the state of us voting system security - joshua franklin · the state of us voting system security...
TRANSCRIPT
![Page 1: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/1.jpg)
TheStateofUSVotingSystemSecurityDEFCONVotingMachineHackingVillageJuly2017
JoshuaMFranklinNationalInstituteofStandardsandTechnology
![Page 2: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/2.jpg)
ElectionFraudTypes- 1934
• Alteringballots• Ballotsubstitution• Falsecountsandreturns• Alteringreturns
• Registrationfraud• Repeating• Ballotboxstuffing• Assistancetovoters• Intimidation&violence
[1]Joseph Harris,1934
0 2
![Page 3: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/3.jpg)
Bio
• ITSecurityEngineer,NIST• Enterprisemobility,telecommunications,evoting• 10+yearsintheelectionscommunity• Co-chairtheElectionCybersecurityWorkingGroup•MastersinInformationSecurityfromGeorgeMason
0 3
![Page 4: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/4.jpg)
GettoKnowanAgency
• Federal:• ElectionAssistanceCommission(EAC)• NIST,DHS,andFBI
• State:SecretaryofState’soffice• Local:counties,cities,townships,parishes,hamlets
0 4
![Page 5: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/5.jpg)
![Page 6: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/6.jpg)
TypesofVotingSystems
• Votecapture&tabulation• DREs,central&precinctopticalscan,ballotmarkingdevice• Softwareassociatedwithelectionadministration
• Supportingelectionsystems• Voterregistration,epollbooks,electionnightreporting• Candidatefiling,pollworkertracking,ballottracking…
0 6
![Page 7: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/7.jpg)
AChangingThreatModelOld&Busted
• Physicallyproximateattackers• Accidentalevents• Naturaldisasters• Eventsaffectingpublicconfidenceandtrust
NewHotness• Nationstateattackers• Phishing• Supportingelectionsystems• Everythingintheoldthreatmodel,plusCYBER
0 7
![Page 8: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/8.jpg)
SecurityArchitecture
• Embeddedlegacysystem• Typicallyrunning*nixvariant
• Olderorproprietaryphysicalmedia• WorkingTCP/IPstackiscommon• Wirelessispossible• Requiredtostandthetestoftime(10- 15years)• JurisdictionthatcanpayMAYreceive1- 5updates
0 8
![Page 9: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/9.jpg)
IndependentReviews
PrivilegeManagement– 3%CommonCWEs• CWE-306:MissingAuthenticationforCriticalFunction
• CWE-120:Classicbufferoverflow
• CWE-522:InsufficientlyProtectedCredentials
• CWE-345:InsufficientVerificationofDataAuthenticity
• CWE-311:Missingencryptionofsensitivedata
[10]– [27]
0 9
![Page 10: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/10.jpg)
InnovationsinVotingSecurity
• RiskLimitingAudits[8]• SoftwareIndependence[6]• E2Everifiablecryptographicprotocols[9]• Recognitionofusabilityasasecurityissue
1 0
![Page 11: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/11.jpg)
PaperisnotaPanacea
• Paperballotsprovidetamperdetectionandenableauditability• Papercanbemodified• Sealsandchainofcustodyneedverification• Routineauditsneedtobeperformed• Cyberhygiene
1 1
![Page 12: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/12.jpg)
Testing&Certification
• EACrunsatestingandcertificationprogram•Moststatesdoaswell
• Votingsystemtestlabs(VSTLs)performtesting• Statesarenotrequiredtousecertifiedsystems• TestingvalidatesvotingmachinessubmittedforcertificationmeettheVVSG• Freelyavailabletestreports!www.eac.gov
1 2
![Page 13: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/13.jpg)
CertificationProcess
VendorApplication
Kickoff
TestPlan
Testing
TestReport
CertificationDecision
MonitorFieldPerformance
Illustratesbestcasetestingscenario
1 4
![Page 14: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/14.jpg)
VotingStandards
• VoluntaryVotingSystemGuidelines=VVSG[2]• Scopedtovotecaptureandtabulation• Notmandatedforuse• Littlesecurityfocusininitialdrafts• Largeoverhaulinsecurityrequirementssince2005
1 3
![Page 15: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/15.jpg)
VVSGUpdates
1. 1990VSS2. 2002VSS3. 2005VVSG4. 2007Recommendations5. 2015VVSG6. Principles&Guidelines
underdevelopment
1 5
![Page 16: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/16.jpg)
NewProposedStructure
• Principles• Highlevelsystemdesigngoals
• Guidelines• Broadsystemdesigndetailsforelectionofficials
• Requirements• Technicaldetailsfordesignanddevelopmentbyvendors
• TestAssertions• Technicalspecificationfortestingbylabs
1 6
![Page 17: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/17.jpg)
SecurityPrinciples&Guidelines
• DataProtection• SoftwareIntegrity• PhysicalSecurity
• Auditability• BallotSecrecy• AccessControl• DetectionandMonitoring
[3]NIST&EACVotingTwiki
1 7
![Page 18: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/18.jpg)
apt-getupgrade
• Routinemeaningfulaudits• Responsiblevulnerabilitydisclosure• Augmenthowwemanageelectionsecurity
• Riskassessment,threatmodeling,andcontingencyplanning
• Regular,externalscrutinyofsystemsisessential• Votingsystemsneedsoftwareupdates• Electionofficialsneedactionableguidance
1 8
![Page 19: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/19.jpg)
HelpMakeaDifference
• Registertovote• Beapollworker•Workwithyourelectionofficial– notagainst• Jointhepublicworkinggroups
1 9
![Page 20: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/20.jpg)
References1. ElectionAdministrationintheUnitedStates,1934,byJosephP.Harris
https://www.nist.gov/itl/election-administration-united-states-1934-joseph-p-harris-phd2. EAC,VoluntaryVotingSystemGuidelines,2017.
https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines3. NIST&EACSecurityPrinciples&Guidelines,2017.
http://collaborate.nist.gov/voting/bin/view/Voting/SecurityObjectives4. OfficeoftheDirectorofNationalIntelligence,AssessingRussianActivitiesandIntentionsin
RecentUSelections,ICA2017-01D, 2017.https://www.dni.gov/files/documents/ICA_2017_01.pdf
5. ACM,StatewideDatabasesofRegisteredVoters- StudyOfAccuracy,Privacy,Usability,Security,andReliabilityIssues,2006.http://usacm.acm.org/images/documents/vrd_report2.pdf
6. Rivest,Wack,OntheNotionofSoftware-Independence,2008.https://people.csail.mit.edu/rivest/RivestWack-OnTheNotionOfSoftwareIndependenceInVotingSystems.pdf
7. Jones,Simons,BrokenBallots,2012.http://brokenballots.com
8. Stark,AGentleIntroductiontoRiskLimitingAudits,2012.https://www.stat.berkeley.edu/~stark/Preprints/gentle12.pdf
9. Benaloh etal,End-to-endverifiability,2015.https://arxiv.org/pdf/1504.03778.pdf
2 0
![Page 21: The State of US Voting System Security - Joshua Franklin · The State of US Voting System Security DEFCON Voting Machine Hacking Village July 2017 Joshua M Franklin National Institute](https://reader034.vdocuments.site/reader034/viewer/2022051800/5abfcb967f8b9aa15e8e7217/html5/thumbnails/21.jpg)
References10. SAIC- RiskAssessmentReportDieboldAccuVote-TSVotingSystemandProcesses,200311. AnalysisofanElectronicVotingSystem,200412. RABA- TrustedAgentReportDieboldAccuVote-TSVotingSystem,200413. SecurityAnalysisoftheDieboldAccuBasic Interpreter,200614. SecurityAnalysisoftheDieboldAccuVote-TSVotingMachine,200615. DieboldTSx Evaluation,200616. ToptoBottomReview(TTBR),200717. EVEREST:EvaluationandValidationofElection-RelatedEquipment,StandardsandTesting,200718. SoftwareReviewandSecurityAnalysisoftheDieboldVotingMachineSoftware,200719. SoftwareReviewandSecurityAnalysisoftheES&SiVotronic 8.0.1.2VotingMachineFirmware,
200720. InsecuritiesandInaccuraciesoftheSequoiaAVCAdvantage9.00HDREVotingMachine,200821. SoftwareReviewandSecurityAnalysisofScytl RemoteVotingSoftware,200822. CanDREsProvideLong-LastingSecurity?TheCaseofReturn-OrientedProgrammingandtheAVC
Advantage,200923. SecurityAnalysisofIndia’sElectronicVotingMachines,201024. ExploitingtheClientVulnerabilitiesinInternetE-votingSystems:HackingHelios2.0asan
Example,201025. MarylandStateBoardofElectionsOnlineVoterServicesPenetrationTestingReport,201226. AttackingtheWashington,D.C.InternetVotingSystem,201227. SecurityAnalysisoftheEstonianInternetVotingSystem,2014
2 1