Hack-a-Vote: Security Issues with Electronic Voting Systems

We initially developed Hack-a-Vote, a simplified direct-recording electronic (DRE) voting system, to demonstrate how easy it might be to insert a Trojan horse into a voting system. This provides a superb platform as a course project to demonstrate that electronic voting software is not immune from security concerns. In this excercise, we use Hack-a-Vote in an associated course project, in which student teams implemented their own Trojan horses, then search the source code for their classmates’ malicious code. The Hack-a-Vote project reveals the potential damage individuals can cause with electronic voting systems, the feasibility of finding system weaknesses (deliberate or otherwise), and some solutions to mitigate the damage.

Goals / Objectives

Give students a “safe” place to work with software in a malicious fashion. Students learn how to think in the way an attacker might and then learn how difficult it can be to audit source code for the purposes of identifying cleverly hidden software flaws.

Prerequisites and Materials

Students are assumed to be fluent in the Java programming language. Source code is provided for the voting machine prototype. We use a class Subversion archive to distribute the software to student groups and then to redistribute work, from phase 1, to other student groups as part of phase 2.

Lesson/Project Description and Procedures

To some extent, this assignment doesn’t require any teaching in advance. It’s best for students to exercise their unfettered creativity at attacking the system. Fairly tight deadlines can be used. Two or three weeks for phase 1 and one or two weeks for phase 2 are sufficient.

Assessment/Evaluation

Students are asked to document their hacks as well as to document what they found by studying other students’ code. This creates an opportunity for students to read feedback from their peers. Otherwise, due to the creative nature of the assignment, there is no easy way to assign numeric grades to students. Much like creative writing, grading must emphasize the creative nature of the students’ designs. Quality is more important than quantity.

Other Resources

Hack-a-Vote and our course assignment are freely available online (assignment, source code).