Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
Security analysis of the diebold AccuVote-TS voting machine
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
TPM meets DRE: reducing the trust base for electronic voting using trusted platform modules
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
Managing Requirements for E-Voting Systems: Issues and Approaches
RE-VOTE '09 Proceedings of the 2009 First International Workshop on Requirements Engineering for e-Voting Systems
Security analysis of India's electronic voting machines
Proceedings of the 17th ACM conference on Computer and communications security
Eperio: mitigating technical complexity in cryptographic election verification
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Formal analysis of an electronic voting system: An experience report
Journal of Systems and Software
Ethical issues in e-voting security analysis
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
This paper summarizes a security analysis of the DRE and optical scan voting systems manufactured by Election Systems and Software (ES&S), as used in Ohio (and many other jurisdictions inside and outside the US). We found numerous exploitable vulnerabilities in nearly every component of the ES&S system. These vulnerabilities enable attacks that could alter or forge precinct results, install corrupt firmware, and erase audit records. Our analysis focused on architectural issues in which the interactions between various software and hardware modules leads to systemic vulnerabilities that do not appear to be easily countered with election procedures or software updates. Despite a highly compressed schedule (ten weeks) during which we audited hundreds of thousands of lines of source code (much of which runs on custom hardware), we discovered numerous security flaws in the ES&S system that had escaped the notice of the certification authorities. We discuss our approach to the audit, which was part of Project EVEREST, commissioned by Ohio Secretary of State Jennifer Brunner.