Bharat Rakshak

When someone said that "It is impossible for BEL Charmain et al to replace even 10-20 boxes full of CPU chips inside BEL, because BEL is a fortress", the thread had crossed all limits. That too, I bet that someone has never stepped inside BEL and seen how rigid (or lax) BEL's warehouses are.

So am I given to understand that you're now accusing the BEL Chairman of fraud?

"now"? What do you mean "now"? He had done that 10 pages back. Specifically, the following are frauds as per him:

• The CEC, or the entire Election commission
• BEL chairman, and the person in charge of software developers
• The District Collectors

Hain jee, joo arent paying attention evidently...

Hari Prasad & co. have shown how the EVMs can be tampered. Congress is now saying this is how elections were won in Gujarat, and they saw people with laptops moving around the booths to send bluetooth transmissions.

I havent accused DCs.

.

Similarly, the policeman guarding EVM room is not agent, but just accessory. He gets order from collector to let some guys walk in, replace goods, and in turn the guard gets some cash. Replacement of evidence is routine business in police, administration etc and they dont bother. So he too is mere accessory and not an agent.

Here is the problem - ensuring security against such type of hacks is pretty cheap and cost-effective (Dileep has outlined those solutions time and again on this thread).

There is nothing sophisticated about the technology of the "demonstrated" hacks and to counter them is simpler than executing any of the conspiracy theories for subverting EVMs.

Hari Prasad to his credit believed (and I hope still believes) in solving problems with the EVM and fixing any holes rather than blindly going around peddling preposterous theories and using them to claim that paper ballot is better.

1. Do anyone of you have ever visited BEL and seen how secure their warehouses etc are
Yes I have been to BEL a few times. No I have not checked how secure their warehouses are. Have you? If so, please tell us the security flaws of their warehouses (actual ones not what comes out of your tin-foil hat conspiracies). BTW are you an expert on security of warehouses - if not, please don't speculate.

2. Do anyone of you have ANY experience in hacking devices. Did you get ANY real life assignment where-in some client asked you to ethically hack his device? Or he asked you to vetify if his device was hacked
Yes. Security stress testing in hardware, firmware, OS and App level is routine and is done for every new device transferred.

3. Do anyone of you have ANY experience in putting or tracing hardware trojans in chips at gate levels? Did you get ANY real life assignment where-in some client asked you to put a trojan or verify if the chip was free from trojan?
Yes design verification is a routine step. Unlike what you try to portray, hardware development is not some fly-by-night cottage industry which has areas "where even God does not know what is happening" like you claimed once on this thread. There are electronics hardware in this world way more complex and critical to life than your EVM - why do you think they don't fail catastrophically killing millions every day? Because security and robustness is a combination of design, implementation and process.

4. Have you ever opened an EVM and seen its inside?
No but we have seen its insides courtesy of Shri Prasad and the pictures taken by him. The EVM is made of the same components as other electronics, it is not black magic however much you wish to obfuscate it.

2. Do anyone of you have ANY experience in hacking devices. Did you get ANY real life assignment where-in some client asked you to ethically hack his device? Or he asked you to vetify if his device was hacked

HVKP is being harassed by policemen on the orders of Sonia, who as we all know, takes orders from MNCs, Vatican.

Dilpeep has nopt proposed ANY method to stop modulo-5 based trojan from getting inside chip's gate level design. And DoD itself says that once a hardware trojan gets inside a chip, there is no reliable way to know if the chip is compromized. Also Dileep's solution's are far from cheap - in fact Dilpeep never provided any cost estimates numbers !! You are SPECULATING that his means are cheap. If not, can you provide how much it will cost to implement Dileep's means on existing 10,00,000 EVMs?

And which method of Dileep protects EVM from inserting dishonest display at factory level? His "method" AFAIK depends in "integrity" of BEL staff, that BEL staff will not swap boxes.

Yet, you and other pro-EVM people could never ever guess dishonest display method. Quite frankly, HVKP by demonstrating dishonest people has proved that people in this thread (including myself) have zero experience in real life hacking hardware or tracking hacks in hardware or counter-hacking hardware. I in my defense, made it clear that I never made any hardware beyond 8057 and that too last I touched hardware was early 1990s.

^^^ Mr. Prasad, In that case I hope you are probing and trying to find weaknesses in the EVM manufacturing, storage and deployment process itself since it will be a critical part in determining whether and when the tampering can be done without attracting attention or getting caught.

Any electronic device can be hacked provided full access is given (the other extreme of the ideal case). What is interesting in this case is whether such hack can be done in practical circumstances on a large enough scale without getting caught.

Do anyone of you have ANY experience in putting or tracing hardware trojans in chips at gate levels? Did you get ANY real life assignment where-in some client asked you to put a trojan or verify if the chip was free from trojan?

Yes design verification is a routine step.

^^Just to clarify, Trust is never added after fabrication

Mehta ji,

Now how about providing a single shred of evidence to support your allegations instead of hiding behind superificial claims and grandstanding (or are you going to run away and avoid answering them, as usual)?

We have gone through over 50 pages of this thread yet You have FAILED to produce a single shred of evidence that the EVMs have been tampered with. Provide some evidence (Not Allegations) and then we can discuss further.


Plausible does not make something Possible and Possible does not making something Feasible.

Pls stop shouting like a kid.

I have communicated with VHK Prasad about the various vectors. I have specifically asked him if he believed the 'modified chip' attack was viable. He answered negative. Naturally, if it was a viable vector, he would have included that in his paper. Read the paper ...

I never said that someone took an EVM and "modified" the chip and put it back. Or put another chip in its place. What I have said is that the chip that came from Microchip's foundry itself had "favor candidate# = N mod 5" code inside it. So no one modified that chip after it was made. Essentially, you asked a wrong question and got some inapplicable answer.

That is exactly what I got an opinion from Mr. Prasad. He said, someone rigging the foundry is not a viable vector.

They are doing this at the behest of some one higher up in the Govt. which we all know who it is. Only the ITALIAN crowd controls this country. They may feel it is OK to keep EVMs because they can rig elections in a very sophisticated manner in close constituencies by altering 2-3% of votes.

Why is the CON party, corrupt EC, corrupt mafia media are all united in opposing paper trail? Why?
....
The burden of proof is not on the one who alleges that there is possible fraud in EVMs. The burden of proof is on the EC and Govt. to prove that there are enough checks and balances built into the system to defeat any fraud by any party and verifiable. We can't trust the CON party or DIE-nasty or BJP or COMMIE goons or any other lafoongas.

Elections come under the same category. They are the heart of democracy. They can't be left to chance. Even if there is 0.00001% of nationwide rigging, we have to introduce mechanism to verify the EVMs. If not agreeable to ITALIAN oligarchy and their servants at EC, we have to ban them.

Rigging the foundry is a routine practice in defense electronics applications.

Please quote any precedence.

Burden of proof is usually placed on the accuser.


EC did document their checks and balances publicly (though I'm not entirely satisfied that they're following what they documented personally, especially the bit about the anti-tamper seals on the machine itself).

Granted that the EC isn't making verifying the checks and balances in place any easier. Would have been nice if they'd opened up the code and design for anyone to verify.

By this logic, Indians should have banned all political parties a long time ago. Paper ballots have been rigged by them for a very long time. Again, would like to see some proof of the "ITALIAN oligarchy" controlling the people at the EC, as you allege it (Remember, burden of proof on the accuser).

^^Where does it say that foundries were compromised? The article points out that such stuff is plausible hence, they want to prepare for any such eventuality because "Only the Paranoid Survive".

A recent White House review noted that there had been several “unambiguous, deliberate subversions” of computer hardware.

“These are not hypothetical threats,” the report’s author, Melissa Hathaway, said in an e-mail message. “We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation-states and others to steal intellectual property and sensitive military information.”
...
Separately, an American semiconductor industry executive said in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 8200.

Pranav, The first quote is pretty vague on what has been stolen worth hundreds of millions of dollars and how. The examples she cites have more to do with network and associated software weaknesses rather than hardware. And considering this article is written by John Markoff (remember the whole Mitnick/Tsutomu drama?), I don't rate it too highly in terms of background research.

But as military planners have come to view cyberspace as an impending battlefield, American intelligence agency experts said, all sides are arming themselves with the ability to create hardware Trojan horses and to hide them deep inside the circuitry of computer hardware and electronic devices to facilitate military attacks.

The 2nd quote is about a kill-switch. There is nothing rogue about kill-switches or backdoors because they are put there on purpose by the manufacturer and in case of defence equipment, if you are just a client who is paying to acquire a finished product, you don't get access to underlying technology except what is required for maintainance due to IPR and other sensitivity issues. OTOH if you are the country who is getting those weapons designed and manufactured even though you are using COTS components, you will have full access to every aspect of their design and manufacture - this is always a requirement.

Almost all FPGAs are now made at foundries outside the United States, about 80 percent of them in Taiwan. Defense contractors have no good way of guaranteeing that these economical chips haven't been tampered with. Building a kill switch into an FPGA could mean embedding as few as 1000 transistors within its many hundreds of millions. ”You could do a lot of very interesting things with those extra transistors,” Collins says.

The rogue additions would be nearly impossible to spot. Say those 1000 transistors are programmed to respond to a specific 512-bit sequence of numbers. To discover the code using software testing, you might have to cycle through every possible numerical combination of 512-bit sequences. That's 13.4 × 10153 combinations. (For perspective, the universe has existed for about 4 × 1017 seconds.) And that's just for the 512-bit number--the actual number of bits in the code would almost certainly be unknown. So you'd have to apply the same calculations to all possible 1024-bit numbers, and maybe even 2048-bit numbers, says Tim Holman, a research associate professor of electrical engineering at Vanderbilt University, in Nashville. ”There just isn't enough time in the universe.”

Those extra transistors could create a kill switch or a backdoor in any chip, not just an FPGA. Holman sketches a possible scenario: suppose those added transistors find their way into a networking chip used in the routers connecting the computers in your home, your workplace, banks, and military bases with the Internet. The chip functions perfectly until it receives that 512-bit sequence, which could be transmitted from anywhere in the world. The sequence prompts the router to hang up. Thinking it was the usual kind of bug, tech support would reset the router, but on restart the chip would again immediately hang up, preventing the router from connecting to the outside world. Meanwhile, the same thing would be happening to similarly configured routers the world over.

The router scenario also illustrates that the nation's security and economic well-being depend on shoring up not just military chips but also commercial chips. An adversary who succeeded in embedding a kill switch in every commercial router could devastate national security without ever targeting the Defense Department directly.

A kill switch or backdoor built into an encryption chip could have even more disastrous consequences. Today encoding and decoding classified messages is done completely by integrated circuit--no more Enigma machine with its levers and wheels. Most advanced encryption schemes rely on the difficulty that computers have in factoring numbers containing hundreds of digits; discovering a 512-bit type of encryption would take some machines up to 149 million years. Encryption that uses the same code or key to encrypt and decrypt information--as is often true--could easily be compromised by a kill switch or a backdoor. No matter what precautions are taken at the programming level to safeguard that key, one extra block of transistors could undo any amount of cryptography, says John East, CEO of Actel Corp., in Mountain View, Calif., which supplies military FPGAs.

”Let's say I can make changes to an insecure FPGA's hardware,” says East. ”I could easily put a little timer into the circuit. The timer could be programmed with a single command: ’Three weeks after you get your configuration, forget it.' If the FPGA were to forget its configuration information, the entire security mechanism would be disabled.”

Alternately, a kill switch might be programmed to simply shut down encryption chips in military radios; instead of scrambling the signals they transmit, the radios would send their messages in the clear, for anybody to pick up. ”Just like we figured out how the Enigma machine worked in World War II,” says Stanford's Adler, ”one of our adversaries could in principle figure out how our electronic Enigma machines work and use that information to decode our classified communications.”

In case of the EVM, if India for example, were using Diebold machines then the whole concept of not having complete access would come about since India would be acquiring an existing product for a price. However, in this case the EVMs are custom designed and manufactured for India hence, there is no question of GoI being denied access to any part of manufacturing or design. Moreover, none of its components are custom designed or have any significant IPR issues, having being used for the last 2 decades.

In case of the EVM, if India for example, were using Diebold machines then the whole concept of not having complete access would come about since India would be acquiring an existing product for a price. However, in this case the EVMs are custom designed and manufactured for India hence, there is no question of GoI being denied access to any part of manufacturing or design. Moreover, none of its components are custom designed or have any significant IPR issues, having being used for the last 2 decades.

suddenly the ECIL and BEL representatives began to protest, and claimed that he was violating the companies' ‘intellectual property rights'.

in 2006 they withdrew their applications when it became clear that the applications would be rejected. The two outfits do not hold an international patent.

The main point is that hardware Trojans have been used, and are a factor that must be taken into account.

More about kill-switches from http://spectrum.ieee.org/semiconductors ... l-switch/0:



Yes, everything is plausible. That is why process is an important part of security and like I mentioned in my previous post, one needs to guard against future threats. If it can happen, it must be secured against but security is always best-effort. Also, let us not confuse "can happen" with "is happening or has already happened" because there is a very large gap between the two. The arguments being used to claim EVMs are weak apply equally to all electronic devices some of which are way more critical to everyday life - yet, you don't see them act funny every day, do you? There is a reason for that.

What you said was not the case with Indian EVM is the EXACT defence of EVMs given by EC

http://www.hindu.com/2010/09/02/stories ... 281100.htm

though the interesting part is

That is why I asked for precedence i.e. examples where they have been used in the field.

Then they won't be going about rigged EVMs themselves because that just brings more scrutiny on the EVMs. The day all parties go about EVMs, you can be rest assured that they are truly secure from the thieving tactics of the netas. Also our wise Mehta-ji claims it is all CIA's game, who are we mere mortals to doubt him.