TY - GEN
T1 - Taking total control of voting systems: firmware manipulations on an optical scan voting terminal.
T2 - 24th Annual ACM Symposium on Applied Computing, SAC 2009
AU - Davtyan, Seda
AU - Kentros, Sotiris
AU - Kiayias, Aggelos
AU - Michel, Laurent
AU - Nicolaou, Nicolas
AU - Russell, Alexander
AU - See, Andrew
AU - Shashidhar, Narasimha
AU - Shvartsman, Alexander A.
N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.
PY - 2009
Y1 - 2009
N2 - The firmware of an electronic voting machine is typically treated as a "trusted" component of the system. Consequently, it is misconstrued to be vulnerable only to an insider attack by someone with an in-depth knowledge of the system and access to the source code. This case study focuses on the Diebold/Premier AccuVote Optical Scan voting terminal (AV-OS) that is widely used in the USA elections. We present three low level manipulations of the above voting terminal's firmware resulting in divergence from its prescribed operation: (i) the first bestows the terminal with a powerful memory card dumping functionality, (ii) the second enables the terminal to leak the ballot details through its serial port thus violating voter privacy during the election, (iii) the final third firmware manipulation is a proof of concept attack that swaps the votes of two candidates thus permanently destroying the election outcome in an undetectable fashion. This demonstrates the extent to which the firmware of the AV-OS can be modified with no insider knowledge or access to the source code. Our results underscore the importance of verifying the integrity of the firmware of electronic voting terminals accompanied by sound auditing procedures to maintain the candor of the electoral process. We also note that this work is performed solely with the purpose of security analysis of AV-OS, and the first and the second firmware manipulations we describe serve a dual purpose in assisting the technological audits of actual voting procedures conducted using AV-OS systems.
AB - The firmware of an electronic voting machine is typically treated as a "trusted" component of the system. Consequently, it is misconstrued to be vulnerable only to an insider attack by someone with an in-depth knowledge of the system and access to the source code. This case study focuses on the Diebold/Premier AccuVote Optical Scan voting terminal (AV-OS) that is widely used in the USA elections. We present three low level manipulations of the above voting terminal's firmware resulting in divergence from its prescribed operation: (i) the first bestows the terminal with a powerful memory card dumping functionality, (ii) the second enables the terminal to leak the ballot details through its serial port thus violating voter privacy during the election, (iii) the final third firmware manipulation is a proof of concept attack that swaps the votes of two candidates thus permanently destroying the election outcome in an undetectable fashion. This demonstrates the extent to which the firmware of the AV-OS can be modified with no insider knowledge or access to the source code. Our results underscore the importance of verifying the integrity of the firmware of electronic voting terminals accompanied by sound auditing procedures to maintain the candor of the electoral process. We also note that this work is performed solely with the purpose of security analysis of AV-OS, and the first and the second firmware manipulations we describe serve a dual purpose in assisting the technological audits of actual voting procedures conducted using AV-OS systems.
UR - http://www.scopus.com/inward/record.url?scp=70450234690&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70450234690&partnerID=8YFLogxK
U2 - 10.1145/1529282.1529736
DO - 10.1145/1529282.1529736
M3 - Conference contribution
AN - SCOPUS:70450234690
SN - 9781605581668
T3 - Proceedings of the ACM Symposium on Applied Computing
SP - 2049
EP - 2053
BT - 24th Annual ACM Symposium on Applied Computing, SAC 2009
Y2 - 8 March 2009 through 12 March 2009
ER -