[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ieee] Re: Re: Quick Re: to Dick Johnson's Re: COTS scope



In theory, we should know everything on a single purpose machine which this is.

----- Original Message ----- From: "Andrew Berg" <andrewb@votehere.com>
To: "Stanley A. Klein" <sklein@cpcug.org>; "susan eustis" <susan@wintergreenresearch.com>
Cc: "Dick Johnson" <dick.johnson@oracle.com>; ""Vincent J. Lipsio"" <vince@lipsio.com>; <dill@cs.stanford.edu>; <stds-1583-disc@ieee.org>; <cots@lipsio.com>
Sent: Friday, December 10, 2004 10:39 AM
Subject: Re: [ieee] Re: Re: Quick Re: to Dick Johnson's Re: COTS scope




I think that's a little harsh. A hash built into the machine can be of some value, assuming you can account for all of the storage in the machine.


Imagine a hash protocol where instead of always just asking for the hash of the entire memory image (which would be easy to forge) we instead asked the system for a hash of memory 0x0003221a through 0x0bfffcda (or whatever) and it were required to get that right. If we knew how much memory the machine had, by randomly choosing these ranges and comparing them with some reference image we could know that it had the correct image.

Unfortunately, this requires us to assume that the machine has only as much memory as we think it does, so it's not really perfect. If there is extra, uncounted memory, that extra memory could contain something malicious. But given a simple enough hardware platform, maybe it is good enough.

(I'm not really an advocate for hashing myself--I worry about what happens if the reference image contains incorrect contents. Then all we've really accomplished is to make sure that exactly the same bad software is running everywhere.)

-andrew

On 09 Dec 2004 22:51:46 -0500, Stanley A. Klein <sklein@cpcug.org> wrote:

At some point I discussed this with Doug Jones.

If the hash test is built into the voting machine, it can be
compromised.  Just give the right answer even if the test calculates the
wrong answer.

If it isn't built in, it can be used to install malicious code, just
like the system built by the Las Vegas slot machine inspector.  He
didn't get caught for doing that.  He only got caught for an escapade in
Atlantic City involving Keno and an accomplice who qualifies as one of
the world's stupidest crooks.  The guy "won" the largest Keno jackpot
ever in New Jersey, demanded the $100K winnings in cash and refused to
give his name.  The New Jersey police smelled a rat and wound up
catching the machine inspector who was the brains behind the fraud.
Nevada then investigated him and came up with the other fraud.

Either way, the hashing approach can be compromised, especially by
insiders.


Stan Klein




-- andrewb@votehere.com