Security analysis of India's electronic voting machines

Scott Wolchok, Eric Wustrow, J. Alex Halderman, Hari K. Prasad, Arun Kankipati, Sai Krishna Sakhamuri, Vasavya Yagati, Rop Gonggrijp

Research output: Chapter in Book/Report/Conference proceedingConference contribution

  • 27 Citations

Abstract

Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized following widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security in light of relevant election procedures. We conclude that in spite of the machines' simplicity and minimal software trusted computing base, they are vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study carries important lessons for Indian elections and for electronic voting security more generally. Copyright 2010 ACM.

Original languageEnglish (US)
Title of host publicationCCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security
Pages1-14
Number of pages14
DOIs
StatePublished - 2010
Event17th ACM Conference on Computer and Communications Security, CCS'10 - Chicago, IL, United States

Other

Other17th ACM Conference on Computer and Communications Security, CCS'10
CountryUnited States
CityChicago, IL
Period10/4/1010/8/10

Fingerprint

Voting machines
Machine design
Hardware
Industry
Trusted computing

Keywords

  • Design
  • Human factor
  • Security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Wolchok, S., Wustrow, E., Halderman, J. A., Prasad, H. K., Kankipati, A., Sakhamuri, S. K., ... Gonggrijp, R. (2010). Security analysis of India's electronic voting machines. In CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security (pp. 1-14). DOI: 10.1145/1866307.1866309

Security analysis of India's electronic voting machines. / Wolchok, Scott; Wustrow, Eric; Halderman, J. Alex; Prasad, Hari K.; Kankipati, Arun; Sakhamuri, Sai Krishna; Yagati, Vasavya; Gonggrijp, Rop.

CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security. 2010. p. 1-14.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wolchok, S, Wustrow, E, Halderman, JA, Prasad, HK, Kankipati, A, Sakhamuri, SK, Yagati, V & Gonggrijp, R 2010, Security analysis of India's electronic voting machines. in CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security. pp. 1-14, 17th ACM Conference on Computer and Communications Security, CCS'10, Chicago, IL, United States, 4-8 October. DOI: 10.1145/1866307.1866309
Wolchok S, Wustrow E, Halderman JA, Prasad HK, Kankipati A, Sakhamuri SK et al. Security analysis of India's electronic voting machines. In CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security. 2010. p. 1-14. Available from, DOI: 10.1145/1866307.1866309

Wolchok, Scott; Wustrow, Eric; Halderman, J. Alex; Prasad, Hari K.; Kankipati, Arun; Sakhamuri, Sai Krishna; Yagati, Vasavya; Gonggrijp, Rop / Security analysis of India's electronic voting machines.

CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security. 2010. p. 1-14.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

@inbook{0582d7c61cb847579e4ee31b4f325c16,
title = "Security analysis of India's electronic voting machines",
abstract = "Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized following widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security in light of relevant election procedures. We conclude that in spite of the machines' simplicity and minimal software trusted computing base, they are vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study carries important lessons for Indian elections and for electronic voting security more generally. Copyright 2010 ACM.",
keywords = "Design, Human factor, Security",
author = "Scott Wolchok and Eric Wustrow and Halderman, {J. Alex} and Prasad, {Hari K.} and Arun Kankipati and Sakhamuri, {Sai Krishna} and Vasavya Yagati and Rop Gonggrijp",
year = "2010",
doi = "10.1145/1866307.1866309",
isbn = "9781450302449",
pages = "1--14",
booktitle = "CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security",

}

TY - CHAP

T1 - Security analysis of India's electronic voting machines

AU - Wolchok,Scott

AU - Wustrow,Eric

AU - Halderman,J. Alex

AU - Prasad,Hari K.

AU - Kankipati,Arun

AU - Sakhamuri,Sai Krishna

AU - Yagati,Vasavya

AU - Gonggrijp,Rop

PY - 2010

Y1 - 2010

N2 - Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized following widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security in light of relevant election procedures. We conclude that in spite of the machines' simplicity and minimal software trusted computing base, they are vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study carries important lessons for Indian elections and for electronic voting security more generally. Copyright 2010 ACM.

AB - Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized following widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security in light of relevant election procedures. We conclude that in spite of the machines' simplicity and minimal software trusted computing base, they are vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study carries important lessons for Indian elections and for electronic voting security more generally. Copyright 2010 ACM.

KW - Design

KW - Human factor

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=78649988287&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78649988287&partnerID=8YFLogxK

U2 - 10.1145/1866307.1866309

DO - 10.1145/1866307.1866309

M3 - Conference contribution

SN - 9781450302449

SP - 1

EP - 14

BT - CCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security

ER -