Security Analysis of the Diebold AccuVote-TS Voting Machine

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities--a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.

[1]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[2]  Lawrence D. Norden,et al.  The Machinery of Democracy - Protecting Elections in an Electronic World , 2007 .

[3]  Greg Hoglund,et al.  Rootkits: Subverting the Windows Kernel , 2005 .

[4]  Ronald L Rivest,et al.  On the notion of ‘software independence’ in voting systems , 2008, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[5]  David A. Wagner,et al.  Cryptographic Voting Protocols: A Systems Perspective , 2005, USENIX Security Symposium.

[6]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[8]  Checks and balances in elections equipment and procedures prevent alleged fraud scenarios , .

[9]  Ronald L. Rivest,et al.  On Estimating the Size and Confidence of a Statistical Audit , 2007, EVT.

[10]  Keith J. Jones,et al.  10th USENIX Security Symposium , 2001, login Usenix Mag..

[11]  Andrew Bunnie Huang,et al.  Hacking the Xbox: An Introduction to Reverse Engineering , 2003 .

[12]  Rebecca T. Mercuri,et al.  Electronic vote tabulation checks and balances , 2001 .

[13]  Joseph A. Calandrino Machine-Assisted Election Auditing , 2007, EVT.

[14]  C. Andrew Ne,et al.  Practical high certainty intent verification for encrypted votes , 2004 .

[15]  David Wagner,et al.  Security Analysis of the Diebold AccuBasic Interpreter , 2006 .

[16]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).