Election Security

1
Election Security

• Kennesaw State University
• Center for Election Systems
• GEOA Conference
• Jekyll Island, Georgia
• June 4, 2008

2
Georgia Voting System

• - Global Election Management System (170)
• AccuVote Ballot Scanners (600)
• AccuVote Voting Stations (R6 and TSx) (26,000)
• Voter Card Encoders (10,647)
• PCMCIA (Memory) Cards (43,000)
• Voter Access Cards (125,000)
• Supervisor Cards (8000)
• ExpressPoll Electronic Poll Books (6400)
• Compact Flash Cards (7500)

3
Organizations Assuring System Integrity

• Election System Vendor
• Qualified Federal Testing Laboratory (VSTL)
• KSU Center for Election Systems
• County Election Officials

4
Overview of Security Relationships
Election System Vendor
Qualified Federal Testing Laboratory
Trusted Organizations
Function 1
Counties
KSU Center for Election Systems
Function 3
Function 2
5
Election System Vendor

• Designs and builds the Election System
• Submits the Election System to the EAC VSTL to
  verify compliance with EAC Voting System
  Standards (2002 or 2005)
• Complies with State Certification test criteria
• After completing Federal and State testing and
  receiving approval, installs (sells) the System
  in the counties

6
Qualified Federal Testing Laboratory

• Reviews the System for compliance with the EAC
  Voluntary Voting System Guideline Standards
• Issues Certification Report on Complete System
• Submits the Certified System to the KSU Center
  for Election Systems where State Certification
  tests are performed

7
KSU Center for Election Systems

• Reviews the System for compliance with State of
  Georgia Election Code and Rules
• Tests the System for the presence of any
  unauthorized/fraudulent code
• Develops a validation program used to test the
  System installed in the counties
• Verifies that the System installed by the vendor
  in the county is identical to the system received
  from the VSTL and certified by the KSU Center for
  Election Systems.

8
County Election Official

• Maintains, stores and protects the System
• Uses the System in accordance with Georgia law
  and rules to conduct elections.

9
Layers of System Security

• Software
• Procedural
• Physical

10
Software Security

• User IDs
• Do not maintain a list of server userIDs and
  logins on a computer as a file (or on a bulletin
  board!)
• Audit Trails
• Encryption (transmission)
• Security Settings (keys)

11
Software Security

• Passwords
• Change appropriately and enforce variety
• PCMagazine says these are the most commonly used
  passwords
• password your first name
• 123456 blink182
• qwerty password1
• abc123 myspace1
• letmein monkey

12
Software Security

• No software, other than state approved to be
  installed on the GEMS server.

13
Software Security

Hashing a well-defined process that turns the
contents of a file into an arithmetic value. The
SHA-1 Hash value for GEMS 1.18.22G C497BCBD16FC6C
951F82012A68EA6B06FAEDBAD3 -
http//www.nsrl.nist.gov/voting/20080403/NSRLFile.
txt The GEMS-Verify CD that is used by KSU, does
a hash-compare on the hashed value of the GEMS
file and 200 other files on GEMS. We also
perform a hash compare on the 1.94w firmware on
the optical scan units.
14
Procedural Security

• Federal Certification Testing
• State Certification Testing
• Acceptance Testing
• Logic and Accuracy Testing

• System Access
• Who, What , When, and Why
• Access logs room and server
• Election Monitoring
• Election Reconciliation

15
Physical Security

• Servers are always kept in locked offices
• No network connectivity
• Physical access limited to authorized personnel
• Touch screen units secured, locked and sealed
  when not in use
• ExpressPolls locked and secure when not in use

16
Physical Security

• Media kept secure
• CDs, CF Cards, Memory Cards

17
Physical Security

• Rules of the Secretary of State, 183-1-12-.02
• The room in which the GEMS server is located
  shall be locked at all times when the server is
  not directly under the supervision of the
  election superintendent or the election
  superintendent's designee.
• Lock and key access to the room where the GEMS
  server is located shall be limited toessential,
  identifiable individuals.

18
Physical Security

• Rules of the Secretary of State, 183-1-12-.02
• The election superintendent shall maintain on
  file at all times in the office of the election
  superintendent a complete and up-to-date list of
  all maintenance personnel with access to the room
  in which the GEMS server is located.
• Emergency personnel shall have access to the room
  in which the GEMS server is located only as
  necessary in the event of an emergency and only
  for the duration of such emergency condition.

19
Protecting System Integrity
Three distinct functions must be performed to
protect the integrity of the System

• Verify the System upon Delivery.
• Verify the System at Installation.
• Verify the System in Operation.

20
Overview of Security Relationships
Election System Vendor
Qualified Federal Testing Laboratory
Trusted Organizations
Function 1
Counties
KSU Center for Election Systems
Function 3
Function 2
21
Function 1
Verify the System upon Delivery. Using the
System as delivered from the VSTL

• Set up and conduct sample elections with known
  outcomes that are representative of Georgia
  general and primary elections.
• Conduct high-volume tests to determine capacity
  limits of the System.
• Conduct tests to determine the Systems ability
  to recover from various types of errors.

22
Function 2
Verify the System at Installation. Ensure that
the System installed in the Counties is
identical to the System received from the VSTL
and certified by the State.

• Prepare a validation program that will detect any
  changes to the System installed in the counties.
• Run the validation program against the System
  installed in each county (after vendor
  installation).

23
Function 3
Verify the System in Operation. Ensure that
the System is performing properly, that all
precinct ballots are correct and that the
System has not been modified in any way.

• Logic and Accuracy Tests are performed prior to
  each election.
• Performance of all System components is verified.
• Specific ballot information for each memory card
  in each precinct is verified.
• Touch screen units are set for election, locked,
  and sealed.
• Validation program is run after any suspicious
  event.

24
Election Security

Self test - Security
25
Election Security

• Self test
• Have you established an internal culture of
  security and its supporting infrastructure,
  including a formal written plan?

26
Election Security

• Self test
• Have you established an internal culture of
  security and its supporting infrastructure,
  including a formal written plan?
• Do you believe all employees understand the
  importance of keeping information and equipment
  secure?

27
Election Security

• Self test
• Have you established an internal culture of
  security and its supporting infrastructure,
  including a formal written plan?
• Do you believe all employees understand the
  importance of keeping information and equipment
  secure?
• Do you regularly review your information and
  equipment security policies and practices?

28
Election Security

• Self test
• Have you established an internal culture of
  security and its supporting infrastructure,
  including a formal written plan?
• Do you believe all employees understand the
  importance of keeping information and equipment
  secure?
• Do you regularly review your information and
  equipment security policies and practices?
• Does your county maintain an adequate budget for
  security tools and training?

29
Election Security

• Self test
• Have you established an internal culture of
  security and its supporting infrastructure,
  including a formal written plan?
• Do you believe all employees understand the
  importance of keeping information and equipment
  secure?
• Do you regularly review your information and
  equipment security policies and practices?
• Does your county maintain an adequate budget for
  security tools and training?
• 5. Have you created and tested a data recovery
  plan in case of a natural disaster?

30
Election Security

• Self test (continued)
• Have you developed documentation and training
  materials to educate appropriate staff on the
  importance of security and their responsibilities
  related to it?

31
Election Security

• Self test (continued)
• Have you developed documentation and training
  materials to educate appropriate staff on the
  importance of security and their responsibilities
  related to it?
• Do you perform background checks as necessary
  before hiring employees who would handle election
  information and equipment?

32
Election Security

• Self test (continued)
• Have you developed documentation and training
  materials to educate appropriate staff on the
  importance of security and their responsibilities
  related to it?
• Do you perform background checks as necessary
  before hiring employees who would handle election
  information and equipment?
• 8. Do you routinely audit your security
  practices or systems (including when changes to
  the practices or systems are made)? Do you revise
  your practices as necessary?

33
Election Security

• Self test (continued)
• Have you developed documentation and training
  materials to educate appropriate staff on the
  importance of security and their responsibilities
  related to it?
• Do you perform background checks as necessary
  before hiring employees who would handle election
  information and equipment?
• 8. Do you routinely audit your security
  practices or systems (including when changes to
  the practices or systems are made)? Do you revise
  your practices as necessary?
• 9. Do you routinely monitor employee access to
  and use of the GEMS server and other voting
  equipment?

34
Election Security

Self test (continued) 10. Upon termination of
employees, do you ensure that appropriate
processes are reviewed and changed?
35
Election Security

Self test (continued) 10. Upon termination of
employees, do you ensure that appropriate
processes are reviewed and changed? 11. Do you
pay attention to security "alerts" released the
voting system vendor Product Advisory Notice
(PAN).
36
Election Security

Self test (continued) 10. Upon termination of
employees, do you ensure that appropriate
processes are reviewed and changed? 11. Do you
pay attention to security "alerts" released the
voting system vendor - PANs? 12. Do you change
passwords routinely and use passwords with
multiple numbers and symbols? Adapted
from http//www.the-dma.org/guidelines/information
security.shtml
37
Election Security

Self test (continued) 10. Upon termination of
employees, do you ensure that appropriate
processes are reviewed and changed? 11. Do you
pay attention to security "alerts" released the
voting system vendor - PANs? 12. Do you change
passwords routinely and use passwords with
multiple numbers and symbols? 13. Do you compile
and review audit logs for equipment rooms and the
GEMS server? Adapted from
http//www.the-dma.org/guidelines/informationsecur
ity.shtml
38

• http//elections.kennesaw.edu
• Merle S. King
• mking_at_kennesaw.edu

39