Integrity of electronic voting systems: Fallacious use of cryptography

Seda Davtyan, Aggelos Kiayias, Laurent Michel, Alexander Russell, Alexander A. Shvartsman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

In recent years, electronic voting systems have been deployed in all U.S. elections. Despite the fact that cryptographic integrity checks are used in most such systems, several reports have documented serious security vulnerabilities of electronic voting terminals. We present an overview of the typical security and election vulnerabilities found in most, if not all, electronic election systems, and present a case study that illustrates such vulnerabilities. Our hands-on security analysis of the AccuVote TSx voting terminal - - used by more than 12 million voters in over 350 jurisdictions in the U.S. - demonstrates certain new integrity vulnerabilities that are present in the system. We present two attacks based on these vulnerabilities: one attack swaps the votes of two candidates and another erases the name of one candidate from the slate. These attacks do not require modification of the operating system of the voting terminal (as was the case in a number of previous attacks) and are able to circumvent the cryptographic integrity checks implemented in the terminal. The attacks can be launched in a matter of minutes and require only a computer with the capability to mount a PCMCIA card file system (a default capability in most current operating systems). The attacks presented here were discovered through direct experimentation with the voting terminal and without access to any internal documentation or the source code from the manufacturer.

Original languageEnglish (US)
Title of host publication27th Annual ACM Symposium on Applied Computing, SAC 2012
Pages1486-1493
Number of pages8
DOIs
StatePublished - 2012
Externally publishedYes
Event27th Annual ACM Symposium on Applied Computing, SAC 2012 - Trento, Italy
Duration: Mar 26 2012Mar 30 2012

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Conference

Conference27th Annual ACM Symposium on Applied Computing, SAC 2012
Country/TerritoryItaly
CityTrento
Period3/26/123/30/12

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Integrity of electronic voting systems: Fallacious use of cryptography'. Together they form a unique fingerprint.

Cite this