Loading [a11y]/accessibility-menu.js
An Experience in Testing the Security of Real-World Electronic Voting Systems | IEEE Journals & Magazine | IEEE Xplore

An Experience in Testing the Security of Real-World Electronic Voting Systems


Abstract:

Voting is the process through which a democratic society determines its government. Therefore, voting systems are as important as other well-known critical systems, such ...Show More

Abstract:

Voting is the process through which a democratic society determines its government. Therefore, voting systems are as important as other well-known critical systems, such as air traffic control systems or nuclear plant monitors. Unfortunately, voting systems have a history of failures that seems to indicate that their quality is not up to the task. Because of the alarming frequency and impact of the malfunctions of voting systems, in recent years a number of vulnerability analysis exercises have been carried out against voting systems to determine if they can be compromised in order to control the results of an election. We have participated in two such large-scale projects, sponsored by the Secretaries of State of California and Ohio, whose goals were to perform the security testing of the electronic voting systems used in their respective states. As the result of the testing process, we identified major vulnerabilities in all of the systems analyzed. We then took advantage of a combination of these vulnerabilities to generate a series of attacks that would spread across the voting systems and would “steal” votes by combining voting record tampering with social engineering approaches. As a response to the two large-scale security evaluations, the Secretaries of State of California and Ohio recommended changes to improve the security of the voting process. In this paper, we describe the methodology that we used in testing the two real-world electronic voting systems we evaluated, the findings of our analysis, our attacks, and the lessons we learned.
Published in: IEEE Transactions on Software Engineering ( Volume: 36, Issue: 4, July-Aug. 2010)
Page(s): 453 - 473
Date of Publication: 21 August 2009

ISSN Information:


1 Introduction

Electronic voting systems are becoming a pivotal element of many modern democracies. National governments and local administrations are continuously looking for ways to streamline the voting process and increase voter participation. The use of computer-based systems to collect and tally votes seems to be a logical and effective choice to accomplish these goals.

Contact IEEE to Subscribe

References

References is not available for this document.