Security Evaluation of ES&S Voting Machines and Election Management System
نویسندگان
چکیده
This paper summarizes a security analysis of the DRE and optical scan voting systems manufactured by Election Systems and Software (ES&S), as used in Ohio (and many other jurisdictions inside and outside the US). We found numerous exploitable vulnerabilities in nearly every component of the ES&S system. These vulnerabilities enable attacks that could alter or forge precinct results, install corrupt firmware, and erase audit records. Our analysis focused on architectural issues in which the interactions between various software and hardware modules leads to systemic vulnerabilities that do not appear to be easily countered with election procedures or software updates. Despite a highly compressed schedule (ten weeks) during which we audited hundreds of thousands of lines of source code (much of which runs on custom hardware), we discovered numerous security flaws in the ES&S system that had escaped the notice of the certification authorities. We discuss our approach to the audit, which was part of Project EVEREST, commissioned by Ohio Secretary of State Jennifer Brunner.
منابع مشابه
Source Code Review of the Diebold Voting System
to the California Secretary of State as part of a " Top-to-Bottom " review of electronic voting systems certified for use in the State of California. Executive Summary This report is a security analysis of the Diebold voting system, which consists primarily of the AccuVote-TSX (AV-TSX) DRE, the AccuVote-OS (AV-OS) optical scanner, and the GEMS election management system. It is based on a study ...
متن کاملSecurity and Reliability of Webb County’s ES&S Voting System and the March ’06 Primary Election
(Data presented in this report was obtained, in part, by the attorneys of Campero & Becerra, and in part by myself and my graduate student, Dan Sandler, when we were allowed to directly observe and copy data from Webb County’s voting systems, impounded as part of an ongoing investigation into the election results. My discussion includes some analysis prepared earlier by David Dill (a computer s...
متن کاملMake Your Vote Count In 2008
counted in 2008 on electronic voting machines made and serviced by two companies – Diebold and ES&S. According to the excellent article by Robert F. Kennedy, Jr. that follows this page, “Was the 2004 Election Stolen?,” those two companies have close ties to the Republican Party. The Chairman and CEO of Diebold in 2004 was a major Bush campaign organizer and donor who wrote in 2003 that he was “...
متن کاملCryptographic Voting Protocols: A Systems Perspective
Cryptographic voting protocols offer the promise of verifiable voting without needing to trust the integrity of any software in the system. However, these cryptographic protocols are only one part of a larger system composed of voting machines, software implementations, and election procedures, and we must analyze their security by considering the system in its entirety. In this paper, we analy...
متن کاملImproving voting systems ’ user - friendliness , reliability , & security
About half of Americans have limited confidence that their vote will be properly counted. These fears have focused attention on voting system reliability, security, and usability. Over the last decade, substantial research on voting systems has demonstrated that many systems are less usable and secure than they should be. Producing truly reliable voting systems demands more than just following ...
متن کامل