The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017

Similar documents
Cybersecurity of Voting Machines

Elections Division Office of the Secretary of State. Report of the Secretary of State on the Examination of ES&S EVS

ELECTION SYSTEMS & SOFTWARE

GRAND JURY CASTS VOTE OF CONFIDENCE IN OC ELECTION PROCESS

For Publication. August 2015

Vacancy Announcement

2018 NASS IDEAS Award Application State of Colorado

June 6, Mr. Scott Gessler Secretary of State State of Colorado Department of State 1700 Broadway, Suite 200 Denver, CO 80290

The documents listed below were utilized in the development of this Test Report:

Election Systems & Software

Voting Systems Testing Board Major Deficiencies Report Hart InterCivic

Presented to THE CHARTER REVIEW COMMISSION Wednesday, June 14, 2017 Dr. Brenda C. Snipes Broward County Supervisor of Elections

CASE STUDY. Denton County s Smooth Transition to Paper-Ballot Elections

Southern California Counties Gird Elections Systems Ahead of 2018 Vote

The State oftexas. Carlos H. Cascos Secretary of State. REPORT OF REVIEW OF HART INTERCIVIC 's VERITY 2.0 VOTING SYSTEM PRELIMINARY STATEMENT

[Discussion Draft] [DISCUSSION DRAFT] SEPTEMBER 9, H. R. ll

UOCAVA Voter Scoping Strategy

Checklist for Minimum Security Procedures for Voting Systems 1S Section (4),F.S.

There Are Three Basic Steps to Complete the Grant Award Process

Voting System Qualification Test Report Election Systems & Software, LLC

PURCHASING DEPARTMENT

Lifecycle Models for Survivable Systems

REQUEST FOR PROPOSALS FOR A HELP AMERICA VOTE ACT COMPLIANT VOTING SYSTEM ARSOS-HAVA--005

KELLY HART & HALLMAN LLP

Emergency Medical Services Division Policies Procedures Protocols

Security Risk Analysis

RECOUNT RULES & VOTING SYSTEMS

City and County of San Francisco. Request for Proposals for Preparing a Business Case for Developing an Accessible, Open Source Voting System

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA

Help America Vote Act of 2002

REVIEWED BY Leadership & Privacy Officer Medical Staff Board of Trust. Signed Administrative Approval On File

1 LAWS of MINNESOTA 2014 Ch 250, s 3. CHAPTER 250--H.F.No BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Chapter 9 Legal Aspects of Health Information Management

Coalition for Good Governance 7035 Marching Duck Drive E504 Charlotte, NC

Patient Unified Lookup System for Emergencies (PULSE) System Requirements

System Qualification Test Report Clear Ballot Group, Inc.

CITY AND COUNTY OF SAN FRANCISCO DEPARTMENT OF ELECTIONS

Poll Managers. Oaths and Forms For General Elections. Precinct County Date

A Deep Dive into the Privacy Landscape

BEVERLY KAUFMAN county clerk

Security Risk Analysis and 365 Days of Meaningful Use. Rodney Gauna & Val Tuerk, Object Health

Department of Defense DIRECTIVE. SUBJECT: Security Requirements for Automated Information Systems (AISs)

A Tool to Inject Credible Warfighter-Focused Non- Kinetic Attack Effects into the BMDS M&S Environment

HEAD TO HEAD. Bug Bounties vs. Penetration Testing. How the crowdsourced model is disrupting traditional penetration testing.

ELECTIONS 166 GENERAL GOVERNMENT. Mission Statement. Mandates. Expenditure Budget: $2,015, % of General Government

Department of Defense INSTRUCTION. SUBJECT: Security of DoD Installations and Resources and the DoD Physical Security Review Board (PSRB)

PRIVACY POLICIES AND PROCEDURES

NOTICE OF PRIVACY PRACTICES

January 3, 2011 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

TECHNOLOGY SOLUTIONS TO ADVANCE MILITARY & OVERSEAS VOTING CSG OVERSEAS VOTING INITIATIVE TECHNOLOGY WORKING GROUP NASED - FEBRUARY 17, 2017

NCRIC ALPR FAQs. Page: FAQ:

INFORMATION ASSURANCE DIRECTORATE

NEW VOTING SYSTEM RFP# NVS0305

THIS IS WHAT NEEDS TO COME FROM THE POLLS ON ELECTION NIGHT

Joint Base Lewis-McChord (JBLM), WA Network Enterprise Center (NEC) COMPUTER-USER AGREEMENT Change 1 (30 Jun 2008)

CYBER ATTACK SCENARIO

PRIVACY IMPACT ASSESSMENT (PIA) For the

Cybersecurity TEMP Body Example

DoD Annex for Protection Profile for Application Software v1.0 Version 1, Release October 2014

This Proposal has been Electronically Signed by the Authorized Organizational Representative (AOR).

You Too Must Be ITAR-Compliant

Digital Disruption meets Indian Healthcare-the role of IT in the transformation of the Indian healthcare system

Patient Safety Reporting System for Nursing Homes Patient Safety Authority Commonwealth of Pennsylvania. Government to Business (G to B)

Minutes Board of Trustees

Castles in the Clouds: Do we have the right battlement? (Cyber Situational Awareness)

Blackjacking 0wning the Enterprise via Blackberry. Jesse x30n D Aguanno

Air Force Institute of Technology

EMPOWERING THE NEW HEATHCARE ERA

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, D.C

REQUEST FOR INFORMATION STAFF AUGMENTATION/IT CONSULTING RFI NO.: DOEA 14/15-001

Cybersecurity United States National Security Strategy President Barack Obama

Uniform Voting System for the State of Colorado

UNCLASSIFIED FY 2017 OCO. FY 2017 Base

PRIVACY IMPACT ASSESSMENT (PIA) For the

Election Night Reporting Guide

SACRAMENTO COUNTY REQUEST FOR PROPOSAL OPERATIONAL REVIEW Voter Registration and Elections DEPARTMENT

Component Description Unit Topics 1. Introduction to Healthcare and Public Health in the U.S. 2. The Culture of Healthcare

EAC Survey. Pat Wolfe Elections Administrator

Technology Standards of Practice

CHIEF NATIONAL GUARD BUREAU INSTRUCTION

Using Innovation to Advance Interoperability

Joint Improvised-Threat Defeat Organization - Mission -

PRIVACY IMPACT ASSESSMENT (PIA) For the

Overview of NC GangNET

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 9

Security Asset Protection Professional Certification (SAPPC) Competency Preparatory Tools (CPT)

SENATE BILL No Introduced by Senators McGuire, Dodd, and Hill (Principal coauthors: Assembly Members Aguiar-Curry, Levine, and Wood)

Security and Risk considerations for outsourced IT Services EA InfoSec Conference,14/08/2013, version 1.0

ST. JOSEPH COUNTY, INDIANA REQUEST FOR PROPOSALS ST. JOSEPH COUNTY ELECTION BOARD ELECTRONIC POLL-BOOKS. RELEASED January 19, 2016

AVIONICS CYBER TEST AND EVALUATION

Subj: COMMUNICATIONS SECURITY (COMSEC) MONITORING OF NAVY TELECOMMUNICATIONS AND AUTOMATED INFORMATION SYSTEMS (AIS)

Report of the Information & Privacy Commissioner/Ontario. Review of the Cardiac Care Network of Ontario (CCN):

STARTUP INTELLIGENCE STARTUP ACCELERATION

City and County of San Francisco. Request for Proposals for Leasing or Renting a Voting System

U.S. Air Force. AF Cyber Resiliency Office for Weapon Systems (CROWS) I n t e g r i t y - S e r v i c e - E x c e l l e n c e

OFFICE OF THE CITY AUDITOR Audit Report PERFORMANCE AUDIT: POLICE PROPERTY ROOM. Stockton City Council Mayor Ann Johnston

Medicaid EHR Incentive Program Electronic Submission of Clinical Quality Measures Request for Information (RFI) RFI # DHCAA

Automation and Information Technology

Attorney General's Guidelines for Domestic FBI Operations V2.0

Transcription:

The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute of Standards and Technology

Election Fraud Types - 1934 Registration fraud Repeating Ballot box stuffing Assistance to voters Intimidation & violence Altering ballots Ballot substitution False counts and returns Altering returns 02 [1] Joseph Harris, 1934

Bio IT Security Engineer, NIST Enterprise mobility, telecommunications, evoting 10+ years in the elections community Co-chair the Election Cybersecurity Working Group Masters in Information Security from George Mason 03

Get to Know an Agency Federal: Election Assistance Commission (EAC) NIST, DHS, and FBI State: Secretary of State s office Local: counties, cities, townships, parishes, hamlets 04

Types of Voting Systems Vote capture & tabulation DREs, central & precinct optical scan, ballot marking device Software associated with election administration Supporting election systems Voter registration, epollbooks, election night reporting Candidate filing, poll worker tracking, ballot tracking 06

A Changing Threat Model Old & Busted Physically proximate attackers Accidental events Natural disasters Events affecting public confidence and trust New Hotness Nation state attackers Phishing Supporting election systems Everything in the old threat model, plus CYBER 07

Security Architecture Embedded legacy system Typically running *nix variant Older or proprietary physical media Working TCP/IP stack is common Wireless is possible Required to stand the test of time (10-15 years) Jurisdiction that can pay MAY receive 1-5 updates 08

Independent Reviews [10] [27] Privilege Management 3% 09 Common CWEs CWE-306: Missing Authentication for Critical Function CWE-120: Classic buffer overflow CWE-522: Insufficiently Protected Credentials CWE-345: Insufficient Verification of Data Authenticity CWE-311: Missing encryption of sensitive data

Innovations in Voting Security Risk Limiting Audits [8] Software Independence [6] E2E verifiable cryptographic protocols [9] Recognition of usability as a security issue 10

Paper is not a Panacea Paper ballots provide tamper detection and enable auditability Paper can be modified Seals and chain of custody need verification Routine audits need to be performed Cyberhygiene 11

Testing & Certification EAC runs a testing and certification program Most states do as well Voting system test labs (VSTLs) perform testing States are not required to use certified systems Testing validates voting machines submitted for certification meet the VVSG Freely available test reports! www.eac.gov 12

Certification Process Vendor Application Test Report Kickoff Testing Certification Decision Test Plan Monitor Field Performance 14 Illustrates best case testing scenario

Voting Standards Voluntary Voting System Guidelines = VVSG [2] Scoped to vote capture and tabulation Not mandated for use Little security focus in initial drafts Large overhaul in security requirements since 2005 13

VVSG Updates 1. 1990 VSS 2. 2002 VSS 3. 2005 VVSG 4. 2007 Recommendations 5. 2015 VVSG 6. Principles & Guidelines under development 15

New Proposed Structure Principles High level system design goals Guidelines Broad system design details for election officials Requirements Technical details for design and development by vendors Test Assertions Technical specification for testing by labs 16

Security Principles & Guidelines Auditability Ballot Secrecy Access Control Detection and Monitoring Data Protection Software Integrity Physical Security 17 [3] NIST & EAC Voting Twiki

apt-get upgrade Routine meaningful audits Responsible vulnerability disclosure Augment how we manage election security Risk assessment, threat modeling, and contingency planning Regular, external scrutiny of systems is essential Voting systems need software updates Election officials need actionable guidance 18

Help Make a Difference Register to vote Be a pollworker Work with your election official not against Join the public working groups 19

References 1. Election Administration in the United States, 1934, by Joseph P. Harris https://www.nist.gov/itl/election-administration-united-states-1934-joseph-p-harris-phd 2. EAC, Voluntary Voting System Guidelines, 2017. https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines 3. NIST & EAC Security Principles & Guidelines, 2017. http://collaborate.nist.gov/voting/bin/view/voting/securityobjectives 4. Office of the Director of National Intelligence, Assessing Russian Activities and Intentions in Recent US elections, ICA 2017-01D, 2017. https://www.dni.gov/files/documents/ica_2017_01.pdf 5. ACM, Statewide Databases of Registered Voters - Study Of Accuracy, Privacy, Usability, Security, and Reliability Issues, 2006. http://usacm.acm.org/images/documents/vrd_report2.pdf 6. Rivest, Wack, On the Notion of Software-Independence, 2008. https://people.csail.mit.edu/rivest/rivestwack-onthenotionofsoftwareindependenceinvotingsystems.pdf 7. Jones, Simons, Broken Ballots, 2012. http://brokenballots.com 8. Stark, A Gentle Introduction to Risk Limiting Audits, 2012. https://www.stat.berkeley.edu/~stark/preprints/gentle12.pdf 9. Benaloh et al, End-to-end verifiability, 2015. https://arxiv.org/pdf/1504.03778.pdf 2 0

References 10. SAIC - Risk Assessment Report Diebold AccuVote-TS Voting System and Processes, 2003 11. Analysis of an Electronic Voting System, 2004 12. RABA - Trusted Agent Report Diebold AccuVote-TS Voting System, 2004 13. Security Analysis of the Diebold AccuBasic Interpreter, 2006 14. Security Analysis of the Diebold AccuVote-TS Voting Machine, 2006 15. Diebold TSx Evaluation, 2006 16. Top to Bottom Review (TTBR), 2007 17. EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing, 2007 18. Software Review and Security Analysis of the Diebold Voting Machine Software, 2007 19. Software Review and Security Analysis of the ES&S ivotronic 8.0.1.2 Voting Machine Firmware, 2007 20. Insecurities and Inaccuracies of the Sequoia AVC Advantage 9.00H DRE Voting Machine, 2008 21. Software Review and Security Analysis of Scytl Remote Voting Software, 2008 22. Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage, 2009 23. Security Analysis of India s Electronic Voting Machines, 2010 24. Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example, 2010 25. Maryland State Board of Elections Online Voter Services Penetration Testing Report, 2012 26. Attacking the Washington, D.C. Internet Voting System, 2012 27. Security Analysis of the Estonian Internet Voting System, 2014 21

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback