[ale] OT: man in the middle on diebold machines

Michael H. Warfield mhw at WittsEnd.com
Fri Sep 30 18:09:12 EDT 2011


Ah...  Finally...

Took me a while to find this.  Took some patient digging through some
dead trees editions on my shelf...  A very good paper on the practical
aspects of anonymity and end-to-end validation in electronic voting
systems.

Warning.  Security techno-nerd alert.  This came from NDSS.  The
Internet Society's (ISOC's) Network and Distributed System Security
Symposium.  Take maybe the top two or three of the most difficult, most
technical, and most theoretical tracks at RSA and distill them down and
you've got the kind of stuff that gets presented in this realm...

I had to really dig through my proceedings to track this down, working
only from memory of hearing their presentation 12-1/2 years ago... 


Practical Approach to Anonymity in Large Scale Electronic Voting Schemes
    Andrea Rierra and Joan Boerrell
http://www.isoc.org/isoc/conferences/ndss/99/proceedings/papers/riera.pdf
http://www.isoc.org/isoc/conferences/ndss/99/proceedings/slides/riera.pdf


It's not an easy read.  Conference proceedings like this rarely are,
especially this level of conference.  Reviewing it now and my eyes are
starting to glaze at some of the algebra.  While the math and
terminology isn't too too terribly intimidating (for some - I know), you
can still just ignore those details (on first, second, and third reads
at least) and read the descriptions with the diagrams and absorb the
gist of what they've done.

The really important stuff (to me) is the things they took into
consideration.  The validation up front.  The first line handling by
this putative hierarchy of electoral colleges and electoral authorities
that insures a total disconnect between identity and authentication of
the voter from the tabulation of the case votes while still maintaining
end to end verification and validation as well as auditing.  Very nice
work.

What we have from Diebold and their ilk is nothing more than worthless
commercial dross and junk created long after we knew better about how to
do this.

That's not the only work I've seen presented or reviewed.  But it's a
nice piece of work and and example of what could have been had someone
gotten it right.

Regards,
Mike

On Wed, 2011-09-28 at 21:04 -0400, Michael H. Warfield wrote: 
> On Wed, 2011-09-28 at 20:20 -0400, Bob Toxen wrote: 
> > On Wed, Sep 28, 2011 at 04:59:51PM -0400, Michael H. Warfield wrote:
> > > On Wed, 2011-09-28 at 15:38 -0400, Cameron Kilgore wrote: 
> > > > I still wonder the need to complicate and put at risk the reliability
> > > > of our one measure of democracy. Paper ballots seem more reliable and
> > > > less prone to a politician's whim.
> > 
> > > On that, we may have to agree to disagree.
> > Yes, we will.  Paper ballots as currently done in most of the honest
> > world is VERY hard to cause deliberate widespread fraud and the
> > accidental error rate is very low.
> 
> Actually, the error and fraud rate are higher than most people recognize
> or are willing to admit.  Even paper ballots can be vastly improved upon
> but are not.
> 
> One very good example is the "bingo marker" system (a highly low tech
> paper based system) that was actively discussed several years ago which
> is now called the "Punchscan Voting System".  This is an example of an
> E2E (end to end) system in which the voter has some measure of
> end-to-end validation of their vote and confidence that their vote was
> counted (two things sadly missing in all the present day systems) while
> maintaining confidentiality and integrity of the voting system.
> 
> http://www.cs.uwaterloo.ca/~aessex/assets/vcmp/punchscanVocomp.pdf
> 
> This was originally proposed by David Chaum, a senior level
> cryptographer and researcher way above my pay grade, way back in 2005
> and later implemented and documented in 2007 in practice.  It has a LOT
> to say for it in terms of advantages over current systems, both
> electronic and dead-trees.
> 
> While very good and a very significant improvement over the present
> systems, there are still ways to subvert even this...
> 
> http://people.seas.harvard.edu/~talm/papers/KRMC10-attackvote.pdf
> 
> So there are some ways to subvert and attack even this system.  This
> sort of research tells us as much about the strength of a system as it
> does it's weaknesses and it's still an improvement over current systems.
> 
> These are very rich and dynamic fields of research in my fields...
> There is still a lot of controversy over anomalies in electoral results
> over the last several years and not all of it can be attributed to
> electronic tampering (although plenty of it can).  Going back to paper
> and pencil will not solve those problems.  It merely shifts the attack
> methodologies and the old methodologies are well thought out and well
> practiced already.
> 
> I simply don't have your level of confidence in paper ballots.
> 
> Regards,
> Mike
> 
> > The "hanging chads" were an error rate of about 0.5% and much of that
> > was due to elderly too infirm or to senile to properly use them.  The
> > former (infirm) were allowed to have assistants.  I'm not sure the
> > senile are legally allowed to vote and if so probably vote more or less
> > randomly (no disrespect is meant).
> > 
> > > On one hand, there have certainly been sufficient examples of "hanging
> > > chads" and misplaced bags of ballots and ballot count mismatches to
> > > argue that paper ballots are neither reliable nor less prone to a
> > > politician's will.
> > I'll take the 0.5% hanging chad error rate over the potential 100% error
> > rate of the insecure DRE machines.
> > 
> > > OTOH, there have been proposals for voting protocols down through the
> > > years which can insure authenticity and authorization while preserving
> > > anonymity while still providing end to end verification and auditing
> > > confirmation.  I've seen some such proposed at security conferences such
> > > as NDSS, Usenix Security Symposium, and RSA over the last decade or so.
> > > We know how to do it right.
> > Until then there is paper.
> > 
> > > The problem is that these protocols are "open" and, as such, can not be
> > > held for ransom by companies wanting to leverage the maximum number of
> > > tax dollars out of pockets for their proprietary solutions and they are
> > > too good for those people who don't want something that good...
> > Yup.  Bush wanted DRE for the money his buddies made not for committing
> > fraud (IMO AFAIK).
> > 
> > > We can agree that the current field of voting machines are an abysmal
> > > and embarrassing lot of junk that should have been rejected out of hand
> > > by anyone with any respect for the institution.  Trouble is, that's not
> > > those with the vested interests.
> > Yup.  Junk 'em and bring back trustworthy, reliable, and cheap paper!
> > 
> > > Regards,
> > > Mike
> > Bob
> > 
> > > > --Cameron <http://ghostfreeman.net>
> > > > 
> > > > 
> > > > On Wed, Sep 28, 2011 at 3:34 PM, Geoffrey Myers <lists at serioustechnology.com
> > > > > wrote:
> > > > 
> > > > > Anyone else catch this?
> > > > >
> > > > >
> > > > > http://hardware.slashdot.org/story/11/09/28/0241201/man-in-the-middle-remote-attack-on-diebold-voting-machines
> > > > >
> > > > > --
> > > > > Later, Geoffrey
> > > > > Sent from my iPhone
> > > -- 
> > > Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
> > >    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
> > >    NIC whois: MHW9          | An optimist believes we live in the best of all
> > >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> > 
> > Bob Toxen
> > bob at verysecurelinux.com               [Please use for email to me]
> > http://www.verysecurelinux.com        [Network&Linux security consulting]
> > http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> > Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
> > Quality spam and virus filters.
> > 
> > "One disk to rule them all, One disk to find them. One disk to bring
> > them all and in the darkness grind them. In the Land of Redmond where
> > the shadows lie...and the Eye is everwatching"
> > -- The Silicon Valley Tarot Henrique Holschuh with ... Bob
> > 
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110930/f44c04d4/attachment.bin 


More information about the Ale mailing list