Re: draft of text for new OVC-sponsored bill

From: Ronald Crane <voting_at_lastland_dot_net>
Date: Tue Jan 20 2009 - 11:23:32 CST
Using a CD-R in multisession mode allows you to replace an existing session with another one. http://www.mscience.com/faq67.html . It is commonly understood that closing the disc, or writing the disc in "disc at once" mode prevents this, but I don't know whether this procedure is airtight. (Do you?) Even if it is airtight if executed properly, the person duplicating the discs could still fake it by pretending to close the discs, but really leaving them open. The upshot is that the duplication process needs careful supervision and auditing.

As for class certification, that's what Alan's bill proposes. Class certification is useless as a security measure; since the "certification authority" doesn't examine any hardware (except to determine whether it's in the class?), an attacker can insert malware into the systems' firmware without fear of detection [1].

-R

[1] Not that the existing "certification authorities" could find such malware.

Richard C. Johnson wrote:
Ron,

The CD-R is write once, and there is no more editing after that.  This is a big difference from CD-RW.  Any reputable system will also have procedures for controlling CD-Rs and other media; substitution is always a possibility (copy the genuine to disk, add to it, copy the altered files again to CD-R).  Encryption can prevent this, but then one loses transparency.

The federal certification process is for specific hardware and any change to either software or hardware voids the certification.  No class designation for (All PCs) is likely in the future, either.  Such diverse uncertified systems may certainly be used to check Open Source voting applications; an error found may indeed exist on all PCs including certified ones.

Regards,

-- Dick Johnson


--- On Mon, 1/19/09, Ronald Crane <voting@lastland.net> wrote:

  
From: Ronald Crane <voting@lastland.net>
Subject: Re: [OVC-discuss] draft of text for new OVC-sponsored bill
To: "Open Voting Consortium discussion list" <ovc-discuss@listman.sonic.net>
Date: Monday, January 19, 2009, 6:09 PM
Jim March wrote:
    
...One of the advantages to this FOSS election system
      
process is that
    
both the source and executable code will be readily
      
reviewable by
    
everyone. This gives us the ability to make sure the
      
code (and final
    
configuration) is good, AND the ability to make sure
      
what's in the
    
field is the same stuff as what was certified - even
      
if that cert
    
process is seriously stripped down from the current
      
norms
Executables aren't really reviewable with current (or
foreseeable) procedures. Assuming the system boots from a
CD-ROM (or is that a CD-RW or CD-R? Do officials know the
difference?), will officials really let individuals stick
the thing in their laptops to compute the hashes? Should
they? After all, a CD-RW or an unclosed CD-R can be
rewritten. (I am not sure whether it's possible to
replace the current session on a closed ("disc at
once") CD-R; it shouldn't be, but who knows?) Also,
some people are really good magicians, and could swap the
official disc with a hacked disc without the officials
noticing.

>From the original bill:
    
(f) The Secretary of State does not need to certify a
      
specific make or model of hardware to be used with the open
source software.  Instead, the system certification will
describe a class of hardware with which the software may be
used.
    
You're betting that attackers won't instrument the
systems' firmware. That's a bad bet. While that can
still happen even with "certified" hardware;
it's easier with a large hardware selection than with a
small one. Also, there's a greater likelihood that
uncertified hardware will contain potentially hazardous
communications devices, and the loaders needed to use them
to cheat.

-R
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby
agree to release the content of your posts to the Public
Domain--with the exception of copyrighted material quoted
according to fair use, including publicly archiving at 
http://gnosis.python-hosting.com/voting-project/
    
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/


  

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Thu Jan 7 00:09:47 2010

This archive was generated by hypermail 2.1.8 : Thu Jan 07 2010 - 00:09:57 CST