tag:blogger.com,1999:blog-8726844009873922462.post3946795340009950542..comments2024-03-28T05:22:10.255-07:00Comments on Broadsword by Ajai Shukla - Strategy. Economics. Defence.: The EVM controversy: old allegations revisitedBroadswordhttp://www.blogger.com/profile/13076780076240598482noreply@blogger.comBlogger24125tag:blogger.com,1999:blog-8726844009873922462.post-21652929703384856332011-10-19T00:01:11.306-07:002011-10-19T00:01:11.306-07:00All these arguments ignore one fact. You can repla...All these arguments ignore one fact. You can replace the OTP ROM with another one bought from Hitachi. <br />Simple. Just because OTP ROM is one time programmable does not mean you cannot solder out one ROM with another. These are simple chips with small memory footprint. So small that they do not have too many pins. solder a chip out and neatly solder another chipAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-29328929531587514932009-08-18T08:08:40.874-07:002009-08-18T08:08:40.874-07:00All that needs to happen for a system to be tamper...All that needs to happen for a system to be tampered with is a trap door left open. Use the trap door - win the election. Since the Indian system does not use a paper backup (both paper and electronic copies of the vote are maintained) - it is so much easier for the above to be untraceable. Since the source code is not open and verifiable - no way to prove a modification to the code. The system used in US are tested multiple times, by multiple independent groups to ensure that they can't be compromised. I don't see any such mechanism in place for the Indian elections. Having recently been to a talk on this topic, it is amazing how easy it is to find ways to hack/engineer these systems.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-69000609949703407012009-08-13T15:19:00.993-07:002009-08-13T15:19:00.993-07:00How does one buy EVMs from the government? I want ...How does one buy EVMs from the government? I want to get hold of a few and check out a some theories.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-57350521123487909372009-08-12T17:37:42.788-07:002009-08-12T17:37:42.788-07:00To be clear, I am not commenting on the politics o...To be clear, I am not commenting on the politics of the last election, that is a separate issue, only on whether EVMs can be subverted or not. <br /><br />My opinion is that it can be done in relatively straight forward ways if the manufacturer of the EVMs is suspect.sudeephttps://www.blogger.com/profile/14251507861876745967noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-9569281931064172872009-08-12T17:34:47.640-07:002009-08-12T17:34:47.640-07:00How can the integrity of the algorithm programmed ...How can the integrity of the algorithm programmed in the ROM be ensured?<br /><br />If the algorithm can be subverted, it can be designed to do things like, press certain keys in a sequence to assign a majority of the votes to the candidate assigned number X on the EVM.<br /><br />Only the people incharge of the EVM programming, and people doing the subversion need to be aware of this - perhaps ~30-40 people in all can subvert an entire election with no trace of what went wrong.<br /><br />From you article<br /><br />>> only the encryption-coded software was withheld. <br /><br />Ok, so is there a challenge-response verification mechanism inside the EVM to ensure that any modified sw would not run? (There may be, but then again, these are really simple pieces of hw)<br /><br />>> At the core of the EVM is a microcontroller chip, built by Hitachi of Japan, called an OTP-ROM <br /><br />Whats the big deal? Your washing machine probably has one. ROMs are usually not surface mounted on the PCBs, but in sockets. They are programmed (the algorithm "burn" part) on a different board and set in the PCB later. Is it possible for some EVMs to have their ROMs replaced - as simple as popping out one ROM and popping in another?<br /><br />There is nothing in your article that proves/disproves anything, just some big names proclaiming that EVMs cant be tampered with.sudeephttps://www.blogger.com/profile/14251507861876745967noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-38114724195690730002009-08-12T10:40:32.159-07:002009-08-12T10:40:32.159-07:00If not the politicians/ bureaucrats, then have a l...<i>If not the politicians/ bureaucrats, then have a little faith in that IIT team atleast.</i><br /><br />Right. Here is what the IIT team recommended (in 2006) for detection of Trojan activation sequences -<br /><br /><b>all key-presses are to be time-date-logged in the memory (as per advise of the committee), and a "repeat pattern" in all CU's at various booths can be easily visible, on post-election analysis.</b><br /><br />So has this post-election analysis been completed? What is the result of this analysis?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-88477641157268085762009-08-11T09:49:02.133-07:002009-08-11T09:49:02.133-07:00So, Mr Advani says that EVM's are not beyond t...<i>So, Mr Advani says that EVM's are not beyond tampering.</i><br /><br />Hello, Congressmen are saying the same thing. It is unavoidable that the Opposition will have to rake up this issue since the Government will not like to admit it if something happened on it's watch. <br /><br />http://www.dnaindia.com/india/report_congress-blames-bjd-of-evm-tampering-in-orissa_1265953Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-33375453274176297462009-08-11T07:45:32.020-07:002009-08-11T07:45:32.020-07:00So, Mr Advani says that EVM's are not beyond t...So, Mr Advani says that EVM's are not beyond tampering. <br /><br />Mr Advani also went to Pakistan and said Mr Jinnah was a secular person. Do we believe that too?<br /><br />This gentleman and the likes of him do not have any principles. They will say whatever suits them whenever it suits them.<br /><br />Instead of accepting the people's verdict, go ahead and blame non-issues for your loss. Shame on you Mr Advani.sathttps://www.blogger.com/profile/02876296031654924655noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-19825501428203001412009-08-11T06:32:37.199-07:002009-08-11T06:32:37.199-07:00Hey Ajay
Can you post an article regarding out be...Hey Ajay<br /><br />Can you post an article regarding out beloved Netas.Like how much they eat while in power and how much spoil the country?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-79214594373243005282009-08-10T00:47:26.887-07:002009-08-10T00:47:26.887-07:00All machines have the same codes / programme that ...<i>All machines have the same codes / programme that is to be burned in by the CPU manufacturer. So to ask manufacturer to customize the burning process (i.e. 2 types of processes) would require a far greater influence over the manufacturer than 1 or 2 people. And that's why it's done independantly in Japan.</i><br /><br />I was assuming governmental level influence since the Indian manufacturers are PSUs. I mentioned that 1 or 2 people would suffice for this because that establishes how feasible it would be to put a lid on any such mischief. If the programming is done in Japan, then it's even more interesting because the CPUs may have been compromised without the Indian employees even knowing about it.<br /><br /><i>To give one party a favor with the EVMs one need to have 544 different types of codes in a General election & that too when he exactly knows what the serial nos. are going to be (so it shud all hv 544 types of identifications too). </i><br /><br />No. All you need is two types of logic in the EVM. And it should be possible to identify what EVMs have the bad logic.<br /><br /><i>EVMs are randomly distributed sealed in their packagings (these packagings too need to be tampered/coded with as to identify which machine is inside). </i><br /><br />Much would depend on how they are randomly distributed. If the random assignment of EVMs to booths is centralised, then the person(s) doing the assignment would have to be compromised such that they send the unfair EVMs to the strongholds of the candidate to be disadvantaged. <br /><br /><i>Once they arrive at the local electoral office they are checked thoroughly for ne defects or malfunction. </i><br /><br />This won't prevent the attack I posted. Presumably, this testing would involve polling just a few votes. And the unfair logic could be written to kick in only after a set number of votes, say 50, have been polled.Unknownhttps://www.blogger.com/profile/13807145336430217845noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-84356079940188456522009-08-09T05:35:56.960-07:002009-08-09T05:35:56.960-07:00This whole controversy over EVMs by LK Advani &...This whole controversy over EVMs by LK Advani & BJP simply implies that they have already conceded defeat for the next General Elections in 2014. When they won election after election EVMs were fair & tamper-proof but suddenly when they started loosing elections after elections EVMs are to be blamed. These BJP people will never admit their shortcomings but will always blame others for their defeat. This time it is the poor EVM. It is all done to take the focus away from the infighting & low morale in the BJP cadres & somehow tell the people that UPA won not because of popular choice but coz of fiddling with EVMs.<br />@ AK (top one)<br />To give one party a favor with the EVMs one need to have 544 different types of codes in a General election & that too when he exactly knows what the serial nos. are going to be (so it shud all hv 544 types of identifications too). EVMs are randomly distributed sealed in their packagings (these packagings too need to be tampered/coded with as to identify which machine is inside).<br />Once they arrive at the local electoral office they are checked thoroughly for ne defects or malfunction. Once satisfied the electoral office then fixs the label stating the candidates in that constituency.<br />The problem with polititians is not that an EVM can be compromised but it is that it can't be and therefore leaves no room for them to manipulate.<br />And the alternate voting process that Mr. Advani is suddenly favoring is more prone to manipulation.SmarterOnehttps://www.blogger.com/profile/11708984782326424024noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-67092955777215579882009-08-09T04:38:45.442-07:002009-08-09T04:38:45.442-07:00AJAI, I am the real AK. Please remember what happe...AJAI, I am the real AK. Please remember what happened to Prasun Sengupta some months ago. Same story. Please believe me. <br /><br />-AKAKhttp://www.yahoo.comnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-28528445876168258692009-08-09T04:37:57.562-07:002009-08-09T04:37:57.562-07:00AJAI, I am the real AK. Please remember what happe...AJAI, I am the real AK. Please remember what happened to Prasun Sengupta some months ago. Same story. Please believe me. <br /><br />-AKAKhttp://www.yahoo.comnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-85974002203839342872009-08-09T04:36:33.427-07:002009-08-09T04:36:33.427-07:00Ajai, there are 2 assholes using my name. I am the...Ajai, there are 2 assholes using my name. I am the actual AK but now these impersonators are trying to fool u and everyone. Please remove their comments, especially the chor on top -- 09 August 2009 14:54akhttp://www.ak-47.net/noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-39123658657371143142009-08-09T04:32:50.234-07:002009-08-09T04:32:50.234-07:00"Assume that these unfair EVMs can be identif..."Assume that these unfair EVMs can be identified using external appearance or markings. It is essential that polling staff be able to discriminate unfair EVMs from fair EVMs for this attack to succeed."<br /><br />AK, all machines have the same codes / programme that is to be burned in by the CPU manufacturer. It's not like there are different codes for different machines. So to ask manufacturer to customize the burning process (i.e. 2 types of processes) would require a far greater influence over the manufacturer than 1 or 2 people. And that's why it's done independantly in Japan.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-4872079441145696062009-08-09T04:32:13.279-07:002009-08-09T04:32:13.279-07:00"Assume that these unfair EVMs can be identif..."Assume that these unfair EVMs can be identified using external appearance or markings. It is essential that polling staff be able to discriminate unfair EVMs from fair EVMs for this attack to succeed."<br /><br />AK, all machines have the same codes / programme that is to be burned in by the CPU manufacturer. It's not like there are different codes for different machines. So to ask manufacturer to customize the burning process (i.e. 2 types of processes) would require a far greater influence over the manufacturer than 1 or 2 people. And that's why it's done independantly in Japan.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-76818821394629552792009-08-09T02:24:51.557-07:002009-08-09T02:24:51.557-07:00Who the fuck is this fake guy AK who has my initia...Who the fuck is this fake guy AK who has my initials and is posting all bull crap. Abey saale himmat hai to apna khud ka naam bana, mera kyun chori kar raha hai. Ajai tell me the IP of this idiot so that I can trace him.AKhttp://yahoo.comnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-33792336324175664122009-08-08T21:15:10.488-07:002009-08-08T21:15:10.488-07:00So do let me know how, say, you, sitting in the fa...<i>So do let me know how, say, you, sitting in the factory and not knowing which EVM is going to which constituency... nor knowing what each party's serial number is going to be in that constituency... can compromise the EVM?</i><br /><br />The people in the factory do not need to have any knowledge of how EVMs are going to be assigned to polling booths. <br /><br />The attack I posted would work as below -<br /><br />1. <i>Assume</i> that the OTPROM is programmed with unfair code. This can be done if either the programming and verification tools or the people involved in the manufacturing are compromised in any way. Depending on how this is done, this can be compromised using just 1-2 people. If it is the programming and verification tools that are compromised, then no one at the manufacturer would even realise that they are producing EVMs with unfair code.<br /><br />2. All that the unfair EVMs do is to split all votes polled at the EVM to n candidates on the ballot either in equal proportion or some approximation of an equal proportion. <br /><br />3. <i>Assume</i> that these unfair EVMs can be identified using external appearance or markings. It is essential that polling staff be able to discriminate unfair EVMs from fair EVMs for this attack to succeed.<br /><br />4. Now, the polling staff that assigns EVMs to booths can assign the unfair EVMs to strongholds of the candidate who is to be disadvantaged.<br /><br />5. When the voting takes places, the candidate targetted under this scheme will lose as she will be unable to gain the advantage she usually gains from her strongholds.<br /><br />Then there is also the matter of the totalizer while is a new device used for counting votes from many EVMs at once. This device may be compromised as well, but there are few details available about it to build a plausible attack.Unknownhttps://www.blogger.com/profile/13807145336430217845noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-32008763598359200642009-08-08T19:54:00.117-07:002009-08-08T19:54:00.117-07:00This comment has been removed by the author.Unknownhttps://www.blogger.com/profile/13807145336430217845noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-88609541052996801392009-08-08T08:34:34.386-07:002009-08-08T08:34:34.386-07:00@Arjit: Again. After knowing the way the machines ...@Arjit: Again. After knowing the way the machines function, how exactly would the CEC be able to tamper with it in the hypothetical situation you mentioned. <br /><br />I am sure that if the machines have been put in use in all constituencies, there's a good reason for such level of confidence.<br /><br />If not the politicians/ bureaucrats, then have a little faith in that IIT team atleast.Jhttps://www.blogger.com/profile/16790687105594376404noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-81769009831222652372009-08-08T03:32:08.420-07:002009-08-08T03:32:08.420-07:00Ajay,
I think we are even having this controversy...Ajay,<br /><br />I think we are even having this controversy because of the way the current CEC was appointed to his post with all his controversial background and the way an earlier CEC has been appointed as a minister in the upa cabinet. <br /><br />Earlier the Election commission was beyond reproach but not anymore.so you will not get anywhere if you keep on harping about the technical details of the machines. the machines are ofcourse immune to outside manipulation like booth capturing etc... but what if its an inside job? what if hypothetically speaking the CEC himself who has the keys to the machines, figuratively speaking, manipulates the process to payback the poltical favours or in expectation of future appointments to cushy posts like governor or minister?Arjitnoreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-72557604507262285222009-08-08T02:21:12.112-07:002009-08-08T02:21:12.112-07:00AK, you've not read the entire article, or not...AK, you've not read the entire article, or not understood it correctly.<br /><br />The article mentions that, in each constituency, the serial numbers of the candidates are determined by their individual names, in alphabetical order. The serial numbers are not determined by the names, the size or the success of their parties.<br /><br />That means that each party has a different EVM serial number in each constituency. The EVMs, however, are manufactured and distributed in bulk. So do let me know how, say, you, sitting in the factory and not knowing which EVM is going to which constituency... nor knowing what each party's serial number is going to be in that constituency... can compromise the EVM?<br /><br />A huge amount of thought has gone into the electronic voting procedure and it is entirely fool-proof.<br /><br />If you, or anyone else, can think up a way of subverting this process, do post it.Broadswordhttps://www.blogger.com/profile/13076780076240598482noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-7247556260902972632009-08-08T01:37:46.976-07:002009-08-08T01:37:46.976-07:00I believe the renewed controversy over the EVMs is...I believe the renewed controversy over the EVMs is to an extent caused by the breakdown of trust in the political establishment. Due to the vulnerability of the EVMs in the manufacturing process posted above, it is necessary to have confidence in fair play by various arms of the government such as the Election Commission and the manufacturers BEL and ECIL. While things have been different in the past, such trust and confidence is in short supply these days as seen with the controvery over the appointment of the CEC.Unknownhttps://www.blogger.com/profile/13807145336430217845noreply@blogger.comtag:blogger.com,1999:blog-8726844009873922462.post-39718181320025185602009-08-08T01:29:33.601-07:002009-08-08T01:29:33.601-07:00There's a fatal flaw in all of the EVM testing...There's a fatal flaw in all of the EVM testing till date. And that is the assumption that an attack on the EVM is possible only after candidates are programmed into the machine in preparation for voting.<br /><br />As the article states, all testing done till date discounts the fact that the software that is burned into the EVM can be compromised before it is burnt in. If such compromised software assigns votes to the top 2 or 3 candidates on the ballot in equal measure, then results for a constituency can be skewed by using these compromised machines in strongholds of one party or the other. The only knowledge required for this attack is to know which lot of EVMs has been compromised - and such knowledge can be derived from the external appearance, model number of other identifying characteristics found on the exterior of the EVM. <br /><br />The only way to prevent this attack is to have high security in the manufacturing process with periodic verification of code as it is burnt into the EVMs. For that matter, any tools and people that are used for this verification may themselves be compromised and hence will need high security procedures as well.Unknownhttps://www.blogger.com/profile/13807145336430217845noreply@blogger.com