checkingthelisttwice · 11 theprocess •...
TRANSCRIPT
![Page 1: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/1.jpg)
1
Checking the List Twice
Joshua Franklin Ma8hew Masterson
Danielle Sellars
State Cer;fica;on Tes;ng of Vo;ng Systems Na;onal Conference
Indianapolis, Indiana June 14-‐15, 2012
![Page 2: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/2.jpg)
2
Overview Introduc;on
Purpose
What, When, and How to Verify?
Team Effort
Relevant Facts
The Plan
The Process
The Results
Examples
Conclusions
Next Steps
![Page 3: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/3.jpg)
3
Purpose
To explain our experiences in verifying the physical, soVware, and set up configura;on for the vo;ng systems in Ohio's 88 coun;es.
![Page 4: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/4.jpg)
4
Why Verify?
• Keep the system safe, secure, and cer;fied. • SoVware is the same during distribu;on, installa;on, setup. [1]
• Supports a chain of custody • “SoVware integrity: ensuring that the soVware programs have not been altered, whether by an error, a malicious user, or a virus.” – Bruce Schneier
![Page 5: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/5.jpg)
5
When to Verify?
There is no single answer: • At ;me of installa;on? • Before the elec;on? • At the polling place? • AVer an elec;on? • AVer canvass? • Part of post-‐elec;on audit?
![Page 6: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/6.jpg)
6
What and How to Verify?
• Check the: – Installa;on media – SoVware already on the machine
• System Iden;fica;on Tools from manufacturer – Validate the hashes of the sta;c soVware files – Provides high level of assurance that the soVware is unchanged
![Page 7: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/7.jpg)
7
Team Effort
• Accomplishing this is a bumpy road • Required federal, state, and local efforts • Danielle Sellars provided the footwork and onsite technical know-‐how
![Page 8: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/8.jpg)
8
![Page 9: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/9.jpg)
9
Relevant Facts
• Since being purchased in 2002 systems have not been validated
• Numerous upgrades to every fielded system has been performed since then
• OH requires newly purchased systems to be EAC cer;fied
![Page 10: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/10.jpg)
10
The Plan
• Start with Premier Assure 1.2 coun;es – All Assure coun;es were mandated to upgrade to Assure 1.2
– EAC cer;fied system
• Don't swallow the en;re elephant – GEMS servers only
• Work with the EAC and vendor to understand what system should look like
![Page 11: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/11.jpg)
11
The Process
• Process the vendor provided verifica;on tools (uneditable pdf) to a useable format (raw text)
• Run SHA1 hash check on GEMS program directory using portable COTS soVware
• Confirm hash values match EAC cer;fica;on through the use of text comparison soVware
• Iden;fy Windows 2003 Server security configura;on (User accounts, Rights, Running Services)
![Page 12: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/12.jpg)
12
The Results
• Hash checks of GEMS servers show no differences across coun;es
• Physical checks of the systems show no differences across coun;es
• The system setup and rights vary greatly from one county to the next – Possibly uncer;fied configura;on – Possibly significantly less secure
![Page 13: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/13.jpg)
13
![Page 14: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/14.jpg)
14
County Data Cer;fied Values (manually extracted from PDF)
![Page 15: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/15.jpg)
15
![Page 16: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/16.jpg)
16
State Conclusions
• Establish the baseline configura;on for each vo;ng system, regardless of vendor
• Baseline includes tabula;on soVware and system configura;on
• Confirm deployed systems match that configura;on
• Work with vendors and jurisdic;on to bring systems into proper configura;on
![Page 17: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/17.jpg)
17
State Conclusions
• Provided valida;on tools did not include mechanism for comparison, nor a simple way to compare only sta;c files.
• Produces addi;onal overhead in confirma;on process.
• Hash codes must be manually transcribed for visual and/or text comparison
• An automa;c u;lity would be preferable: faster and more accurate
![Page 18: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/18.jpg)
18
EAC Conclusions
• The tools were not a form that could readily be used. (e.g., received in pdf file format)
• The state would need to procure a COTS hashing tool to compare against the PDF. – No automa;c comparison. A person would have verify each hash by sight or manually transcribe the values.
• Poor quality hardware pictures requiring special tools and knowledge.
![Page 19: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/19.jpg)
19
EAC Conclusions
• The EAC's program did not require the tools to be checked for func;onality or usability by any par;es.
• Vendors basically submi8ed whatever they wanted under the heading of “System ID Tools".
![Page 20: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/20.jpg)
20
EAC & State Next Steps
• Validate the vo;ng systems • EAC work with state and jurisdic;ons to understand their needs
• Talk with other states to learn their process • Work with vendor to understand differences and cer;fied configura;on
![Page 21: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/21.jpg)
21
References
[1] Report to U.S. Elec;on Assistance Commission, NSRL, 2004. h8p://www.nsrl.nist.gov/Documents/vote/July132004-‐EAC.pdf [2] Ohio SOS, System Verifica;on Documenta;on
![Page 22: CheckingtheListTwice · 11 TheProcess • Process"the"vendor"provided"verificaon"tools" (uneditable"pdf)"to"auseable"format(raw"text)" • Run"SHA1"hash"check"on"GEMS"program"](https://reader033.vdocument.in/reader033/viewer/2022042315/5f042d157e708231d40cb00b/html5/thumbnails/22.jpg)
22
Ques;ons? Joshua Franklin
Ma8hew Masterson Danielle Sellars