Name
Abstract | ||
|---|---|---|
This paper summarizes a security analysis of the DRE and optical scan voting systems manufactured by Election Systems and Software (ES&S), as used in Ohio (and many other jurisdictions inside and outside the US). We found numerous exploitable vulnerabilities in nearly every component of the ES&S system. These vulnerabilities enable attacks that could alter or forge precinct results, install corrupt firmware, and erase audit records. Our analysis focused on architectural issues in which the interactions between various software and hardware modules leads to systemic vulnerabilities that do not appear to be easily countered with election procedures or software updates. Despite a highly compressed schedule (ten weeks) during which we audited hundreds of thousands of lines of source code (much of which runs on custom hardware), we discovered numerous security flaws in the ES&S system that had escaped the notice of the certification authorities. We discuss our approach to the audit, which was part of Project EVEREST, commissioned by Ohio Secretary of State Jennifer Brunner. |
Year | Venue | Keywords |
|---|---|---|
2008 | EVT | security analysis,software updates,voting machine,security evaluation,ohio secretary,hardware module,audit record,custom hardware,numerous security flaw,election systems,election management system,numerous exploitable vulnerability,various software,management system,certificate authority,source code |
Field | DocType | Citations |
Audit,Voting,Computer security,Computer science,Security analysis,Notice,Precinct,Certification,Management system,Firmware | Conference | 14 |
PageRank | References | Authors |
0.94 | 3 | 7 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Adam J. Aviv | 1 | 443 | 35.85 |
| Pavol Černy | 2 | 14 | 0.94 |
| Sandy Clark | 3 | 70 | 8.29 |
| Eric Cronin | 4 | 247 | 14.54 |
| Gaurav Shah | 5 | 102 | 6.08 |
| Micah Sherr | 6 | 625 | 44.49 |
| matt blaze | 7 | 3189 | 381.70 |