Electronic Voting Systems
From Computing and Software Wiki
(→Man-In-The-Middle Attacks) |
(→Outsider Attacks) |
||
Line 65: | Line 65: | ||
<br> '''Ex. 2.''' An outsider could have also created a home-brewed Administrator or Ender card to stall an election. An Ender card is typically used by an election official at the end of the voting session in order | <br> '''Ex. 2.''' An outsider could have also created a home-brewed Administrator or Ender card to stall an election. An Ender card is typically used by an election official at the end of the voting session in order | ||
<br> to retrieve the memory disk containing votes from the DRE machine. If an election is stalled at locations where many voters focus on one candidate, many votes could be missed. | <br> to retrieve the memory disk containing votes from the DRE machine. If an election is stalled at locations where many voters focus on one candidate, many votes could be missed. | ||
+ | |||
+ | '''Internet''' | ||
+ | |||
+ | Intercepting an unsecured internet connection can lead to deletion or insertion of votes, though there have been times where a secured networked has not been sufficient either. Attacks are also commonly focused | ||
+ | <br> on public elections since there are more areas of weaknesses an intruder can advance upon. Public elections tend to include a larger population and the absolute need for anonymity. | ||
+ | |||
+ | <br> '''Ex. 1.''' A voter casts a vote from his personal computer. An attacker gains access to the IP address of the voter's computer and intercepts the network connection. The attacker can now delete or modify | ||
+ | <br> the vote. The attacker has also retrieved the identity of the voter and can put the voter in a position of social ostracism or embarrassment. | ||
=Reported Problems= | =Reported Problems= |
Revision as of 19:36, 7 December 2007
An Electronic Voting System is an innovative new method of distributing, voting, collecting and tabulating ballots through the use of computer technology.
The software implementations which are input into this technology expand every day to improve
security and integrity of the results.
Contents |
Electronic Voting Systems
DRE Machines
DRE (Direct Recording Electronic)
A DRE machine is a recent implementation of a fully self-operated computer voting system.
DRE's are user-friendly and time-efficient which makes them an attractive alternative to traditional pen-and-paper voting. A DRE machine consists of a user screen
for information and ballot display, a keypad involving buttons or a touchscreen, and other assisting tools such as head-phones for the handicapped.
DRE's have been implemented worldwide but most frequently used in countries such as Brazil, India and United States.
To access a DRE machine, a voter must be provided with a Voter Authentication Card (SmartCard or another type of Memory Card) by an Election Official. The Voter card
becomes automatically deactivated by the DRE once a vote is fully cast.
Optical Scan
Optical Scanning machines were introduced shortly after the Punch Card system, incorporating paper ballots with computer technology. There are two common Optical Scanning Machines
used in todays elections, Marksense and the Digital Pen.
Marksense is a system originally developed in Australia. Using a dark marker, a voter shades in their selection on the paper ballot, once completed the paper ballot is run through an optical scanning
machine which uses 'dark mark' logic to select the correct vote. The votes are automatically tabulated using the machine but may also be tabulated manually using the hard copy ballots.
A Digital Pen is a similar version to Marksense except the pen communicates with the paper ballot and knows at all times its location on the ballot. A small camera may also be built within
the pen to keep track of the votes. At the end of the voting session, the pen is taken for vote tabulation and the hard copy ballots are kept for recounts.
Internet Voting
Internet voting has been widely used in private elections where anonymity, data integrity and tempering assurance are handled with lower standards than private elections.
Voting over the internet can be done remotely (open network) or from a poll site. Implementation of e-voting has been recorded across the UK, US, Canada, France, Estonia & Switzerland.
To improve voter authentication, secrecy and security, technologies such as Electronic Authentication and computer Security are used.
Electoral Fraud
Insider Attacks
DRE Machines
Insider attacks can be caused by software developers, Poll workers, or other Election officials who are aware of the inner workings of the DRE Machine and how it is implemented.
Ex. 1. A software developer can change a single line of code to give 10% of all votes to a desired party.
Ex. 2. A programmer working on the system can change the ordering of candidates in the 'ballot definition' file but keep the original order in the 'result file'; therefore
the reordered list will appear on the DRE screen and voters will unwillingly cast votes for wrong candidates.
Internet
Since there is less human involvement over internet voting, the only serious insider attack may be caused by Election officials who are in charge of the networking, the operating system
and hardware.
Ex. 1.
Outsider Attacks
DRE Machines
Outsider attacks are usually caused by people trying to guide the election in favour of their candidate. A common breach in the previous versions of DRE machines was to create a personal home-brewed SmartCard and use it to cast
multiple votes.
Ex. 1. An outsider could have used software available for purchase to create a home-brewed SmartCard. This is possible since the information on the actual SmartCards was not encrypted in the past.
Ex. 2. An outsider could have also created a home-brewed Administrator or Ender card to stall an election. An Ender card is typically used by an election official at the end of the voting session in order
to retrieve the memory disk containing votes from the DRE machine. If an election is stalled at locations where many voters focus on one candidate, many votes could be missed.
Internet
Intercepting an unsecured internet connection can lead to deletion or insertion of votes, though there have been times where a secured networked has not been sufficient either. Attacks are also commonly focused
on public elections since there are more areas of weaknesses an intruder can advance upon. Public elections tend to include a larger population and the absolute need for anonymity.
Ex. 1. A voter casts a vote from his personal computer. An attacker gains access to the IP address of the voter's computer and intercepts the network connection. The attacker can now delete or modify
the vote. The attacker has also retrieved the identity of the voter and can put the voter in a position of social ostracism or embarrassment.