Great report auditing the security features of the Diebold e-voting systems. Summary: what security?
-
despite using relatively ‘smart’ smartcards, they don’t actually get those cards to perform an authentication task; they’re just used as ‘dumb’ memory cards, and there’s no central online database of valid card IDs. Plus, the same write password is used for all smartcards.
So they really might as well have used formatted floppy disks ;) Duplicating cards (a card is a voting opportunity, ‘vote early, vote often’) would be pretty easy, from the sounds of it.
-
amazingly, the software does not record the ‘voter serial number’ that appears on the card, when a voter casts a vote. So again, duplicating the cards is trivial. Bizarre.
-
all that is required to extract the PIN from an administrator card is a smartcard reader; the PIN is immediately sent in the clear as soon as the card is inserted and the terminal-card protocol initiates.
-
for storage on the internal writable media, between voting and the final upload operation, the logs and votes are encrypted using single DES in CBC mode, with a single shared initialization vector. IMO this is not a big deal as far as I can see, as that’s only stored on the hardware; and if someone can read/write to that, they can subvert the WinCE OS anyway.
Then the kicker:
-
the votes are then decrypted before being sent in the clear over a dialup internet connection.
The mind boggles.