This document discusses threat analysis and strategies for securing voting systems. It outlines potential threats like attacks on voters, candidates, or polling infrastructure. Different means of representing threats are examined, like attack trees that break down goals and methods of attackers. Challenges in threat analysis include the variety of possible attacks and dimensions to predict. The document also considers "unthinkable" attack scenarios and recommends strategies such as using independent expert teams and red team exercises to test systems and procedures. The conclusion is that threat trees can help identify flaws but unforeseen circumstances remain a challenge.
At ITASEC17, the first italian conference on Cyber Security, Giorgio Mosca, Strategy and Technology Director of Leonardo's Security & Information Systems Division presented the company's approach to the cyber business
in this presentation we will discuss the IBM QRradar BB & Rules and how its work.
use and share the slide as you want all data are from IBM KnowledgeBase
At ITASEC17, the first italian conference on Cyber Security, Giorgio Mosca, Strategy and Technology Director of Leonardo's Security & Information Systems Division presented the company's approach to the cyber business
in this presentation we will discuss the IBM QRradar BB & Rules and how its work.
use and share the slide as you want all data are from IBM KnowledgeBase
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
As per Wiki - Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
There are lots of other ways to collect information from Public Source which may not provided in this document, This is just an Introductory Document for whose who are beginners and students.
For many companies, Cyber Security is achieved solely through the application of technological solutions to software and hardware challenges. Schneider-Electric takes a more holistic approach with a program built around complete product lifecycles and encompassing safety, maintenance and security. Discover Schneider-Electric's cyber security vision, from understanding how secure functionality is engineered into products through the tools and support available to manage updates and patches, plus specific procedures for handling potential vulnerabilities. A software and hardware ecosystem is only as strong as its weakest component, and Schneider-Electric is working to strengthen this through StruXureware and the evolution of platforms.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
One of the most critical aspects of safeguarding the IT assets of any corporation is dealing with the Insider's Threat. With so many diversified IT components, it is a real challenge to design an effective IT security strategy. It is critical to recognize this particular threat and take countermeasures to protect your assets. So, this webinar covers: Insider threats, how to mitigate insider threats, how to design an effective IT security strategy, and how to protect your assets.
Main points covered:
• Insider threats
• How to design an effective IT security strategy
• How to protect your assets
Presenter:
The webinar was hosted by Demetris Kachulis. Mr. Kachulis is an expert in the field of Information Security. With over 20 years of Wall Street consulting experience, he has worked with many Fortune 500 companies. He is currently the director of Eldion Consulting, a company offering Security, Trainings and Business solutions.
Link of the recorded session published on YouTube: https://youtu.be/hXe5HHjnBeU
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
APT attacks originate from people, against a specific target, for an explicit malicious purpose. Attempting to protect all assets from every type of attack is not reasonable or sustainable. Understanding the archetypes of Threat Agents is key to an effective defense. Knowing the capabilities, objectives, and most likely methods of APTs targeting your organization provides predictive insights to where prevention, detection, and response tools and processes will have maximum impact. Such analysis complements the traditional vulnerability management structures which look generically for weaknesses.
Matthew Rosenquist's Understanding APT Threat Agent Characteristics is Key to Prioritizing Risks presentation at the 2015 Global APT Defense Summit in Los Angeles. Prioritizing risks is critical for any sustainable security capability. Understanding the abilities, methods, and objectives of advanced attackers is key in identifying the most critical vulnerabilities and the proper allocation of resources to manage risks.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
As per Wiki - Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.
There are lots of other ways to collect information from Public Source which may not provided in this document, This is just an Introductory Document for whose who are beginners and students.
For many companies, Cyber Security is achieved solely through the application of technological solutions to software and hardware challenges. Schneider-Electric takes a more holistic approach with a program built around complete product lifecycles and encompassing safety, maintenance and security. Discover Schneider-Electric's cyber security vision, from understanding how secure functionality is engineered into products through the tools and support available to manage updates and patches, plus specific procedures for handling potential vulnerabilities. A software and hardware ecosystem is only as strong as its weakest component, and Schneider-Electric is working to strengthen this through StruXureware and the evolution of platforms.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Advanced Persistent Threats (APTs) are a serious concern as they represent a threat to an organization’s intellectual property, financial assets and reputation. In some cases, these threats target critical infrastructure and government institutions, thereby threatening the country’s national security itself.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
One of the most critical aspects of safeguarding the IT assets of any corporation is dealing with the Insider's Threat. With so many diversified IT components, it is a real challenge to design an effective IT security strategy. It is critical to recognize this particular threat and take countermeasures to protect your assets. So, this webinar covers: Insider threats, how to mitigate insider threats, how to design an effective IT security strategy, and how to protect your assets.
Main points covered:
• Insider threats
• How to design an effective IT security strategy
• How to protect your assets
Presenter:
The webinar was hosted by Demetris Kachulis. Mr. Kachulis is an expert in the field of Information Security. With over 20 years of Wall Street consulting experience, he has worked with many Fortune 500 companies. He is currently the director of Eldion Consulting, a company offering Security, Trainings and Business solutions.
Link of the recorded session published on YouTube: https://youtu.be/hXe5HHjnBeU
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
APT attacks originate from people, against a specific target, for an explicit malicious purpose. Attempting to protect all assets from every type of attack is not reasonable or sustainable. Understanding the archetypes of Threat Agents is key to an effective defense. Knowing the capabilities, objectives, and most likely methods of APTs targeting your organization provides predictive insights to where prevention, detection, and response tools and processes will have maximum impact. Such analysis complements the traditional vulnerability management structures which look generically for weaknesses.
Matthew Rosenquist's Understanding APT Threat Agent Characteristics is Key to Prioritizing Risks presentation at the 2015 Global APT Defense Summit in Los Angeles. Prioritizing risks is critical for any sustainable security capability. Understanding the abilities, methods, and objectives of advanced attackers is key in identifying the most critical vulnerabilities and the proper allocation of resources to manage risks.
How to keep your head (and your job) when the worse case scenario happens.
Due to the increasing frequency of security breaches, defining an action plan is critical for every security practitioner. Getting breached doesn’t determine whether or not you’ve got a good security program in place – but how you respond to one does.
Join security expert Conrad Constantine of AlienVault, for an in-depth discussion on things you and your team should do today to prepare for information security breaches. You’ll get practical, lessons learned advice on:
- The inevitability of security breaches
- Preparing to survive security breaches
- Threat identification and containment
- Handling the aftermath so it’s not worse than the breach itself
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
This is a presentation on Cyber Threat Intelligence state of the art and trends dating back to 2015! The conference was Secure South West 5 (SSW5) in Plymouth on 2nd April 2015. The content is a) introduction to CTI, b) Cyber Threat Management, and c) Threat Intelligence Platforms and other CTI toolset. Good old days :)
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
Slides from Tony Martin-Vegue's presentation at the ISACA Fall Conference: October 15th, 2014
"How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling"
Abstract:
CISO’s and risk analysts alike often get caught up in checking boxes on a list of control objectives in order to satisfy compliance and regulatory requirements. However, companies that only view risk through a narrow, regulatory or compliance-focused lens have the potential to overlook a myriad of threats that could impact business continuity, customer privacy and security and financial solvency. The last several high-profile data breaches prove that compliance does not equal security.
There are many ways to assess risk in a meaningful, efficient way that drives business value. Many top companies are moving away from control-based and vulnerability-based risk assessments and are instead putting themselves in the shoes of an attacker. In order to keep up with the rapidly evolving world of cyber criminals and crime rings, organizations are learning to utilize threat intelligence to ascertain the methods, goals, and objectives of threat agents that are targeting their firm or similar firms in their sector. This helps an organization produce focused risk assessments that take a business-centric approach.
This is a beginner to intermediate-level presentation designed to provide an introduction to threat modeling, a primer on threat modeling techniques, ways to integrate threat modeling into risk management frameworks (such as FAIR and NIST), and how to build a library of threat agents specific to one’s firm. Attendees will learn hands-on techniques to perform threat modeling that they will be able to immediately integrate into their risk assessment processes.
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
The emergence of next generation technology into the cyber security space has added complications and challenges on several levels. When we talk about next generation technologies we should mean those associated directly with artificial intelligence (AI) and associated components such as machine learning (ML). Unfortunately, many organizations opt to hype current generation products as next gen. In this workshop we will begin by exploring what we need to know about AI and its components. We will dispense with the marketing hype and get down to the facts. Then we will look in detail at a few available tools that truly are next gen - and what makes them next gen - followed by a discussion of where the adversary is going with AI, ML and other next gen technologies. We will wrap up with research from my upcoming book which discusses the collision between the law and cyber science. In this section we also will address some governance issues that you need to know
Adversary simulation is a key component of a mature security program. Without it organizations might not truly understand their weaknesses until they face a real world adversary. This talk will promote the concept of the “Assumed Breach” model and discuss some steps security program owners can take to validate a security program is effective.
An Example of use the Threat Modeling Tool (FFRI Monthly Research Nov 2016)FFRI, Inc.
• About threat analysis support tool
• Examples of tools
• Analysis target system
• Analysis result
– How to read result
– Overview of threats
• Effective usage
– About template
– Additional definition of threat information
• Conclusions
• References
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven't panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. This talk captures lessons from years of work helping people throughout the software industry threat model more effectively. It's designed to help security pros, developers and systems managers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively.
Adversaries compromise at will, penetrating today’s signature and IOC dependent detection capabilities. Most incident responders are locked in a cycle of constant reaction to the fraction of activity that is known. Often, undetected attackers remain active in the network as reported incidents are remediated. A new approach is needed to break the cycle of reaction and eradicate the unknown.
An offense-based approach must be adopted. Hunting puts the defender on the offensive within their networks, allowing for rapid detection and remediation of threats. Adversary dwell time can be drastically reduced, reducing business impacts and recovery costs. The Endgame hunt platform enables instant protection, visibility, and precision response across your endpoints and automates detection of known and never before seen adversaries without relying on signatures.
This talk covers:
• Description and benefits of hunt
• Challenges of hunting
• Solutions and hunting best practices
role of women and girls in various terror groupssadiakorobi2
Women have three distinct types of involvement: direct involvement in terrorist acts; enabling of others to commit such acts; and facilitating the disengagement of others from violent or extremist groups.
हम आग्रह करते हैं कि जो भी सत्ता में आए, वह संविधान का पालन करे, उसकी रक्षा करे और उसे बनाए रखे।" प्रस्ताव में कुल तीन प्रमुख हस्तक्षेप और उनके तंत्र भी प्रस्तुत किए गए। पहला हस्तक्षेप स्वतंत्र मीडिया को प्रोत्साहित करके, वास्तविकता पर आधारित काउंटर नैरेटिव का निर्माण करके और सत्तारूढ़ सरकार द्वारा नियोजित मनोवैज्ञानिक हेरफेर की रणनीति का मुकाबला करके लोगों द्वारा निर्धारित कथा को बनाए रखना और उस पर कार्यकरना था।
31052024_First India Newspaper Jaipur.pdfFIRST INDIA
Find Latest India News and Breaking News these days from India on Politics, Business, Entertainment, Technology, Sports, Lifestyle and Coronavirus News in India and the world over that you can't miss. For real time update Visit our social media handle. Read First India NewsPaper in your morning replace. Visit First India.
CLICK:- https://firstindia.co.in/
#First_India_NewsPaper
03062024_First India Newspaper Jaipur.pdfFIRST INDIA
Find Latest India News and Breaking News these days from India on Politics, Business, Entertainment, Technology, Sports, Lifestyle and Coronavirus News in India and the world over that you can't miss. For real time update Visit our social media handle. Read First India NewsPaper in your morning replace. Visit First India.
CLICK:- https://firstindia.co.in/
#First_India_NewsPaper
‘वोटर्स विल मस्ट प्रीवेल’ (मतदाताओं को जीतना होगा) अभियान द्वारा जारी हेल्पलाइन नंबर, 4 जून को सुबह 7 बजे से दोपहर 12 बजे तक मतगणना प्रक्रिया में कहीं भी किसी भी तरह के उल्लंघन की रिपोर्ट करने के लिए खुला रहेगा।
In a May 9, 2024 paper, Juri Opitz from the University of Zurich, along with Shira Wein and Nathan Schneider form Georgetown University, discussed the importance of linguistic expertise in natural language processing (NLP) in an era dominated by large language models (LLMs).
The authors explained that while machine translation (MT) previously relied heavily on linguists, the landscape has shifted. “Linguistics is no longer front and center in the way we build NLP systems,” they said. With the emergence of LLMs, which can generate fluent text without the need for specialized modules to handle grammar or semantic coherence, the need for linguistic expertise in NLP is being questioned.
01062024_First India Newspaper Jaipur.pdfFIRST INDIA
Find Latest India News and Breaking News these days from India on Politics, Business, Entertainment, Technology, Sports, Lifestyle and Coronavirus News in India and the world over that you can't miss. For real time update Visit our social media handle. Read First India NewsPaper in your morning replace. Visit First India.
CLICK:- https://firstindia.co.in/
#First_India_NewsPaper
5. Means of Representation
General tactic:
– Identify possible attackers
– Identify goals of attacker
– Enumerate possible ways to achieve goals
– Locate key system vulnerabilities
– Create resolution plan
5
6. Attack Tree
• Bruce Sheneier, Dr. Dobb’s Journal, 1999:
– Used to “model threats against computer systems”
Simple Example
Cost propagation
Multiple Costs
• Continual breaking down of goals and means to
achieve them
6
7. Attack Tree Evaluation
• Creation
– Refining over time
– Realistic costs
• Advantages
– Identifies key security issues
– Documenting plans of attack and
likelihood
– Knowing the system
• Disadvantages
– Amount of documentation
– Can only ameliorate foreseen
circumstances
– Difficult to prioritize/quantize
factors
Shortened version of an Attack Tree for
the interception of a message send
with a PGP header.
7
8. Other Means of Representation
• Threat Catalog – Doug Jones
– Attacks -> vulnerabilities -> analysis of defense
– Challenges
•
•
•
•
Organization
Technology
Identity
Scale of Attack
• Fault Tree Analysis
– Ensures product performance from software
– Attempts to avoid single-point, catastrophic failures
8
9. Challenges
• Vulnerabilities
– System
– Process
•
•
•
•
Variety of possible attacks
New Field: Systems Engineering
Attack Detection
Attack Resolution
-> too many dimensions to predict all possibilities, but
we’ll try to name a few…
9
10. “The Unthinkable”, Part 1
1.
2.
3.
4.
5.
Chain Voting
Votes On A Roll
The Disoriented Optical Scanner
When A Number 2 Pencil Is Not Enough
...we found these poll workers where?
10
11. “The Unthinkable”, Part 2
6. This DRE “fell off the delivery truck”...
7. The Disoriented Touch Screen
8. The Confusing Ballot (Florida 2000 Election)
9. Third Party “Whoopsies”
10. X-ray vision through walls of precinct
11
12. “The Unthinkable”, Part 3
11. “Oops” code
12. Do secure wireless connections exist?
13. I’d rather not have your help, thanks...
14. Trojan Horse
15. Replaceable firmware on Optical Scanners
Natalie Podrazik – natalie2@umbc.edu
12
13. “The Unthinkable”, Part 4
16. Unfinished vote = free vote for somebody else
17. “I think I know what they meant by...”
18. Group Conspiracy: “These machines are
broken.”
19. “That’s weird. It’s a typo.”
20. Denial of Service Attack
Natalie Podrazik – natalie2@umbc.edu
13
14. My Ideas...
• Write-in bomb threat, terrorist attack,
backdoor code
• Swapping of candidate boxes (developers) at
last minute on touch-DRE; voters don’t know
the difference
• Children in the voting booth
Natalie Podrazik – natalie2@umbc.edu
14
15. Strategies & Recommendations
• Create Fault Trees to
counter Attack Tree
goals using the
components set forth in
Brennan Study
• Tamper Tape
• Use of “independent
expert security team”
– Inspection
– Assessment
– Full Access
• Use of “Red Team
Exercises” on:
– Hardware design
– Hardware/Firmware
configuration
– Software Design
– Software Configuration
– Voting Procedures (not
hardware or software,
but people and process)
15
16. Conclusions
• Attack Trees
– Identify agents, scenarios, resources, system-wide
flaws
• Challenges: dimensions in system analysis
• Unforeseen circumstances
• Independent Team of Experts, but how expert
can they be?
16
17. Works Cited
1.
2.
3.
4.
5.
6.
7.
All 20 “The Unthinkable” scenarios available at:
http://www.vote.nist.gov/threats/papers.htm
Goldbrick Gallery’s 25 Best Editorial Cartoons of 2004. Online:
http://www.goldbrickgallery.com/bestof2004_2.html
Jones, Doug. “Threat Taxonomy Overview” slides, from the NIST Threats to
Voting Workshop, 7 October 2005. Online:
http://www.vote.nist.gov/threats/Jonesthreattalk.pdf
Mell, Peter. “Handling IT System Threat Information” slides, from the NIST
Threats to Voting Workshop, 7 October 2005. Online:
http://www.vote.nist.gov/threats/mellthreat.pdf
“Recommendations of the Brennan Center for Justice and the Leadership
Conference on Civil Rights for Improving Reliability of Direct Recording Electronic
Voting Systems”:
http://www.brennancenter.org/programs/downloads/voting_systems_final_recomm
endations.pdf:
Wack, John, and Skall, Mark. “Introduction to Threat Analysis Workshop” slides,
from the NIST Threats to Voting Workshop, 7 October 2005. Online:
http://www.vote.nist.gov/threats/wackthreat.pdf
Wikipedia Entry for fault tree: http://en.wikipedia.org/wiki/Fault_tree
17
Editor's Notes
What is a Threat Analysis?
- list everything you can think of to threaten integrity and/or accuracy of the voting experience
- analysis: is it plausible? Is it difficult? What damages could occur? Repercussions to follow?
- countermeasures: what preparations need to be put into place? Plan of action associated with realistic threat?
- future preparations: what can we do in future elections to avoid such problems?
NIST (NATIONAL INSTITUTE of STANDARDS And TECHNOLOGY): “to allow the US election community to participate in developing an analysis of threats to voting systems
- solicit and gather threat analysis and material
- gather critical analysis of collected threats, plausibility of certain scenarios
- outline common assumptions made
- advocate a direction to take in risk management/threat resolution
A system of:
IT: new technologies must be stable, reliable, correct...
Politics: results must be accurate or chaos would consume the government
Duty: the government must provide a system in which every citizen can vote—it’s their right
Trust: citizens must trust the system that the government provides or they won’t use it
Inclusion: all citizens, no matter who they are, must have the opportunity to vote...introduces many dimensions of interfaces and processes for voting, as well as new holes in security
Safety: a citizen must not be at risk to vote. Collusion, gangs, threats, terrorism, bioterrorism, bomb threats, financial loss...
Process: strict, regimented process must be in place.
Precedence: if such a wide scale system could work, it would raise the bar for many such systems worldwide
Identifying attackers: who they are, citizens of this country, on purpose or by accident, what resources they have...
Identifying goals: what they can gain
Steps to creating an AttackTree:
Identify possible attack goals, each are a separate tree
Refine tree over time with more perspectives and background research
Fill in node values: costs, likelihood, resources available, setting of voting day…
Make security decisions to decide which factor(s) are most important, weigh options
Create approach:
Is the system’s goal under attack?
Is the system extremely vulnerable to a certain type of attack? Like password guessing…?
Can new group assumptions
Advantages:
Key security issues: 1024 bit encryption or 2048? Turns out that’s not the issue—Attack tree describes more realistic and feasible attack than decrypting the passwords
Documentation for historical, legal purposes, easier to train employees for a worst case scenario type thing
Knowing the vulnerabilities of a system inside and out provides a great knowledge of the system as a whole, all of its components, all of its agents, etc
Disadvantages:
Swimming in documentation for every part of the system from start to finish
Can only react to attacks they can think of...not the unpredictable
How to put a number or cost on one factor over the other? The fact that one attack plan involves weapons of mass destruction has a higher overall cost to the election results and population as a whole, but may have a likelihood lower than a Trojan Horse imbedded by the developers.
PICTURE: PGP = pretty good privacy. What if a message had a PGP header? Major branches listed are:
Decrypt the message itself
Determine symmetric key used to encrypt the message by other means
Get recipient to (help) decrypt message
(RSA = public key algorithm)
Doug Jones’ “Threat Catalog”: attempts to document a list of all threats/attacks
- for each attack, identify vulnerabilities exploited
- for each vulnerability, identify the defenses in place
- if (all attacks are !blocked by some defense), ADD DEFENSES
- the Threat Catalog uses both a Vulnerability Catalog and Defense Catalog
20% of computer vulnerabilities are local - means not over the internet.
Interconnecting components:
USER INFO: Registration database in a centralized location -> individual state -> polling precinct location -> poll worker
VOTE: User -> interface of DRE -> back end of DRE -> physical component connecting DRE to server/tally counter -> tally counter server
TALLYING: server -> interface of tally counting software -> person who users software
Each is a different user/agent, very hard to predict
PROCESS VULNERABILITIES:
Registration
Polling place access (intimidation, violence)
Voter manipulation (repeat voting)
Ballot manipulation prior to tabulation
Threats to the tabulation process itself
Threats to the result of the tabulation process
Trusting the different parts that interconnect…especially the user!
Systems Engineering from IT perspective: relatively new field...how to weave together all components of a system? Nobody quite knows yet. Requirements gathering in Software engineering is a dynamic science as well, so is design and testing...how to determine if a system is complete?
How to tell if the system was even tainted?
What to do if it was?? Leak to the press, lose voter confidence: Florida Election. No more Leno jokes.
1. CHAIN VOTING: bad guy gets a blank real ballot OR a counterfeit one OR steals one OR gets an absentee, then subverts a voter by any means necessary, then makes the voter get a new ballot for himself but uses the already completed vote to cast, brings back vote to bad guy. Rinse and Repeat.
2. VOTES ON A ROLL: on one roll, you can easily see who voted in what order...
3. DISORIENTED OPTICAL SCANNER: a vote is counted by reading the row and column coordinates from a ballot. Tweak those just slightly and you’ve got a new vote. Easily do this by editing a few numbers in the scanner’s configuration file.
4. When A Number 2 Pencil Is Not Enough: You can recalibrate a reader to be sensitive about the gradient shading of a bubble/vote. You can discount the ones that are too dark or too light. If you discounted those that are too dark, you could be a poll worker, selectively telling people to make sure they press really hard on the pencil and fill in the entire bubble. Also – smudging/smearing, messy erasers, unidentified substances that are picked up off the ballot...
5. WHERE DID WE GET THESE POLL WORKERS? Purposefully tainting the election: favoring one party or candidate, wrongfully turning away legitimate voters, wrongfully admitting illegitimate voters, failure to properly administer provisional ballots, failure to give proper instruction to voters that need it, failure to handle spoiled ballots properly. Rates of errors due to poll workers as high as 10% in some precincts.
6. FELL OFF THE DELIVERY TRUCK: full access to those machines will in transit to the precinct. Who is driving the truck? What if they got fake ones somewhere in-between? What happens if just one machine was stolen? What could they do with the data intercepted from an old machine? Quantity of machines to be delivered...!
7. DISORIENTED TOUCH SCREEN: recalibration of touch-sensor technology is frequent! Example: palm pilots need to be calibrated every now and then, or the stylus’s pinpointing abilities are very inaccurate. With a system that could get hundreds of pokes a day, can we make sure someone will test its calibration? Or could they throw it away?? Or miscalibrate it, like the case of the Disoriented Optical Scanner?
8. THE CONFUSING BALLOT: maybe too many boxes and arrows and bubbles to keep the candidates straight...or maybe the voter is not competent enough to understand how the ballot is supposed to work...either way, it’s a tactic used to make more residual or erroneous votes in a certain precinct or jurisdiction
9. THIRD PARTY WHOOPSIES: running the voting software on top of another OS, or through a COTS product (x window manager) with unknown problems, possible injection of code into THAT program that would affect voting system...
10. XRAY VISION: bad guy uses an electromagnetic emanation detector that comes from DRE and sits in a van outside. Bad guy could intimidate voters before they go in, says “I can see you and your vote, so if you don’t, I’ll get you...” Lots of costly equipment required, but subtle and covert.
11. OOPS CODE: hopefully (!) accidents in development. Swapping the yes/no bubble by accident (California), trial run of one system, votes cast in Spanish were not counted at all, only those in English
12. SECURE WIRELESS CONNECTIONS: listed a Pringles potato chip can as a “highly effective receiver for wi-fi traffic”...likelihood of detection is very low. WI-FI often built in to new laptops, which is what DRE’s built on...solution: use of Faraday cage13. WHEN HELP ISN’T HELPFUL: addition of a new agent in the process introduces MANY MANY holes in security. Looking over shoulder, intimidating the voter, corresponding to bad guy...disabled voters...
14. TROJAN HORSE: requires bad guy to be the programmer...or does he?? Wi-fi connection, exposed usb drive...could be in the tally server too!
15. REPLACEABLE FIRMWARE: could result in a new bootable program, taking over hardware or installing Trojan horse...
16.
16. UNFINISHED VOTE: If a voter walks away, angry at the machine, or goes to answer their cell phone, or runs away to chase their child, or thinks that they are done, that vote is exposed! Anyone can come up behind them and take the vote. The bad guy could very well be a poll worker, who looks like he/she is canceling the vote, but may really casting it.
17. I THINK I KNEW WHAT THEY MEANT...Trojan that might swap names and candidates or parties and pictures, swaps indices in backend tallying database, consistency with disabled persons’ ballots
18. GROUP CONSPIRACY: voters from party B go early to vote at a precinct dominated by party A. They register successfully, since that’s their precinct, but no matter how many times they try to verify their ballot, it never comes up to what they want. No one else can look, so election officials have no choice but to remove the machines from service, shutting down the polling place for the day.
19. TYPO: Too many people regard typos as just that...may trust their vote rather than the verification. Or a misspelled last name, or the wrong digit of a social security number.
20. DENIAL OF SERVICE ATTACK: too many packets being sent to the tallying server...or is it? Is someone trying to attack the precinct?
“Recommendations of the Brennan Center for Justice and the Leadership Conference on Civil Rights for Improving Reliability of Direct Recording Electronic (DRE) Voting Systems”:
- Tamper Tape: ensures that a system is up-to-date and pure
- “independent expert security team” who will inspect the system top to bottom. Full access to:
- hardware/firmware
- software code
- procedural protocols
- design documentation
- back-end system details
- copies of all software design documents (and other docs) to aid in navigation through the source code
- complete documentation on how the source code is converted to object code: compilers, compiler options used, libraries, configuration parameters
- complete version history: change log
- outstanding bugs, known vulnerabilities or limitations
- documentation on tests: type, results, version of code they were ran on
- program suites – developing environment
- regression protocols
RED TEAM: team of analysts who try to attack the system:
hardware: to avoid attacks that might change critical settings, install malicious drivers, or otherwise tamper with terminals or tally servers, leave exposed drives or insufficient locks...RECOMMENDATION: use of a tamper tape to make sure breaches are DETECTABLE, replacement of hardware is POSSIBLE, and new security procedures to replace hardware flaws will HAPPEN.
Hardware/firmware configuration assessment: how hardware/firmware components are connected. This includes the ROM, like bootable code...RECOMMENDATIONS: Red Team exercises to make sure of proper locks with unique keys and pwds, make sure network access is not available through modems, Ethernet ports, or other points between hardware components; machines are only bootable off a secure drive, as opposed to a CD or floppy. Use of a tamper tape.
Software Design: (1) good faith flaws – poor programming practices (pwds or encryption keys not hidden from the everyday user), bad code, (2) malicious code hidden within system – count votes erroneously, purposely leave room for backdoors, record voting or user statistics in an undocumented way...RECOMMENDATIONS: security team – review code with AUTHENTICATION, ENCRYPTION, and ACCESSIBILITY to certain private files in mind
Software Configuration (ways that software components work together): anti-virus software – presence and up-to-date. RECOMMENDATIONS: expert team analyzes the entire system to see how data flows from one element to another; review patches to system, anti-virus software used in servers and terminals; the procedures for updating software – autoupdates from anti-virus? Rule all remote software upgrades as an unacceptable risk...
Voting Procedures (not hardware or software...people and process): any procedures used that can facilitate security breaches or machine malfunctions or fail to stop them. Absence of adequate security procedures (using only one encryption key or password for all machines instead of one per machine), poor implementation of adequate procedures for training of poll workers, departures from protocol by unforeseen circumstances. ** Maryland example in this report: RABA investigators found that “all 32,000 of Maryland’s touch screen terminals had the same locks and keys, making every machine accessible to anyone with the keys. The keys could also be easily reproduced at three local hardware stores...”** RECOMMENDATIONS: development of standard operating procedures, respond EARLY to security incidents, alleged or real; these INCREASE CONFIDENCE by “providing factual information to replace rumor, innuendo, fear, uncertainty, and doubt..”