SlideShare a Scribd company logo

Lunar Security Threat Analysis

Download as PPT, PDF
zaffar abbasi
zaffar abbasi

This document discusses threat analysis and strategies for securing voting systems. It outlines potential threats like attacks on voters, candidates, or polling infrastructure. Different means of representing threats are examined, like attack trees that break down goals and methods of attackers. Challenges in threat analysis include the variety of possible attacks and dimensions to predict. The document also considers "unthinkable" attack scenarios and recommends strategies such as using independent expert teams and red team exercises to test systems and procedures. The conclusion is that threat trees can help identify flaws but unforeseen circumstances remain a challenge.

News & PoliticsTechnology
1 of 17
Threat Analysis Lunar Security Services
Overview • • • • • Definitions Representation Challenges “The Unthinkable” Strategies & Recommendations 2
Background • What is threat analysis? – Potential Attacks/Threats/Risks – Analysis – Countermeasures – Future Preparations • NIST’s “Introduction to Threat Analysis Workshop”, October 2005 3
Stakes • People – – – – – – – – Voters Candidates Poll Workers Political Groups Developers Board of Elections Attackers More... • Voting: A System of... – – – – – – – – IT American Politics Duty Trust Inclusion Safety Process Precedence...if it works 4
Means of Representation General tactic: – Identify possible attackers – Identify goals of attacker – Enumerate possible ways to achieve goals – Locate key system vulnerabilities – Create resolution plan 5
Attack Tree • Bruce Sheneier, Dr. Dobb’s Journal, 1999: – Used to “model threats against computer systems” Simple Example Cost propagation Multiple Costs • Continual breaking down of goals and means to achieve them 6
Attack Tree Evaluation • Creation – Refining over time – Realistic costs • Advantages – Identifies key security issues – Documenting plans of attack and likelihood – Knowing the system • Disadvantages – Amount of documentation – Can only ameliorate foreseen circumstances – Difficult to prioritize/quantize factors Shortened version of an Attack Tree for the interception of a message send with a PGP header. 7
Other Means of Representation • Threat Catalog – Doug Jones – Attacks -> vulnerabilities -> analysis of defense – Challenges • • • • Organization Technology Identity Scale of Attack • Fault Tree Analysis – Ensures product performance from software – Attempts to avoid single-point, catastrophic failures 8
Challenges • Vulnerabilities – System – Process • • • • Variety of possible attacks New Field: Systems Engineering Attack Detection Attack Resolution -> too many dimensions to predict all possibilities, but we’ll try to name a few… 9
“The Unthinkable”, Part 1 1. 2. 3. 4. 5. Chain Voting Votes On A Roll The Disoriented Optical Scanner When A Number 2 Pencil Is Not Enough ...we found these poll workers where? 10
“The Unthinkable”, Part 2 6. This DRE “fell off the delivery truck”... 7. The Disoriented Touch Screen 8. The Confusing Ballot (Florida 2000 Election) 9. Third Party “Whoopsies” 10. X-ray vision through walls of precinct 11
“The Unthinkable”, Part 3 11. “Oops” code 12. Do secure wireless connections exist? 13. I’d rather not have your help, thanks... 14. Trojan Horse 15. Replaceable firmware on Optical Scanners Natalie Podrazik – natalie2@umbc.edu 12
“The Unthinkable”, Part 4 16. Unfinished vote = free vote for somebody else 17. “I think I know what they meant by...” 18. Group Conspiracy: “These machines are broken.” 19. “That’s weird. It’s a typo.” 20. Denial of Service Attack Natalie Podrazik – natalie2@umbc.edu 13
My Ideas... • Write-in bomb threat, terrorist attack, backdoor code • Swapping of candidate boxes (developers) at last minute on touch-DRE; voters don’t know the difference • Children in the voting booth Natalie Podrazik – natalie2@umbc.edu 14
Strategies & Recommendations • Create Fault Trees to counter Attack Tree goals using the components set forth in Brennan Study • Tamper Tape • Use of “independent expert security team” – Inspection – Assessment – Full Access • Use of “Red Team Exercises” on: – Hardware design – Hardware/Firmware configuration – Software Design – Software Configuration – Voting Procedures (not hardware or software, but people and process) 15
Conclusions • Attack Trees – Identify agents, scenarios, resources, system-wide flaws • Challenges: dimensions in system analysis • Unforeseen circumstances • Independent Team of Experts, but how expert can they be? 16
Works Cited 1. 2. 3. 4. 5. 6. 7. All 20 “The Unthinkable” scenarios available at: http://www.vote.nist.gov/threats/papers.htm Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online: http://www.goldbrickgallery.com/bestof2004_2.html Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/Jonesthreattalk.pdf Mell, Peter. “Handling IT System Threat Information” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/mellthreat.pdf “Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic Voting Systems”: http://www.brennancenter.org/programs/downloads/voting_systems_final_recomm endations.pdf: Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/wackthreat.pdf Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_tree 17

Recommended

Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 

Recommended

Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Huntingn|u - The Open Security Community
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0Dr. C.V. Suresh Babu
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Cyber threat intelligence
Cyber threat intelligenceCyber threat intelligence
Cyber threat intelligenceMondher Smii
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 

More Related Content

What's hot

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessmentprimeteacher32
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkSqrrl
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standardsprimeteacher32
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Cyber threat intelligence
Cyber threat intelligenceCyber threat intelligence
Cyber threat intelligenceMondher Smii
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 

What's hot (20)

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Vulnerability Assessment
Vulnerability AssessmentVulnerability Assessment
Vulnerability Assessment
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0
 
Planning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management ProgramPlanning and Deploying an Effective Vulnerability Management Program
Planning and Deploying an Effective Vulnerability Management Program
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Cyber threat intelligence
Cyber threat intelligenceCyber threat intelligence
Cyber threat intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 

Similar to Lunar Security Threat Analysis

2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Temporal Defenses for Robust Recommendations
Temporal Defenses for Robust RecommendationsTemporal Defenses for Robust Recommendations
Temporal Defenses for Robust RecommendationsNeal Lathia
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security BreachAlienVault
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...APNIC
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Secure 360 adversary simulation
Secure 360 adversary simulationSecure 360 adversary simulation
Secure 360 adversary simulationChris Hernandez
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
 
OTC Data Mining Anomaly Detection Methods
OTC Data Mining Anomaly Detection MethodsOTC Data Mining Anomaly Detection Methods
OTC Data Mining Anomaly Detection MethodsTECHdotMN
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
The Art and Science of Analyzing Software Data
The Art and Science of Analyzing Software DataThe Art and Science of Analyzing Software Data
The Art and Science of Analyzing Software DataCS, NcState
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Threat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsThreat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsAdam Shostack
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known IncidentEndgameInc
 

Similar to Lunar Security Threat Analysis (20)

2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Temporal Defenses for Robust Recommendations
Temporal Defenses for Robust RecommendationsTemporal Defenses for Robust Recommendations
Temporal Defenses for Robust Recommendations
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security Breach
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecu...
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingHow to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
 
Secure 360 adversary simulation
Secure 360 adversary simulationSecure 360 adversary simulation
Secure 360 adversary simulation
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
 
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)
 
OTC Data Mining Anomaly Detection Methods
OTC Data Mining Anomaly Detection MethodsOTC Data Mining Anomaly Detection Methods
OTC Data Mining Anomaly Detection Methods
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
The Art and Science of Analyzing Software Data
The Art and Science of Analyzing Software DataThe Art and Science of Analyzing Software Data
The Art and Science of Analyzing Software Data
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - Public
 
Day 1-1-intro-sw-vuls
Day 1-1-intro-sw-vulsDay 1-1-intro-sw-vuls
Day 1-1-intro-sw-vuls
 
Threat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsThreat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star Wars
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known Incident
 

More from zaffar abbasi

Travel security protocols
Travel security protocolsTravel security protocols
Travel security protocolszaffar abbasi
 
Part6 disaster-management-risk-mitigation
Part6 disaster-management-risk-mitigationPart6 disaster-management-risk-mitigation
Part6 disaster-management-risk-mitigationzaffar abbasi
 
Part5 disaster-management-risk-mitigation
Part5 disaster-management-risk-mitigationPart5 disaster-management-risk-mitigation
Part5 disaster-management-risk-mitigationzaffar abbasi
 
Part4 disaster-management-risk-mitigation
Part4 disaster-management-risk-mitigationPart4 disaster-management-risk-mitigation
Part4 disaster-management-risk-mitigationzaffar abbasi
 
Part3 disaster-management-risk-mitigation
Part3 disaster-management-risk-mitigationPart3 disaster-management-risk-mitigation
Part3 disaster-management-risk-mitigationzaffar abbasi
 
Part2 disaster-management-risk-mitigation
Part2 disaster-management-risk-mitigationPart2 disaster-management-risk-mitigation
Part2 disaster-management-risk-mitigationzaffar abbasi
 
Part1 disaster-management-risk-mitigation
Part1 disaster-management-risk-mitigationPart1 disaster-management-risk-mitigation
Part1 disaster-management-risk-mitigationzaffar abbasi
 
Hotel safety & security
Hotel safety & securityHotel safety & security
Hotel safety & securityzaffar abbasi
 
Anti terrorism brief_
Anti terrorism brief_Anti terrorism brief_
Anti terrorism brief_zaffar abbasi
 
Hazard mitigation plan
Hazard mitigation planHazard mitigation plan
Hazard mitigation planzaffar abbasi
 
Emergency response to_terrorism
Emergency response to_terrorismEmergency response to_terrorism
Emergency response to_terrorismzaffar abbasi
 
Convoy leader-training-handbook
Convoy leader-training-handbookConvoy leader-training-handbook
Convoy leader-training-handbookzaffar abbasi
 
Business continuity plan
Business continuity planBusiness continuity plan
Business continuity planzaffar abbasi
 
Armed robbery prevention
Armed robbery preventionArmed robbery prevention
Armed robbery preventionzaffar abbasi
 
Hotels restaurants security
Hotels restaurants securityHotels restaurants security
Hotels restaurants securityzaffar abbasi
 
pursuit of contentment
pursuit of contentmentpursuit of contentment
pursuit of contentmentzaffar abbasi
 

More from zaffar abbasi (20)

army
armyarmy
army
 
chief
chiefchief
chief
 
Travel security protocols
Travel security protocolsTravel security protocols
Travel security protocols
 
Part6 disaster-management-risk-mitigation
Part6 disaster-management-risk-mitigationPart6 disaster-management-risk-mitigation
Part6 disaster-management-risk-mitigation
 
Part5 disaster-management-risk-mitigation
Part5 disaster-management-risk-mitigationPart5 disaster-management-risk-mitigation
Part5 disaster-management-risk-mitigation
 
Part4 disaster-management-risk-mitigation
Part4 disaster-management-risk-mitigationPart4 disaster-management-risk-mitigation
Part4 disaster-management-risk-mitigation
 
Part3 disaster-management-risk-mitigation
Part3 disaster-management-risk-mitigationPart3 disaster-management-risk-mitigation
Part3 disaster-management-risk-mitigation
 
Part2 disaster-management-risk-mitigation
Part2 disaster-management-risk-mitigationPart2 disaster-management-risk-mitigation
Part2 disaster-management-risk-mitigation
 
Part1 disaster-management-risk-mitigation
Part1 disaster-management-risk-mitigationPart1 disaster-management-risk-mitigation
Part1 disaster-management-risk-mitigation
 
Hotel safety & security
Hotel safety & securityHotel safety & security
Hotel safety & security
 
Anti terrorism brief_
Anti terrorism brief_Anti terrorism brief_
Anti terrorism brief_
 
Hazard mitigation plan
Hazard mitigation planHazard mitigation plan
Hazard mitigation plan
 
Emergency response to_terrorism
Emergency response to_terrorismEmergency response to_terrorism
Emergency response to_terrorism
 
Convoy leader-training-handbook
Convoy leader-training-handbookConvoy leader-training-handbook
Convoy leader-training-handbook
 
Business continuity plan
Business continuity planBusiness continuity plan
Business continuity plan
 
Zafar security cv
Zafar security cvZafar security cv
Zafar security cv
 
Bomb threat sop
Bomb threat sopBomb threat sop
Bomb threat sop
 
Armed robbery prevention
Armed robbery preventionArmed robbery prevention
Armed robbery prevention
 
Hotels restaurants security
Hotels restaurants securityHotels restaurants security
Hotels restaurants security
 
pursuit of contentment
pursuit of contentmentpursuit of contentment
pursuit of contentment
 

Recently uploaded

Geostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.pptGeostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.pptUsmanKaran
 
57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdfGerald Furnkranz
 
Foreign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptxForeign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptxunark75
 
Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.NaveedKhaskheli1
 
Rohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for JusticeRohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for JusticeAbdulGhani778830
 
Political-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptxPolitical-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptxSasikiranMarri
 
15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdf15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdf16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
IndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global NewsIndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global NewsIndiaWest2
 

Recently uploaded (9)

Geostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.pptGeostrategic significance of South Asian countries.ppt
Geostrategic significance of South Asian countries.ppt
 
57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf
 
Foreign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptxForeign Relation of Pakistan with Neighboring Countries.pptx
Foreign Relation of Pakistan with Neighboring Countries.pptx
 
Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.
 
Rohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for JusticeRohan Jaitley: Central Gov't Standing Counsel for Justice
Rohan Jaitley: Central Gov't Standing Counsel for Justice
 
Political-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptxPolitical-Ideologies-and-The-Movements.pptx
Political-Ideologies-and-The-Movements.pptx
 
15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdf15042024_First India Newspaper Jaipur.pdf
15042024_First India Newspaper Jaipur.pdf
 
16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdf16042024_First India Newspaper Jaipur.pdf
16042024_First India Newspaper Jaipur.pdf
 
IndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global NewsIndiaWest: Your Trusted Source for Today's Global News
IndiaWest: Your Trusted Source for Today's Global News
 

Lunar Security Threat Analysis

  • 3. Background • What is threat analysis? – Potential Attacks/Threats/Risks – Analysis – Countermeasures – Future Preparations • NIST’s “Introduction to Threat Analysis Workshop”, October 2005 3
  • 4. Stakes • People – – – – – – – – Voters Candidates Poll Workers Political Groups Developers Board of Elections Attackers More... • Voting: A System of... – – – – – – – – IT American Politics Duty Trust Inclusion Safety Process Precedence...if it works 4
  • 5. Means of Representation General tactic: – Identify possible attackers – Identify goals of attacker – Enumerate possible ways to achieve goals – Locate key system vulnerabilities – Create resolution plan 5
  • 6. Attack Tree • Bruce Sheneier, Dr. Dobb’s Journal, 1999: – Used to “model threats against computer systems” Simple Example Cost propagation Multiple Costs • Continual breaking down of goals and means to achieve them 6
  • 7. Attack Tree Evaluation • Creation – Refining over time – Realistic costs • Advantages – Identifies key security issues – Documenting plans of attack and likelihood – Knowing the system • Disadvantages – Amount of documentation – Can only ameliorate foreseen circumstances – Difficult to prioritize/quantize factors Shortened version of an Attack Tree for the interception of a message send with a PGP header. 7
  • 8. Other Means of Representation • Threat Catalog – Doug Jones – Attacks -> vulnerabilities -> analysis of defense – Challenges • • • • Organization Technology Identity Scale of Attack • Fault Tree Analysis – Ensures product performance from software – Attempts to avoid single-point, catastrophic failures 8
  • 9. Challenges • Vulnerabilities – System – Process • • • • Variety of possible attacks New Field: Systems Engineering Attack Detection Attack Resolution -> too many dimensions to predict all possibilities, but we’ll try to name a few… 9
  • 10. “The Unthinkable”, Part 1 1. 2. 3. 4. 5. Chain Voting Votes On A Roll The Disoriented Optical Scanner When A Number 2 Pencil Is Not Enough ...we found these poll workers where? 10
  • 11. “The Unthinkable”, Part 2 6. This DRE “fell off the delivery truck”... 7. The Disoriented Touch Screen 8. The Confusing Ballot (Florida 2000 Election) 9. Third Party “Whoopsies” 10. X-ray vision through walls of precinct 11
  • 12. “The Unthinkable”, Part 3 11. “Oops” code 12. Do secure wireless connections exist? 13. I’d rather not have your help, thanks... 14. Trojan Horse 15. Replaceable firmware on Optical Scanners Natalie Podrazik – natalie2@umbc.edu 12
  • 13. “The Unthinkable”, Part 4 16. Unfinished vote = free vote for somebody else 17. “I think I know what they meant by...” 18. Group Conspiracy: “These machines are broken.” 19. “That’s weird. It’s a typo.” 20. Denial of Service Attack Natalie Podrazik – natalie2@umbc.edu 13
  • 14. My Ideas... • Write-in bomb threat, terrorist attack, backdoor code • Swapping of candidate boxes (developers) at last minute on touch-DRE; voters don’t know the difference • Children in the voting booth Natalie Podrazik – natalie2@umbc.edu 14
  • 15. Strategies & Recommendations • Create Fault Trees to counter Attack Tree goals using the components set forth in Brennan Study • Tamper Tape • Use of “independent expert security team” – Inspection – Assessment – Full Access • Use of “Red Team Exercises” on: – Hardware design – Hardware/Firmware configuration – Software Design – Software Configuration – Voting Procedures (not hardware or software, but people and process) 15
  • 16. Conclusions • Attack Trees – Identify agents, scenarios, resources, system-wide flaws • Challenges: dimensions in system analysis • Unforeseen circumstances • Independent Team of Experts, but how expert can they be? 16
  • 17. Works Cited 1. 2. 3. 4. 5. 6. 7. All 20 “The Unthinkable” scenarios available at: http://www.vote.nist.gov/threats/papers.htm Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online: http://www.goldbrickgallery.com/bestof2004_2.html Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/Jonesthreattalk.pdf Mell, Peter. “Handling IT System Threat Information” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/mellthreat.pdf “Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic Voting Systems”: http://www.brennancenter.org/programs/downloads/voting_systems_final_recomm endations.pdf: Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides, from the NIST Threats to Voting Workshop, 7 October 2005. Online: http://www.vote.nist.gov/threats/wackthreat.pdf Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_tree 17

Editor's Notes

  1. What is a Threat Analysis? - list everything you can think of to threaten integrity and/or accuracy of the voting experience - analysis: is it plausible? Is it difficult? What damages could occur? Repercussions to follow? - countermeasures: what preparations need to be put into place? Plan of action associated with realistic threat? - future preparations: what can we do in future elections to avoid such problems? NIST (NATIONAL INSTITUTE of STANDARDS And TECHNOLOGY): “to allow the US election community to participate in developing an analysis of threats to voting systems - solicit and gather threat analysis and material - gather critical analysis of collected threats, plausibility of certain scenarios - outline common assumptions made - advocate a direction to take in risk management/threat resolution
  2. A system of: IT: new technologies must be stable, reliable, correct... Politics: results must be accurate or chaos would consume the government Duty: the government must provide a system in which every citizen can vote—it’s their right Trust: citizens must trust the system that the government provides or they won’t use it Inclusion: all citizens, no matter who they are, must have the opportunity to vote...introduces many dimensions of interfaces and processes for voting, as well as new holes in security Safety: a citizen must not be at risk to vote. Collusion, gangs, threats, terrorism, bioterrorism, bomb threats, financial loss... Process: strict, regimented process must be in place. Precedence: if such a wide scale system could work, it would raise the bar for many such systems worldwide
  3. Identifying attackers: who they are, citizens of this country, on purpose or by accident, what resources they have... Identifying goals: what they can gain
  4. Steps to creating an AttackTree: Identify possible attack goals, each are a separate tree Refine tree over time with more perspectives and background research Fill in node values: costs, likelihood, resources available, setting of voting day… Make security decisions to decide which factor(s) are most important, weigh options Create approach: Is the system’s goal under attack? Is the system extremely vulnerable to a certain type of attack? Like password guessing…? Can new group assumptions Advantages: Key security issues: 1024 bit encryption or 2048? Turns out that’s not the issue—Attack tree describes more realistic and feasible attack than decrypting the passwords Documentation for historical, legal purposes, easier to train employees for a worst case scenario type thing Knowing the vulnerabilities of a system inside and out provides a great knowledge of the system as a whole, all of its components, all of its agents, etc Disadvantages: Swimming in documentation for every part of the system from start to finish Can only react to attacks they can think of...not the unpredictable How to put a number or cost on one factor over the other? The fact that one attack plan involves weapons of mass destruction has a higher overall cost to the election results and population as a whole, but may have a likelihood lower than a Trojan Horse imbedded by the developers. PICTURE: PGP = pretty good privacy. What if a message had a PGP header? Major branches listed are: Decrypt the message itself Determine symmetric key used to encrypt the message by other means Get recipient to (help) decrypt message (RSA = public key algorithm)
  5. Doug Jones’ “Threat Catalog”: attempts to document a list of all threats/attacks - for each attack, identify vulnerabilities exploited - for each vulnerability, identify the defenses in place - if (all attacks are !blocked by some defense), ADD DEFENSES - the Threat Catalog uses both a Vulnerability Catalog and Defense Catalog
  6. 20% of computer vulnerabilities are local - means not over the internet. Interconnecting components: USER INFO: Registration database in a centralized location -> individual state -> polling precinct location -> poll worker VOTE: User -> interface of DRE -> back end of DRE -> physical component connecting DRE to server/tally counter -> tally counter server TALLYING: server -> interface of tally counting software -> person who users software Each is a different user/agent, very hard to predict PROCESS VULNERABILITIES: Registration Polling place access (intimidation, violence) Voter manipulation (repeat voting) Ballot manipulation prior to tabulation Threats to the tabulation process itself Threats to the result of the tabulation process Trusting the different parts that interconnect…especially the user! Systems Engineering from IT perspective: relatively new field...how to weave together all components of a system? Nobody quite knows yet. Requirements gathering in Software engineering is a dynamic science as well, so is design and testing...how to determine if a system is complete? How to tell if the system was even tainted? What to do if it was?? Leak to the press, lose voter confidence: Florida Election. No more Leno jokes.
  7. 1. CHAIN VOTING: bad guy gets a blank real ballot OR a counterfeit one OR steals one OR gets an absentee, then subverts a voter by any means necessary, then makes the voter get a new ballot for himself but uses the already completed vote to cast, brings back vote to bad guy. Rinse and Repeat. 2. VOTES ON A ROLL: on one roll, you can easily see who voted in what order... 3. DISORIENTED OPTICAL SCANNER: a vote is counted by reading the row and column coordinates from a ballot. Tweak those just slightly and you’ve got a new vote. Easily do this by editing a few numbers in the scanner’s configuration file. 4. When A Number 2 Pencil Is Not Enough: You can recalibrate a reader to be sensitive about the gradient shading of a bubble/vote. You can discount the ones that are too dark or too light. If you discounted those that are too dark, you could be a poll worker, selectively telling people to make sure they press really hard on the pencil and fill in the entire bubble. Also – smudging/smearing, messy erasers, unidentified substances that are picked up off the ballot... 5. WHERE DID WE GET THESE POLL WORKERS? Purposefully tainting the election: favoring one party or candidate, wrongfully turning away legitimate voters, wrongfully admitting illegitimate voters, failure to properly administer provisional ballots, failure to give proper instruction to voters that need it, failure to handle spoiled ballots properly. Rates of errors due to poll workers as high as 10% in some precincts.
  8. 6. FELL OFF THE DELIVERY TRUCK: full access to those machines will in transit to the precinct. Who is driving the truck? What if they got fake ones somewhere in-between? What happens if just one machine was stolen? What could they do with the data intercepted from an old machine? Quantity of machines to be delivered...! 7. DISORIENTED TOUCH SCREEN: recalibration of touch-sensor technology is frequent! Example: palm pilots need to be calibrated every now and then, or the stylus’s pinpointing abilities are very inaccurate. With a system that could get hundreds of pokes a day, can we make sure someone will test its calibration? Or could they throw it away?? Or miscalibrate it, like the case of the Disoriented Optical Scanner? 8. THE CONFUSING BALLOT: maybe too many boxes and arrows and bubbles to keep the candidates straight...or maybe the voter is not competent enough to understand how the ballot is supposed to work...either way, it’s a tactic used to make more residual or erroneous votes in a certain precinct or jurisdiction 9. THIRD PARTY WHOOPSIES: running the voting software on top of another OS, or through a COTS product (x window manager) with unknown problems, possible injection of code into THAT program that would affect voting system... 10. XRAY VISION: bad guy uses an electromagnetic emanation detector that comes from DRE and sits in a van outside. Bad guy could intimidate voters before they go in, says “I can see you and your vote, so if you don’t, I’ll get you...” Lots of costly equipment required, but subtle and covert.
  9. 11. OOPS CODE: hopefully (!) accidents in development. Swapping the yes/no bubble by accident (California), trial run of one system, votes cast in Spanish were not counted at all, only those in English 12. SECURE WIRELESS CONNECTIONS: listed a Pringles potato chip can as a “highly effective receiver for wi-fi traffic”...likelihood of detection is very low. WI-FI often built in to new laptops, which is what DRE’s built on...solution: use of Faraday cage13. WHEN HELP ISN’T HELPFUL: addition of a new agent in the process introduces MANY MANY holes in security. Looking over shoulder, intimidating the voter, corresponding to bad guy...disabled voters... 14. TROJAN HORSE: requires bad guy to be the programmer...or does he?? Wi-fi connection, exposed usb drive...could be in the tally server too! 15. REPLACEABLE FIRMWARE: could result in a new bootable program, taking over hardware or installing Trojan horse... 16.
  10. 16. UNFINISHED VOTE: If a voter walks away, angry at the machine, or goes to answer their cell phone, or runs away to chase their child, or thinks that they are done, that vote is exposed! Anyone can come up behind them and take the vote. The bad guy could very well be a poll worker, who looks like he/she is canceling the vote, but may really casting it. 17. I THINK I KNEW WHAT THEY MEANT...Trojan that might swap names and candidates or parties and pictures, swaps indices in backend tallying database, consistency with disabled persons’ ballots 18. GROUP CONSPIRACY: voters from party B go early to vote at a precinct dominated by party A. They register successfully, since that’s their precinct, but no matter how many times they try to verify their ballot, it never comes up to what they want. No one else can look, so election officials have no choice but to remove the machines from service, shutting down the polling place for the day. 19. TYPO: Too many people regard typos as just that...may trust their vote rather than the verification. Or a misspelled last name, or the wrong digit of a social security number. 20. DENIAL OF SERVICE ATTACK: too many packets being sent to the tallying server...or is it? Is someone trying to attack the precinct?
  11. “Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic (DRE) Voting Systems”: - Tamper Tape: ensures that a system is up-to-date and pure - “independent expert security team” who will inspect the system top to bottom. Full access to: - hardware/firmware - software code - procedural protocols - design documentation - back-end system details - copies of all software design documents (and other docs) to aid in navigation through the source code - complete documentation on how the source code is converted to object code: compilers, compiler options used, libraries, configuration parameters - complete version history: change log - outstanding bugs, known vulnerabilities or limitations - documentation on tests: type, results, version of code they were ran on - program suites – developing environment - regression protocols RED TEAM: team of analysts who try to attack the system: hardware: to avoid attacks that might change critical settings, install malicious drivers, or otherwise tamper with terminals or tally servers, leave exposed drives or insufficient locks...RECOMMENDATION: use of a tamper tape to make sure breaches are DETECTABLE, replacement of hardware is POSSIBLE, and new security procedures to replace hardware flaws will HAPPEN. Hardware/firmware configuration assessment: how hardware/firmware components are connected. This includes the ROM, like bootable code...RECOMMENDATIONS: Red Team exercises to make sure of proper locks with unique keys and pwds, make sure network access is not available through modems, Ethernet ports, or other points between hardware components; machines are only bootable off a secure drive, as opposed to a CD or floppy. Use of a tamper tape. Software Design: (1) good faith flaws – poor programming practices (pwds or encryption keys not hidden from the everyday user), bad code, (2) malicious code hidden within system – count votes erroneously, purposely leave room for backdoors, record voting or user statistics in an undocumented way...RECOMMENDATIONS: security team – review code with AUTHENTICATION, ENCRYPTION, and ACCESSIBILITY to certain private files in mind Software Configuration (ways that software components work together): anti-virus software – presence and up-to-date. RECOMMENDATIONS: expert team analyzes the entire system to see how data flows from one element to another; review patches to system, anti-virus software used in servers and terminals; the procedures for updating software – autoupdates from anti-virus? Rule all remote software upgrades as an unacceptable risk... Voting Procedures (not hardware or software...people and process): any procedures used that can facilitate security breaches or machine malfunctions or fail to stop them. Absence of adequate security procedures (using only one encryption key or password for all machines instead of one per machine), poor implementation of adequate procedures for training of poll workers, departures from protocol by unforeseen circumstances. ** Maryland example in this report: RABA investigators found that “all 32,000 of Maryland’s touch screen terminals had the same locks and keys, making every machine accessible to anyone with the keys. The keys could also be easily reproduced at three local hardware stores...”** RECOMMENDATIONS: development of standard operating procedures, respond EARLY to security incidents, alleged or real; these INCREASE CONFIDENCE by “providing factual information to replace rumor, innuendo, fear, uncertainty, and doubt..”