Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/1/2019
05:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking

The agency this week will share the source code and hardware specifications for the secure voting system prototypes.

US Defense Advanced Research Projects Agency (DARPA) researchers will set up three new smart electronic ballot-box prototypes at DEF CON's famed Voting Village next week in Las Vegas, but they won't be challenging hackers at the convention to crack them: They'll be helping them do so.

"We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices]," explains Daniel Zimmerman, principal researcher with Galois, a DARPA contractor working on the project. "We're not daring them but actually helping them break this."

DARPA's smart ballot box is the Defense Department agency's prototype, featuring a secure, open source hardware platform that could be used not only in voting platforms, but also in military systems. It's part of a broader DARPA project called System Security Integrated Through Hardware and Firmware (SSITH), which is developing hardware security architectures and tools that are better protected from hardware vulnerabilities exploited in software. DARPA ultimately hopes to build secure chip-level processors that thwart hardware hacks as well as software-borne attacks.

Zimmerman, whose team is developing methods and tools to measure the security of the processors, says the smart ballot box prototypes at DEF CON are a way for DARPA to get a broader evaluation of just how secure the processors really are. "This goes beyond 'yes, it's secure, or no, it's not,'" he explains. The project is aimed at getting as comprehensive a security analysis of the technology as possible, meaning "a wider range of people being able to hammer on these systems to try to find flaws," Zimmerman adds.

The DEF CON demonstrations are the start of a two-year public evaluation of the processors, he says. The team will release the source code and hardware specifications this week. "The source code will be out, the hardware specs will be out there," he says, and by the end of the year, a "low-cost version of [the ballot box prototype] you can buy and hack at home."

The smart ballot box, which is about the size of a two-drawer filing cabinet with a letter-sized printer lid on top, runs on a small embedded RISC 5 processor with a FreeRTOS-based custom software app. There's a separate touch screen where "voters" mark their votes, and a connected printer spits out the ballots. The touch screen and printer aren't part of the hacking experiment: just the ballot box.

The smart ballot box reads the barcoded ballots to determine whether they are valid for the "election." It allows voters to confirm their votes and either cast or ditch (aka "spoil") them. "We're not doing an end-to-end verifiability crypto system this year," notes Zimmerman, but instead, a more visible verification process so participants can see the operation. DARPA instead is employing basic cryptography for the system to accept ballots.

He says hackers at DEF CON could, for example, try to compromise the ballot box to accept duplicate ballots or spoiled ballots. Or they could fool the box into reading a different result than the actual one on the ballot. "We will have a reporting system that takes the output from the ballot box and uses it to compute the election results so they then can be compared with pieces of paper in the ballot box," he says.

But the DARPA smart ballot box is not anything close to a real prototype product or system. It's all about providing an interesting system to hack and find holes. "This was never intended to be a viable product; we're trying to be very clear about that," he says. And each of three ballot boxes will be based on a different SSITH processor that DARPA has built.

Election systems are in the hot seat now, so putting out prototypes for that area is likely to attract more researchers than a less familiar military system might, he notes.

It Took a Village
DEF CON's wildly popular Voting Village first debuted in 2017, a year after the 2016 US presidential election was rocked by Russia's online meddling campaign, raising concerns over how a nation-state or other threat actor could disrupt or tamper with election systems and voting machines. The Voting Village has served as a hands-on workshop, of sorts, for hackers or burgeoning hackers to take a crack at decommissioned voting systems, equipment, and simulated election websites. In the very first year, participants found two zero-day flaws within the first 90 minutes the event began.

There were 30 pieces of voting equipment in the room, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, WinVote, and Diebold Expresspoll 4000 voting machines. In 2018, there was even more voting machine equipment - and successful hacks - as well as a replica database that housed the real, publicly available state of Ohio voter registration roll. One attendee was able to break through two layers of firewalls in front of the server but ultimately couldn't pull the data.

DARPA's open source hardware, not surprisingly, is expected to be the hot feature of the Village this year. While the SSITH processors are unlikely to see the light of day in today's commercial - and mostly proprietary - voting machines and election equipment in the foreseeable future, the project has security experts calling for more open voting system architectures.

"As far as open source hardware, I think it probably has a long way to go before we see it" in elections or other computing environments, notes Zimmerman.

Carsten Schuermann, an election security expert who famously hacked a WinVote voting machine at the very first DEF CON Voting Village, says open source is key to ensuring transparency of voting systems. He says he isn't sold that open source systems necessarily mean better security, but they would provide election and government officials with better insight into how secure the voting and election equipment they buy and use really are.

"I believe voting machine vendors usually are trying to do their best [with security] within the budget they have, and they also do the minimum thing to satisfy the requirements the government gave them," says Schuermann, who is an associate professor at the IT University of Copenhagen.

Like other experts, he worries about public confidence in election systems and their outcomes, especially in the wake of the 2016 US election. If vendors are keeping experts in the dark on their security, it can cause mistrust among the electorate, according to Schuermann.

Microsoft, meantime, has built an open-source election system software development tool called ElectionGuard, which employs vote verification via encryption methods so voters can confirm their votes were counted and election officials can verify results. The vendor demonstrated a prototype voting system last month and already has inked partnerships with voting system vendors such as Smartmatic and Clear Ballot. It also said Dominion Voting Systems is "exploring" using ElectionGuard in its products. 

ElectionGuard is not scheduled or expected to be part of the DEF CON Voting Village as of this posting. The full Voting Village schedule has not yet been released.

Related Content:

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

 

 

 

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17513
PUBLISHED: 2019-10-18
An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur.
CVE-2019-8216
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8217
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-8218
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVE-2019-8219
PUBLISHED: 2019-10-17
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .