UCSB’s Security Group led by professors Kemmerer and Vigna find potentially serious security flaws in the Sequoia electronic voting system

August 1, 2007

The Security Group at UCSB recently completed an analysis of the
Sequoia electronic voting system as part of a “Top-to-Bottom Review”
of the electronic voting systems used in California. The study was
commissioned by California Secretary of State Debra Bowen.

Bowen released key findings of the review on Friday, July 27. The UCSB
review began June 12 and lasted for a little more than four weeks. The
intention was to restore the public’s confidence in the integrity of the
electoral process and to ensure that California voters are being asked to
cast their ballots on machines that are secure, accurate, reliable, and
accessible.

The UCSB Security Group acted as a “Red Team” and performed a series of
security tests of both the hardware and the software that are part of
the Sequoia system to identify possible security problems that could lead
to a compromise. A “compromise” is defined as “tampering or error that
could cause incorrect recording, tabulation, tallying or reporting of
votes or that could alter critical election data such as election definition
or system audit data.”

The team was able to expose a number of serious security issues. They were
able to bypass both the physical and the software security protections of
the Sequoia system, and they demonstrated how these vulnerabilities could
be exploited by a determined attacker to modify (or invalidate) the results
of an election.

The Security Group was lead by Giovanni Vigna and Richard Kemmerer and
included Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger,
William Robertson, and Fredrik Valeur.

In addition to the Sequoia system evaluated by the UCSB team, the
“Top-to-Bottom Review” included electronic voting machines from two
other manufacturers: Diebold Elections Systems and Hart InterCivic.
These three voting systems are used in 43 of the 58 counties in California
by 9 million of the state’s 15.7 million registered voters.

The complete red team report, as well as the reports for the Diebold and
Hart systems, is available online at
http://www.sos.ca.gov/elections/elections_vsr.htm.

Sequoia Voting Systems has issued a response to the UCSB team’s
report.

The UCSB Security Group has issued a rebuttal that comments on
Sequoia’s answer to the report.