Security Testing of Voting Systems

by Edwin T
The peer reviewed article i choose for this week was about security testing voting systems. The authors discussed a few vulnerabilities for the DRE or direct-recording electronic voting machine and how they can affect election day. The authors found buffer overflows in the DRE system and by exploiting them it was very easy to completely take it over. Also, the DRE systems do not have the necessary means to detect any malicious software or a change in firmware. If malicious firmware is installed in the DRE system, it can activate on election day and modify a subset of ballots so they seem as if they were for the preffered candidate. There’s the “careful voter” scenario, where the voter will submit his ballot and a review screen will appear with the name of the preferred candidate and not the one the voter voted for. If the voter catches the mistake, the firmware will allow the voter to edit the submition. At this point, the firmware will consider itself found and will not change the ballots for a period of time or voters before it starts again. Another of the many scenarios in the article was the “After the Fact Vote”. For this scenario the voter places his vote normally, then the firmware will print a voided ballot and will re-print the ballot with a vote for the preferred candidate.

I chose this article becase we’ve been talking about SQL injection in class. Although it does not relate to databases, it does relate to systems in general.

This article really interests me because security testing seems to be under-estimated when it shold be high priority. Stealing an election is very possible based on the findings of this article. Groups such as Anonymous go around exploiting vulnerabilities as they please, i believe more people need to be aware of security measures in order to reduce the vulnerabilities.

Citation:

Balzarotti, D., Banks, G., Cova, M., Felmetsger, V., Kemmerer, R., Robertson, W., Valeur, F., & Vigna, G. (2010). An Experience in Testing the Security of Real-World Electronic Voting Systems. IEEE Transactions on Software Engineering, 36, 453-473.
doi:10.1109/TSE.2009.53

3 thoughts on “Security Testing of Voting Systems”

  1. I’m glad we haven’t put the electronic vote in place. It’s scary to think that votes can be changed by a sophisicated hacker. Image a presidential candidate winning because of hacking into the voting software. This country would be in trouble.

  2. Very nice article, its very important we make these type of attacks aware, the implications of successful attacks are too dangerous to go unnoticed, its important before the implementation of these kinds of systems that they are fully aware of attacks and have answers and defenses to these attacks, we don’t want another Putin with a 140% win in the US, thanks for making these kind of attacks more known.

  3. Wow, never thought of how vulnerable our voting system can be. This is a good example of how security should be a top priority in every application

Comments are closed.