Tag Archives | Obscurity

Security of Indian Electronic Voting Machines

The security and integrity of electronic voting machines (EVMs) have been a point of debate for a long time. Various studies conducted in relation to EVM used in elections within the USA have shown time and time again that they are susceptible to both software as well as hardware based attacks. However, EVMs used in Indian elections have not been subjected to similar rigorous scrutiny, even though they have been used nationwide since 2004. Neither has the details of the inner working of the EVM been made public. Security and privacy have been cited as the main reason for this (pdf).

The Commission has not allowed reverse-engineering of the ECI-EVMs, inter-alia, for the reasons that manufacturers of ECI-EVMs, BEL & ECIL, have a patent on the machines and have objected to any attempt at reverse-engineering.

(…)

The Commission is concerned that commercial interests could use the route of reverse engineering which may compromise the security and sanctity of the entire election system. It is, therefore, not possible for the Commission to permit reverse-engineering of ECI-EVMs.

The two expert panel that have been tasked by the EC to verify the security of the EVM have had to do the job relying on presentations materials given by the vendors to the panel. In fact, experts for the EC have equated any questioning of the security of the EVMs to attack on the commission’s own impartiality and integrity [1] and have been quoted to have drawn parallelism between proving the security of the EVM and “asking Sita to prove her virginity [sic.] by having Agni Pariksha”!

All that until now. A team of researchers, led by Hari K. Prasad, Dr. J. Alex Halderman and Rop Gonggrijp have written a paper in which they describe two hardware based attacks they have been able to perform on an actual EVM given to them by an unnamed source. To quote from the site’s Q&A section:

First, we show how dishonest election insiders or other criminals could alter election results by replacing parts of the machines with malicious look-alike parts. Such attacks could be accomplished without the involvement of any local poll officials. Second, we show how attackers could use portable hardware devices to change the vote records stored in the machines. This attack could be carried out by local election officials without being detected by the national authorities or the EVM manufacturers.

The fact that these attacks were not even as a result of extracting and analysing the software (read the paper to know why) from the chip should alarm people.

This raises serious questions about the integrity of elections held in India. While it is unlikely that such attacks have already been conducted, it means that they are possible and now that it has been shown possible, there is likelihood of them being attempted by parties aiming to subvert the election process. The unhealthy attitude of the EC-associated experts of equating questions raised about the security of the EVM to attack on their impartiality and integrity nor that of the EC who has not insisted on the release of the software powering the machine, at least under a Non Disclosure Agreement, to competent security experts does not help either. Any company that does not open up the code and the inner working to such an expert group should not be allowed to provide machines to voting. Security through obscurity has been shown to not work – again and again and again.

A rigorous analysis of the security of both the hardware and the software used by the machines that enpower adult suffrage in the world’s largest democracy is an absolute necessity.

[1] Page 98 of  Democracy at Risk! (Book on Indian EVMs published by Citizens for Verifiability, Transparency & Accountability in Elections), New Delhi, 2010, by G. V. L. N. Rao.

Comments { 4 }