Hopkins professor discusses electronic voting
Hopkins's own Aviel Rubin, a professor in the computer science department, is very active in the area of electronic voting. He is best known for his analysis in 2003 of the weaknesses in the software on Diebold electronic voting machines and the first successful "hack" of the iPhone in 2007 by Independent Security Evaluators, a consulting firm which Rubin co-founded and currently serves as the president for.
Rubin, the technical director of the Information Security Institute, came to Hopkins in 2003 after working in the AT&T Labs' Security Research Department.
This week, he took time off from his work with the upcoming election to discuss electronic voting with the News-Letter (N-L).
N-L: Your analysis of Diebold's electronic voting systems has been widely cited and has served to question the security of these systems. What were some of the major faults you found with its systems?
AR: What we looked at in my lab was the source code for the software on the voting machine.
The process was to simply look at the code and see how well the code was written, seeing how it implemented security. We found that they didn't use very good software engineering methodology.
We were able to easily change ballot definition file, which means we could change a vote. We found the admin pin for smart card to cancel votes was 1111. Wherever they used cryptography or encryption, they used it incorrectly. There were also some other more technical issues with their systems.
N-L: What are some of the practical consequences of these software problems?
AR: First, poorly written code affects even the simple operation of the machine. The machines are more likely to have bugs or simply crash on Election Day. There is also the possibility that poorly written code could result in intentionally changed votes.
Secondly, the problems we found with the admin pin meant that it would be easy to tamper with the machine. Anyone who gained access to a smart card along with a weak pin would be able to enter the machine, change votes and overall, tamper with the election.
Rubin, the technical director of the Information Security Institute, came to Hopkins in 2003 after working in the AT&T Labs' Security Research Department.
This week, he took time off from his work with the upcoming election to discuss electronic voting with the News-Letter (N-L).
N-L: Your analysis of Diebold's electronic voting systems has been widely cited and has served to question the security of these systems. What were some of the major faults you found with its systems?
AR: What we looked at in my lab was the source code for the software on the voting machine.
The process was to simply look at the code and see how well the code was written, seeing how it implemented security. We found that they didn't use very good software engineering methodology.
We were able to easily change ballot definition file, which means we could change a vote. We found the admin pin for smart card to cancel votes was 1111. Wherever they used cryptography or encryption, they used it incorrectly. There were also some other more technical issues with their systems.
N-L: What are some of the practical consequences of these software problems?
AR: First, poorly written code affects even the simple operation of the machine. The machines are more likely to have bugs or simply crash on Election Day. There is also the possibility that poorly written code could result in intentionally changed votes.
Secondly, the problems we found with the admin pin meant that it would be easy to tamper with the machine. Anyone who gained access to a smart card along with a weak pin would be able to enter the machine, change votes and overall, tamper with the election.
Be the first to comment on this story