Mitigating Data Access Vulnerabilities
of Electronic Voting Systems Using the IBM 4764 (Cryptographic Co-processor)
As with most aspects of our society, the voting
process has moved from analog to digital. What began in 1850 with an
electrochemical vote recorder for legislative roll calls has evolved into
systems like PRIME III, a
multi-modal voting machine that enables individuals with disabilities to
independently cast their votes. In addition to the inherent vulnerabilities in
the voting process, the use of computing technology has introduced new ways by
which the voting process can be compromised. With the possibility of electronic
voting systems becoming more common place, much attention has focused on the
evaluation of the security of such systems. These evaluations have shown that
the access control and other computer security mechanisms that protect against
unauthorized use of electronic voting systems are easily circumvented. As
reported by Kohono et al [Kohono], in their evaluation of the Diebold
Electronic Voting system, encryption and checksumming
was performed using unestablished, insecure techniques. For example, vote records and audit logs were
encrypted using a single, hardcoded DES key, allowing anyone with access to the
source code or a program image to extract the key and read and or modify voting
records [Kohno]. In addition, ballot definition files were stored in an
unencrypted form with no means to verify the integrity of the ballot, thus
facilitating ballot tampering and enabling various attacks. Thus, to address
the problems with the Diebold system, Kohono et. al recommend a redesign of the
Diebold cryptographic architecture using a hardware cryptographic co-processor.
In this project we will use the PRIME
III electronic voting platform. First, we hope to understand the
access control requirements for electronic voting systems. We plan to map the
actions and responsibilities of poll workers and election officials to specific
access privileges in the electronic voting system. We also plan to leverage the
access control and cryptographic functionality of the IBM 4764 cryptographic
co-processor to provide confidentiality and ensure protected access to election
ballots and vote count totals.
· Project Team
o
Raquel Hill, Assistant Professor,
Department of Computer Science,
o
Jeff
Hedglin, Cryptographic Development Manger, IBM,
o
Todd
Arnold, STSM, Cryptographic Technology Development, IBM,
o
Anne
Dames, Cryptographic Technology Development, IBM,
o
Juan Gilbert, Distinguished
Associate Professor, Computer Science,
· Project Status: Working prototype of PRIME III using the 4764 for data access control,
encryption and key management
· Project Needs:
Students with ‘C’ and JAVA programming experience; Basic understanding of OS
processes, role based access control, symmetric and asymmetric cryptography