As India votes in the biggest elections in the world, here is a simplified summary of a research paper published in 2010, written by a set of researchers from University of Michihan and NetIndia Pvt Ltd Hyderabad. Hari Prasad, one of the lead authors was charged with possession of a stolen EVM and jailed for his role in the research conducted with a stolen EVM.
The experiments conducted by the authors go on to prove different types of attacks possible on the EVM (Electronic Voting Machine), including pre and post voting.
Before voting: The control unit displays the candidates’ vote totals. A part was replaced. They show how a substitute malicious part could output different election results. This component can be programmed to steal a desired percentage of the votes in favor of a chosen candidate, so that it does not become obvious that the election was compromised. It is similar to good old capturing of booths and then casting a few votes for others while casting most for the desired candidate.
After voting: A small clip-on device was added to manipulate the memory inside the machine. Votes stored in the EVM between the election and the public counting session can be changed by using a specially made small device. The EVM has so called ‘read-only’ memory used only for storage of votes. However, the researchers were able to read and write memory from an external interface. The researchers developed a small clip with a chip on the top to read votes inside the memory and manipulate the data by swapping the vote from one candidate to another.
For those who have read this far, here are specific attacks successfully conducted on the EVM:
Dishonest Display Attack: The researchers designed and developed a lookalike display unit, and switched it in an EVM. This display can be manipulated remotely via an android app they developed. The display unit was cheap to manufacture and took minutes to replace.
Clip-on Memory Manipulator Attack: This attack can steal votes and violate ballot secrecy. However it involves physical tampering with the EVM and attaching a small device. Such tampering is difficult but can be achieved with the help of some malicious insider. Once a small device is clipped on, the EVM can be remotely controlled to change the vote counts and to steal the actual votes stored in it.
Scalability: Like many other computer science problems, stealing an election is a problem of availability. In the National elections in one constituency typically close to one million voters can cast the votes. The voting happens in very small units called booths with a few thousand voters in each. To make any significant difference in the result, thousands of booths need to be compromised. Such skiled attackers and sophisticated equipment cannot be mobilized without raising suspicion. The Election Commission of India has come up with similar argument to completely disregard the merit of the research.
SecurityDen view: The attacks are serious and the paper has a lot of merit. Instead of throwing some charges and arresting the researcher, the government should have encouraged design criticism and attack demonstrations to ensure credibility of the elections. Western countries have gone back to the paper ballot due to these security vulnerabilities. However these attacks involve physical tampering with the EVMs. Given that thousands of EVMs are lying in government warehouses for years when not in use, such attacks are possible but hard to scale.
Reference: Security Analysis of India’s Electronic Voting Machines
Recent Comments