Security evaluation of ES&S voting machines and election management system
Aviv A, Cerny P, Clark S, Cronin E, Shah G, Sherr M, Blaze M. 2008. Security evaluation of ES&S voting machines and election management system. 17th USENIX Security Symposium. USENIX: Security Symposium.
Download (ext.)
Conference Paper
| Published
| English
Author
Aviv, Adam;
Cerny, PavolISTA;
Clark, Sandy;
Cronin, Eric;
Shah, Gaurav;
Sherr, Micah;
Blaze, Matt
Abstract
This paper summarizes a security analysis of the DRE and optical scan voting systems manufactured by Election Systems and Software (ES&S), as used in Ohio (and many
other jurisdictions inside and outside the US). We found numerous exploitable vulnerabilities in nearly every component of the ES&S system. These vulnerabilities enable attacks that could alter or forge precinct results, install corrupt firmware, and erase audit records. Our analysis
focused on architectural issues in which the interactions between various software and hardware modules leads to systemic vulnerabilities that do not appear to be easily countered with election procedures or software updates. Despite a highly compressed schedule (ten weeks) during which we audited hundreds of thousands of lines of source code (much of which runs on custom hardware), we discovered numerous security flaws in the ES&S system that had escaped the notice of the certification authorities. We discuss our approach to the audit, which was part
of Project EVEREST, commissioned by Ohio Secretary of State Jennifer Brunner.
Publishing Year
Date Published
2008-07-29
Proceedings Title
17th USENIX Security Symposium
Conference
USENIX: Security Symposium
Conference Location
San Jose, CA, United States
Conference Date
2008-07-28 – 2008-07-29
IST-REx-ID
Cite this
Aviv A, Cerny P, Clark S, et al. Security evaluation of ES&S voting machines and election management system. In: 17th USENIX Security Symposium. ; 2008.
Aviv, A., Cerny, P., Clark, S., Cronin, E., Shah, G., Sherr, M., & Blaze, M. (2008). Security evaluation of ES&S voting machines and election management system. In 17th USENIX Security Symposium. San Jose, CA, United States.
Aviv, Adam, Pavol Cerny, Sandy Clark, Eric Cronin, Gaurav Shah, Micah Sherr, and Matt Blaze. “Security Evaluation of ES&S Voting Machines and Election Management System.” In 17th USENIX Security Symposium, 2008.
A. Aviv et al., “Security evaluation of ES&S voting machines and election management system,” in 17th USENIX Security Symposium, San Jose, CA, United States, 2008.
Aviv A, Cerny P, Clark S, Cronin E, Shah G, Sherr M, Blaze M. 2008. Security evaluation of ES&S voting machines and election management system. 17th USENIX Security Symposium. USENIX: Security Symposium.
Aviv, Adam, et al. “Security Evaluation of ES&S Voting Machines and Election Management System.” 17th USENIX Security Symposium, 2008.
All files available under the following license(s):
Copyright Statement:
This Item is protected by copyright and/or related rights. [...]
Link(s) to Main File(s)
Access Level
