Communications of the ACM - Bioinformatics
An authentication and Ballot layout attack against an optical scan voting terminal
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Hack-a-Vote: Security Issues with Electronic Voting Systems
IEEE Security and Privacy
Taking total control of voting systems: firmware manipulations on an optical scan voting terminal
Proceedings of the 2009 ACM symposium on Applied Computing
State-wide elections, optical scan voting systems, and the pursuit of integrity
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Automating voting terminal event log analysis
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Determining the causes of AccuVote optical scan voting terminal memory card failures
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Hi-index | 0.00 |
Optical scan electronic voting machines employ software components that are customized for each specific election. Such software components are critical from a security and integrity point of view, as they define ballot layout and outcome reporting facilities. The possibility of these components to be tampered with presents a major concern as incorrect election results may be produced due to either malicious interference or accidental corruption. Erroneous results caused by tampering or corruptions can go unnoticed in the absence of testing and auditing, and the errors may not be detectable by election officials/poll workers using the pre-election testing procedures that rely on the machines themselves. This paper presents an actual auditing process for the AccuVote Optical Scan Voting Terminal (AV-OS) (manufactured by Premier Election Solutions) and the ensuing results from a recent statewide audit, showing that thorough auditing of a large sample of voting hardware, specifically the memory cards that contain custom software components, is both practical and informative. We argue that memory card audits are crucial in providing timely information and maintaining the integrity of the electoral process. To substantiate this claim, we present as part of our results hard evidence of inadequate reliability of certain hard-ware components used with the voting terminals, and indications of marginal procedural compliance on the part of the poll workers. These audits were performed without any access to the manufacturer's source code or the documentation regarding the design or the internal workings of the AV-OS terminal. We conclude the paper with several observations based on what was learned during the memory card audit process and offer recommendations aimed at enhancing the integrity of elections. The audits presented in this paper were performed on request of the Office of the Secretary of the State of Connecticut.