EVT/WOTE ’09

Here are the titles and short descriptions of some of the papers presented at the workshop.

E-Voting and Forensics: Prying Open the Black Box
Authors: Matt Bishop, Sean Peisert, Candice Hoke, Mark Graff and David Jefferson

The authors describe the application of a model of forensic logging. They argue that Voter-Verified Paper Audit Trails (VVPATs) “do not provide enough information to be computer forensic audit trails… For example, they do not provide enough information to explain a discrepancy between electronic (computer-produced) and paper ballot vote counts. A forensic audit trail (FAT) requires data.” To address the problem, they develop a model of forensic logging called Laocoön:

The result of using the model is that it can aid in understanding and linking events into steps of a system failure, and helps to place bounds on the conditions that lead to an unusual or unexpected step in a failure.

Some Consequences of Paper Fingerprinting for Elections
Authors: Joseph A. Calandrino, William Clarkson and Edward W. Felten

The authors point out that “individual pieces of paper can be fingerprinted and reidentified,” and characterize the risks and opportunities exhibited by voting systems making use of paper records of individual ballots. They conclude that:

Paper fingerprinting poses both challenges and opportunities for election officials. This paper outlines several threats to ballot secrecy due to recent advances in paper identification and suggests mitigation strategies to counter these threats. While the most obvious consequences of paper identification are negative, it can also help improve election integrity. Fingerprints can enable an efficient post-election audit process and help detect and prevent additional threats to election integrity.

Electing a University President using Open-Audit Voting: Analysis of real-world use of Helios (EVT/WOTE ’09 Best Paper Award)
Authors: Ben Adida, Olivier de Marneffe, Olivier Pereira and Jean-Jacques Quisquater

This paper describes the application of a new version of the Helios web-based open-audit voting system to the election of the President of the Université catholique de Louvain.

Weight, Weight, Don’t Tell Me: Using Scales to Select Ballots for Auditing
Authors: Cynthia Sturton, Eric Rescorla and David Wagner

The authors suggest a method for increasing the efficiency of ballot based audits (where the audit units are single ballots, instead of precincts or machines), which solves the problem of finding the sampled paper ballot in the ballot stack.

On the Security of Election Audits with Low Entropy Randomness
Author: Eric Rescorla

The paper evaluates the security of methods which can be used for selecting audit units. Specifically, the author considers methods which use physical devices to seed randomness tables or random number generators. He concludes that these methods…

…may be susceptible to pre-analysis by attackers who can select audit units to attack which are unlikely to be audited. In such cases, randomized audits may not deliver their intended detection probability and significantly more units must be audited in order to attain the desired detection probability.

Implementing Risk-Limiting Post Election Audits in California
Authors: Joseph Lorenzo Hall, Luke W. Miratrix, Philip B. Stark, Melvin Briones, Elaine Ginnold, Freddie Oakley, Martin Peaden, Gail Pellerin, Tom Stanionis and Tricia Webber

The paper reports the results of pilot risk-limiting audits in elections in three California counties.

There were several other interesting papers and presentations. For instance, two papers discuss the vulnerabilities of the Sequoia AVC Advantage DRE voting machine. One paper shows that these machines are vulnerable to a variety of attacks, including installation of fraudulent firmware (through replacement of ROM chips or “viral propagation through audio-ballot cartridges”) and manipulation of result cartridges . The other paper shows that even though these machines have defenses against code injection, the software can be manipulated through return-oriented-programming, “an exploitation technique that allows an attacker who controls the stack to combine short instruction sequences already present in the system…, from which he can synthesize any desired behavior.”

The full workshop program can be found here.

Inés