Skip to content
Naked Security Naked Security

DARPA is working on an open source, secure e-voting system

The US Government is working on an electronic voting system that it hopes will prevent people from tinkering with voting machines at the polls.

The US Government is working on an electronic voting system that it hopes will prevent people from tinkering with voting machines at the polls.

Motherboard reports that the Defence Advanced Research Projects Agency (DARPA) is working with Oregon-based verifiable systems company Galois to create a voting system based on open source hardware and software.

There will be two systems, according to the report, neither of which will be offered for sale. Instead, they will serve as reference platforms for other vendors to produce more secure electronic voting machines.

The first system, which DARPA plans to bring to DefCon Voting Village this summer, will use a touch screen for voters to choose their candidates. It will then print out a paper ballot for a voter to check before depositing it into an optical scanning machine that counts the vote. That machine prints a paper receipt with a cryptographic code unique to that voter and their choices.

After all the votes have been counted, the codes will be listed on a website so that each voter can check that their votes were logged correctly.

Independent observers will also be able to count all the votes on the website and check the election results, Motherboard said.

The second system, due at DefCon next year, will scan hand-marked ballots.

Paper ballots have been trumpeted as the best answer to voting machine hacking, and at the Voting Village last year, a group of children were invited to hack the voting machines, proving it’s child play to tamper with election results.

Hardware security

Voting is just one application for the research effort, which focuses on producing secure hardware. Verifying hardware security is a major problem in most computing applications because any insecure hardware could potentially be compromised and used to run rogue software.

Research has highlighted hardware insecurities in voting machines before.

A report from researchers at DefCon last summer highlighted problems in one machine, the Dominion AVC Edge, which enabled an attacker to open its outer casing with a screwdriver and replace its removable storage.

Because the machine’s entire execution environment was on the storage device, the attacker could simply replace it with a new operating system and modified application, the researchers said. There were no security measures, such as secure boot or cryptographic signatures.

Galois will build secure voting software to run on over 20 separate secure CPU designs produced by a range of university teams and another from Lockheed Martin. The CPUs should be able to distinguish between malicious and legitimate behaviour, according to the report.

Transparency is the main difference between this electronic voting machine project and existing commercial ones.

Most voting machines to date have been proprietary systems with jealously guarded code. The hardware and software designs for these systems will be published online for all to see and review.

20 Comments

A pencil is cheaper.

Paper ballots provide a good audit trail (if they’re audited), but who owns the counting machines?

“The people who cast the votes don’t decide an election, the people who count the votes do.” – Joseph Stalin

Counting machines?

In the UK, ballots for parliamentary elections are collected, counted and verified by hand. The process is surprisingly quick, and effective scrutiny is straightforward.

Open peer review is really the only good way to have a verified security model. Without peer review, a single organization’s attempts at security are little more than navel-gazing.

If you can verify your vote after the fact, you can sell your vote, or be coerced to vote a certain way. That is election security 101. Government voting needs to be anonymous. The process and accuracy should be cryptographically verifiable, not the content of specific ballots that can be tied back to a specific voter through an identifier.

It didn’t say the the votes themselves would be available. It said that individuals could confirm their own vote. Irreversible hashes would be one way to accomplish that in a way that doesn’t allow others know your vote.

“After all the votes have been counted, the codes will be listed on a website so that each voter can check that their votes were logged correctly.”

If a voter can go to a web site and verify that their vote was ‘logged correctly’, then that same voter can be paid for their vote or punished if they do not vote ‘appropriately’.

“The US Government is working on…” I had such hope for this topic until I read the first line.

Well, in this context, by “government” we mean “the public service” – the arm of government that includes organisations such as surveys and mapping, space exploration, weather forecasting and much more. We’re not talking about the legislature here.

DARPA has previously given us the internet, albeit not fully formed. The US Navy gave us Tor. NIST arranged for us to get AES. So the track record of the US Government in this area is actually pretty good…

I think Reality is talking about who is paying the bills and who DARPA answers to in the long run and that is the Department of Defense, and the rest Military industrial complex which is run by Corps. NIST signed off on AES, but NIST also held back other encryption protocols that where way better than AES but did not bless it at the time because the CIA / NSA could not crack it or back door it easy. The hole FIPS-140 certification is total BS because of this.

Or we could just use the system Estonia invented using blockchain technology, and skip lining the pockets of defense contractors to have them invent systems that will be full of flaws and security problems for years.

Stunned and glad that progress is being made for more honest elections. And happy they are engaging the 30k+ people power of DefCon. Now if we can just get some candidates that we “really” want to vote for.

The paper ballot receipt is a real good idea . I would like to see the program identify the voter as a U.S. citizen as well. Our Republic will not stand if illegals are subverting and taking benefits from taxpayers. Benefits are for those who are in between jobs, and not as a lifestyle. You’re on the right track with the new technology.

Great idea, but a cryptographic website lookup is a bad idea. It allows a person to prove they cast a vote for a particular candidate, this could be used as confirmation in pay for vote fraud. This is why it’s illegal to take a selfie in a ballot booth in some states.

blockchain has had one in development for some time now.

Give up on cryptography in elections. Anything that cannot be used or understood by every voter will erode trust in the system. People who don’t trust the system won’t vote. That ruins democracy. Crypto is bad for democracy.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?