An authentication and Ballot layout attack against an optical scan voting terminal

  • Authors:

  • Aggelos Kiayias;Laurent Michel;Alexander Russell;Narasimha Shashidhar;Andrew See;Alexander A. Shvartsman

  • Affiliations:

  • -;-;-;-;-;-

  • Venue:
  • EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vulnerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting terminal (AV-OS). Previously known attacks direct to the AV-OS required physical access to the memory card and use of difficult to find hardware (card reader/writer). Our attack bypasses these issues by using the serial port of the AV-OS terminal and reverse engineering the communication protocol, in essence, using the terminal itself as a reader/writer. Our analysis is based solely on reverse-engineering. We demonstrate how an attacker can exploit the serious security vulnerability of weak (non-cryptographic) authentication properties of the terminal. The attack payload delivers a tampered ballot layout that, depending on the scenario, allows swapping of candidate votes, neutralizing votes, or even shifting votes from one candidate to another.