Home | About Us | Sign-up | Contact Us | Donate | Action | Articles
 

Security Evaluation of the Sequoia Voting System: Public Report

September 09, 2008

Computer Security Group
Department of Computer Science
University of California, Santa Barbara

The California Secretary of State entered into a contract with the University of California to test the security
of three electronic voting systems as part of her top to bottom review. Each “red team” was to try to
compromise the accuracy, security, and integrity of the voting systems without making assumptions about
compensating controls or procedural mitigation measures that vendors, the Secretary of State, or individual
counties may have adopted.This report presents the security analysis of the Sequoia voting system, as performed by the Security
Group of UC Santa Barbara. The Security Group was lead by Giovanni Vigna and Richard Kemmerer and
included Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger,William Robertson, and Fredrik
Valeur.

The Security Group acted as a “Red Team” and performed a series of security tests of both the hardware
and the software that are part of the Sequoia system to identify possible security problems that could lead
to a compromise. A “compromise” is defined as “tampering or error that could cause incorrect recording,
tabulation, tallying or reporting of votes or that could alter critical election data such as election definition
or system audit data.” [5]

The “Overview of the Red Team Reports” [1] discusses the goals, context, and threat models used.
During the testing, the Red Team tried a limited number of attacks, due to the time constraints. The
testing started on June 12 and terminated on July 10. This is a very limited amount of time for the testing of
a complex system such as the Sequoia voting system.

Our testing identified a number of security issues that are of great concern. In our tests we were able to
bypass both the physical and the software security protections of the Sequoia system.

Conclusion

Although, we did not have enough time to perform a complete evaluation of the Sequoia voting system,
we exposed a number of serious security issues. These vulnerabilities could be exploited by a determined
attacker to modify (or invalidate) the results of an election.

All the attacks described in this report can be carried out without any knowledge of the source code. In
fact, we were able to extract and analyze the Edge’s firmware binary representation. In addition, we were
able to extend the firmware by using binary patching. This technique allowed us to create a “debugging”
version of the firmware, as well as several different “malicious” versions.

The implementation of the attacks did not require access to the source code.

For full Executive Summary with footnotes click here
For full report click here

Subscribe

Navigation
Previous Item
Next Item
Today
Archives
Search




Powered by Nucleus CMS
 
  
     
 


2842 N. Calvert St. , Baltimore, MD 21218
443-708-8360
TrueVote.US is a project of the
Campaign for Fresh Air & Clean Politics

  
Home | About Us | Contact Us | Donate | Action | Articles