Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/1/2019
05:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking

The agency this week will share the source code and hardware specifications for the secure voting system prototypes.

US Defense Advanced Research Projects Agency (DARPA) researchers will set up three new smart electronic ballot-box prototypes at DEF CON's famed Voting Village next week in Las Vegas, but they won't be challenging hackers at the convention to crack them: They'll be helping them do so.

"We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices]," explains Daniel Zimmerman, principal researcher with Galois, a DARPA contractor working on the project. "We're not daring them but actually helping them break this."

DARPA's smart ballot box is the Defense Department agency's prototype, featuring a secure, open source hardware platform that could be used not only in voting platforms, but also in military systems. It's part of a broader DARPA project called System Security Integrated Through Hardware and Firmware (SSITH), which is developing hardware security architectures and tools that are better protected from hardware vulnerabilities exploited in software. DARPA ultimately hopes to build secure chip-level processors that thwart hardware hacks as well as software-borne attacks.

Zimmerman, whose team is developing methods and tools to measure the security of the processors, says the smart ballot box prototypes at DEF CON are a way for DARPA to get a broader evaluation of just how secure the processors really are. "This goes beyond 'yes, it's secure, or no, it's not,'" he explains. The project is aimed at getting as comprehensive a security analysis of the technology as possible, meaning "a wider range of people being able to hammer on these systems to try to find flaws," Zimmerman adds.

The DEF CON demonstrations are the start of a two-year public evaluation of the processors, he says. The team will release the source code and hardware specifications this week. "The source code will be out, the hardware specs will be out there," he says, and by the end of the year, a "low-cost version of [the ballot box prototype] you can buy and hack at home."

The smart ballot box, which is about the size of a two-drawer filing cabinet with a letter-sized printer lid on top, runs on a small embedded RISC 5 processor with a FreeRTOS-based custom software app. There's a separate touch screen where "voters" mark their votes, and a connected printer spits out the ballots. The touch screen and printer aren't part of the hacking experiment: just the ballot box.

The smart ballot box reads the barcoded ballots to determine whether they are valid for the "election." It allows voters to confirm their votes and either cast or ditch (aka "spoil") them. "We're not doing an end-to-end verifiability crypto system this year," notes Zimmerman, but instead, a more visible verification process so participants can see the operation. DARPA instead is employing basic cryptography for the system to accept ballots.

He says hackers at DEF CON could, for example, try to compromise the ballot box to accept duplicate ballots or spoiled ballots. Or they could fool the box into reading a different result than the actual one on the ballot. "We will have a reporting system that takes the output from the ballot box and uses it to compute the election results so they then can be compared with pieces of paper in the ballot box," he says.

But the DARPA smart ballot box is not anything close to a real prototype product or system. It's all about providing an interesting system to hack and find holes. "This was never intended to be a viable product; we're trying to be very clear about that," he says. And each of three ballot boxes will be based on a different SSITH processor that DARPA has built.

Election systems are in the hot seat now, so putting out prototypes for that area is likely to attract more researchers than a less familiar military system might, he notes.

It Took a Village
DEF CON's wildly popular Voting Village first debuted in 2017, a year after the 2016 US presidential election was rocked by Russia's online meddling campaign, raising concerns over how a nation-state or other threat actor could disrupt or tamper with election systems and voting machines. The Voting Village has served as a hands-on workshop, of sorts, for hackers or burgeoning hackers to take a crack at decommissioned voting systems, equipment, and simulated election websites. In the very first year, participants found two zero-day flaws within the first 90 minutes the event began.

There were 30 pieces of voting equipment in the room, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, WinVote, and Diebold Expresspoll 4000 voting machines. In 2018, there was even more voting machine equipment - and successful hacks - as well as a replica database that housed the real, publicly available state of Ohio voter registration roll. One attendee was able to break through two layers of firewalls in front of the server but ultimately couldn't pull the data.

DARPA's open source hardware, not surprisingly, is expected to be the hot feature of the Village this year. While the SSITH processors are unlikely to see the light of day in today's commercial - and mostly proprietary - voting machines and election equipment in the foreseeable future, the project has security experts calling for more open voting system architectures.

"As far as open source hardware, I think it probably has a long way to go before we see it" in elections or other computing environments, notes Zimmerman.

Carsten Schuermann, an election security expert who famously hacked a WinVote voting machine at the very first DEF CON Voting Village, says open source is key to ensuring transparency of voting systems. He says he isn't sold that open source systems necessarily mean better security, but they would provide election and government officials with better insight into how secure the voting and election equipment they buy and use really are.

"I believe voting machine vendors usually are trying to do their best [with security] within the budget they have, and they also do the minimum thing to satisfy the requirements the government gave them," says Schuermann, who is an associate professor at the IT University of Copenhagen.

Like other experts, he worries about public confidence in election systems and their outcomes, especially in the wake of the 2016 US election. If vendors are keeping experts in the dark on their security, it can cause mistrust among the electorate, according to Schuermann.

Microsoft, meantime, has built an open-source election system software development tool called ElectionGuard, which employs vote verification via encryption methods so voters can confirm their votes were counted and election officials can verify results. The vendor demonstrated a prototype voting system last month and already has inked partnerships with voting system vendors such as Smartmatic and Clear Ballot. It also said Dominion Voting Systems is "exploring" using ElectionGuard in its products. 

ElectionGuard is not scheduled or expected to be part of the DEF CON Voting Village as of this posting. The full Voting Village schedule has not yet been released.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

 

 

 

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.