Electronic vote tabulation checks and balances
Electronic vote tabulation checks and balances
Security in embedded systems: Design challenges
ACM Transactions on Embedded Computing Systems (TECS)
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Designing voting machines for verification
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Studying the Nedap/Groenendaal ES3B voting computer: a computer security perspective
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Security analysis of the diebold AccuVote-TS voting machine
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Machine-assisted election auditing
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting
IEEE Security and Privacy
Designing and implementing malicious hardware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Secret-Ballot Receipts: True Voter-Verifiable Elections
IEEE Security and Privacy
Reverse-engineering a cryptographic RFID tag
SS'08 Proceedings of the 17th conference on Security symposium
Security evaluation of ES&S voting machines and election management system
EVT'08 Proceedings of the conference on Electronic voting technology
Systemic issues in the hart intercivic and premier voting systems: reflections on project EVEREST
EVT'08 Proceedings of the conference on Electronic voting technology
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
The New Jersey voting-machine lawsuit and the AVC advantage DRE voting machine
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Formal analysis of an electronic voting system: An experience report
Journal of Systems and Software
Computing the margin of victory for various voting rules
Proceedings of the 13th ACM Conference on Electronic Commerce
A formal analysis of the norwegian e-voting protocol
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Ethical issues in e-voting security analysis
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Analysis of an electronic boardroom voting system
Vote-ID'13 Proceedings of the 4th international conference on E-Voting and Identity
Hi-index | 0.00 |
Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized following widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security in light of relevant election procedures. We conclude that in spite of the machines' simplicity and minimal software trusted computing base, they are vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study carries important lessons for Indian elections and for electronic voting security more generally.