atsec

Deutsch | 汉语

Voting System Testing and Analysis

What atsec offers

Electronic voting systems typically draw from a variety of operating systems, firmware, hardware, and are operate in a very hostile environment. The security considerations for these devices are specialized and technical in nature. Security testing for voting systems is in constant evolution and atsec’s expert team bring to the table world leaders in assessing system security, with acknowledged experts in operating system security, software security and physical security testing. An unrivalled combination of expertise from one company focused only on information security. Our consultancy services for electronic voting systems are aimed at the following areas:

• System architecture security design review and source code integrity
• Enclosure hardening, tamper evidence, tamper detection, tamper response
• Confidentiality and integrity of election data
• Audit trail integrity
• User authentication and passwords
• Cryptographic key management
• Source code analysis for a large number of languages including C, C#, Java, Cobol, Assembly languages, Visual Basic, SQL and many others
• Compliance of the code with the Voting System Standard (VSS)
• Vulnerability Assessment, attack surface assessment
• Analyzing the implementation correctness of cryptographic algorithm implementations and random number generators

We offer these services in support of many State voting system certification and approval schemes and directly to the producers of Electronic Voting System manufacturers wishing to enhance the security posture of their devices.

Our accredited laboratories can also offer formal certification services for cryptographic algorithm validation FIPS 140-2, Common Criteria. Closely related consultancy services include embedded system services and penetration testing.

Why our service is important to you

The Help America Vote Act (HAVA) of 2002 (Public Law 107-252) was passed by Congress "to establish a program to provide funds to States to replace punch card voting systems, to establish the U.S. Election Assistance Commission (EAC) to assist in the administration of Federal elections and to otherwise provide assistance with the administration of certain Federal election laws and programs, to establish minimum election administration standards for States and units of local government with responsibility for the administration of Federal elections, and for other purposes."

HAVA resulted in the establishment of the 2002 Voluntary Voting System Standards and following that the EAC unanimously adopted the 2005 Voluntary Voting System Guidelines (VVSG), which significantly increase security requirements for voting systems.

Devices with security flaws open opportunities for litigation, loss of data confidentiality or integrity, or for loss of service. Public recalls or bad press about security flaws can severely impact your company and even be directly related to failing Federal or State certification.

Both voting system designers and their customers know that if flaws can be addressed during design and development then not only will the costs to correct them be lower but that the systems will be more reliable and commercially successful in the longer term.