An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal

Aggelos Kiayias; Laurent Michel; Alexander Russell; Narasimha Shashidhar; Andrew See; Alexander A. Shvartsman

An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal

Aggelos Kiayias, Laurent Michel, Alexander Russell, Narasimha Shashidhar, Andrew See, Alexander A. Shvartsman

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vulnerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting terminal (AV-OS). Previously known attacks direct to the AV-OS required physical access to the memory card and use of difficult to find hardware (card reader/writer).

Our attack bypasses these issues by using the serial port of the AV-OS terminal and reverse engineering the communication protocol, in essence, using the terminal itself as a reader/writer. Our analysis is based solely on reverse-engineering. We demonstrate how an attacker can exploit the serious security vulnerability of weak (non-cryptographic) authentication properties of the terminal. The attack payload delivers a tampered ballot layout that, depending on the scenario, allows swapping of candidate votes, neutralizing votes, or even shifting votes from one candidate to another.

Original language	English
Title of host publication	EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Place of Publication	Berkeley, CA, USA
Publisher	USENIX Association
Pages	13-13
Number of pages	1
Publication status	Published - 2007

Publication series

Name	EVT'07
Publisher	USENIX Association

Access to Document

http://dl.acm.org/citation.cfm?id=1323111.1323124

Cite this

@inproceedings{1fa00b1e94a64690a987377053b5274f,

title = "An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal",

abstract = "Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vulnerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting terminal (AV-OS). Previously known attacks direct to the AV-OS required physical access to the memory card and use of difficult to find hardware (card reader/writer).Our attack bypasses these issues by using the serial port of the AV-OS terminal and reverse engineering the communication protocol, in essence, using the terminal itself as a reader/writer. Our analysis is based solely on reverse-engineering. We demonstrate how an attacker can exploit the serious security vulnerability of weak (non-cryptographic) authentication properties of the terminal. The attack payload delivers a tampered ballot layout that, depending on the scenario, allows swapping of candidate votes, neutralizing votes, or even shifting votes from one candidate to another.",

author = "Aggelos Kiayias and Laurent Michel and Alexander Russell and Narasimha Shashidhar and Andrew See and Shvartsman, {Alexander A.}",

year = "2007",

language = "English",

series = "EVT'07",

publisher = "USENIX Association",

pages = "13--13",

booktitle = "EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology",

}

An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal. / Kiayias, Aggelos; Michel, Laurent; Russell, Alexander et al.

EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology. Berkeley, CA, USA : USENIX Association, 2007. p. 13-13 (EVT'07).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal

AU - Kiayias, Aggelos

AU - Michel, Laurent

AU - Russell, Alexander

AU - Shashidhar, Narasimha

AU - See, Andrew

AU - Shvartsman, Alexander A.

PY - 2007

Y1 - 2007

N2 - Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vulnerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting terminal (AV-OS). Previously known attacks direct to the AV-OS required physical access to the memory card and use of difficult to find hardware (card reader/writer).Our attack bypasses these issues by using the serial port of the AV-OS terminal and reverse engineering the communication protocol, in essence, using the terminal itself as a reader/writer. Our analysis is based solely on reverse-engineering. We demonstrate how an attacker can exploit the serious security vulnerability of weak (non-cryptographic) authentication properties of the terminal. The attack payload delivers a tampered ballot layout that, depending on the scenario, allows swapping of candidate votes, neutralizing votes, or even shifting votes from one candidate to another.

AB - Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vulnerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting terminal (AV-OS). Previously known attacks direct to the AV-OS required physical access to the memory card and use of difficult to find hardware (card reader/writer).Our attack bypasses these issues by using the serial port of the AV-OS terminal and reverse engineering the communication protocol, in essence, using the terminal itself as a reader/writer. Our analysis is based solely on reverse-engineering. We demonstrate how an attacker can exploit the serious security vulnerability of weak (non-cryptographic) authentication properties of the terminal. The attack payload delivers a tampered ballot layout that, depending on the scenario, allows swapping of candidate votes, neutralizing votes, or even shifting votes from one candidate to another.

M3 - Conference contribution

T3 - EVT'07

SP - 13

EP - 13

BT - EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology

PB - USENIX Association

CY - Berkeley, CA, USA

ER -

An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal

Abstract

Publication series

Access to Document

Fingerprint

Cite this