There is a group armed with a $7.5 million National Science Foundation (NSF) award that is bringing the latest research, insights and innovations from the lab to the voting booth and hopefully make such systems more secure and error free.
A Center for Correct, Usable, Reliable, Auditable and Transparent Elections (ACCURATE) brings together computer experts from across the country and across academic disciplines to find areas that need further research and determine how to apply existing technology and research insights to voting systems. Some of the team's research focuses on system-level issues that affect many aspects of an election, the group said.
The team headed by Avi Rubin, a professor of computer science at Johns Hopkins University, has created several new tools using existing theories and approaches commonly used in computer science to test voting technologies and systems, which state and local elections officials can use to test their election plans and find possible vulnerabilities.
One such tool is the open source AttackDog, a threat modeling system developed by David Dill, a co-primary investigator on the project and a professor at Stanford University. Using algorithms, AttackDog looks at more than 9,000 potential ways a voting system can be attacked, including computer hacking, ballot tampering and voter impersonation. The program contains certain assumptions about each kind of potential attack and countermeasure, and then creates an attack tree, a way of conceptualizing potential faults that is commonly used in computer science and engineering. As new potential attack methods become apparent, the system can be adapted to consider the new threat.
AttackDog works by factoring in all the characteristics of an election system--the number of polling places, the type of voting machine used, the number of poll workers, and so forth. AttackDog will then look at each step in the elections process, from when the ballots are designed to the point that they are counted, and try to find possibilities for an attack at each stage. Planners enter in the details of their countermeasures for each potential vulnerability. AttackDog then takes that new information and tries to find new weaknesses in the election's security precautions, Dill said.
According to Dill, AttackDog is a good example of how the ACCURATE project uses computer science tools and techniques to help local officials improve the security of their elections. "It's using computers to get a grip on problems that are too complex for the mind to understand unaided," Dill says.
Other ACCURATE members from Rice University have designed and implemented a system called "Auditorium" that forms the base of a voting system prototype called "VoteBox." Auditorium is a networked logging and auditing system built from timeline entanglement and broadcast messages. Auditorium allows anybody to audit the events, in the order that they occurred, with strong cryptographic guarantees to protect against tampering with the timeline. Further research on secure logging is considering how such log verification might scale to an entire election in real time.
Further, other ACCURATE members at the University of California, Berkley, are studying methods for building trustworthy audit logs in electronic voting systems. In particular, their goal is to design a mechanism that records the entire user interaction between the voter and the voting machine and allows auditors to replay a "movie" of that interaction after the election. The research challenges are to ensure that this audit log does not compromise ballot secrecy and that it is trustworthy.
Other parts of ACCURATE's research focuses on more specific issues such as identifying the role of cryptology in voting security, designing voter verification systems, relating election policies to new technologies and improving the usability and accessibility of the voting process, the group said.
Layer 8 in a box
Check out these other hot stories: