Results 1 - 10
of
68
The Usability of Electronic Voting Machines and How Votes Can Be Changed Without Detection
, 2007
"... ..."
Machine-assisted election auditing
- In Proc. 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT 07
, 2007
"... Election audit procedures usually rely on precinctbased audits, in which workers manually review all paper ballots from selected polling places, but these audits can be expensive due to the labor required. This paper proposes an alternative audit strategy that allows machines to perform most of the ..."
Abstract
-
Cited by 23 (8 self)
- Add to MetaCart
(Show Context)
Election audit procedures usually rely on precinctbased audits, in which workers manually review all paper ballots from selected polling places, but these audits can be expensive due to the labor required. This paper proposes an alternative audit strategy that allows machines to perform most of the work. Precincts are audited using auditing machines, and their output is manually audited using efficient ballot sampling techniques. This strategy can achieve equal or greater confidence than precinctbased auditing at a significantly lower cost while protecting voter privacy better than previous ballot-based auditing methods. We show how to determine which ballots to audit against the auditing machines ’ records and compare this new approach to precinct-based audits in the context of Virginia’s November 2006 election. Far fewer ballots need to be audited by hand using our approach. We also explore extensions to these techniques, such as varying individual ballots ’ audit probabilities based on the votes they contain, that promise further efficiency gains. 1
Casting votes in the Auditorium
- In Proceedings of the 2nd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT’07
, 2007
"... In elections employing electronic voting machines, we have observed that poor procedures, equipment failures, and honest mistakes pose a real threat to the accuracy of the final tally. The event logs kept by these machines can give auditors clues as to the causes of anomalies and inconsistencies; ho ..."
Abstract
-
Cited by 19 (7 self)
- Add to MetaCart
(Show Context)
In elections employing electronic voting machines, we have observed that poor procedures, equipment failures, and honest mistakes pose a real threat to the accuracy of the final tally. The event logs kept by these machines can give auditors clues as to the causes of anomalies and inconsistencies; however, each voting machine is trusted to keep its own audit and ballot data, making the record unreliable. If a machine is damaged, accidentally erased, or otherwise compromised during the election, we have no way to detect tampering or loss of auditing records and cast votes. We see a need for voting systems in which event logs can serve as robust forensic documents, describing a provable timeline of events leading up to and transpiring on election day. To this end, we propose an auditing infrastructure that draws on ideas from distributed systems and secure logging to provide a verifiable, global picture of critical election-day events, one which can survive individual machine malfunction or malice. Our system, the Auditorium, joins the voting machines in a polling place together in a private broadcast network in which all election events are logged redundantly by every machine. Each event is irrevocably tied to the originating machine by a digital signature, and to earlier events from other machines via hash chaining. In this paper we describe in detail how to conduct an election in the Auditorium. We demonstrate our system’s robustness to benign failures and malicious attacks, resulting in a believable audit trail and vote count, with acceptable overhead for a network the size of a polling place. 1
Fixing Federal E-Voting Standards
- Communications of the ACM
, 2007
"... Without a threat model and a system model, voting standards cannot ensure the integrity or accuracy of the voting process. In elections throughout the U.S., electronic voting machines have failed to boot, tallied 10 times as many votes as registered voters, and drawn criticism from academics, electi ..."
Abstract
-
Cited by 17 (3 self)
- Add to MetaCart
(Show Context)
Without a threat model and a system model, voting standards cannot ensure the integrity or accuracy of the voting process. In elections throughout the U.S., electronic voting machines have failed to boot, tallied 10 times as many votes as registered voters, and drawn criticism from academics, election officials, and concerned citizens alike. High-profile exploits (such as the Hursti attack [4] and the Princeton group’s Diebold virus [2]) have brought media attention to the fragility just below the surface of electronic voting systems. In light of these problems, it is perhaps an understatement to say
An Analysis of the Hart Intercivic DAU eSlate
- In Proceedings of the USENIX/ACCURATE Electronic Voting Technology Workshop (EVT 2007). USENIX Press. [62] Pygame
, 2007
"... This paper reports on an analysis of the Hart Inter-Civic DAU eSlate unit equipped for disabled access and the associated Judge’s Booth Controller. The analysis examines whether the eSlate and JBC can be subverted to compromise the accuracy of vote totals, the secrecy of the ballot, and the availabi ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
(Show Context)
This paper reports on an analysis of the Hart Inter-Civic DAU eSlate unit equipped for disabled access and the associated Judge’s Booth Controller. The analysis examines whether the eSlate and JBC can be subverted to compromise the accuracy of vote totals, the secrecy of the ballot, and the availability of the system under the procedures in place for Yolo County. We describe several potential attacks, and show how election officials can block or mitigate them. 1
Ballot Formats, Touchscreens, and Undervotes: A Study of the 2006
- Florida. Dartmouth College and The University of California at Los Angeles
, 2007
"... 1The authors thank Greg Huber and seminar participants at Dartmouth College and the University of Chicago for comments on an earlier draft of this paper and thank election officials in Charlotte, Collier, DeSoto, Hardee, Hillsborough, Lee, Manatee, Pinellas, and Sarasota Counties for providing data ..."
Abstract
-
Cited by 13 (0 self)
- Add to MetaCart
1The authors thank Greg Huber and seminar participants at Dartmouth College and the University of Chicago for comments on an earlier draft of this paper and thank election officials in Charlotte, Collier, DeSoto, Hardee, Hillsborough, Lee, Manatee, Pinellas, and Sarasota Counties for providing data and assistance. The most recent version of this paper can be found
Coercion resistant end-to-end voting
- In 13th International Conference on Financial Cryptography and Data Security
, 2009
"... Abstract. End-to-end voting schemes have shown considerable promise for allowing voters to verify that tallies are accurate. At the same time, the threat of coercion has generally been considered only when voting devices are honest, and in many schemes, voters can be forced or incentivized to cast v ..."
Abstract
-
Cited by 11 (0 self)
- Add to MetaCart
Abstract. End-to-end voting schemes have shown considerable promise for allowing voters to verify that tallies are accurate. At the same time, the threat of coercion has generally been considered only when voting devices are honest, and in many schemes, voters can be forced or incentivized to cast votes of an adversary’s choice. In this paper, we examine the issue of voter coercion and identify one example method for coercing voters in a scheme by Benaloh. To address such attacks, we present a formal definition of coercion resistance for end-to-end voting. We then present a new scheme, extended from Benaloh’s, that is provably coercion resistant. In addition to providing accuracy and coercion resistance, our scheme emphasizes ease-of-use for the voter.
An independent audit framework for software dependent voting systems
- In 14th ACM conference on Computer and Communications Security
, 2007
"... The electronic voting machines known as Direct Recording Electronic (DRE), that are used in many states in the US have been shown to contain security vulnerabilities [16, 9, 3]. One of the problems is that the elections held on these machines cannot be independently audited. In this paper we address ..."
Abstract
-
Cited by 10 (1 self)
- Add to MetaCart
(Show Context)
The electronic voting machines known as Direct Recording Electronic (DRE), that are used in many states in the US have been shown to contain security vulnerabilities [16, 9, 3]. One of the problems is that the elections held on these machines cannot be independently audited. In this paper we address this issue by designing a new all-electronic independent audit framework for DRE voting systems. Our framework leverages system virtualization concepts and image recognition techniques to maintain an audit of the vote totals. The architecture we present is a step towards meeting the software independence requirements as defined by Rivest et al. [21,2]. Wehaveimplementedaprototypeusingthe Diebold Accuvote TS DRE voting software and the XEN hypervisor and demonstrate that our system can achieve a robust election audit with negligible overhead.