mobile voting cell phone

Published on May 2016 | Categories: Documents | Downloads: 23 | Comments: 0 | Views: 310
of 33
Download PDF   Embed   Report
NILSHAKL
Subscribe 0

Comments

Content

Cell Phones and Voting System Integrity

Natalie Podrazik [email protected]

Overview
I. II.
I. II.
I. II.

Introduction Cell Phones
Background Potential Attack tools
Recording Abilities Wireless connections

III.
I. II. III. IV.

WINvote System
Overview How it works Vulnerabilities and Attacks Evaluation of WINvote¶s preparedness for cell phone attacks

III. IV.

Traceability Relevance to Voting Systems

IV. V.

Recommendations Conclusions
2

Natalie Podrazik ± [email protected]

Introduction
 Why  Why  Why

this project was started this project is relevant it is novel

 UMBC

CSEE; CS 491V/691V Investigator: Natalie Podrazik
3

 Program

Natalie Podrazik ± [email protected]

Cell Phones: At a Glance
 Became
 203

extremely popular in late 90¶s
million + Americans own them today

 Growth

towards greater computing capacity and personal feel of PDA and cell phones
 Leads

 Integration

 More

customizable in size

to functionality of

PC¶s
 Smaller

Natalie Podrazik ± [email protected]

4

What can a cell phone do?
        

Carry on conversation over phone line (GSM...) Voicemail


Address book Speed dial Call history Calculator Games Alarm clock Text messaging

Take digital photographs Record sound Record Video Photo messaging Run PC-oriented applications (iTunes) Access wireless devices
 

   



Bluetooth 802.11



Programmable

Natalie Podrazik ± [email protected]

5

Why Recording Devices are Problematic
 Invasion  Easier  Taking

of privacy

means of vote influence home TMI citizens¶ voting registration

 Disabled  Member


Easy recreation of interfaces with model

Natalie Podrazik ± [email protected]

6

Why Wireless Devices are Problematic
 Systems

use Bluetooth or Wi-Fi

 Disruptions
Ballot

loading to DRE¶s Sending of data to remote printers Gathering of voter registration data Pertinent election day updates Tabulation of votes More...
Natalie Podrazik ± [email protected]

iPAQ H6315 Pocket PC

T -Mobile M/DA
7

A Unique Territory
 Cell

phones as potential attackers in critical systems voting systems:

 Electronic

Inaccuracy Unpredictability Holes

in security

 Cost

of attacks; identification of attacker
8

Natalie Podrazik ± [email protected]

Case Study: WINvote
 DRE,

PPV Internet history for easy setup

 Wireless  Chosen

 Checkered
 Binds

County, MI: Failures  Arlington, VA: Praises
 2006

Elections: VA

VA
Natalie Podrazik ± [email protected]

9

On Election Day: Setting Up


Setup of equipment Boot up all machines Display of machine data Choose Master



Master downloads ballot via Wi-Fi Master distributes ballot to other stations








Displays Serial #s on Master screen





Open Unit Report

Natalie Podrazik ± [email protected]

10

On Election Day: Voting
 Election

official inserts BALLOT card leaves; voter votes recorded in:

 EO

 Votes

 Hard

drive  USB Memory stick
11

Natalie Podrazik ± [email protected]

On Election Day: Counting Votes


EO enters smart card on one chosen Master EO confirms ³Close Poll Location´ Other machines ³wake up´





Serial #s of each machine displayed until ³Stop Searching´ EO can ³Export Location Data´



 

Master receives vote tallies  ³Unit Close´ report prints on each machine from other machines in precinct

Natalie Podrazik ± [email protected]

12

Recording Devices Exploit WINvote Flaws
 Vote

bribery/intimidation of exact interface

 Capturing
GUI

ballots Disabled voters¶ ballots Bootup procedures Shutdown procedures
 Inability

to determine when recording is going on
13

Natalie Podrazik ± [email protected]

System Integrity Attacks
 Background:
Types

of DoS Attacks to Wireless
layer duration stalling

Deauthentication MAC

Strength Cost

 Technologies
Bluetooth 802.11
Natalie Podrazik ± [email protected]

to fret about

(Wi-Fi)
14

WINvote¶s Vulnerabilities I
Recording Election Data

 Range

of sensitive material

 Machine

Details  Registration Paperwork  Precinct Environment  Voting Procedures
 Challenge  Identifying

of Detection Attackers

Natalie Podrazik ± [email protected]

15

Evaluation of Attack I
Recording Election Data
Record Casting of Votes P/ND/$

Record Screen Touch History I/D/$$

Record Votes Cast by DRE I/D/$$

Record Voter Voting P/ND/$

Recording Hardware I/D/$$$
P = Possible I = Impossible
Natalie Podrazik ± [email protected]

Embedded Software I/D/$$
D = Detectable ND = Not Detectable

Hidden, Traditional P/ND/$$

Cell Phone P/ND/$

$ = Relatively Cheap $$ = Moderately Priced $$$ = Very Expensive
16

Evaluation of Attack I
Recording Election Data

 Feasibility
 Cost?  Resources?  Time?  Risk?

 Impact
 Machine  Polling

Place  Precinct  Election Cheap and possible attack with minor to major consequences

 Traceability  Likelihood

Natalie Podrazik ± [email protected]

17

WINvote¶s Vulnerabilities II
Disrupting the Tallying of Votes


Denial Of Service Attack
 

Repeated deauthentications MAC Duration field delay



Redundancies for vote counts
  

Wireless submission Paper trail USB Memory stick



Broader impact of attack
18

Natalie Podrazik ± [email protected]

Evaluation of Attack II
Disrupting the Tallying of Votes
Block Tabulation P/ND/$$I Destroy Machines I/D/$$ Ruin USB P/D/$ Swap I/D/$$ Steal I/D/$ Ruin Paper Trail P/D/$ Remove Pollworkers I/D/$ Ruin Wi-Fi Connection P/ND/$$ Break/Damage I/D/$ Special Equipment P/ND/$$ Jammer P/D/$$

Break/Damage P/D/$

Swap I/ND/$

Steal I/D/$

Laptop P/ND/$$

Break/Damage P/D/$
Natalie Podrazik ± [email protected]

Cell Phone P/ND/$$
19

Evaluation of Attack II
Disrupting the Tallying of Votes

 Feasibility
 Cost?  Resources?  Time?  Risk?

 Impact
 Machine  Polling

Place  Precinct  Election Requires some work and may have minor consequences. Redundancies in vote recording protect accuracy of election.
20

 Traceability  Likelihood

Natalie Podrazik ± [email protected]

WINvote¶s Vulnerabilities III
Wake-On-LAN (WoL)

 How

it works

 Tells

WINvote machines to connect at receipt of a ³magic packet´

 Spoofing

of magic packet of a ³harmless

 Repercussions

attack´
Natalie Podrazik ± [email protected]

21

Evaluation of Attack III
Wake-On-LAN (WoL)
Disturb WoL P/ND/$$

Destroy Machines I/D/$

Send Premature WoL Request P/ND/$$

Insert Smart Card Early I/D/$

Spoof WoL Request P/ND/$$

Computer P/ND/$$

Cell Phone P/ND/$$
22

Natalie Podrazik ± [email protected]

Evaluation of Attack III
Wake-On-LAN (WoL)

 Feasibility
 Cost?  Resources?  Time?  Risk?

 Impact
 Machine  Polling

Place  Precinct  Election Requires some work and may not affect overall election results, but it severely affects voter confidence in the system.

 Traceability  Likelihood

Natalie Podrazik ± [email protected]

23

WINvote¶s Vulnerabilities IV
Ballot Loading

 Denial-Of-Service
Deauthentication MAC

Attacks

Duration field delay

 Redundancies  Broader

Official Ballot

impact of attack

Natalie Podrazik ± [email protected]

24

Evaluation of Attack IV
Ballot Loading
Block Ballot Loading P/ND/$ Destroy Machines I/D/$$ Remove Pollworkers I/D/$

Disable Smart Cards P/D/$

Prevent Wi-Fi via DoS P/ND/$

Swap I/ND/$$ Steal P/D/$

Ruin Cards P/D/$$

Laptop P/ND/$$

Cell Phone P/ND/$

Natalie Podrazik ± [email protected]

25

Evaluation of Attack IV
Ballot Loading

 Feasibility
 Cost?  Resources?  Time?  Risk?

 Impact
 Machine  Polling

Place  Precinct  Election

 Traceability  Likelihood

A likely attack with a major effect on election day with very few resources

Natalie Podrazik ± [email protected]

26

WINvote¶s Preparedness
 Preventative
Prohibiting

measures

cell phones Limiting duration field Requiring additional packet ID
 Recognizing  Identifying

attack

Attackers

Natalie Podrazik ± [email protected]

27

What We Can Learn from WINvote
D Process

redundancy D Encryption of vote data D Encryption methods
U Use

of Wireless Internet U Wake-On-LAN U Danger of portable devices
Natalie Podrazik ± [email protected]

28

Summary
 Cell

phones pack a lot of punch as a case study

 WINvote
Privacy System

disruption Probability and ease of attack
 Reevaluate

today¶s attacker

Natalie Podrazik ± [email protected]

29

Works Cited I
1.

"802.11 at the Polls". Wi-Fi Planet. Date of Access: 04 May 2006: http://www.wifiplanet.com/news/article.php/2211761 "Advanced Voting Solutions Homepage". Advanced Voting Solutions. Date of Access: 04 May 2006: http://217.160.190.12/jlo775/ "Advanced Voting Solutions: WINvote Results". Acessible Voting Systems Vendor Fair Survey Results. Date of Access: 04 May 2006: http://www.sos.state.or.us/elections/HAVA/vendorfair/survey_results/avswin_results.html "A Report on the Feasibility of Internet Voting", California Secretary of State Bill Jones and California Internet Voting Task Force. Created June 2000. Date of Access: 04 May 2006: http://www.ss.ca.gov/executive/ivote/final_report.htm "A Vote for the Future". Gpvernment Technology. Date of Access: 04 May 2006: http://www.govtech.net/magazine/story.php?id=61857&issue=8:2003 "AVS.doc". Oregon Secretary of State Help America Vote Act (HAVA) Page. Date of Access: 04 May 2006: www.sos.state.or.us/elections/HAVA/vendorfair/survey_results/AVS.doc

2.

3.

4.

5.

6.

Natalie Podrazik ± [email protected]

30

Works Cited II
7.

"AVS Election Article: Advanced Voting Solutions Debuts Successfully in Three States". The Advocate Online. Date of Access: 04 May 2006: http://www.sims.berkeley.edu/~ping/diebold/lists/announce.w3archive/200211/msg00013.html Bellardo, John, and Stefan Savage. "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions" in the Proceedings of the USENIX Security Symposium, August 2003. "Digital Voting Fears are Grounded in Facts". VoteTrust USA. Date of Access: 04 May 2006: http://www.votetrustusa.org/index.php?option=com_content&task=view&id=419&Itemid=86 "Election Day Guide". Arlington County, Virginia Electoral Board and Voter Registration. Date of Access: 04 May 2006: http://www.arlingtonva.us/departments/VoterRegistration/eo/images/EdayGuide.pdf "Electronic Voting Bibliography". Personal Website: Anne-Marie Oostveen. Date of Access: 04 May 2006: http://www.social-informatics.net/evoting "FAQ's: Voting Machine Replacement - Frequently Asked Questions". Fairfax County, Viringia Official Website. Date of Access: 04 May 2006: http://www.fairfaxcounty.gov/eb/FAQ_votingmachine_repl.pdf

8.

9.

10.

11.

12.

Natalie Podrazik ± [email protected]

31

Works Cited III
13.

"HP iPAQ Pocket PC Information Center System Specifications". Pocket PC Central. Date of Access: 18 April 2006: http://pocketpccentral.net/ipaq6300.htm "Mobile Device Reviews". BrightHand. Date of Access: 18 April 2006: http://www.brighthand.com "Number of Precincts and Registered Voters by Congressional District February 1, 2006". Virginia State Board of Elections . Date of Access: 04 May 2006: http://www.sbe.virginia.gov/cms/Statistics_Polling_Places/Registration_Statistics/2006/Congres sional/Counties_Cities_within_Congressional_Districts_-_February_1,_2006.html "Products: Architectural Elements: Voice Output Voting Machine". Abledata. Date of Access: 04 May 2006: http://www.abledata.com/abledata.cfm?pageid=19327&top=15499&trail=22,10445 "State & County QuickFacts: Virginia County Selection Map". US Census Bureau. Date of Access: 04 May 2006: http://quickfacts.census.gov/qfd/maps/virginia_map.html "Tech Glitches Slow Vote Count". The Washington Times. Date of Access: 04 May 2006: http://www.washingtontimes.com/metro/20031123-111644-2120r.htm "The Electoral Board and General Registrar". Fairfax County, Virginia Official Website. Date of Access: 04 May 2006: http://www.fairfaxcounty.gov/eb/homepage.htm
32

14.

15.

16.

17.

18.

19.

Natalie Podrazik ± [email protected]

Works Cited IV
‡

United States Federal Election Commission. Agenda Document 01-62 from 13 December 2001. Volume 1, Section 5: Telecommunications. "UT-STARCOM F1000G System Specifications". UTstarcom. Date of Access: 18 April 2006: http://www.utstar.com/Solutions/Handsets/WiFi/ "Va. Official: E-voting Security Not Easily Breached". The Citizens Voice. Date of Access: 04 May 2006: http://www.zwire.com/site/news.cfm?newsid=13976846&BRD=2259&PAG=461&dept_id=4551 54 "Voting System Certification Status". Pennsylvania Department of State. Date of Access: 04 May 2006: http://www.hava.state.pa.us/hava/lib/hava/votingsystemexamination/vs_certification_status.pdf "What is Wake On Lan?". Depicus Software. Date of Access: 04 May 2006: http://www.depicus.com/wake-on-lan/what-is-wake-on-lan.aspx "Wi-Fi". Wikipedia. Last updated: 18 April 2006. Date of Access: 18 April 2006: http://en.wikipedia.org/wiki/Wi-Fi "Wireless Use in Presidential Primary Draws Positive Reviews". Spectrum Resellers. Date of Access: 04 May 2006: http://spectrumresellers.com/publications/page207725565.asp
33

‡

‡

‡

‡

‡

‡

Natalie Podrazik ± [email protected]

Sponsor Documents

Recommended

mobile voting cell phone

Cell Phone Based Voting Machine

Cell Phone Based Voting Machine

Cell-phone-Based-Voting-Machine

CELL PHONE BASED VOTING MACHINE

Cell-phone-Based-Voting-Machine

Cell phone Based Voting Machine

Cell-phone-Based-Voting-Machine

Cell Phone Based Voting Machine

Cell Phone Based Voting Machine

Cell phone Based Voting Machine

mobile cell phone detector

P-4812--Cell Phone Based Voting Machine

P-4812--Cell Phone Based Voting Machine_2

38170170 Cell Phone Based Voting System

P-4812--Cell Phone Based Voting Machine

38170170 Cell Phone Based Voting System

Cell Phone

Cell Phone

Cell Phone

View All
Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close