Results 1 - 10
of
66
The Usability of Electronic Voting Machines and How Votes Can Be Changed Without Detection
, 2007
"... ..."
Machine-assisted election auditing
- In Proc. 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT 07
, 2007
"... Election audit procedures usually rely on precinctbased audits, in which workers manually review all paper ballots from selected polling places, but these audits can be expensive due to the labor required. This paper proposes an alternative audit strategy that allows machines to perform most of the ..."
Abstract
-
Cited by 23 (8 self)
- Add to MetaCart
(Show Context)
Election audit procedures usually rely on precinctbased audits, in which workers manually review all paper ballots from selected polling places, but these audits can be expensive due to the labor required. This paper proposes an alternative audit strategy that allows machines to perform most of the work. Precincts are audited using auditing machines, and their output is manually audited using efficient ballot sampling techniques. This strategy can achieve equal or greater confidence than precinctbased auditing at a significantly lower cost while protecting voter privacy better than previous ballot-based auditing methods. We show how to determine which ballots to audit against the auditing machines ’ records and compare this new approach to precinct-based audits in the context of Virginia’s November 2006 election. Far fewer ballots need to be audited by hand using our approach. We also explore extensions to these techniques, such as varying individual ballots ’ audit probabilities based on the votes they contain, that promise further efficiency gains. 1
Casting votes in the Auditorium
- In Proceedings of the 2nd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT’07
, 2007
"... In elections employing electronic voting machines, we have observed that poor procedures, equipment failures, and honest mistakes pose a real threat to the accuracy of the final tally. The event logs kept by these machines can give auditors clues as to the causes of anomalies and inconsistencies; ho ..."
Abstract
-
Cited by 17 (7 self)
- Add to MetaCart
(Show Context)
In elections employing electronic voting machines, we have observed that poor procedures, equipment failures, and honest mistakes pose a real threat to the accuracy of the final tally. The event logs kept by these machines can give auditors clues as to the causes of anomalies and inconsistencies; however, each voting machine is trusted to keep its own audit and ballot data, making the record unreliable. If a machine is damaged, accidentally erased, or otherwise compromised during the election, we have no way to detect tampering or loss of auditing records and cast votes. We see a need for voting systems in which event logs can serve as robust forensic documents, describing a provable timeline of events leading up to and transpiring on election day. To this end, we propose an auditing infrastructure that draws on ideas from distributed systems and secure logging to provide a verifiable, global picture of critical election-day events, one which can survive individual machine malfunction or malice. Our system, the Auditorium, joins the voting machines in a polling place together in a private broadcast network in which all election events are logged redundantly by every machine. Each event is irrevocably tied to the originating machine by a digital signature, and to earlier events from other machines via hash chaining. In this paper we describe in detail how to conduct an election in the Auditorium. We demonstrate our system’s robustness to benign failures and malicious attacks, resulting in a believable audit trail and vote count, with acceptable overhead for a network the size of a polling place. 1
Fixing Federal E-Voting Standards
- Communications of the ACM
, 2007
"... Without a threat model and a system model, voting standards cannot ensure the integrity or accuracy of the voting process. In elections throughout the U.S., electronic voting machines have failed to boot, tallied 10 times as many votes as registered voters, and drawn criticism from academics, electi ..."
Abstract
-
Cited by 17 (3 self)
- Add to MetaCart
(Show Context)
Without a threat model and a system model, voting standards cannot ensure the integrity or accuracy of the voting process. In elections throughout the U.S., electronic voting machines have failed to boot, tallied 10 times as many votes as registered voters, and drawn criticism from academics, election officials, and concerned citizens alike. High-profile exploits (such as the Hursti attack [4] and the Princeton group’s Diebold virus [2]) have brought media attention to the fragility just below the surface of electronic voting systems. In light of these problems, it is perhaps an understatement to say
An Analysis of the Hart Intercivic DAU eSlate
- In Proceedings of the USENIX/ACCURATE Electronic Voting Technology Workshop (EVT 2007). USENIX Press. [62] Pygame
, 2007
"... This paper reports on an analysis of the Hart Inter-Civic DAU eSlate unit equipped for disabled access and the associated Judge’s Booth Controller. The analysis examines whether the eSlate and JBC can be subverted to compromise the accuracy of vote totals, the secrecy of the ballot, and the availabi ..."
Abstract
-
Cited by 14 (2 self)
- Add to MetaCart
(Show Context)
This paper reports on an analysis of the Hart Inter-Civic DAU eSlate unit equipped for disabled access and the associated Judge’s Booth Controller. The analysis examines whether the eSlate and JBC can be subverted to compromise the accuracy of vote totals, the secrecy of the ballot, and the availability of the system under the procedures in place for Yolo County. We describe several potential attacks, and show how election officials can block or mitigate them. 1
Coercion resistant end-to-end voting
- In 13th International Conference on Financial Cryptography and Data Security
, 2009
"... Abstract. End-to-end voting schemes have shown considerable promise for allowing voters to verify that tallies are accurate. At the same time, the threat of coercion has generally been considered only when voting devices are honest, and in many schemes, voters can be forced or incentivized to cast v ..."
Abstract
-
Cited by 12 (0 self)
- Add to MetaCart
Abstract. End-to-end voting schemes have shown considerable promise for allowing voters to verify that tallies are accurate. At the same time, the threat of coercion has generally been considered only when voting devices are honest, and in many schemes, voters can be forced or incentivized to cast votes of an adversary’s choice. In this paper, we examine the issue of voter coercion and identify one example method for coercing voters in a scheme by Benaloh. To address such attacks, we present a formal definition of coercion resistance for end-to-end voting. We then present a new scheme, extended from Benaloh’s, that is provably coercion resistant. In addition to providing accuracy and coercion resistance, our scheme emphasizes ease-of-use for the voter.
Software Review and Security Analysis for Diebold Voting Machine Software.”, Joint Florida Department of State and Florida State University Statement of Work
- Machine Software”, Final ReportFor the Florida Department of State, July 27, 2007, http://election.dos.state.fl.us/pdf/SAITreport.pdf 3 Kurt Browning, Florida Secretary of State Letter to Mr. David Byrd, Diebold Election Systems, dated July 31, 2007, http
"... ..."
Ballot Formats, Touchscreens, and Undervotes: A Study of the 2006
- Florida. Dartmouth College and The University of California at Los Angeles
, 2007
"... 1The authors thank Greg Huber and seminar participants at Dartmouth College and the University of Chicago for comments on an earlier draft of this paper and thank election officials in Charlotte, Collier, DeSoto, Hardee, Hillsborough, Lee, Manatee, Pinellas, and Sarasota Counties for providing data ..."
Abstract
-
Cited by 11 (0 self)
- Add to MetaCart
1The authors thank Greg Huber and seminar participants at Dartmouth College and the University of Chicago for comments on an earlier draft of this paper and thank election officials in Charlotte, Collier, DeSoto, Hardee, Hillsborough, Lee, Manatee, Pinellas, and Sarasota Counties for providing data and assistance. The most recent version of this paper can be found
A Document Analysis System for Supporting Electronic Voting Research
- Proc. Document Analysis Systems
, 2008
"... As a result of well-publicized security concerns with direct recording electronic (DRE) voting, there is a growing call for systems that employ some form of paper artifact to provide a verifiable physical record of a voter’s choices. In this paper, we present a system we are developing to support a ..."
Abstract
-
Cited by 10 (8 self)
- Add to MetaCart
(Show Context)
As a result of well-publicized security concerns with direct recording electronic (DRE) voting, there is a growing call for systems that employ some form of paper artifact to provide a verifiable physical record of a voter’s choices. In this paper, we present a system we are developing to support a multi-institution, cross-disciplinary research project examining issues that arise when paper ballots are used in elections. We survey the motivating factors behind our work, discuss the special constraints raised in processing ballots as opposed to more general document images, and describe the current status of our system. 1.
