Scribd Logo
Upload

Welcome to Scribd!

  • 3 views

    Lecture 5 - Security Procedures

    Uploaded by

    Tony

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Lecture 5 - Security Procedures

    Uploaded by

    Tony
    3 views44 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    3 views44 pages

    Lecture 5 - Security Procedures

    Uploaded by

    Tony

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 44

    Securing g Digital

    g Democracyy
    Lecture 5 | Securityy Procedures

    J. Alex Halderman
    University of Michigan
    5.1 Voter Registration Securing Digital Democracy

    Voter Registration
    5.1 Voter Registration Securing Digital Democracy

    Voter Enfranchisement
    A th ti ti
    Authentication

    Almost 1/3 of eligible U.S. citizens not registered!


    5.1 Voter Registration Securing Digital Democracy

    https://www.sos.ca.gov/elections/register‐to‐vote/app‐pdf/english‐blank.pdf
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy

    Voter
    V t Registration
    R i t ti Databases
    D t b (VRDs)
    (VRD )

    Voter Enfranchisement
    A th ti ti
    Authentication
    Security Privacy
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy
    5.1 Voter Registration Securing Digital Democracy
    5.2 Voter Authentication Securing Digital Democracy

    Voter Authentication
    5.2 Voter Authentication Securing Digital Democracy

    (left) Public domain image from Wikimedia Commons, http://en.wikipedia.org/wiki/File:Mustermann_nPA.jpg


    (right) Image by DNI Electronico via Wikimedia Commons, http://en.wikipedia.org/wiki/File:Dnielectronico.jpg
    Licensed under a Creative Commons Attribution‐Share Alike 2.1 Spain license
    5.2 Voter Authentication Securing Digital Democracy
    5.2 Voter Authentication Securing Digital Democracy

    Image by Joe Hall (Flickr user joebeone), licensed under a Creative Commons Attribution
    license, http://www.flickr.com/photos/joebeone/292549434/
    5.2 Voter Authentication Securing Digital Democracy

    Manufacturer product sheet from Premiere Elections


    http://www.premierelections.com/documents/product_sheets/expresspoll_5000.pdf
    5.2 Voter Authentication Securing Digital Democracy

    VoterID?

    Voter
    E f
    Enfranchisement
    hi t
    Authentication
    5.2 Voter Authentication Securing Digital Democracy
    5.2 Voter Authentication Securing Digital Democracy

    Image by Flickr user isafmedia, licensed under a Creative Commons Attribution 2.0 Generic license.
    http://www.flickr.com/photos/isafmedia/5007269322/in/photostream/
    5.2 Voter Authentication Securing Digital Democracy

    Looking Ahead
    Ahead…
    5.3 Guarding Against Tampering Securing Digital Democracy

    Guarding against Tampering


    5.3 Guarding Against Tampering Securing Digital Democracy

    Between polling and counting At all times!


    5.3 Guarding Against Tampering Securing Digital Democracy

    http://www.cs.princeton.edu/~appel/voting/SealsOnVotingMachines.pdf
    5.3 Guarding Against Tampering Securing Digital Democracy

    Tamper‐Evident Seals

    http://www.cs.princeton.edu/~appel/voting/SealsOnVotingMachines.pdf
    5.3 Guarding Against Tampering Securing Digital Democracy

    Image from Argonne National Laboratory Vulnerability Assessment Team


    http://www.ne.anl.gov/capabilities/vat/seals/index.html
    5.3 Guarding Against Tampering Securing Digital Democracy

    Results
    l for
    f 244 Seals
    l
    Mean Median
    Defeat
    f time ffor 1.4 mins 43 secs
    one person
    Cost of $78 $5
    tools/supplies
    Cost per seal $0.62 $0.09
    attacked
    Time to devise 2.3 hrs 12 mins
    successful attack

    (19% use or in consideration for nuclear safeguards!)


    (left) Image from Argonne National Laboratory Vulnerability Assessment Team, http://www.ne.anl.gov/capabilities/vat/seals/new.html
    (data) From Johnston et al., http://www.ne.anl.gov/capabilities/vat/seals/index.html
    5.3 Guarding Against Tampering Securing Digital Democracy
    5.3 Guarding Against Tampering Securing Digital Democracy

    http://www.cs.princeton.edu/~appel/voting/SealsOnVotingMachines.pdf
    5.3 Guarding Against Tampering Securing Digital Democracy

    Cup
    Seal

    http://www.cs.princeton.edu/~appel/voting/SealsOnVotingMachines.pdf
    5.3 Guarding Against Tampering Securing Digital Democracy

    Padlock
    Seal

    http://www.cs.princeton.edu/~appel/voting/SealsOnVotingMachines.pdf
    5.3 Guarding Against Tampering Securing Digital Democracy

    Tape
    p
    Seals

    http://www.cs.princeton.edu/~appel/voting/SealsOnVotingMachines.pdf
    5.3 Guarding Against Tampering Securing Digital Democracy

    Evaluating a Seal Protocol


     Is the seal going to be in place when the attacker has access?
     Does the seal actually
    act all need to be removed
    remo ed to get in?
     Can the attack just remove it temporarily without leaving evidence?
     Can the attack replace it with a new seal without leaving evidence?
     Do election officials properly record seal numbers for each machine?
     Do election officials properly check the seal numbers later?
     Do officials inspect for evidence of tampering?
     If anomalies are detected, are they recorded and reported?
     Is appropriate action taken?
    Adapted from http://www.cs.princeton.edu/~appel/voting/SealsOnVotingMachines.pdf
    5.3 Guarding Against Tampering Securing Digital Democracy

    Old way: Evidence

    New
    N idea:
    id “Anti‐evidence”
    “A i id ”

    192380 192380
    ‐‐‐‐‐‐
    secret secret
    erased
    5.4 Field Testing Securing Digital Democracy

    Field Testing
    5.4 Field Testing Securing Digital Democracy

    “Zero”
    Zero
    Tape
    5.4 Field Testing Securing Digital Democracy

    Logic & Accuracy


    Testing
    5.4 Field Testing Securing Digital Democracy

    Parallel
    Testing What if problems are found?
    5.4 Field Testing Securing Digital Democracy

    https://www.usenix.org/conference/evtwote12/automated‐analysis‐election‐audit‐logs
    5.4 Field Testing Securing Digital Democracy

    Human Factors
    5.4 Field Testing Securing Digital Democracy

    Tracking Problems
    Securing g Digital
    g Democracyy
    Lecture 5 | Securityy Procedures

    J. Alex Halderman
    University of Michigan

    You might also like