Security flaws in existing
voting systems
by Slavik Krassovsky
Introduction
 HAVA
 $3.9 billion appropriated in states aid
 DRE Vendors:






Diebold
ES&S
MicroVote
WINvote
Sequoia
Hart InterCivic
DRE Machine Architecture
Network
Touch Screen
Voter
Smart Card Reader
HardDrive
Certification process
 Is done per FEC guidelines
 ITAs
 Ciber
 Wyle
 SysTest
 Off-the-shelf hardware and software
is exempt
Media reported problems
 01/04, Broward County, Florida:
 134 out of 10,844 votes are missing
 11/03, Boone County, Indiana:
 144,000 votes were cast but Boone
County contains fewer than 19,000
 01/04, Hinds County, Mississippi:
 Machines stayed down all day
Diebold
 Analyzed by researches:





Hardcoded DES key
No Smart card authentication
Unsecure smart card deactivation
Hardcoded PIN
Etc...
Attacks
 Attacks on the machine
Network
Touch Screen
Voter
Smart Card Reader
HardDrive
 Undetectable rigging
Other problems
 No way to verify that their votes were
recorded correctly
 No way to publicly count the votes
 No meaningful recounts are possible
Conclusion
 Some problems can be solved by
strict certification
 But some problems are inherent
 It’s best to look for alternatives