Attacking the Diebold Signature Variant -- RSA Signatures with Unverified High-order Padding

We examine a natural but improper implementation of RSA signature verification deployed on the widely used Diebold Touch Screen and Optical Scan voting machines. In the implemented scheme, the verifier fails to examine a large number of the high-order bits of signature padding and the public exponent is three. We present an very mathematically simple attack that enables an adversary to forge signatures on arbitrary messages in a negligible amount of time

Next Generation Aircraft Architecture and Digital Forensic

The focus of this research is to establish a baseline understanding of the Supervisory Control and Data Acquisition (SCADA) systems that enable air travel. This includes the digital forensics needed to identify vulnerabilities, mitigate those vulnerabilities, and develop processes to mitigate the introduction of vulnerabilities into those systems. The pre-Next Generation Air Transportation System (NextGen) notional aircraft architecture uses air gap interconnection, non-IP-based communications, and non-integrated modular avionics. The degree of digital forensics accessibility is determined by the comparison of pre-NextGen Notional Aircraft Architecture and NextGen Notional Aircraft Architecture. Digital forensics accessibility is defined by addressing Eden\u27s five challenges facing SCADA forensic investigators. The propositional and predicate logic analysis indicates that the NextGen Notional Aircraft Architecture is not digital forensic accessible

Adaptive Threat Modeling for Secure Ad Hoc Routing Protocols

Secure routing protocols for mobile ad hoc networks provide the required functionality for proper network operation. If the underlying routing protocol cannot be trusted to follow the protocol operations, additional trust layers, such as authentication, cannot be obtained. Threat models drive analysis capabilities, affecting how we evaluate trust. Current attacker threat models limit the results obtained during protocol security analysis over ad hoc routing protocols. Developing a proper threat model to evaluate security properties in mobile ad hoc routing protocols presents a significant challenge. If the attacker strength is too weak, we miss vital security flaws. If the attacker strength is too strong, we cannot identify the minimum required attacker capabilities needed to break the routing protocol. In this paper we present an adaptive threat model to evaluate route discovery attacks against ad hoc routing protocols. Our approach enables us to evaluate trust in the ad hoc routing process and allows us to identify minimum requirements an attacker needs to break a given routing protocol

Honeytraps, A Network Forensic Tool

Two new fields within Communication Systems and Networks, born in the practioner realm, have quietly grown in importance in the Internet age: Computer Forensics and Deception technology. These two fields share the goal of collecting information about computer mischief, but with dramatically contrasting desired outcomes. To date, no published results document efforts to leverage the similarity in these areas. In this paper, we detail a method to utilize deception technology to enhance computer and network forensic capabilities

Did Your Mailed Ballot Count: The Unrecognized Unreliability of Voting By Mail

Voting By Mail (VBM) was developed to support absentee voters. It was originally intended to handle canonical absentee voters who now fall under the Uniformed and Overseas Citizens Voting Act (UOCAVA) and those with legally acceptable reasons for being unable to appear at the polls on Election Day. Its use slowly expanded to more casual justifications, such as those with planned Election Day travel. More recently, there has been a trend of further expansion to on-demand VBM in many states. As a result, the percentage of VBM ballots has skyrocketed, with little research regarding its impacts on security, privacy, reliability, and accuracy on U. S. elections. In virtually every close election, the outcome must await tabulation of VBM ballots. Yet, VBM may be the least reliable voting approach in wide spread use today. Vote By Mail fraud is recognized by some as possibly the single greatest security vulnerability in U. S. elections. The lack of in-person, at-the-polls accountability makes absentee ballots the tool of choice for those inclined to commit fraud," the Florida Department of Law Enforcement concluded in 1998, after a mayoral election in Miami was thrown out when officials learned that "vote brokers" had signed hundreds of phony absentee ballots.1 Conversely, others recognize theoretical weaknesses in VBM, but generally dismiss its practical impact [1, 2]. Others continue to promote VBM expansion [3, 4]. In this paper, we identify inherent, widespread vulnerability in VBM systems and illustrate their practical impact with numerous examples. We show specifically why VBM systems are not auditable and demonstrate how their unreliability can negatively impact real elections

Non-Boolean Authentication

Abstract. Traditional authentication is two valued. Unfortunately, authentication mechanisms cannot perfectly establish electronic participant’s identity. Despite years of research and its manifestations such as digital signatures, zero knowledge proofs, public key infrastructures, certificates, biometric tools, etc. the best authentication evidence is a combination of multiple factors. All authentication systems are imprecise, but there are no existing systems that capture or that facilitate reasoning about this property. This paper introduces many fundamental issues in multi-tiered authentication systems.

Modeling Protocols for Secure Group Communication in Ad Hoc Networks (Extended Abstract)

The use of wireless networks is exploding as the limiting factors such as sufficient bandwidth, device size and weight, and power concerns are eliminated or mitigated. As a result, we are beginning to see the demand for small, highly mobile devices that utilize wireless communications to organize ad hoc networks that dynamically form, intercommunicate, and pass information to othe