[ISN] Bad Protocol - Freedom to Tinker
isn at c4i.org
Thu Oct 14 04:52:42 EDT 2004
Edward W. Felten
October 13, 2004
Dan Wallach from Rice University was here on Monday and gave a talk on
e-voting. One of the examples in his talk was interesting enough that
I thought I would share it with you, both as an introductory example
of how security analysts think, and as an illustration of how badly
Diebold botched the design of their voting system.
One of the problems in voting system design is making sure that each
voter who signs in is allowed to vote only once. In the Diebold
AccuVote-TS system, this is done using smartcards. (Smartcards are the
size and shape of credit cards, but they have tiny computers inside.)
After signing in, a voter would be given a smartcard -- the "voter
card" -- that had been activated by a poll worker. The voter would
slide the voter card into a voting machine. The voting machine would
let the voter cast one vote, and would then cause the voter card to
deactivate itself so that the voter couldn't vote again. The voter
would return the deactivated voter card after leaving the voting
This sounds like a decent plan, but Diebold botched the design of the
protocol that the voting terminal used to talk to the voter card. The
protocol involved a series of six messages, as follows:
terminal to card: "My password is [8 byte value]"
card to terminal: "Okay"
terminal to card: "Are you a valid card?"
card to terminal: "Yes."
terminal to card: "Please deactivate yourself."
card to terminal: "Okay."
Can you spot the problem here? (Hint: anybody can make their own
smartcard that sends whatever messages they like.)
As most of you probably noticed -- and Diebold's engineers apparently
did not -- the smartcard doesn't actually do anything surprising in
this protocol. Anybody can make a smartcard that sends the three
messages "Okay; Yes; Okay" and use it to cast an extra vote.
(Do-it-yourself smartcard kits cost less than $50.)
Indeed, anybody can make a smartcard that sends the three-message
sequence "Okay; Yes; Okay" over and over, and can thereby vote as many
times as desired, at least until a poll worker asks why the voter is
spending so long in the booth.
One problem with the Diebold protocol is that rather than asking the
card to prove that it is valid, the terminal simply asks the card
whether it is valid, and accepts whatever answer the card gives. If a
man calls you on the phone and says he is me, you can't just ask him
"Are you really Ed Felten?" and accept the answer at face value. But
that's the equivalent of what Diebold is doing here.
This system was apparently used in a real election in Georgia in 2002.
More information about the ISN