Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting

Kiayias, Aggelos; Michel, Laurent; Russell, Alexander; Shashidhar, Narasimha; See, Andrew; Shvartsman, Alexander A.; Davtyan, Seda

doi:10.1109/acsac.2007.16

Cited by 7 publications

(12 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An incomplete list of the designs and applications include digital rights management [18,19], access control enforcement [20][21][22], inference control [12], privacy protection [23][24][25], remote attestation services [26][27][28], secure auction [29], e-voting [30], online gaming [31], grid computing [32], and integrity measurement [33]. While these studies demonstrate that TC technology can be used for many good purposes, it is not clear whether these benefits will outweigh the concerns that the users are not trusted from the root.…”

Section: Related Workmentioning

confidence: 99%

Wake up or fall asleep-value implication of trusted computing

Huang

Liu

et al. 2009

Inf Technol Manag

View full text Add to dashboard Cite

More than 10 years have passed since trusted computing (TC) technology was introduced to the market; however, there is still no consensus about its value. The increasing importance of user and enterprise security and the security promised by TC, coupled with the increasing tension between the proponents and the opponents of TC, make it timely to investigate the value relevance of TC in terms of both capital market and accounting performance. Based on both price and volume studies, we found that news releases related to the adoption of the TC technology had no information content. All investors, regardless of whether they are individual investors or institutional investors, or they are wealthy individual investors or less wealthy individual investor, all have similar views on the value of TC. Further, we show that the accounting benefit gained from the adoption of TC is trivial, which might explain the price invariance and volume invariance we observed in the stock market.

show abstract

Section: Related Workmentioning

confidence: 99%

Wake up or fall asleep-value implication of trusted computing

Huang

Liu

et al. 2009

Inf Technol Manag

View full text Add to dashboard Cite

show abstract

“…The current implementations were shown (cf. [2], [11], [17], [16]) to lack cryptographic integrity and authenticity, rendering the media vulnerable to attacks. Such attacks were demonstrated for both ES&S M100 OS in [2] and for the AV-OS in [17], [11], [16].…”

Section: Security Vulnerabilities In Elections Using Os Electionmentioning

confidence: 99%

“…[2], [11], [17], [16]) to lack cryptographic integrity and authenticity, rendering the media vulnerable to attacks. Such attacks were demonstrated for both ES&S M100 OS in [2] and for the AV-OS in [17], [11], [16]. Attacks can occur prior to the election and target the media or the EMSS system and correspond to the adversarial strategies A Pre EMSS , A Pre Media .…”

Section: Security Vulnerabilities In Elections Using Os Electionmentioning

confidence: 99%

“…The study by the UConn VoTeR Center [16], [17] identified an additional attack that can be successfully launched against the AV-OS even if the memory card is sealed in. Here the attack exploits the flawed authentication on a communication port of the machine and results in transparently modifying the contents of the memory card.…”

Section: Introductionmentioning

confidence: 99%

“…Some of these concerns apply to OS technology [16], [17], [7], [11], [25], [2], revealing important security flaws and vulnerabilities and, in several cases, describing specific attacks that could interfere with election integrity. A general election process is an enormously complicated process involving elaborate distributed coordination of personnel, procedures, and equipment.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

State-Wide Elections, Optical Scan Voting Systems, and the Pursuit of Integrity

Antonyan

Davtyan

Kentros

et al. 2009

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Abstract-In recent years, two distinct electronic voting technologies have been introduced and extensively utilized in election procedures: direct recording electronic (DRE) systems and optical scanner (OS) systems. The latter are typically deemed safer, as they inherently provide a voter verifiable paper trail that enables hand-counted audits and recounts that rely on direct voter input. For this reason, optical scanner machines have been widely deployed in the United States. Despite the growing popularity of these machines, they are known to suffer from various security vulnerabilities that, if left unchecked, can compromise the integrity of elections in which the machines are used. This article studies general auditing procedures designed to enhance the integrity of elections conducted with optical scan equipment and, additionally, describes the specific auditing procedures currently in place in the State of Connecticut. We present an abstract view of a typical OS voting technology and its relationship to the general election process. With this in place, we lay down a "temporal-resource" adversarial model, providing a simple language for describing the disruptive power of a potential adversary. Finally, we identify how audit procedures, injected at various critical stages before, during, and after an election, can frustrate such adversarial interference and so contribute to election integrity.We present the implementation of such auditing procedures for elections in the State of Connecticut utilizing the Premiere (Diebold) AccuVote optical scanner; these audits were conducted by the UConn VoTeR Center, at the University of Connecticut, on request of the Office of the Secretary of the State. We discuss the effectiveness of such procedures in every stage of the process and we present results and observations gathered from the analysis of past election data.

show abstract

Towards a Robust Distributed Framework for Election-Day Voter Check-In

Schwarzmann

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Tampering with Special Purpose Trusted Computing Devices: A Case Study in Optical Scan E-Voting

Cited by 7 publications

References 5 publications

Wake up or fall asleep-value implication of trusted computing

Wake up or fall asleep-value implication of trusted computing

State-Wide Elections, Optical Scan Voting Systems, and the Pursuit of Integrity

Towards a Robust Distributed Framework for Election-Day Voter Check-In

Contact Info

Product

Resources

About