The firmware of an electronic voting machine is typically treated as a "trusted" component of the system. Consequently, it is misconstrued to be vulnerable only to an insider attack by someone with an in-depth knowledge of the system and access to the source code. This case study focuses on the Diebold/Premier AccuVote Optical Scan voting terminal (AV-OS) that is widely used in the USA elections. We present three low level manipulations of the above voting terminal's firmware resulting in divergence from its prescribed operation: (i) the first bestows the terminal with a powerful memory card dumping functionality, (ii) the second enables the terminal to leak the ballot details through its serial port thus violating voter privacy during the election, (iii) the final third firmware manipulation is a proof of concept attack that swaps the votes of two candidates thus permanently destroying the election outcome in an undetectable fashion. This demonstrates the extent to which the firmware of the AV-OS can be modified with no insider knowledge or access to the source code.
Our results underscore the importance of verifying the integrity of the firmware of electronic voting terminals accompanied by sound auditing procedures to maintain the candor of the electoral process. We also note that this work is performed solely with the purpose of security analysis of AV-OS, and the first and the second firmware manipulations we describe serve a dual purpose in assisting the technological audits of actual voting procedures conducted using AV-OS systems.
[1]
Aggelos Kiayias,et al.
Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting
,
2007,
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).
[2]
J. A. Halderman.
Source Code Review of the Diebold Voting System
,
2007
.
[3]
Aggelos Kiayias,et al.
An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal
,
2007,
EVT.
[4]
Aggelos Kiayias,et al.
Pre-Election Testing and Post-Election Audit of Optical Scan Voting Terminal Memory Cards
,
2008,
EVT.
[5]
Aggelos Kiayias,et al.
Security Assessment of the Diebold Optical Scan Voting Terminal
,
2006
.
[6]
David Wagner,et al.
Security Analysis of the Diebold AccuBasic Interpreter
,
2006
.
[7]
Michael D. Byrne,et al.
An Examination of the Auditability of Voter Verified Paper Audit Trail (VVPAT) Ballots
,
2007,
EVT.