Systemic issues in the hart intercivic and premier voting systems: reflections on project EVEREST

  • Authors:

  • Kevin Butler;William Enck;Harri Hursti;Stephen McLaughlin;Patrick Traynor;Patrick McDaniel

  • Affiliations:

  • -;-;-;-;-;-

  • Venue:
  • EVT'08 Proceedings of the conference on Electronic voting technology
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

The State of Ohio commissioned the EVEREST study in late summer of 2007. The study participants were charged with an analysis of the usability, stability, and security of all voting systems used in Ohio elections. This paper details the approach and results of the security analysis of the Premier and Hart systems within the EVEREST effort. As in previous studies, we found the election systems to be critically flawed in ways that are practically and easily exploitable. Such exploits could effect election results, prevent legitimate votes from being cast, or simply cast doubt on the legitimacy of the election itself. In this effort we identified new areas of concern including novel exploitable failures of software and election data integrity protection and the discovery of dangerous hidden software features. We begin by describing in depth our systematic methodology for identifying and validating vulnerabilities appropriate for the current complex political climate, and detail and illustrate broad classes of vulnerabilities uncovered using this approach. We conclude by considering the impact of this study both in terms of the tangible vulnerabilities discovered and as a model for performing future analyses.