 I would like to introduce our next speaker, who is a assistant professor in the Department of Engineering at R.S. University, Diego Arana is a professor in applied cryptography and computer security, with a special interest in efficient implementation of cryptographic algorithms and security analysis of real world systems. Research has included coordinating two teams of independent researchers capable of detecting and exploring vulnerabilities in the software of the Brazilian voting machine used during controlled tests organized by the National Electoral Authority. So, hi, so I'm here to talk about the horribly insecure Brazilian voting machines. An alternate title of this talk is the return of the insecure Brazilian toasters, because the president of the Electoral Authority recently claimed that the voting machines are secure because they are not connected to the internet just like toasters. So, my argument supply to both cases. So, first, a little bit of context. Yeah, I should say that this is joint work with many people. So, I coordinated the team last year where we were able to full compromise the security of this machine. This is joint work with Pedro Barbosa, Caio Luders, who is here, Thiago Cardozo and Paulo Matias, all of them live in Brazil. A little bit of context. Brazilian elections are massive. We have 140 million voters in a high turnout because voting is mandatory. They are held every two years. We alternate between city-wise or municipal and federal elections. Elections became electronic in 1996 when the first machines were introduced, but only became fully electronic in 2000. So now, or for the last 18 years, all the polling places use voting machines. A remarkable aspect of our elections is the same authority responsible for everything. So, they decide what technology is being used. They write the software. They deploy the software. They do the logistics on the election day. They collect the results. They publish the results. And since they are a branch of the judicial system, they also decide any output, any dispute in the outcome. So, they are overlords of our elections, which of course is a massive problem for insider attacks, right? Because everything is centralized on the same place. So, the name of these authorities is the Superior Electoral Court. They are a branch of the Supreme Court. I would just call them by sec to save time. So, this is the Brazilian voting machine. On the left, you can find the poll officer terminal, where the officer types in the voter registration number, or collects his or her fingerprint. The right-hand side, you can find the voter terminal. So, voters type in candidate numbers on the keypad. This is not a touchscreen machine. So, you vote using candidate numbers. And you can see a first design flaw in this picture. There is a cable connecting the two. So, it looks or it's apparent that the same device collects the voter identity and the vote. So, this is a threat, of course, for ballot secrecy. If the software running the machine is malicious, it can collect all the voters and their choices. So, the machines were claimed to be 100% secure since 1996, but only tested for the first time in 2012. The hardware is manufactured by Deboot, which is not great, right? We have more than half a million voting machines in operation. The software was initially written by Deboot. Now, it's written by the electoral authority since 2006. And the recent version has more than 24 million lines of code, which is huge. This includes the Linux kernel, user land applications, everything. This is just for the voting machine software. There are other software components that adapt to this number. So, they adopted GNU Linux in 2008 and experimented with paper records only once in 2002. And the story is really complicated. They'll just say that they deployed this in a fraction of the machines and decided to not do this in the following elections because concluded that was too expensive to cover some of the paper gems, printers in the middle of the Amazon forest and all sorts of lame excuses. So, they discontinued this in 2002. They have been rolling out fingerprint identification since 2008 and deploying them in production since 2011. Half of the population is already enrolled in. And as I said, since this is a paperless DRE voting machine, it's highly vulnerable against insider attacks from the electoral authority itself. So, this is the algorithm for running an election in Brazil. The software is developed in the headquarters of the electoral authority in Brazil, the capital of the country, and it's transmitted to the state branches of this authority through the internet, through some kind of VPN connection. On the state branches, they record the software in flashcards and these flashcards install the software since they are not connected to the internet and in the machine is a few days before the election. So, every install card, just like the one on the top of the slide, install up to 50 machines. On the election day, the zero tape is printed between 7 and 8 a.m. Then the poll officer types a command in his terminal to open the voting session. Voters can authenticate, present their credentials, type their charges and the voting session ends at 5 p.m. if there are no voters left in the query. At that time, the machine prints a poll tape and also records a number of files about what we call the media of results or MR for short, which is one of the print drives at the bottom there. These files include a digital version of the poll tape, a file called DRV that I will detail more in a moment, and a log file without the events since the software was installed. This pen drive is detached from the machine, attached to another computer and all the contents are transmitted to the central tabulator through, again, a VPN connection. The central tabulator tallies up everything and publishes the result. Access to these machines is notably restricted. The only opportunity where independent experts can actually take a look at the software and try to attack the machines are what are called the public security tests. These are restricted tests organized by the electoral authority typically one year before the elections. The objective is clear. These experts have to provide or compromise either ballot secrecy or ballot integrity in an untraceable way. But these, as I said, are not very public despite the name. So first of all, you cannot use pen and paper to take notes when inspecting the software, the source code. You have the option to inspect the code for three days, but you cannot take notes. You have four days to mount all attacks. All the attacks need to be pre-approved by the electoral authority. All the participating members need to be pre-approved by the electoral authority. This is our bureaucracy to participate on this. Last year we had to fill during the test eight types of different forms, and we had a form that we needed to fill to fill a form. So it's a metaphor. There is no guarantees about the software that's running, the software that's being inspected if it's correct or recent, and there are, of course, intrinsic conflicts of interest here again because it's the electoral authority evaluating the security of its own devices. It appears not being their interest to be as deep as they can go. So still, they claim that this is Brazil's the only country in the planet openly evaluating its voting system, and this is a very funny quote because they were here, the voting village last year, and well, in this picture there is someone there that works for the electoral authority, and even though participating in this event last year, they repeated the claim that Brazil is the only one with this type of evaluation. So it seems they have to come other times and to be convinced that this is actually an open way of evaluating security of voting systems. So just to illustrate the restrictions, on the right-hand side of this slide, there is a layout of the room where we work it in. We were group one, one of the green tables there. The code inspection computers were in the back of the room. We could not take notes from the code on those machines and bring it back to our table. So we had to memorize sections of source code, and then in our machines and come back if something was wrong, which is of course very artificial. These machines were a distance, were between a distance of 10 meters, so there's no reason for doing this. So I coordinated the team in 2012, was able to find a very serious vulnerability in the vote shelfing mechanism and compromise ballot secrecy in that edition of the public security tests. I'll get to talk more about this in the next slides. But we also found on that edition that all the machines shared cryptographic keys. So all the media for all the machines are encrypted under the same key, and this key was directly inserted in the source code. So it was hard-coded in the software. So if it leaks once somewhere, the impact is nationwide. The voting software for integrity checking checks itself, so it knows or it stores digital signatures. It goes through those signatures checking if they are still valid, which of course makes no sense in terms of computer security. It's just like trying to find out if you are crazy by not going to the doctor. You might be too crazy to find out that you are crazy. So software works just like this. So by analyzing these vulnerabilities, we concluded that the machines were not able to provide either ballot secrecy or ballot integrity, which of course implies a lack of integrity of results. As a consequence of an insecure development process and an adequate threat model it actually disregards insider attacks and also a result of the internal culture within the electoral authority that lacks transparency. After all, they wrote software and did this for decades without having to present the software for external inspection. So the DRV has a complicated story. It was introduced in the system by law after the electoral authority decided that paper records were not a good idea. So they replaced it with the paper records with a digital version of the paper records, which again makes no sense. So this is a file where different races are stored in different columns. A voter votes for each of these races through the candidate numbers and these choices are shuffled together to protect secrecy of these votes. The gray cells there correspond to absentees. So in this case we have seven voters in this ball place. Four of them didn't show up to vote. They didn't also vote blank and there are other specifics of Brazilian elections here. So when we first heard about this we figured out that trying to reverse dis-randomization or dis-shuffling would be a promising attack vector, right? So since we do computer science we thought we need to figure out the bias of this shuffling algorithm apply some statistical advanced crypt analysis to reverse this shuffling. So we did exactly that by just grabbing through four random stuff. Quite literally in this case. And then we found the match. This was literally the first command we ran when we had access to the code base in 2012. So this took five minutes to finish and we found the match in a file called drv.cpp, which is very suggestive. So we took a look at the file and then the seed was computed like this. So if you write software in C you know that that's a time stamp, 32-bit time stamp and it's not very predictable. And this time stamp in particular was taken between 7 and 8 a.m. of the election day. So there are only 3,600 different seeds. Since the drv stores the gray cells for absentees, you can actually test if a seed is possible by storing K out of N volts and see if the holes match the polling place you're trying to break ballot secrecy. At the end we didn't have to do this because the seed was printed in an official document and it started a log that must be kept in place. So you just go to the zero tape, find the time stamp there, seed into your implementation of PRNG and then you break ballot secrecy. There is more. So to mount this against a real polling place you need to keep track of who voted in sequence, right? But you can actually mount an interesting attack against famous voters or important voters. So this is the president of the electoral authority. We know that he voted at 1120 in 2010 because the official picture of him voting has this time stamp in the metadata, right? So if you can take the drv file for his polling place and check out his position in the voting queue, of course, and break the shuffling of the votes you can figure out exactly how he voted. We didn't do this at the time because we would end up in jail but of course it's still possible, right? All these files are public so one can still do it and it illustrates the importance of ballot secrecy and also how dangerous it is to introduce or mandate technological components through law because this file needs to be produced by the system because it's a legal requirement. So in 2012 we concluded that it was trivial to recover votes in order, trivial to recover a specific vote from the president of the electoral authority. We recommended them to eliminate this file and change the law if possible and do not store any metadata about the voters. Instead they changed the random number generator implementation with a custom algorithm that no one has analyzed but at least which is seeded frequently with system entropy so it should be harder to attack. Although the voting machine has two different hardware RNGs which are much better than all these choices and the official explanation for that is that they give is since not all machines have this hardware RNGs so after that selectively uses the hardware RNGs on the machines that are equipped with them. A result of this is the security of all machines is actually determined by the worst machine in operation which doesn't have hardware RNG because it's 10 years old. So in 2017 I again participated coordinating the team and we wanted to exercise a different attack using software installation as an attack vector just like Alex described earlier so software installation is performing on a public ceremony in Brazil these are some pictures of the ceremony the quality or security of this ceremony varies a lot because in some places it's contracted to other companies in some other places this is done by public servants so it's hard to know exactly how security is in practice but we found like a sample of pictures online and in some cases it looks fairly disorganized in some other cases even skew students can go there and visit and I wouldn't say this is the most security perimeter on the planet Earth for such a critical mission critical task. So before this event started they published a call for participation and they had a very explicit thing on this document saying that researchers wouldn't have access to cryptographic keys during the event. Since I'm optimistic I thought that they actually had implemented some key management system that doesn't require storing the cryptographic keys hard coded in the software but actually they just erased the keys from the source code, right? It's much easier. So we figured out this again very quickly one of the first things I ran against the new code base was this, right? So Grap is surprisingly useful when you cannot use anything else and then we found a match in a file called minix.c. So minix is the operating system and we already knew that it's also the partition format for the VOTM memory so we knew that we had something important here. When we took a look at this file we found this, so it's a string of bytes with the exact cryptographic key for encrypting the install cards and this is actually the first byte of that key. So the reason for that is they were migrating from kernel 2.6 to 3.16 I guess and they forgot to erase one of the currencies of this key so they just forgot to delete all of them. But since well we know they deleted some parts of code we know also that the code base for inspection was not complete, right? This is a fairly trivial conclusion. Some other technical details. So this system we have all of this documented in our paper. It deploys a whole bunch of cryptographic algorithms sometimes in weird places. We have AES 256 which is nice. They try to implement XTS mode but they have a small difference that may make the algorithm weaker but this doesn't matter since the keys are hard-coded in the software who cares about the algorithm, right? The integrity checking is done through elliptic curve based signatures. There are signatures both in the user-land and in kernel mode so multiple places check the signatures which is good to have redundancy but we'll see that it's not sufficient and also the keys for assigning the results, the Baltic for example are also stored in the install cards in the voting machine internal memory. Encrypted under another key that was embedded in the kernel but we didn't have access at first because it was deleted from the code base. So we could capture this encryption key in the crypto install card and then when we inspected the contents we found two shared libraries missing signatures. One of them was responsible for generating the log events so we could inject code in this library to manipulate the log which basically makes the log useless as an audit mechanism and we also injected code to zero a cryptographic key that encrypts the DRV. So the DRV, the vote shuffling file is kept encrypted because if the ball officer takes two versions of this file before or after someone's vote he can't figure out by the difference who he voted for. Since we could choose this key to injecting code to be all zeros we could mount this attack again during the event. We were also able to plug in a USB keyboard to issue comments to the voting machine from the outside and on the last day we discovered that the voting software application that the voters actually use is linked against the two libraries. So we could inject code in the libraries to tamper with the voting application during the election or a simulated election. So we illustrated this power using the version of the software and inserting things on the voter screen I will illustrate in a moment but at the end we got arbitrary code execution during an election by forcing the voting machine to run our software. We also developed a payload to change votes from one candidate to the other but the tests were interrupted at 6pm on a Friday and we were in the middle of putting this installing this in the machine so we never were able to find this way of inserting your code to run. So this is a screenshot of the simulator provided by the electoral authority of course it's all in Portuguese so you type on the right side the number of your candidate in this case 61 is a fictional swimming candidate just for illustrating purposes you can see at the top left here there is a string called selvoto para which basically says your vote goes for or goes to we changed that string to tell voters to vote for a candidate 99 in this case Darth Vader which is much less democratic option than swimming so in 2017 we concluded that install cards were not properly encrypted keys were still shared by all machines and directly inserted into the source code integrity checking is also insecure by having digital or having shared libraries without signatures and at the last day it was interesting that another team found another way to this encryption key so this makes the whole attack fully external by using what they did they basically could run the install cards in a virtual machine and have the key in the memory layout of the virtual machine you could one attacker could capture this key without access to the source code so this makes a whole attacks external without having access to the source code so our recommendations this time were to fully automate the signing process so when a new file comes around you don't have to change the scripts to sign that file to and to again deploy proper key management to have different keys and different machines to contain damage in case one of them leaks instead they fix it by sort of fix it by not having the keys hard coded by computing them dynamically from a secret starting the BIOS of the machine so the the software reads some bytes in the BIOS run this through some algorithm and then computes the key but it's still the same key for all of the machines although you can claim that this makes the system is likely more robust against an external attacker because the key is not in the software anymore it's still trivially vulnerable against an insider who can just run this routine once, print the key and then leak it for malicious purposes so again they just mitigated this in you know less than ideal way problems we still have software is for all purposes secret for over 20 years it was already demonstrated to be insecure several times as I told to you there is no paper record for recounts there are no effective ways to audit the system everything is you have to reconstruct history from a bunch of files which as was argued before it's very challenging there are conflicts of interest everywhere and insider attacks are completely disregarded what can we do so we need paper records to have what's this okay I can tell by heart we need paper records for audits that the voters can inspect this has a fairly complicated story in Brazil in 2015 congress passed a law approving the reintroduction of paper records for the third time this law was considered inconstitutional by the supreme court really friends with the electoral authority in last June so we won't have paper records again in the upcoming elections which may be the most important in Brazilian history I don't know if you've been tracking the news but it's a whole political mess and we have eight candidates and all of them are horrible and one of them will become president so we need a better way to verify that this next election is actually fair so it would be nice to have open source software because then the community can take a look at this it's not sufficient but since this is public funded software I think it's fair to claim that the public has a right to inspect it without all these restrictions at the end we need better social control mechanisms to decentralize the control over this system and the Brazilian technical community certainly has to be more vocal it's really easy to shut down the few critics that live there because we are just two or three and we end up having a movement like the US for example where the technical community is behind this so one point I want to make the last point is the world is essentially becoming more polarized politically which I think makes independent verification of elections even more important thank you for your attention I have three references if you want to take a look at our papers and reports for the past six years and I may have time for one question thank you questions yes hi it's impossible to tell so I think the important question is not did we have fraud in the past election but if we had fraud are we able to detect it as independent inspectors eventually I think this is the important question what I can say is I was a fairly tight election and we actually did some math to understand how the impact of this attack would have on that election if an attacker is really aggressive in the way he changes votes he only needed to have access to 100 install cards not necessarily distributed evenly in the country perhaps on the same place to substitute to replace the software and impact the number of votes that separated the two candidates so I can't estimate how easy or expensive this is but we got this number 100 install cards thank you thank you