The United States Defence Advanced Research Projects Agency (DARPA) is funding the research and development of a secure open source voting system. The $10 million dollar contract was handed to Oregon-based tech company Galois, which has worked with other government agencies like the Department of Homeland Security and NASA. The project is part of DARPA’s System Security Integrated Through Hardware and Firmware (SSITH), which is developing hardware security architectures and tools that are better protected from hardware vulnerabilities exploited in software. DARPA ultimately hopes to build secure chip-level processors that thwart hardware hacks as well as software-borne attacks.
DARPA will bring a demonstration version of a secure voting ballot box to the DEF CON 2019 Voting Machine Hacking Village (Voting Village) this weekend. Daniel Zimmerman, Galois principle researcher said, “We are providing the source code specifications, tests, and actually even providing participants at DEF CON with an easy way of actually putting their own malicious software into [the devices], we’re not daring them but actually helping them break this.”
The system will use fully open source voting software, instead of the closed, proprietary software currently used in the majority of voting machines, which no one outside of voting machine testing labs can examine. In addition, it will be built on secure open source hardware, made from secure designs and techniques developed over the last year as part of a special program at DARPA. The voting system will also be designed to create fully verifiable and transparent results so that voters don’t have to blindly trust that the machines and election officials delivered correct results.
In a press release, DARPA wrote, “Many of today’s hardware defenses cover very specific instances or vulnerabilities, leaving much open to attack or compromise. Instead of tackling individual instances, SSITH researchers are building defenses that address classes of vulnerabilities. In particular, SSITH is tackling seven vulnerabilities classes identified by the NIST Common Weakness Enumeration Specification (CWE), which span exploitation of permissions and privilege in the system architectures, memory errors, information leakage, and code injection.”
The smart ballot box, which is about the size of “a two-drawer filing cabinet with a letter-sized printer lid on top”, runs on a small embedded RISC 5 processor with a FreeRTOS-based custom software app. There is a separate touch screen where “voters” input their votes, and a connected printer where the ballots come out. The smart ballot box reads the barcoded ballots to determine whether they are valid for the “election.” This allows voters to confirm their votes and either cast or ditch them. “We’re not doing an end-to-end verifiability crypto system this year,” notes Zimmerman, but instead, a more visible verification process so participants can see the operation. DARPA is instead employing basic cryptography for the system to accept ballots.
Dr. Linton Salmon, the program manager leading SSITH, said “Current efforts to provide electronic security largely rely on robust software development and integration, utilizing an endless cycle of developing and deploying patches to the software firewall without addressing the underlying hardware vulnerability. The basic concept around SSITH is to make hardware a more significant participant in cybersecurity, rather than relegating system security only to software. Our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices and beyond.”