Hacker News new | ask | show | jobs
by seanwilson 3515 days ago
Is there any way you can prevent hacks like this that require physical access? I guess cryptographically signing the updates, adding tamper proof seals and requiring multiple people to approve updates would help. The general mantra however is that once a hacker has physical access to your machine all bets are off.

Also, what happens if there's a random hardware/software glitch where incrementing one vote actually increments 10 votes? Is this checked for? How much reliance is there on the software and hardware being error free?
1 comments
Shank 3515 days ago
We definitely have seals, but for technical solutions, look at how Apple secures their devices. Signed firmware updates, public key crypto, and a well thought chain of trust solve these issues.

The problem is that the actual poll creation is done on a per county basis. I don't know how you would do this in such a way that every random county an precinct in America could have signing keys, firmware updates, etc., just sitting around ready to roll to build elections with.

link
seanwilson 3515 days ago
> The problem is that the actual poll creation is done on a per county basis. I don't know how you would do this in such a way that every random county an precinct in America could have signing keys, firmware updates, etc., just sitting around ready to roll to build elections with.

You mean creating and distributing the keys would be problematic if every county had their own keys? Are there any practical solutions to this?

Couldn't you only have a few keys that are used for many counties and updates should be verified and signed by multiple people? Each county could still verify the contents of the update was correct (e.g. correct names on the ballot).

link
erichurkman 3515 days ago
The software/firmware would have its own signing keys. Counties would not have access to it. Counties could only load their specific voting profiles, which would be published similar to certificate transparency logs. The voting machines could display a signature of the ballot data in structured format for public auditing, that way each voter could check the signature (QR code, short generated phrase, etc) against a public record (newspaper, website, fliers printed in advance, etc).
link
empath75 3515 days ago
The real problem is that the people buying and making these systems don't really care about security, either out of incompetence or malice.
link
TACIXAT 3515 days ago
Sign the firmware and include that data as a configuration file.
link