Re: Security Concerns Database

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Fri Nov 28 2003 - 10:54:06 CST

|> e. Context for attacks:
|> i. Electronic ballots
|> 1. During local creation/storage

"Alan Dechert" <alan@openvotingconsortium.org> wrote:
|I want to make a special programable chip for harddrive controllers. This
|way, no matter how the vote looks from your voting software, I can change it
|just before it gets written to disk. Can I do that?

Sure, that's an attack worth considering. In fact, these types of
attacks, to my mind, advocate in favor of counties keeping their tested
machines under lock-and-key rather than leasing new (untested) ones each
election.

FWIW, there ARE defenses against this attack. A signature system like
that I proposed, and Clay modified, adds some necessary information to a
stored record that the malicious harddrive controller cannot know. So
the false records are at least identifiable as corrupted (albeit, with a
loss of the actual votes, potentially).

Yours, David...

--
    _/_/_/ THIS MESSAGE WAS BROUGHT TO YOU BY: Postmodern Enterprises _/_/_/
   _/_/    ~~~~~~~~~~~~~~~~~~~~[mertz@gnosis.cx]~~~~~~~~~~~~~~~~~~~~~  _/_/
  _/_/  The opinions expressed here must be those of my employer...   _/_/
 _/_/_/_/_/_/_/_/_/_/ Surely you don't think that *I* believe them!  _/_/
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Sun Nov 30 23:17:11 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2003 - 23:17:13 CST