Software Review and Security Analysis of the Diebold Voting Machine Software
- R. Gardner, A. Yasinsac, M. Bishop, T. Kohno, Z. Hartley, J. Kerski, D. Gainey, R. Walega, E. Hollander, and M. Gerke, “Software Review and Security Analysis of the Diebold Voting Machine Software”, Security and Assurance in Information Technology Laboratory, Florida State University, Tallahassee, FL 32306-4530 (July 2007).
About This ReportFrom the Executive Summary:
On May 14th 2007, the Florida Department of State (FLDoS) commissioned an independent expert review of Diebold Voting System Software. The team, led by Florida State University’s (FSU) Security and Assurance in Information Technology (SAIT) Laboratory, was commissioned to conduct a software code review as part of the state’s voting system certification process. This report is the culmination of that review. .
The scope of the investigation, as defined in the Statement of Work, is:
This review is for the purpose of yielding technological data to DOS to ensure voting system effectiveness and security in Florida elections by investigating for potential flaws in target software as documented in reported literature and other published studies.
Our primary findings are:
The version of the Optical Scan and Touch Screen software that we examined:
Many reported flaws were removed from the Touch Screen software. Nonetheless, we identified many that still exist. As one example, we found an attack that allows an adversary to prepare official, activated voter smart cards that would enable voters to cast multiple ballots in a ballot-stuffing attack. Creation of the cards requires an adversary able to insert a custom smart card into a legitimate voting terminal and to read the data off of a valid voter card (these steps could be done by separate adversaries.) Once the adversary obtained the necessary information in this way, she could then create smart cards that could be used at any precinct throughout a county. Even if detected, this attack is not correctable: the malicious ballots, either in electronic or paper form, are essentially unidentifiable and thus cannot be removed.
BackgroundI guess Alec Yasinsac thought I was helpful on the review of the ES&S iVotronic source code involved in the CD-13 review, so he invited me to help out with this one. The report, which all the team members wrote, speaks for itself. It was issued by the Division of Elections of the Florida Department of State. Two appendices are redacted from the public version because they are confidential; see §2.1 on p. 4 of the report for an explanation.
This is a local copy. The definitive version is available at http://election.dos.state.fl.us/pdf/SAITreport.pdf