Return-Path: Received: from linus.mitre.org ([unix socket]) by linus.mitre.org (Cyrus v2.1.13) with LMTP; Mon, 15 Sep 2003 11:33:53 -0400 X-Sieve: CMU Sieve 2.2 Received: from smtpsrv1.mitre.org (smtpsrv1.mitre.org [129.83.20.101]) by linus.mitre.org (8.12.8p1/8.12.8) with ESMTP id h8FFXqpW013927; Mon, 15 Sep 2003 11:33:52 -0400 (EDT) Received: from lists.mitre.org (lists.mitre.org [129.83.20.13]) by smtpsrv1.mitre.org (8.12.9/8.12.8) with ESMTP id h8FFXkLI025673; Mon, 15 Sep 2003 11:33:46 -0400 (EDT) Received: from lists (lists [129.83.20.13]) by lists.mitre.org (8.9.3+Sun/8.9.3) with ESMTP id LAA26706; Mon, 15 Sep 2003 11:32:25 -0400 (EDT) Received: from LISTS.MITRE.ORG by LISTS.MITRE.ORG (LISTSERV-TCP/IP release 1.8d) with spool id 342527 for INFOSEC-LIST@LISTS.MITRE.ORG; Mon, 15 Sep 2003 11:32:24 -0400 Received: from MAILHUB1 (mailhub1.mitre.org [129.83.20.31]) by lists.mitre.org (8.9.3+Sun/8.9.3) with ESMTP id LAA26683 for ; Mon, 15 Sep 2003 11:32:23 -0400 (EDT) Received: from unity-18-199.mitre.org (129.83.18.199) by mailhub1.mitre.org with SMTP id 4195131; Mon, 15 Sep 2003 11:33:40 -0400 X-Mailer: Mozilla 4.79 [en]C-20020130M (Win98; U) X-Accept-Language: en MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <3F65DCC8.FC7C0434@mitre.org> Date: Mon, 15 Sep 2003 11:37:44 -0400 Reply-To: "Susan L. Zuckerman" From: "Susan L. Zuckerman" Organization: The MITRE Corporation Subject: Security Geeks mtg on Electronic Voting System Security To: INFOSEC-LIST@lists.mitre.org http://dc.securitygeeks.com/events.html Analysis of an Electronic Voting System Date: September 24, 2003 Time: 7:30PM - 9:30PM Room: 100 Agenda: Presentation(s) Open Discussion Abstract: Recent election problems have sparked great interest in managing the election process through the use of electronic voting systems. While computer scientists, for the most part, have been warning of the perils of such action, vendors have forged ahead with their products, claiming increased security and reliability. Many municipalities have adopted electronic systems, and the number of deployed systems is rising. For these new computerized voting systems, neither source code nor the results of any third-party certification analyses have been available for the general population to study, because vendors claim that secrecy is a necessary requirement to keep their systems secure. Recently, however, the source code purporting to be the software for a voting system from a major manufacturer appeared on the Internet. This manufacturer's systems were used in Georgia's state-wide elections in 2002, and the company just announced that the state of Maryland awarded them an order valued at up to $55.6 million to deliver touch screen voting systems. This unique opportunity for independent scientific analysis of voting system source code demonstrates the fallacy of the closed-source argument for such a critical system. Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal. Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk. This was joint work with Adam Stubblefield, Avi Rubin, and Dan Wallach. Bio: Tadayoshi (Yoshi) Kohno is a doctoral student at the University of California at San Diego Cryptography and Security Laboratory. He is also affiliated with the Johns Hopkins University Information Security Institute. Prior to entering graduate school, Yoshi worked as a cryptography and computer security consultant with Counterpane Systems (now Counterpane Internet Security) and with Cigital.