Security Analysis of the Diebold AccuVote-TS Voting Machine
نویسندگان
چکیده
This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities—a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.
منابع مشابه
On the Difficulty of Validating Voting Machine Software with Software
We studied the notion of human verification of software-based attestation, which we base on the Pioneer framework. We demonstrate that the current state of the art in software-based attestation is not sufficiently robust to provide humanly verifiable voting machine integrity in practice. We design and implement a selfattesting machine based on Pioneer and modify, and in some cases, correct the ...
متن کاملSource Code Review of the Diebold Voting System
to the California Secretary of State as part of a " Top-to-Bottom " review of electronic voting systems certified for use in the State of California. Executive Summary This report is a security analysis of the Diebold voting system, which consists primarily of the AccuVote-TSX (AV-TSX) DRE, the AccuVote-OS (AV-OS) optical scanner, and the GEMS election management system. It is based on a study ...
متن کاملPrincipal Investigator ’ s Statement on Protection of Security - Sensitive Information
We present an independent security evaluation of the AccuVote Optical Scan voting terminal (AV-OS).We identify a number of new vulnerabilities of this system which, if exploited maliciously, can invalidatethe results of an election process utilizing the terminal. Furthermore, based on our findings an AV-OScan be compromised with off-the-shelf equipment in a matter of minutes even if...
متن کاملSecurity Assessment of the Diebold Optical Scan Voting Terminal
We present an independent security evaluation of the AccuVote Optical Scan voting terminal (AV-OS). We identify a number of new vulnerabilities of this system which, if exploited maliciously, can invalidate the results of an election process utilizing the terminal. Furthermore, based on our findings an AV-OS can be compromised with off-the-shelf equipment in a matter of minutes even if the mach...
متن کاملAn Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal
Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vulnerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting term...
متن کامل