JOIN US×
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
The thing about engineers is that they respect data. So that was why when a certain Arvind Kejriwal, who hasn’t really spent any time working as an engineer, claims to be able to demonstrate “10 ways to hack the electronic voting machine,” I am just left dumbfounded and saddened to see good institutions, processes and the people’s mandate being questioned.
I work in mid-management in the world’s largest semiconductor supplier to the defence and space industries. I have come across debates including articles in the media, both in favour and against, on the security vulnerabilities of the electronic voting machines (EVMs).
First, let’s understand that almost every interaction today — be it with financial institutions, the civic bodies or educational institutions — relies on electronic systems. These systems deal with sensitive information and there can be serious implications if these are hacked. Security continues to be the most important issue facing the organisations as they deploy an ever-increasing number of electronic devices.
Security is never assessed in isolation of the environment that the system has been designed to operate in. It is typically examined from the possible access points a hacker might have access to. This gives engineers possible scenarios to build defences against. Problems that we are encountering today are typically caused because of the nature of connected devices — all connected and accessible through the Internet to almost anybody in the world.
The EVMs are not connected devices. They were driven by cost considerations and that in this case turned out to be a good thing. Since they are not connected to the Internet, the only possible way of hacking an EVM is either by introducing a bug during manufacturing (man-in-the-middle) or by accessing a unit in the field and doing the “Kejriwal” magic.
First, just a brief look at the typical architecture of an EVM. Very simply, each consists of a one-time programmable microcontroller which contains a series of instructions for the machine (for example, store one vote in the memory of the EVM for candidate A upon pressing button A) etc. Importantly, this is a one-time programmable device. This means that the physical microcontroller chip will need to be changed EVM-by-EVM to change the behaviour of the microcontroller.
This isn’t possible because of two reasons. First, every stored programme has an associated checksum (derived from the unique set of instructions) stored on the device. Assuming the hacker does manage to magically replace all EVMs with new microcontrollers (involves desoldering of the existing device and soldering on the new device), checksum will typically be different and will be flagged as a malicious attack.
Not pre-decided
In addition, the system in use today requires the Election Commission (EC) officer to use double randomisation, meaning the EVM used in each polling booth is randomly assigned in the last minute. In addition, the candidate list and the order of the candidates in each EVM are not pre-decided. This means that there would be no way to change the microcontroller behaviour to favour a candidate in advance.
Next, let’s look at the associated memory attached to the microcontroller where results are stored. This memory typically stores the number of votes per candidate. To access it, the hacker must physically open up each EVM, bypass the existing microcontroller, physically access micro-traces and electronically change what is stored in the memory. Assuming he spends around 45 minutes in doing so per EVM, he must repeat the same for each EVM used in the booth and then through the several booths in each constituency.
By the way, when results are announced, the total is tabulated as well, so the hacker must be careful in manipulating the results in such a way that the total is maintained. Keep in mind the double randomisation, the hacker must be able to programme on the fly based on the order of the candidates — he must carry a PC and the associated electronics, check the order of the candidates in each booth and reprogramme the memory.
Given the constraints, I certainly could not do this in a short time with my more than a decade of experience with microcontrollers. Needless to say, such a hack will leave the EVM physically destroyed and the hacking would be evident.
Lastly, someone can possibly hack the display of the EVM, introduce an alternative display unit and show incorrect results in the display. This would require new circuit boards to be fabricated in advance and repeating many of the loops as described above. Again, needless to say, a simple inspection of the EVM (which is always done in public and in front of representatives of each candidate) would reveal hacking.
I must at this time also mention the arrangements for the elections — the elections are held under the supervision of the EC. The EC is headed by some of the senior most civil servants with three or more decades of public service. All the machinery of the local government is at the disposal of the EC including the law and order machinery, the local government etc.
There is enormous public scrutiny including by agents of candidates, the media, the public at large and the courts standing by. This is a process that we are extremely good at, it is a model for the world, it is not perfect but it is almost as close as humanly possible today. So, I would suggest that Kejriwal and others stop defaming the name of good Indian engineering colleges and the engineering profession by actually behaving like an engineer would — with data.
(The writer is Director, Product Marketing, Microsemi Corporation. Views are personal)
I work in mid-management in the world’s largest semiconductor supplier to the defence and space industries. I have come across debates including articles in the media, both in favour and against, on the security vulnerabilities of the electronic voting machines (EVMs).
First, let’s understand that almost every interaction today — be it with financial institutions, the civic bodies or educational institutions — relies on electronic systems. These systems deal with sensitive information and there can be serious implications if these are hacked. Security continues to be the most important issue facing the organisations as they deploy an ever-increasing number of electronic devices.
Security is never assessed in isolation of the environment that the system has been designed to operate in. It is typically examined from the possible access points a hacker might have access to. This gives engineers possible scenarios to build defences against. Problems that we are encountering today are typically caused because of the nature of connected devices — all connected and accessible through the Internet to almost anybody in the world.
The EVMs are not connected devices. They were driven by cost considerations and that in this case turned out to be a good thing. Since they are not connected to the Internet, the only possible way of hacking an EVM is either by introducing a bug during manufacturing (man-in-the-middle) or by accessing a unit in the field and doing the “Kejriwal” magic.
First, just a brief look at the typical architecture of an EVM. Very simply, each consists of a one-time programmable microcontroller which contains a series of instructions for the machine (for example, store one vote in the memory of the EVM for candidate A upon pressing button A) etc. Importantly, this is a one-time programmable device. This means that the physical microcontroller chip will need to be changed EVM-by-EVM to change the behaviour of the microcontroller.
This isn’t possible because of two reasons. First, every stored programme has an associated checksum (derived from the unique set of instructions) stored on the device. Assuming the hacker does manage to magically replace all EVMs with new microcontrollers (involves desoldering of the existing device and soldering on the new device), checksum will typically be different and will be flagged as a malicious attack.
Not pre-decided
In addition, the system in use today requires the Election Commission (EC) officer to use double randomisation, meaning the EVM used in each polling booth is randomly assigned in the last minute. In addition, the candidate list and the order of the candidates in each EVM are not pre-decided. This means that there would be no way to change the microcontroller behaviour to favour a candidate in advance.
Next, let’s look at the associated memory attached to the microcontroller where results are stored. This memory typically stores the number of votes per candidate. To access it, the hacker must physically open up each EVM, bypass the existing microcontroller, physically access micro-traces and electronically change what is stored in the memory. Assuming he spends around 45 minutes in doing so per EVM, he must repeat the same for each EVM used in the booth and then through the several booths in each constituency.
By the way, when results are announced, the total is tabulated as well, so the hacker must be careful in manipulating the results in such a way that the total is maintained. Keep in mind the double randomisation, the hacker must be able to programme on the fly based on the order of the candidates — he must carry a PC and the associated electronics, check the order of the candidates in each booth and reprogramme the memory.
Given the constraints, I certainly could not do this in a short time with my more than a decade of experience with microcontrollers. Needless to say, such a hack will leave the EVM physically destroyed and the hacking would be evident.
Lastly, someone can possibly hack the display of the EVM, introduce an alternative display unit and show incorrect results in the display. This would require new circuit boards to be fabricated in advance and repeating many of the loops as described above. Again, needless to say, a simple inspection of the EVM (which is always done in public and in front of representatives of each candidate) would reveal hacking.
I must at this time also mention the arrangements for the elections — the elections are held under the supervision of the EC. The EC is headed by some of the senior most civil servants with three or more decades of public service. All the machinery of the local government is at the disposal of the EC including the law and order machinery, the local government etc.
There is enormous public scrutiny including by agents of candidates, the media, the public at large and the courts standing by. This is a process that we are extremely good at, it is a model for the world, it is not perfect but it is almost as close as humanly possible today. So, I would suggest that Kejriwal and others stop defaming the name of good Indian engineering colleges and the engineering profession by actually behaving like an engineer would — with data.
(The writer is Director, Product Marketing, Microsemi Corporation. Views are personal)
ADVERTISEMENT
(Published 18 May 2017, 19:22 IST)
ADVERTISEMENT
ADVERTISEMENT