, 2016

532 views • 23 slides
Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale electronic voting protocol: Primarily Internet-based Users voting from their own devices (such as home PC/laptop) Aimed toward actual

721 views • 21 slides
Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University

Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University

Statement Voting & Liquid Democracy Hong-sheng Zhou Virginia Commonwealth University Joint with Bingsheng Zhang (Lancaster University) e-voting E-voting encompasses a broad range of voting systems that apply electronic

425 views • 16 slides
Security of Voting Systems Ronald L. Rivest MIT CSAIL Given at: GWU Computer Science Dept.

Security of Voting Systems Ronald L. Rivest MIT CSAIL Given at: GWU Computer Science Dept.

Security of Voting Systems Ronald L. Rivest MIT CSAIL Given at: GWU Computer Science Dept. November 9, 2009 Voting is Easy ??? "What's one and one and one and one and one and one and one and one and one and one?"

882 views • 51 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of

CSCI-UA.9480 Introduction to Computer Security Session 1.8 E-Voting and Other Modern Uses of Cryptography Prof. Nadim Kobeissi 1.8a Electronic Voting 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Properties of an

879 views • 20 slides

More recommend