Are Your Votes Really Counted? Evaluating the Security of Real-world Electronic Voting Systems

Event Date: 

Thursday, October 23, 2008 - 12:00pm

Giovanni Vigna

Electronic voting systems play a critical role in today's democratic societies, as they are responsible for recording and counting the citizens' votes. Unfortunately, there is an alarming number of reports describing the malfunctioning of these systems, suggesting that their quality is not up to the task. Recently, there has been a focus on the security evaluation of voting systems to determine if they can be compromised in order to control the results of an election. We have participated in two large-scale projects, sponsored by the Secretaries of State of California and Ohio, whose respective goals were to perform the security testing of the electronic voting systems used in those two states. The testing process identified major flaws in all the systems analyzed, and resulted in substantial changes in the voting procedures of both states. In this talk we describe how voting systems work, what their vulnerabilities are, and what can be done to achieve a more secure voting process.

Giovanni Vigna is an Associate Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include web security, malware analysis, and vulnerability assessment. He has led a team of evaluators in California's Top-To-Bottom-Review of voting systems and in Ohio's EVEREST project. Finally, he is known for organizing and running an inter-university Capture The Flag hacking context that every year involves dozens of institutions around the world.