Security evaluation of ES&S voting machines and election management system

  • Authors:

  • Adam Aviv;Pavol Černy;Sandy Clark;Eric Cronin;Gaurav Shah;Micah Sherr;Matt Blaze

  • Affiliations:

  • Department of Computer and Information Science, University of Pennsylvania;Department of Computer and Information Science, University of Pennsylvania;Department of Computer and Information Science, University of Pennsylvania;Department of Computer and Information Science, University of Pennsylvania;Department of Computer and Information Science, University of Pennsylvania;Department of Computer and Information Science, University of Pennsylvania;Department of Computer and Information Science, University of Pennsylvania

  • Venue:
  • EVT'08 Proceedings of the conference on Electronic voting technology
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper summarizes a security analysis of the DRE and optical scan voting systems manufactured by Election Systems and Software (ES&S), as used in Ohio (and many other jurisdictions inside and outside the US). We found numerous exploitable vulnerabilities in nearly every component of the ES&S system. These vulnerabilities enable attacks that could alter or forge precinct results, install corrupt firmware, and erase audit records. Our analysis focused on architectural issues in which the interactions between various software and hardware modules leads to systemic vulnerabilities that do not appear to be easily countered with election procedures or software updates. Despite a highly compressed schedule (ten weeks) during which we audited hundreds of thousands of lines of source code (much of which runs on custom hardware), we discovered numerous security flaws in the ES&S system that had escaped the notice of the certification authorities. We discuss our approach to the audit, which was part of Project EVEREST, commissioned by Ohio Secretary of State Jennifer Brunner.