Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/1/2019
05:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking

The agency this week will share the source code and hardware specifications for the secure voting system prototypes.

US Defense Advanced Research Projects Agency (DARPA) researchers will set up three new smart electronic ballot-box prototypes at DEF CON's famed Voting Village next week in Las Vegas, but they won't be challenging hackers at the convention to crack them: They'll be helping them do so.

"We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices]," explains Daniel Zimmerman, principal researcher with Galois, a DARPA contractor working on the project. "We're not daring them but actually helping them break this."

DARPA's smart ballot box is the Defense Department agency's prototype, featuring a secure, open source hardware platform that could be used not only in voting platforms, but also in military systems. It's part of a broader DARPA project called System Security Integrated Through Hardware and Firmware (SSITH), which is developing hardware security architectures and tools that are better protected from hardware vulnerabilities exploited in software. DARPA ultimately hopes to build secure chip-level processors that thwart hardware hacks as well as software-borne attacks.

Zimmerman, whose team is developing methods and tools to measure the security of the processors, says the smart ballot box prototypes at DEF CON are a way for DARPA to get a broader evaluation of just how secure the processors really are. "This goes beyond 'yes, it's secure, or no, it's not,'" he explains. The project is aimed at getting as comprehensive a security analysis of the technology as possible, meaning "a wider range of people being able to hammer on these systems to try to find flaws," Zimmerman adds.

The DEF CON demonstrations are the start of a two-year public evaluation of the processors, he says. The team will release the source code and hardware specifications this week. "The source code will be out, the hardware specs will be out there," he says, and by the end of the year, a "low-cost version of [the ballot box prototype] you can buy and hack at home."

The smart ballot box, which is about the size of a two-drawer filing cabinet with a letter-sized printer lid on top, runs on a small embedded RISC 5 processor with a FreeRTOS-based custom software app. There's a separate touch screen where "voters" mark their votes, and a connected printer spits out the ballots. The touch screen and printer aren't part of the hacking experiment: just the ballot box.

The smart ballot box reads the barcoded ballots to determine whether they are valid for the "election." It allows voters to confirm their votes and either cast or ditch (aka "spoil") them. "We're not doing an end-to-end verifiability crypto system this year," notes Zimmerman, but instead, a more visible verification process so participants can see the operation. DARPA instead is employing basic cryptography for the system to accept ballots.

He says hackers at DEF CON could, for example, try to compromise the ballot box to accept duplicate ballots or spoiled ballots. Or they could fool the box into reading a different result than the actual one on the ballot. "We will have a reporting system that takes the output from the ballot box and uses it to compute the election results so they then can be compared with pieces of paper in the ballot box," he says.

But the DARPA smart ballot box is not anything close to a real prototype product or system. It's all about providing an interesting system to hack and find holes. "This was never intended to be a viable product; we're trying to be very clear about that," he says. And each of three ballot boxes will be based on a different SSITH processor that DARPA has built.

Election systems are in the hot seat now, so putting out prototypes for that area is likely to attract more researchers than a less familiar military system might, he notes.

It Took a Village
DEF CON's wildly popular Voting Village first debuted in 2017, a year after the 2016 US presidential election was rocked by Russia's online meddling campaign, raising concerns over how a nation-state or other threat actor could disrupt or tamper with election systems and voting machines. The Voting Village has served as a hands-on workshop, of sorts, for hackers or burgeoning hackers to take a crack at decommissioned voting systems, equipment, and simulated election websites. In the very first year, participants found two zero-day flaws within the first 90 minutes the event began.

There were 30 pieces of voting equipment in the room, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, WinVote, and Diebold Expresspoll 4000 voting machines. In 2018, there was even more voting machine equipment - and successful hacks - as well as a replica database that housed the real, publicly available state of Ohio voter registration roll. One attendee was able to break through two layers of firewalls in front of the server but ultimately couldn't pull the data.

DARPA's open source hardware, not surprisingly, is expected to be the hot feature of the Village this year. While the SSITH processors are unlikely to see the light of day in today's commercial - and mostly proprietary - voting machines and election equipment in the foreseeable future, the project has security experts calling for more open voting system architectures.

"As far as open source hardware, I think it probably has a long way to go before we see it" in elections or other computing environments, notes Zimmerman.

Carsten Schuermann, an election security expert who famously hacked a WinVote voting machine at the very first DEF CON Voting Village, says open source is key to ensuring transparency of voting systems. He says he isn't sold that open source systems necessarily mean better security, but they would provide election and government officials with better insight into how secure the voting and election equipment they buy and use really are.

"I believe voting machine vendors usually are trying to do their best [with security] within the budget they have, and they also do the minimum thing to satisfy the requirements the government gave them," says Schuermann, who is an associate professor at the IT University of Copenhagen.

Like other experts, he worries about public confidence in election systems and their outcomes, especially in the wake of the 2016 US election. If vendors are keeping experts in the dark on their security, it can cause mistrust among the electorate, according to Schuermann.

Microsoft, meantime, has built an open-source election system software development tool called ElectionGuard, which employs vote verification via encryption methods so voters can confirm their votes were counted and election officials can verify results. The vendor demonstrated a prototype voting system last month and already has inked partnerships with voting system vendors such as Smartmatic and Clear Ballot. It also said Dominion Voting Systems is "exploring" using ElectionGuard in its products. 

ElectionGuard is not scheduled or expected to be part of the DEF CON Voting Village as of this posting. The full Voting Village schedule has not yet been released.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

 

 

 

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.