Home > Geeky stuff, Security > Electronic voting reform

Electronic voting reform

August 8, 2007 Leave a comment Go to comments

I live in California where the Secretary of State Debra Bowen has allowed The University of California to test the E-Voting systems used in here in California.  What they found was that all of them are hackable. I find the preliminary findings very scary but not at all surprising.  The legislature of California are not Computer Security Experts but they should have consulted with and let Security Professionals verify that they were secure before Certifying the systems.  It is inexcusable to allow what is arguably the most important Computer System in the country to be so insecure.  These machines are what decide our election.  If you could modify the election results you could execute a bloodless coup and no one would be the wiser.   No one could prove that an election had been stolen if there is no paper trail.

I will give you one scenario.  All the electronic voting machines are stored in some medium security warehouse with a few guards and 1 or 2 cameras.  A disgruntled technician from company XYZ that makes $20,000 a year maintains voting machines is payed some large sum to hack the companies voting machines.  He is admitted entry into the facility do do “maintenance” He turns them all on and one by one inserts a USB thumb drive that installs a virus on each machine.  He also updates the BIOS and changes the checksum check that is used to verify that the operating system is certified, just like he has to do when he installs any patch.  This virus will change the vote on 41% of the votes in the favor of candidate FOO.  Thus virtually insuring victory.  This virus then removes all traces of itself and restores the correct checksum back into the BIOS at 7:55PM on election day.  With the current systems that have no paper trail and no one would find out unless someone starts looking at the technicians large bank account.

I am not saying to go back to all paper ballets, to me this is even more error prone and hackable than E-voting.  Just make up some ballet boxes and switch them in transit to the registrars office.  No to me the problem is fairly trivial technologically speaking.  The solution is 3 fold.  First and most simple a paper copy must be printed out and verified correct by the voter.  Thus ensuring a backup in case the electronic version is lost or tampered with.

The second part of my proposed solution is PKI (Public Key Infrastructure).  Each voter should be assigned a private key, a 3D bar code would work nicely.  This key should be assigned completely at random and only good for 1 election so that voting patterns couldn’t be data mined and somehow connect to an individual, there should also be no record kept of the voters private key only their public key should be kept.  This private key should be encrypted with a master public key so that there is no way a voters private key and identity could be obtained by coping it in transit unless the person also had the master private key.  The voter then would then scan their bar code and the voting machine would verify that it is a legitimate key by decrypting the key with the master private key.  The voter would then vote and the results would be signed with the users private key, and also be printed out.  If the results were tampered with the signature would not match and it would be obvious that the results were tampered with.  If two different votes were signed with the same private key you would also know that the user voted twice and to trow out all other votes signed with the same signature.   The  public keys and paper copies should be escrowed so that recounts could be done for some defined time.

The last and most important is both the physical security and openness of the system.  The inputs should be protected with 3DES encryption so that only certified devices could be plugged in.  No uncertified devices should be allowed on the system.  No one should be able to plug a key board in.  The case should be wielded shut and painted with a heat sensitive paint so any attempted tampering would be apparent.  The system should be completely open source from the OS to the voting software so that all code can be freely audited.  It someone did manage to hack the system the paper backup should throw up the red flag that the system was compromised.  The system should also be on an encrypted EEPROM so that even if you get into the case you can’t modify the EEPROM with out the key.  The key should be on a physically separate  dongle that is  locked up  separate from the voting machine and must be present when booting the machine and removed thereafter.  If any dongle is lost then all the dongles will have to be replaced and the EEPROM reprogrammed so it is very important that they don’t go missing.  The systems should never be plugged into an open network.  The system that collects the votes should also have a certificate assigned to it and stored on the voting machines so that the voting machines don’t disclose voting results to an unauthorized system.

All of this technology is common and in use today.  We need to reform the voting system so that we implement this as soon as possible.  If we don’t we may soon find our country not in our control anymore.  I don’t go into all the details about the system but I would love feedback, what are the weaknesses in the system I described.  If done correct E-Voting is both more efficient and more secure than paper based voting alone.

Categories: Geeky stuff, Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: