Dear all,
[apologies if you receive multiple posting]

Please mark your calendar.
Date: 12/04/2009

Time: 12:00 - 1:30 PM (Pizza will be served)

Venue: Engineering Building, Room 4201

Speaker: Micah Sherr,  University of Pennsylvania

Topic: Security Vulnerabilities in US Voting Machine Systems: A Summary of
Two Large-scale Academic Studies of Electronic Voting Systems

Host: Angelos Starvrou



Ensuring reliable elections and increasing the public's trust in the
election process are perhaps the two most important responsibilities
of our federal, state, and local governments.  In most jurisdictions
in the United States, elections are managed, configured, and conducted
using closed-source and proprietary electronic voting machine software
and equipment.  Proponents of electronic voting systems argue that
these systems are faster, more reliable, more accessible, and more
secure than existing voting technologies.  This talk discusses the
security properties of electronic voting machines, and in particular,
highlights numerous discovered vulnerabilities that call into question
whether our trust in electronic voting systems is warranted.

In particular, this talk presents the findings from two
government-commissioned academic studies of electronic voting machine
equipment: the California Top-to-Bottom Review, the first academic
review of voting systems in which investigators had access to the
systems' source code and developer documentation, and the Ohio EVEREST
report, a study of the security and reliability properties of the
remaining major voting machine systems that were not included in the
California review.  In both instances, we found numerous exploitable
vulnerabilities in nearly every reviewed system and component.  These
security flaws enable an attacker to alter or forge precinct results,
install corrupt firmware on touchscreen and optical voting hardware,
forge paper audit trail entries, and erase electronic log records.  In
addition to enumerating discovered security flaws, this talk also
highlights some of the architectural weaknesses of deployed electronic
voting systems, and discusses potential mitigation strategies.

Micah Sherr is a postdoctoral researcher at the University of
Pennsylvania.  His academic interests include privacy-preserving
technologies, electronic voting security, wiretap systems, and network
intrusion detection.  He received his PhD in computer and information
science from the University of Pennsylvania.