1 / 22

Georgia Electronic Voting System

Georgia Electronic Voting System. Testing and Security Voting Systems Testing Summit November 29, 2005. Brit Williams KSU Center for Election Systems. bwilliam@kennesaw.edu http://elections.kennesaw.edu. Georgia Voting System. Global Election Management System (161)

gil
Download Presentation

Georgia Electronic Voting System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005

  2. Brit WilliamsKSU Center for Election Systems bwilliam@kennesaw.edu http://elections.kennesaw.edu

  3. Georgia Voting System • Global Election Management System (161) • AccuVote Ballot Scanners (400+) • AccuVote Voting Stations (26,000+) • Voter Card Encoders (6000+)

  4. November 2002 - Present • First used in general election of 2002 • Used in over 2,000 state, county, and municipal elections • The usual glitches caused by people • Not a single glitch attributable to the voting system

  5. Features and Enhancements • Allows voters to vote quickly and accurately • Provides an easy user interface for elderly and infirm • Provides multiple languages • Allows visually impaired to vote unassisted • Reduces under-votes by a factor of five

  6. Responsible Organizations • Election System Vendor (Diebold) • Qualified Federal Testing Laboratory (ITA) • KSU Center for Election Systems (State) • County Election Offices (Local)

  7. Election System Vendor • Designs and builds the Election System • Submits the Election System to the ITA to verify compliance with Federal Voting System Standards • After obtaining NASED/EAC qualification and receiving approval from the State, installs the System in the counties

  8. QualifiedFederal Testing Laboratory • Reviews the System for compliance with the Federal Voting System Standards • Issues Qualification Report to NASED/EAC on Complete System • Submits the Qualified System to the KSU Center for Election Systems where State Certification is performed

  9. KSU Center for Election Systems • Reviews the System for compliance with State of Georgia Election Code and Rules • Tests the System for the presence of any unauthorized/fraudulent code • Develops a validation (HASH) program used to test the System installed in the counties • Verifies that the System installed by the vendor in the county is identical to the system received from the ITA and certified by the KSU Center for Election Systems.

  10. County Election Offices • Maintains, stores and protects the System • Uses the System in accordance with Georgia law and rules to conduct elections.

  11. Security Threats • Election Fraud • Election/Precinct Disruption • Intentional • Accidental

  12. Layers of System Security • Software • Procedural • Physical

  13. Software Security • User ID’s • Passwords • Audit Trails

  14. Qualification Testing Certification Testing Acceptance Testing System Access Who, What , When, and Why Logic and Accuracy Testing Election Monitoring Election Reconciliation Procedural Security

  15. Physical Security • Servers are always kept in locked offices • No extraneous software installed on servers • No network connectivity • Physical access limited to authorized personnel • Touch screen units secured, locked and sealed when not in use

  16. Protecting System Integrity Three distinct functions must be performed to protect the integrity of the System: • Verify the System at Receipt. • Verify the System at Installation. • Verify the System in Operation.

  17. Function #1 Verify the System at Receipt. Using the System as delivered from the ITA • Set up and conduct sample elections with known outcomes that are representative of Georgia general and primary elections. • Conduct high-volume tests to determine capacity limits of the System. • Conduct tests to determine the System’s ability to recover from various types of errors.

  18. Function #2 Verify the System at Installation. Ensure that the System installed in the Counties is identical to the System received from the ITA and certified by the State. • Prepare a validation program that will detect any changes to the System installed in the Counties. • Run the validation program against the System installed in the County (after vendor installation). • Provide the County with a copy of the validation program.

  19. Function #3 Verify the System in Operation. Ensure that the System is performing properly, that all precinct ballots are correct and that the System has not been modified in any way. • Logic and Accuracy Tests are performed prior to each election. • Performance of all System components is verified. • Specific ballot information for each memory card in each precinct is verified. • Touch screen units are set for election, locked, and sealed. • Validation program is run after any suspicious event.

  20. Overview of Security Relationships Election System Vendor Qualified Federal Testing Laboratory Trusted Organizations Function#1 Counties Function #3 KSU Center for Election Systems Function#2

  21. Validation Program (Hash) • Based on NIST standards contained in FIPS 180-2, established in August 2002. • Run ‘hash’ on the System certified by the KSU Center for Election Systems. This creates File 1. • Run ‘hash-cmp’ to compare File 1 with a new ‘hash’ on the System in the County. • They must be identical.

  22. Hash Program Details • Based on NIST certified SHA-1 contained in FIPS 180-2, August 2002. • Computes: 32 bit CRC 128 bit MD 5 Hash 160 bit SHA-1 Hash The probability that this hash would not detect a program modification is estimated to be 1 in 1,000,000,000

More Related