No announcement yet.

Voting Village Machine Scouting Report

  • Filter
  • Time
  • Show
Clear All
new posts

  • Voting Village Machine Scouting Report

    For anyone who needs a refresher, Galois is a Portland based R&D Security Consulting company who gave a talk at last year's Defcon They'll be reappearing at this year's DefCon as Free & Fair, a spinoff building a voting machine/system that will be available for us to test. I wanted to get people thinking about it because the underlying architecture is going to be very different from what I expect most of you practice on.

    Free & Fair is part of a DARPA funded project to develop security at the hardware level. Techinically, it's part of a broader effort called the Electronics Resurgence Initiative, which is meant to 'spark the next wave of electronics innovation'. Basically, Moore's dying and Von Neumann's next. But, the point here is that the ERI just had their summit in Detroit a few weeks ago and the slides from the talks were posted publically on the agenda page here:

    Secure Systems: Voting - Dr. Joseph Kiniry (PDF)

    Future Technology: SSITH - Dr. Todd Austin (PDF)

    Now that SSITH acronym is the disturbance in the force you should be concerned about. The basic voting machine setup that will be attending DefCon is pictured in the first presentation as well as a thorough explanation of the problem statement and premise of SSITH (System Security Integration through Hardware and Firmware, though where the F went, causa metri I guess). They have a basic ballot marking software running in a Linux environment hooked up to a normal looking printer and an accompanying custom ballot scanner. There may or may not be an accompanying backend tabulator server but they will all be running on the custom Morpheous RISC-V architecture described in the second slides. The goal of the architecture is to adaptively prevent undefined semantic attacks, in theory becoming better as it successfully defends against them by frequently churning memory with some overal performance loss.

    So what do you think? I'm a hardware design guy and this will be my first Defcon so I'm can't judge how difficult this will be for anyone but I know there aren't many RISC-V chips out there that aren't on development boards so I figure the experience/tool chain for it all is fairly nascent. To wrap it up, here are links to Galoi's and Free & Fair's Github repos if you are interested in pursuing this more and look forware to seeing you all in Vegas.

  • #2
    (This was posted on Reddit too.)


    Thanks for getting this kicked off. I am one of the researchers working on this project. We’re clearing up some last minute details and will post additional documentation on the hardware, firmware, and software, and the rules of engagement for the demo soon. Hopefully that will help interested people as they prepare to come and poke at our work.

    A few clarifying points regarding your post:
    1. Morpheus is one of the architectures under development in the SSITH program, but is not one of the architectures being demonstrated at DEF CON this year.
    2. This year, the smart ballot box is the only piece of hardware that will include SSITH-developed technology, and the only one that will be within the scope of the exercise.
    3. This is an early proof-of-concept demonstration that we will continue to develop over the next year; at the next DEF CON, we aim to have all the components of the system will running on SSITH-developed technology and within scope.
    Let me know if you have any further questions. I will be at the Voting Village next week and will be available if you want to talk. My email is in my profile.