Abstract.
Voting is the process through which a democratic society determines its
government. Therefore, voting systems are as important as other well-known
critical systems, such as air traffic control systems or nuclear plant
monitors. Unfortunately, voting systems have a history of failures that seems
to indicate that their quality is not up to the task. Because of the alarming
frequency and impact of the malfunctions of voting systems, in recent years a
number of vulnerability analysis exercises have been carried out against voting
systems to determine if they can be compromised in order to control the results
of an election. We have participated in two such large-scale projects,
sponsored by the Secretaries of State of California and Ohio, whose goals were
to perform the security testing of the electronic voting systems used in their
respective states. As the result of the testing process, we identified major
vulnerabilities in all the systems analyzed. We then took advantage of a
combination of these vulnerabilities to generate a series of attacks that would
spread across the voting systems and would “steal” votes by combining voting
record tampering with social engineering approaches. As a response to the two
large-scale security evaluations, the Secretaries of State of California and
Ohio recommended changes to improve the security of the voting process. In this
paper, we describe the methodology that we used in testing the two real-world
electronic voting systems we evaluated, the findings of our analysis, our
attacks, and the lessons we learned.