Cell Phones and Voting System Integrity
Natalie Podrazik
[email protected]
Overview
I. II.
I. II.
I. II.
Introduction Cell Phones
Background Potential Attack tools
Recording Abilities Wireless connections
III.
I. II. III. IV.
WINvote System
Overview How it works Vulnerabilities and Attacks Evaluation of WINvote¶s preparedness for cell phone attacks
III. IV.
Traceability Relevance to Voting Systems
IV. V.
Recommendations Conclusions
2
Natalie Podrazik ±
[email protected]
Introduction
Why Why Why
this project was started this project is relevant it is novel
UMBC
CSEE; CS 491V/691V Investigator: Natalie Podrazik
3
Program
Natalie Podrazik ±
[email protected]
Cell Phones: At a Glance
Became
203
extremely popular in late 90¶s
million + Americans own them today
Growth
towards greater computing capacity and personal feel of PDA and cell phones
Leads
Integration
More
customizable in size
to functionality of
PC¶s
Smaller
Natalie Podrazik ±
[email protected]
4
What can a cell phone do?
Carry on conversation over phone line (GSM...) Voicemail
Address book Speed dial Call history Calculator Games Alarm clock Text messaging
Take digital photographs Record sound Record Video Photo messaging Run PC-oriented applications (iTunes) Access wireless devices
Bluetooth 802.11
Programmable
Natalie Podrazik ±
[email protected]
5
Why Recording Devices are Problematic
Invasion Easier Taking
of privacy
means of vote influence home TMI citizens¶ voting registration
Disabled Member
Easy recreation of interfaces with model
Natalie Podrazik ±
[email protected]
6
Why Wireless Devices are Problematic
Systems
use Bluetooth or Wi-Fi
Disruptions
Ballot
loading to DRE¶s Sending of data to remote printers Gathering of voter registration data Pertinent election day updates Tabulation of votes More...
Natalie Podrazik ±
[email protected]
iPAQ H6315 Pocket PC
T -Mobile M/DA
7
A Unique Territory
Cell
phones as potential attackers in critical systems voting systems:
Electronic
Inaccuracy Unpredictability Holes
in security
Cost
of attacks; identification of attacker
8
Natalie Podrazik ±
[email protected]
Case Study: WINvote
DRE,
PPV Internet history for easy setup
Wireless Chosen
Checkered
Binds
County, MI: Failures Arlington, VA: Praises
2006
Elections: VA
VA
Natalie Podrazik ±
[email protected]
9
On Election Day: Setting Up
Setup of equipment Boot up all machines Display of machine data Choose Master
Master downloads ballot via Wi-Fi Master distributes ballot to other stations
Displays Serial #s on Master screen
Open Unit Report
Natalie Podrazik ±
[email protected]
10
On Election Day: Voting
Election
official inserts BALLOT card leaves; voter votes recorded in:
EO
Votes
Hard
drive USB Memory stick
11
Natalie Podrazik ±
[email protected]
On Election Day: Counting Votes
EO enters smart card on one chosen Master EO confirms ³Close Poll Location´ Other machines ³wake up´
Serial #s of each machine displayed until ³Stop Searching´ EO can ³Export Location Data´
Master receives vote tallies ³Unit Close´ report prints on each machine from other machines in precinct
Natalie Podrazik ±
[email protected]
12
Recording Devices Exploit WINvote Flaws
Vote
bribery/intimidation of exact interface
Capturing
GUI
ballots Disabled voters¶ ballots Bootup procedures Shutdown procedures
Inability
to determine when recording is going on
13
Natalie Podrazik ±
[email protected]
System Integrity Attacks
Background:
Types
of DoS Attacks to Wireless
layer duration stalling
Deauthentication MAC
Strength Cost
Technologies
Bluetooth 802.11
Natalie Podrazik ±
[email protected]
to fret about
(Wi-Fi)
14
WINvote¶s Vulnerabilities I
Recording Election Data
Range
of sensitive material
Machine
Details Registration Paperwork Precinct Environment Voting Procedures
Challenge Identifying
of Detection Attackers
Natalie Podrazik ±
[email protected]
15
Evaluation of Attack I
Recording Election Data
Record Casting of Votes P/ND/$
Record Screen Touch History I/D/$$
Record Votes Cast by DRE I/D/$$
Record Voter Voting P/ND/$
Recording Hardware I/D/$$$
P = Possible I = Impossible
Natalie Podrazik ±
[email protected]
Embedded Software I/D/$$
D = Detectable ND = Not Detectable
Hidden, Traditional P/ND/$$
Cell Phone P/ND/$
$ = Relatively Cheap $$ = Moderately Priced $$$ = Very Expensive
16
Evaluation of Attack I
Recording Election Data
Feasibility
Cost? Resources? Time? Risk?
Impact
Machine Polling
Place Precinct Election Cheap and possible attack with minor to major consequences
Traceability Likelihood
Natalie Podrazik ±
[email protected]
17
WINvote¶s Vulnerabilities II
Disrupting the Tallying of Votes
Denial Of Service Attack
Repeated deauthentications MAC Duration field delay
Redundancies for vote counts
Wireless submission Paper trail USB Memory stick
Broader impact of attack
18
Natalie Podrazik ±
[email protected]
Evaluation of Attack II
Disrupting the Tallying of Votes
Block Tabulation P/ND/$$I Destroy Machines I/D/$$ Ruin USB P/D/$ Swap I/D/$$ Steal I/D/$ Ruin Paper Trail P/D/$ Remove Pollworkers I/D/$ Ruin Wi-Fi Connection P/ND/$$ Break/Damage I/D/$ Special Equipment P/ND/$$ Jammer P/D/$$
Break/Damage P/D/$
Swap I/ND/$
Steal I/D/$
Laptop P/ND/$$
Break/Damage P/D/$
Natalie Podrazik ±
[email protected]
Cell Phone P/ND/$$
19
Evaluation of Attack II
Disrupting the Tallying of Votes
Feasibility
Cost? Resources? Time? Risk?
Impact
Machine Polling
Place Precinct Election Requires some work and may have minor consequences. Redundancies in vote recording protect accuracy of election.
20
Traceability Likelihood
Natalie Podrazik ±
[email protected]
WINvote¶s Vulnerabilities III
Wake-On-LAN (WoL)
How
it works
Tells
WINvote machines to connect at receipt of a ³magic packet´
Spoofing
of magic packet of a ³harmless
Repercussions
attack´
Natalie Podrazik ±
[email protected]
21
Evaluation of Attack III
Wake-On-LAN (WoL)
Disturb WoL P/ND/$$
Destroy Machines I/D/$
Send Premature WoL Request P/ND/$$
Insert Smart Card Early I/D/$
Spoof WoL Request P/ND/$$
Computer P/ND/$$
Cell Phone P/ND/$$
22
Natalie Podrazik ±
[email protected]
Evaluation of Attack III
Wake-On-LAN (WoL)
Feasibility
Cost? Resources? Time? Risk?
Impact
Machine Polling
Place Precinct Election Requires some work and may not affect overall election results, but it severely affects voter confidence in the system.
Traceability Likelihood
Natalie Podrazik ±
[email protected]
23
WINvote¶s Vulnerabilities IV
Ballot Loading
Denial-Of-Service
Deauthentication MAC
Attacks
Duration field delay
Redundancies Broader
Official Ballot
impact of attack
Natalie Podrazik ±
[email protected]
24
Evaluation of Attack IV
Ballot Loading
Block Ballot Loading P/ND/$ Destroy Machines I/D/$$ Remove Pollworkers I/D/$
Disable Smart Cards P/D/$
Prevent Wi-Fi via DoS P/ND/$
Swap I/ND/$$ Steal P/D/$
Ruin Cards P/D/$$
Laptop P/ND/$$
Cell Phone P/ND/$
Natalie Podrazik ±
[email protected]
25
Evaluation of Attack IV
Ballot Loading
Feasibility
Cost? Resources? Time? Risk?
Impact
Machine Polling
Place Precinct Election
Traceability Likelihood
A likely attack with a major effect on election day with very few resources
Natalie Podrazik ±
[email protected]
26
WINvote¶s Preparedness
Preventative
Prohibiting
measures
cell phones Limiting duration field Requiring additional packet ID
Recognizing Identifying
attack
Attackers
Natalie Podrazik ±
[email protected]
27
What We Can Learn from WINvote
D Process
redundancy D Encryption of vote data D Encryption methods
U Use
of Wireless Internet U Wake-On-LAN U Danger of portable devices
Natalie Podrazik ±
[email protected]
28
Summary
Cell
phones pack a lot of punch as a case study
WINvote
Privacy System
disruption Probability and ease of attack
Reevaluate
today¶s attacker
Natalie Podrazik ±
[email protected]
29
Works Cited I
1.
"802.11 at the Polls". Wi-Fi Planet. Date of Access: 04 May 2006: http://www.wifiplanet.com/news/article.php/2211761 "Advanced Voting Solutions Homepage". Advanced Voting Solutions. Date of Access: 04 May 2006: http://217.160.190.12/jlo775/ "Advanced Voting Solutions: WINvote Results". Acessible Voting Systems Vendor Fair Survey Results. Date of Access: 04 May 2006: http://www.sos.state.or.us/elections/HAVA/vendorfair/survey_results/avswin_results.html "A Report on the Feasibility of Internet Voting", California Secretary of State Bill Jones and California Internet Voting Task Force. Created June 2000. Date of Access: 04 May 2006: http://www.ss.ca.gov/executive/ivote/final_report.htm "A Vote for the Future". Gpvernment Technology. Date of Access: 04 May 2006: http://www.govtech.net/magazine/story.php?id=61857&issue=8:2003 "AVS.doc". Oregon Secretary of State Help America Vote Act (HAVA) Page. Date of Access: 04 May 2006: www.sos.state.or.us/elections/HAVA/vendorfair/survey_results/AVS.doc
2.
3.
4.
5.
6.
Natalie Podrazik ±
[email protected]
30
Works Cited II
7.
"AVS Election Article: Advanced Voting Solutions Debuts Successfully in Three States". The Advocate Online. Date of Access: 04 May 2006: http://www.sims.berkeley.edu/~ping/diebold/lists/announce.w3archive/200211/msg00013.html Bellardo, John, and Stefan Savage. "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions" in the Proceedings of the USENIX Security Symposium, August 2003. "Digital Voting Fears are Grounded in Facts". VoteTrust USA. Date of Access: 04 May 2006: http://www.votetrustusa.org/index.php?option=com_content&task=view&id=419&Itemid=86 "Election Day Guide". Arlington County, Virginia Electoral Board and Voter Registration. Date of Access: 04 May 2006: http://www.arlingtonva.us/departments/VoterRegistration/eo/images/EdayGuide.pdf "Electronic Voting Bibliography". Personal Website: Anne-Marie Oostveen. Date of Access: 04 May 2006: http://www.social-informatics.net/evoting "FAQ's: Voting Machine Replacement - Frequently Asked Questions". Fairfax County, Viringia Official Website. Date of Access: 04 May 2006: http://www.fairfaxcounty.gov/eb/FAQ_votingmachine_repl.pdf
8.
9.
10.
11.
12.
Natalie Podrazik ±
[email protected]
31
Works Cited III
13.
"HP iPAQ Pocket PC Information Center System Specifications". Pocket PC Central. Date of Access: 18 April 2006: http://pocketpccentral.net/ipaq6300.htm "Mobile Device Reviews". BrightHand. Date of Access: 18 April 2006: http://www.brighthand.com "Number of Precincts and Registered Voters by Congressional District February 1, 2006". Virginia State Board of Elections . Date of Access: 04 May 2006: http://www.sbe.virginia.gov/cms/Statistics_Polling_Places/Registration_Statistics/2006/Congres sional/Counties_Cities_within_Congressional_Districts_-_February_1,_2006.html "Products: Architectural Elements: Voice Output Voting Machine". Abledata. Date of Access: 04 May 2006: http://www.abledata.com/abledata.cfm?pageid=19327&top=15499&trail=22,10445 "State & County QuickFacts: Virginia County Selection Map". US Census Bureau. Date of Access: 04 May 2006: http://quickfacts.census.gov/qfd/maps/virginia_map.html "Tech Glitches Slow Vote Count". The Washington Times. Date of Access: 04 May 2006: http://www.washingtontimes.com/metro/20031123-111644-2120r.htm "The Electoral Board and General Registrar". Fairfax County, Virginia Official Website. Date of Access: 04 May 2006: http://www.fairfaxcounty.gov/eb/homepage.htm
32
14.
15.
16.
17.
18.
19.
Natalie Podrazik ±
[email protected]
Works Cited IV
United States Federal Election Commission. Agenda Document 01-62 from 13 December 2001. Volume 1, Section 5: Telecommunications. "UT-STARCOM F1000G System Specifications". UTstarcom. Date of Access: 18 April 2006: http://www.utstar.com/Solutions/Handsets/WiFi/ "Va. Official: E-voting Security Not Easily Breached". The Citizens Voice. Date of Access: 04 May 2006: http://www.zwire.com/site/news.cfm?newsid=13976846&BRD=2259&PAG=461&dept_id=4551 54 "Voting System Certification Status". Pennsylvania Department of State. Date of Access: 04 May 2006: http://www.hava.state.pa.us/hava/lib/hava/votingsystemexamination/vs_certification_status.pdf "What is Wake On Lan?". Depicus Software. Date of Access: 04 May 2006: http://www.depicus.com/wake-on-lan/what-is-wake-on-lan.aspx "Wi-Fi". Wikipedia. Last updated: 18 April 2006. Date of Access: 18 April 2006: http://en.wikipedia.org/wiki/Wi-Fi "Wireless Use in Presidential Primary Draws Positive Reviews". Spectrum Resellers. Date of Access: 04 May 2006: http://spectrumresellers.com/publications/page207725565.asp
33
Natalie Podrazik ±
[email protected]