CSC 382582 Computer Security Voting Security CSC 382582
- Slides: 22
CSC 382/582: Computer Security Voting Security CSC 382/582: Computer Security 1
Topics 1. 2. 3. 4. Why do we vote? Do we have a right to vote? How do we vote? Electronic voting CSC 382/582: Computer Security 2
Why do we vote? 1. What’s the purpose of democracy? 2. Does democracy require voting? 3. Does voting mean you live in a democracy? CSC 382/582: Computer Security 3
Voting Rights Do we have a right to vote? CSC 382/582: Computer Security 4
Voting Rights • Non-discrimination is protected – 15 th (race) – 19 th (sex) – 26 th (age) • But the SCOTUS majority concluded: "the individual citizen has no federal constitutional right to vote for electors for the President of the United States. " (Bush v. Gore, 531 U. S. 98, 104 (2000)) CSC 382/582: Computer Security 5
Voting Methods • • • Binary Ranked Condorcet Rated Proportional CSC 382/582: Computer Security 6
Binary Methods • Plurality – First-past-the-post, largest number wins. • Approval – Vote for multiple candidates; largest number wins. • Runoff – Multiple rounds of plurality until majority winner. – Typical: select top 2, then hold election with just those 2. • Random – People vote for their candidate. – Randomly selected ballot determines winner. CSC 382/582: Computer Security 7
Voting Criteria Majority criterion — If there exists a majority preferring a single candidate, does he always win if that majority votes sincerely? Monotonicity criterion — Is it impossible to cause a winning candidate to lose by ranking him higher, or to cause a losing candidate to win by ranking him lower? Consistency criterion — If the electorate is divided in two and a choice wins in both parts, does it always win overall? Participation criterion — Is it always better to vote honestly than to not vote? Condorcet criterion — If a candidate beats every other candidate in pairwise comparison, does that candidate always win? Arrow’s Impossibility Theorem CSC 382/582: Computer Security 8
Indirect Elections Plurality in state selectors Winner takes all in most states Majority of electoral vote wins Congress selects if no majority 2004 Electoral College Map Bush (red), Kerry (blue) 2004 Population cartogram 286 (Bush)-251 (Kerry) CSC 382/582: Computer Security 9
Voting Details CSC 382/582: Computer Security 10
History of Voting • • Voice Voting Ballots: black pebble, white pebble Paper Ballots Australian Paper Ballot Lever Voting Machines Punched Card Optical Scanner DRE Machines CSC 382/582: Computer Security 11
Types of Electronic Voting • Paper-based voting – Computer marks paper ballots, which are counted. • Direct-recording electronic (DRE) – Records vote count electronically. • Networked DRE – Uploads vote count electronically. – Includes Internet voting. CSC 382/582: Computer Security 12
Advantages of e-voting • Accessibility • Cheaper election costs due to no paper – Multi-lingual ballots • Speed of tabulation • Remote voting CSC 382/582: Computer Security 13
Disadvantages of e-voting • • • Voters could be tracked Lack of reliability Lack of verification Lack of transparency Undetectable fraud (Rice’s theorem) Wholesale fraud CSC 382/582: Computer Security 14
Are Voting Machines Reliable? Columbus, OH – An error while a Danaher / Guardian ELECTronic 1242 was plugged into a laptop to download results gave President Bush 3, 893 extra votes. : http: //www. usatoday. com/tech/news/techpolicy/evoting/2004 -11 -06 -ohio -evote-trouble_x. htm Carteret Co. , NC – More early voters voted on Unilect Inc. ’s Patriot voting system than the system could handle resulting in the loss of more than 4, 500 votes. : http: //www. usatoday. com/news/politicselections/vote 2004/2004 -11 -04 -voteslost_x. htm Broward Co. , FL – ES&S software on their machines only reads 32, 000 votes at a precinct then it starts counting backwards (see this update): http: //www. news 4 jax. com/politics/3890292/detail. html Mecklenburg Co. , NC – More votes registered than voters: http: //www. charlotte. com/mld/charlotte/news/politics/10094165. htm La. Porte County, IN - A bug in ES&S’ software causes each precinct to be reported as only having (exactly) 300 voters each; all reports add up to 22, 000 voters in a county that has more than 79, 000 registered voters. : http: //www. heraldargus. com/content/story. php? storyid=5304 Utah County, UT - 33, 000 straight-party ballots are not counted due to a programming error in punchcard counting equipment. : http: //deseretnews. com/dn/view/0, 1249, 595105309, 00. html CSC 382/582: Computer Security 15
Are Voting Machines Secure? “As long as I count the votes, what are you going to do about it? ” – William Marcy “Boss” Tweed, 1871 CSC 382/582: Computer Security 16
Diebold Ballot. Station 1. Setup – D/L ballot setup 2. Pre-Election – L&A testing 3. Election – Voting 4. Post-Election – Print result tape – Transfer votes CSC 382/582: Computer Security 17
Attack Scenarios • Transferring Votes – Transfer vote from one candidate to another. – Leaves total number of votes unchanged. • Denial of Service – Target precinct that votes for opponent. – Malware shuts down or wipes machine. – Forged administrative smartcard attack. CSC 382/582: Computer Security 18
Injecting Attack Code • Direct installation – Replace EPROM. – Exploit backdoor to install from smartcard. – Reboot using smartcard with botloader. – Voting machines use standard minibar keys. • Virus – Infects memory cards. – Memory cards infect machines on boot. – Software upgrades delivered via memory cards. CSC 382/582: Computer Security 19
Concealing Voting Malware • Timing – Software only active in Election mode. – Software only active on certain dates / times. • Knock – Software actives only after secret “knock” given. • Hiding processes and files – Rootkit techniques – Virtualization CSC 382/582: Computer Security 20
Mitigating Attacks • Be like an XBox. • Digital signatures for software updates • Securing audit logs and counters – Specialized hardware – Cryptographic techniques • Chain of custody for memory cards • Voter verifiable paper trail CSC 382/582: Computer Security 21
References 1. 2. 3. 4. 5. 6. 7. 8. 9. Caltech/MIT Voting Project, “Residual Votes Attributable to Technology, ” http: //www. hss. caltech. edu/~voting/Cal. Tech_MIT_Report_Version 2. pdf#sea rch=%22 mit%20 caltech%20 uncounted%20 ballots%22, 2001. “More e-voting problems, ” http: //www. evoting-experts. com/, December 12, 2004. Ariel J. Feldman, J. Alex Halderman, Edward W. Felten, “Security Analysis of the Diebold Accu. Vote-TS Voting Machine, ” http: //itpolicy. princeton. edu/voting, Sep 13, 2006. Douglas Jones, “Illustrated Voting Machine History, ” http: //www. cs. uiowa. edu/~jones/voting/pictures/, 2003. Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, Dan S. Wallach, “Analysis of an Electronic Voting System, ” IEEE Symposium on Security and Privacy, Oakland, CA, May, 2004 Mark Newman, “Election Result Maps, ” http: //wwwpersonal. umich. edu/~mejn/election/, 2004. Avi Rubin, Brave New Ballot, Morgan Road Books, 2006. Kim Zetter, “House Dems seek Election Inquiry, ” http: //www. wired. com/news/evote/0, 2645, 65623, 00. html, Nov 5, 2004. http: //en. wikipedia. org/wiki/Voting_system, 2006. CSC 382/582: Computer Security 22
382582
Csc
Provate security
Membership of imf
Media influence on voting behaviour essay
Voting rights
Voting by feet tiebout
Hough voting
A student who lives in minneapolis chooses to spend
Sociological factors that affect voting behavior
Deployment diagram notations
Deployment diagram for online voting system
Win the white house brainpop
Sms poll voting
Online voting system project proposal
Hough voting
Deployment diagram for online voting system
Which statement best summarizes the speech
Red line voting
Meetoo live polling
Vevox.ap
Vtools enotice
Pros of fptp
