DARPA Wants to Prove Secure Voting Hardware Is Possible

News
By Nathaniel Mott
published

(Image credit: Rob Crandal/Shutterstock)

The Defense Advanced Research Projects Agency (DARPA) headed out to the Def Con 27 hacking conference to sell attendees on the idea that it can build a truly secure hardware platform, Wired reported, starting with a totally custom voting system that's cost $10 million to develop.

Researchers seem increasingly willing to claim their devices are "unhackable." EyeDisk raised tens of thousands of dollars on Indiegogo and Kickstarter earlier this year for a purportedly unhackable thumb drive. The University of Michigan announced the Morpheus processor architecture, which encrypts and reshuffles its code every 50 milliseconds to confound attackers, with similar claims about its supposedly unbreachable security mechanisms

However, the unbreachable claim is one that's hard to swallow. And that's even before remembering that EyeDisk was revealed to have numerous vulnerabilities after it was successfully crowdfunded.

Yet, a team at DARPA believes that building a bespoke hardware platform that doesn't rely on any traditional products--Wired specifically noted the lack of proprietary components from Intel or AMD--will let it create devices that can't even be undermined by vulnerabilities in their software.

DARPA's currently focused on building an open source voting platform that can safeguard the U.S. election process. Those defenses will become increasingly crucial in future elections--the Senate Intelligence Committee said in July that Russia targeted voting systems in all 50 states during the 2016 presidential election. Others have warned that Russia and other countries have already started to undermine future U.S. elections.

Those reports are even more worrisome in light of repeated warnings from security researchers that current voting systems are vulnerable to many security attacks.

Luckily the security experts who attend Def Con are hot on election security. The hacking conference has an entire Voting Village set up for hackers to examine; that's where DARPA set up its platform. Wired reported that the project is still in its early stages, though, so the voting system the agency brought to the conference is currently running on virtualized reproductions of its hardware.

DARPA reportedly hopes to bring a closer-to-completion version of its platform to the Voting Village at Def Con 28 in 2020. It would almost certainly be too late for the platform to be implemented for the 2020 presidential election at that point, but if the project is still ongoing, it would show that DARPA isn't going to give up on election security too easily. Let's just hope that it manages to be even half as secure as it's meant to be. 

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

12 Comments Comment from the forums
  • Growle
    They can secure the systems all they want, but as long as people still run the process there's always a security risk.

    That being said, you can't run the process without people, and it only takes 1 person to fudge everything up.
    Reply
  • Math Geek
    i don't see any reason to take it online. works fine the way it is. i am a poll worker in VA and keeping everything offline keeps it very secure. complete paper trail as multiple devices keep counts and can quickly be crossed checked. in fact it's done every hour to ensure all the numbers match as far as voters checked in, ballots handed out, ballots cast and actual ballots used!! takes 5 minutes every hour to do.

    we phone in the results at the end of the night after everything has been counted and verified. the results will be on the news within 10 minutes after we phone them in. it really does not need to be any faster than that and can't be tampered with.

    we've seen attempts to tamper out of some states last few elections and the paper trail made it rather easy to identify the attempts and who did it. putting things online, makes it more vulnerable, easier to hide and much harder to figure out what happened later on.

    somehow, the political BS being spread as a losing candidate pretends it was somehow voter fraud, has worked its way into the real world and for whatever reason, some people are actually trying to "secure" something that is already secure. not sure what the end game is, but it almost seems like the idea is to actually make it less secure so lots of doubt and conspiracy theories can be thrown around easier.
    Reply
  • hotaru251
    Even if the system is "perfect" it can be influenced by other nations....bribing is nothing new and many ppl would sell their vote for the right price.
    Reply
  • Math Geek
    which has nothing to do with the voting system itself. if that's the concern, then look at that problem and come up with solutions.

    won't fix that problem messing with the voting booth.
    Reply
  • TJ Hooker
    @Math Geek who said anything about "taking it online"?
    Math Geek said:
    somehow, the political BS being spread as a losing candidate pretends it was somehow voter fraud, has worked its way into the real world and for whatever reason, some people are actually trying to "secure" something that is already secure. not sure what the end game is, but it almost seems like the idea is to actually make it less secure so lots of doubt and conspiracy theories can be thrown around easier.
    This isn't some crazy conspiracy theory. E.g. the bipartisan Senate intelligence committee report states "Russian cyberactors were in a position to delete or change voter data" in an Illinois voter database. They didn't find any evidence that they did so, but the fact they were able to achieve that sort of access is obviously troubling.

    If you want some examples of vulnerabilities in current voting machines, they talk about it in the report starting at page 40.
    https://www.intelligence.senate.gov/sites/default/files/documents/Report_Volume1.pdf
    Reply
  • bit_user
    Math Geek said:
    i don't see any reason to take it online. works fine the way it is. i am a poll worker in VA and keeping everything offline keeps it very secure.
    Voter registration is kept in databases, which can be hacked. The Mueller Report identified several known cases where hackers accessed voter registration databases, and of course there could've been other cases we don't know about.

    So, what can you do with a voter registration database? You can scrape data, to be used in targeted advertising (either convince swing voter to vote for your candidate or convince likely dedicated opposition voters to stay home - Cambridge Analytica's psychometric profiling also helps with this). You can kick someone off the roles, if they have an opposing party affiliation, or perhaps fiddle with their address so their normal voting precinct turns them away.

    Math Geek said:
    somehow, the political BS being spread as a losing candidate pretends it was somehow voter fraud, has worked its way into the real world and for whatever reason, some people are actually trying to "secure" something that is already secure. not sure what the end game is, but it almost seems like the idea is to actually make it less secure so lots of doubt and conspiracy theories can be thrown around easier.
    We have documented evidence, from multiple states, of attempted and possibly successful tampering with the voting system. It must be taken seriously. You don't wait until your PC gets infected with a virus to install an anti-virus program and you don't wait until your country gets invaded to establish a military. How much proof do you need of foreign (or domestic) hacking, before you're willing to accept that election security needs to be improved?

    Paper voting systems require more work to hack, but they're not as inherently secure as you suggest. Ballots can be forged, ballot boxes can be stuffed, and paper ballots can be prematurely destroyed (didn't this just happen in a House election that had to be re-run?). Machines doing the counts can also be tampered with. Even if they're offline, they're probably not invulnerable to a stuxnet-type hack.

    Wouldn't you agree that a voting system which relies on cryptographic techniques to ensure that any tampering with a registration database is detectable and ensures the authenticity of each ballot (while respecting privacy) is a good thing? Your voting system might be good, but it could probably be better. It's surely not immune from malevolent administrators or workers, even if attacks by such individuals aren't trivial feats. The stronger the system, the more faith we can have in it. Isn't that what we all want?
    Reply
  • bit_user
    Math Geek said:
    which has nothing to do with the voting system itself. if that's the concern, then look at that problem and come up with solutions.

    won't fix that problem messing with the voting booth.
    Actually, I'd submit that election security should not depend on faith in the administrators.

    Just like crypto-currencies don't depend on faith in the counter-parties of your transactions, we should use robust voting systems that are resilient to attacks and mistakes by both external entities and insiders.
    Reply
  • Olle P
    Is it technically possible to make a secure voting system?
    Probably.

    Is it advisable to trust a system made by somebody else?
    Not at all!
    Reply
  • jeremyj_83
    As long as they want it on a computer it cannot be totally secure. You can do a lot to mitigate issues from outside influence, but physical access to the machine is still absolute access and all you need is a sleeper agent to mess things up.
    Reply
  • dorsai
    Secure voting isn't the issue...it's what happens after the voting that's the issue. Accurate vote reporting by partisan voter officials and who has access to the hardware and the vote tallies before and after the vote is the issue.

    I trust hardware a lot more than I trust voting "officials" in todays partisan environment where votes disappear, don't get counted, or are declared invalid after someone stuffs them in their car trunk...I'm looking at you Florida
    Reply