Security Problems in India's Electronic Voting System

India uses paperless electronic voting machines (EVMs) nationwide. These machines use a simple embedded system architecture that is considerably different from the complex voting machines typically used in the U.S. and Europe, where almost all prior research has focused. Despite suspicions of fraud, Indian authorities have never permitted a serious, independent review of the machines' security.

Hyderabad-based engineer Hari Prasad spent a year trying to convince election officials to complete such a review, but they insisted that the government-made machines were “perfect,” "infallible," and “tamperproof.” Then, in February of this year, an anonymous source offered him access to one of the machines to study. He assembled an international research team, including J. Alex Halderman from the University of Michigan and Rop Gonggrijp from the Netherlands. Together, they discovered that, far from being tamper-proof, the machines suffer from serious weaknesses that could be exploited to alter national election results.

Months of hot debate about these findings have produced a growing consensus that India’s electronic voting machines should be scrapped. There have also been more disturbing developments: Prasad was arrested and jailed in August by authorities demanding to know the identity of the anonymous source. He has since been released on bail, and he is visiting the U.S. to accept the Electronic Frontier Foundation's Pioneer Award for his work.

In this talk, Prasad and Halderman will describe the design and motivations behind India's electronic voting system, the technical problems their study demonstrated, the political circumstances behind Prasad's arrest, and the implications of the machines' security weaknesses for voting technology in India and beyond. They'll also discuss some of the formidable practical challenges that India and many other democracies face in conducting elections. Designing voting systems that provide transparency and security under these constraints presents many open problems.
Hari Krishna Prasad Vemuru is a security researcher in India who was recently named as a recipient of the Electronic Frontier Foundation’s 2010 Pioneer Award for his work revealing security flaws in India’s paperless electronic voting machines. He has endured jail time, repeated interrogations, and ongoing political harassment to protect an anonymous source that enabled him to conduct the first independent security review of India’s electronic voting system.

J. Alex Halderman is an assistant professor of electrical engineering and computer science at the University of Michigan, where his research spans computer security and tech-centric public policy. He is best known for his work developing the "cold boot attack" against encryption systems, for exposing the Sony DRM rootkit, and for demonstrating the first (known) voting machine virus. Recently, Halderman and his students participated in a public trial of an Internet voting system fielded by the city of Washington, D.C.; within 36 hours, they were able to take control of the servers and change every vote.

http://www.youtube.com/watch?v=ZlCOj1dElDY

Paper:
Security Analysis of India's Electronic Voting Machines.
By Scott Wolchok, Eric Wustrow, J. Alex Halderman, Hari K. Prasad, Arun Kankipati, Sai Krishna Sakhamuri, Vasavya Yagati, and Rop Gonggrijp.
In ACM CCS, October 2010. http://www.indiaevm.org/paper.html