UCSB Engineering

Examining voting machine security...

Computer Security Group finds vulnerabilities in Electronic Voting Systems

The UC Santa Barbara Computer Security Group is internationally known and highly respected. It was natural, then, that their help was sought by both Ohio and California in reviewing the security of the states’ electronic voting systems.

In the Summer of 2007, the group participated in the Top-To-Bottom Review (TTBR) of the electronic voting systems used in California. This was a first-of-its-kind review, where the evaluators had unprecedented access to the systems' source code, hardware, and associated documentation.

The UCSB team focused on the security analysis of the Sequoia voting system. Their findings included a number of major flaws which could be exploited to compromise the integrity, confidentiality, and availability of the voting process. (Their public report can be found on the California Secretary of State’s website or on the group’s own site).

To verify the vulnerabilities their analyses identified, the group developed a virus-like piece of software that can spread across the voting system, modifying the firmware of the voting machines. The modified firmware is able to steal votes even in the presence of a Voter-Verified Paper Audit Trail (VVPAT).

The group also prepared a video that shows how the virus-like attack could be carried out, and demonstrated the different scenarios that their malicious firmware could exploit.

The video shows how one could use a common USB key, or “thumb drive,” to infect the laptop used to prepare the cards that initialize the various voting devices. The infection causes the cards to be loaded with a malicious software component.

When a card is inserted in a voting terminal, the malicious software exploits a vulnerability in the terminal loading procedure and installs modified firmware, effectively "brainwashing" the terminal.

Later, when the terminal is used by the voters to cast their votes, the firmware uses a number of different techniques to modify the contents of the ballots being cast.

The movie also shows that the physical security measures being used to limit access to essential parts of the voting systems are ineffective.

The group wrote a paper that describes their methodology and findings in detail:

Are Your Votes Really Counted? Testing the Security of Real-world Electronic Voting Systems, D. Balzarotti, G. Banks, M. Cova, V. Felmetsger, R. Kemmerer, W. Robertson, F. Valeur, and G. Vigna, in Proceedings of the International Symposium on Software Testing and Analysis, Seattle, WA July 2008.[PDF]

The Security Group included the following paragraphs on its website as context for its efforts:

Electronic voting systems have been introduced to improve the voting process. Since their inception, they have been controversial, because both the technologists and the general public realized that they were losing direct control over an important part of the voting process: counting the votes.

A quote attributed to Stalin says: "Those who cast the votes decide nothing. Those who count the votes decide everything." It is clear that voting systems represent a critical component of a democracy. Although the consequences of a malfunctioning electronic voting system are not as readily apparent as those for air traffic control or nuclear power plant control systems, they are just as important, because the well-being of a society depends on them.

While most critical systems are continuously scrutinized and evaluated for safety and correctness, electronic voting systems are not subject to the same level of scrutiny. A number of recent studies have shown that most (if not all) of the electronic voting systems being used today are fatally flawed, and that their quality does not match the importance of the task that they are supposed to carry out.

###

Documents

• The Report [PDF]
• The Paper [PDF]

Related Links

• The Computer Security Group at UCSB
• Richard Kemmerer
• Giovanni Vigna

Videos