In their
paper on Indian
EVMs, Prasad et al. demonstrate that you can easily pry off the LED
segment display module and replace it with a malicious display.
At a high level, it's important to realize that no computer system
can be made secure if the attacker is able to replace arbitrary
components, since in the limit he can just swap everything out
with lookalike components.
The two basic defenses here to use anti-counterfeiting techniques
and to use cryptography with hardware security modules.
Most of the proposals for fixing this problem (and the
memory overwriting problem) are of the anti-counterfeiting
variety; you seal everything up with tamper-evident seals and
make it very hard to get/make the seals. Then any attacker who
wants to swap components needs to break the seals, which is
in theory obvious. Unfortunately, it's very hard to make
seals that resist a dedicated attacker. In addition, sealing
requires good seal procedures in terms of placing them and
checking them with this many machines in the field it's going
to be quite hard to actually do that in a substantially
better way than we are doing now.
The other main defense is to use cryptography. The idea is
that you embed all your sensitive stuff in a hardware security
module (one per device). That module has an embedded cryptographic
key and is designed so that if anyone tampers with the module
it erases the key. When you want to make sure that a
device is legitimate, you challenge the module to prove it
knows the key. That way, even if an attacker creates a
lookalike module, it can't generate the appropriate proof and
so the substitution doesn't work. Obviously, this means that
anything you need to trust needs to be cryptographically
verified (i.e., signed) as well. Periodically one does see
the suggestion of rearchitecting DRE-style voting machines to
be HSM-based, but this seems like a pretty big change for
India, both in terms of hardware and in terms of procedures for
managing the keying material, verifying the signatures, etc.
However, there is an intermediate approach which would make
a Prasad-style attack substantially harder without anywhere
near as much effort. The idea is that each machine would be
programmed by the Election Commission of India with a unique
cryptographic key. This could be done at the same time as
it was programmed for the election to minimize logistical
hassle. Then at the same time that the vote totals are read
out, the machine also reads out a MAC (checksum) of the results
computed using that key. That MAC is reported along with the
totals and if it doesn't verify, that machine is investigated.
Even though the malicious display
can show anything the attacker wants, the attacker cannot
compute the MAC and therefore can't generate a valid report
of vote totals. The MAC can be quite short, even 4 decimal
digits reduces the chance of successful attack on a machine
to 1/10000.
This approach is significantly less secure than a real HSM, since an
attacker who recovers the key for a given machine can program a
display for that machine. But it means that the window of opportunity
for that attack is much shorter; if the key is reprogrammed
for each election then you need to remount the attack between
programming time and election time, instead of attacking the
machine once and leaving the display in place indefinitely.
It's also worth asking if we could make it harder to recover
the key; if it's just in the machine memory, then it's not going
to be hard to read out using the same technique that Prasad et al.
demonstrate for rewriting vote totals. However, you could
make the key harder to read by, for instance, having two keys,
one of which is burned into the machine at manufacture time in
the unreadable (hard to read) firmware which is already a part
of each machine and another which is
reprogrammed at each election. The MAC would be computed using
both keys. This would require the attacker
to attack both the firmware on the machine (once) and the main
memory (before each election).
Clearly, this isn't an ideal solution but as I said at the beginning
of this series, the idea is to improve things without doing too
much violence to the existing design. Other approaches welcome.