Should we discontinue EVMs?

All threads that are locked or marked for deletion will be moved to this forum. The topics will be cleared from this archive on the 1st and 16th of each month.
Locked
Raja Bose
BRF Oldie
Posts: 19477
Joined: 18 Oct 2005 01:38

Re: Should we discontinue EVMs?

Post by Raja Bose »

Rahul Mehta wrote:
Finally, the debate has come to a converged on a matter of faith. Those who have immense faith in the integrity of Hitachi CEO, BEL CEO and "The Processes" can assume that EVMs are all "paak". I call them "Process Bhagats" or "Process Rakshaks" or "Hitachi Bhagats" or "Hitachi Rakshaks". And those who believe that biggies *can* trivially rig processes if they want can assume that EVMs have tempered code. I call them "rustics" or commons or illiterates or fools etc and I am one of them. Pls note that unlike ROM reading etc which was "matter of fact", this process bhakti is a "matter of faith" only.

...
...
...
So finally, it boils downs to "How many of us (sic) 71 cr citizen voters aka commons have faith in integrity of BEL CEOs, 3-4 BEL chip testers, other 2-3 BEL employees who are critical, Hitachi CEO and processes". The answer to this question should be the ONLY factor in deciding EVM vs paper issue.
Another remarkable leap of logic from RM ji! :roll: All that I see is as follows:
1) Public evidence exists that ballot based voting has been successfully subverted in practice during actual elections.

2) Till now only allegations exist that EVM can be successfully subverted - it has NOT been shown in practice.

Hence, there is no question of faith. It is plain and simple matter of logic and proof - a matter of the head NOT the heart! If you want to prove the EVM is worse than the paper ballot, by all means do so. But don't claim it is worse on the basis of some flimsy theories. But then it is easier for those with vested interests to turn this whole debate into a matter of faith and have people use their heart and not their head - much easier to shepherd people when they don't think rationally.
Raja Bose
BRF Oldie
Posts: 19477
Joined: 18 Oct 2005 01:38

Re: Should we discontinue EVMs?

Post by Raja Bose »

Dileep wrote:RB, maybe you should contact Stephen on this subject, and see what he says.
Yeah I can do that. I will e-mail him from work tomorrow. If I get a positive 1st response, we can send a list specific questions from everybody to ask his opinion on. Can you re-post the relevant links to the EVM's publicly known specs and operating procedures - that will give this guy some material to use as reference.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote: 1. What is the friends and relatives HATED the tyrant neta, and trusted the secrecy of the ballot to vote their mind?
2. What is the neta wanted to hide behind the EVM scare, and ASKED the friends and relatives to vote others, to make this allegation?
OK, in the first case, at least 25 out of 43 relatives and friends would have to secretly hate the candidate. :eek: :shock:

In the second case, how could the candidate pre-plan the conspiracy, without knowing that nobody else would vote for him, and that he would get less than 43 votes?
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote: OK, in the first case, at least 25 out of 43 relatives and friends would have to secretly hate the candidate. :eek: :shock:
Why not? There are lot of such people.
In the second case, how could the candidate pre-plan the conspiracy, without knowing that nobody else would vote for him, and that he would get less than 43 votes?
He should have known about the demography there right?
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

It is not faith. It is trust.

The entire word runs on trust, and the checks and balances bolster the trust.

My vegetable guy trusts a piece of paper I give him in exchange of the merchandise he gives me. My maid trusts a similar paper in exchange of her hard labour. I trust the vegetable guy not to over poison the stuff, and the lady to reasonably well clean the plates. I trust the chef at rhe restaurant not to poison me.

I trust my employer to pay me at the end of the month. That is miniscule compared to the trust he puts on me, because I have control over much of the intellectual property of his company, on which the tens of millions of dollars of business depend upon.

I trust my tapper at my rubber plantation to do the tapping properly, not harm the trees, and not to steal the produce. I trust the little company that buys my latex to pay me after the 45 days window is over. I trust the girl in my bank counter to credit my account with the cash I give her. I even trust the eBay seller to ship the stuff I ordered.

I trust our prime minister (though many here don't) to do a reasonably good job of running the government. I trust our forces to protect us. I trust the government offices with my property, to keep the records in my name, so that I continue to own them.

I trust the truck driver coming from the opposite direction not to barge into my lane and kill me. I trust him to stop at the red light, while I cross the intersection on my green. I trust the airline pilot to fly me safe. I trst the CISF guy to do his security job properly so that no al-keeda places a bomb on my plane.

I am sure guys like RM and Pranav does the same (except the PM, of course)

All these trust come from established systems, processes, and the checks, balances, and deterrence by consequences.

Deterrence by consequence is one of the primary pillars of trust. When you plan to maliciously break the trust, you should always think of the consequence. If the consequence is huge compared to the gain, then you won't do it.

I know I can trust the vegetable guy because I have personally inspected the produce. He knows he can trut my piece of paper, because he has personally inspected it to be a legal tender currency of the state. He trust the legal tender currency of the state, because he trust the state.

Yes, I also trust the technology, business, logistical, and manufacturing processes involved in the EVM to the extent to approve their use in the election. I trust them more than I trust the two bit neta who want to subvert the ballot.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote:
So, there is no difficulty in rigging about 100 constituencies with max 50 people, many of them foreigners.
We had disected the "CU replacement and wireless activation" theory long time ago on these pages. Do you have anything new from those?
RM-ji, you had mentioned wireless activation earlier - did Dileep have any noteworthy point to make? Thanks.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

OK, after going around in circles, we are back to the same types of attacks:

1. Rigged Chip + Mod-5 Roulette
2. Rigged Chip + Key Code at Booth
3. Rigged Chip + Key Code at Warehouse
4. Replaced CU + Mod-5 Roulette
5. Replaced CU + Key Code at Booth
6. Replaced CU + Key Code at Warehouse
7. Replaced CU + Radio Activation.

Did I miss anything? Does everyone agree on these?
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote:
Pranav wrote: OK, in the first case, at least 25 out of 43 relatives and friends would have to secretly hate the candidate. :eek: :shock:
Why not? There are lot of such people.
In the second case, how could the candidate pre-plan the conspiracy, without knowing that nobody else would vote for him, and that he would get less than 43 votes?
He should have known about the demography there right?
Very right, convenient coincidence that nobody assigned to that booth, besides those 43 relatives and friends, wanted to vote for him. Then he gets a bright idea that he can pull this off.
Sanku
BRF Oldie
Posts: 12526
Joined: 23 Aug 2007 15:57
Location: Naaahhhh

Re: Should we discontinue EVMs?

Post by Sanku »

Pranav wrote: OK, in the first case, at least 25 out of 43 relatives and friends would have to secretly hate the candidate. :eek: :shock:
This is supposed to be valid data point? Maybe he does not have 43 relative and friends, we only have his word for it. Maybe they didnt go to vote and lied to him. Maybe he is lying now to save face.

Meanwhile the antenna theory at best is a futuristic theory, as of now no antenna can be added on the EVMs without the EVMs with antenna's becoming substantially big power drains. The technical points were all explained. This is now becoming a irritating tendency in RM to reject all technical point and simply gloss over them as they don't exist, please don't pick it. I understand that some of us are more qualified to judge the technical points than others, but it does not mean that those who dont understand technology start completely ignoring the basic technical points.

I don't see what is the pressing need to invent these physics maths and engineering defying theories. It is by now clear to most people that EVMs are pretty secure right now, and as long as the practices and designs are maintained and regularly carried out there should not be a problem in the future either.

What we need to watch out for is sudden difference in future practices or design (say choosing a totally new architecture)
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Sanku wrote:
Pranav wrote: OK, in the first case, at least 25 out of 43 relatives and friends would have to secretly hate the candidate. :eek: :shock:
This is supposed to be valid data point? Maybe he does not have 43 relative and friends, we only have his word for it. Maybe they didnt go to vote and lied to him. Maybe he is lying now to save face.
There is a paper trail of people who voted. So there is a news scoop in there, need to nail his lies.
Sanku wrote:
Meanwhile the antenna theory at best is a futuristic theory, as of now no antenna can be added on the EVMs without the EVMs with antenna's becoming substantially big power drains. The technical points were all explained. This is now becoming a irritating tendency in RM to reject all technical point and simply gloss over them as they don't exist, please don't pick it. I understand that some of us are more qualified to judge the technical points than others, but it does not mean that those who dont understand technology start completely ignoring the basic technical points.

I don't see what is the pressing need to invent these physics maths and engineering defying theories. It is by now clear to most people that EVMs are pretty secure right now, and as long as the practices and designs are maintained and regularly carried out there should not be a problem in the future either.

What we need to watch out for is sudden difference in future practices or design (say choosing a totally new architecture)
As was mentioned, the antenna doesn't need to transmit. The system can be in sleep mode until signal is detected.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

The radio circuit still need to be powered up to receive the transmission. This is a drain on the battery. Also, the activation could only be done when the CU is ON, so doing it at the warehouse won't be possible.

And just opening the box will show the added circuitry.
Rahul Mehta
BRF Oldie
Posts: 2577
Joined: 22 Nov 2001 12:31
Location: Ahmedabad, India --- Bring JurySys in India
Contact:

Re: Should we discontinue EVMs?

Post by Rahul Mehta »

Dileep wrote:OK, after going around in circles, we are back to the same types of attacks:

1. Rigged Chip + Mod-5 Roulette
2. Rigged Chip + Key Code at Booth
3. Rigged Chip + Key Code at Warehouse
4. Replaced CU + Mod-5 Roulette
5. Replaced CU + Key Code at Booth
6. Replaced CU + Key Code at Warehouse
7. Replaced CU + Radio Activation.

Did I miss anything? Does everyone agree on these?
Errr... where does Mod-5 trojan need "replacement of CU"?

If CU is replaced, it goes best with radio-enabled CU

.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Well, replaced CU+Mod5 was one of your own creations. Did you drop it? If so, I will remove it from the list.

Do you agree to the rest of the list? Please confirm.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote:The radio circuit still need to be powered up to receive the transmission. This is a drain on the battery. Also, the activation could only be done when the CU is ON, so doing it at the warehouse won't be possible.

And just opening the box will show the added circuitry.
The replacement PCB will have a battery on board. The sleep mode consumes very little power. These type of transceivers are used in medical implants. In such applications, a battery life of seven years is required.

The extreme secretiveness of the EC will ensure that possibility of detection is minimized.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote:
Dileep wrote:The radio circuit still need to be powered up to receive the transmission. This is a drain on the battery. Also, the activation could only be done when the CU is ON, so doing it at the warehouse won't be possible.

And just opening the box will show the added circuitry.
The replacement PCB will have a battery on board. The sleep mode consumes very little power. These type of transceivers are used in medical implants. In such applications, a battery life of seven years is required.

The extreme secretiveness of the EC will ensure that possibility of detection is minimized.
The problem is, the CU controller must be ON to take and act on the information. It should be at least like wake-on-signal. How would you do that?
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Rahul Mehta wrote:
Dileep wrote:OK, after going around in circles, we are back to the same types of attacks:

1. Rigged Chip + Mod-5 Roulette
2. Rigged Chip + Key Code at Booth
3. Rigged Chip + Key Code at Warehouse
4. Replaced CU + Mod-5 Roulette
5. Replaced CU + Key Code at Booth
6. Replaced CU + Key Code at Warehouse
7. Replaced CU + Radio Activation.

Did I miss anything? Does everyone agree on these?
Errr... where does Mod-5 trojan need "replacement of CU"?

If CU is replaced, it goes best with radio-enabled CU

.
Actually instead of replacing entire CU, its enough to replace the PCB. Also, there is the option of replacing PCB in CU or in BU.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote: The problem is, the CU controller must be ON to take and act on the information. It should be at least like wake-on-signal. How would you do that?
CU controller need not be on, but you do need a wake-up protocol to bring device out of sleep state. There is power consumption in sleep state, but it is very low - low enough to be suitable for implantable medical devices.

It may be possible to get enough energy for the wake-up from the received signal itself, as is done by RFID receivers. But I have not investigated that. In this case, the frequency is lower than RFID.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote: Actually instead of replacing entire CU, its enough to replace the PCB. Also, there is the option of replacing PCB in CU or in BU.
The BU circuit is already discounted. It needs big battery and relay matrix to control the switch keys etc.
We can make sub lists for the types of replacements if needed.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote: CU controller need not be on, but you do need a wake-up protocol to bring device out of sleep state. There is power consumption in sleep state, but it is very low - low enough to be suitable for implantable medical devices.

It may be possible to get enough energy for the wake-up from the received signal itself, as is done by RFID receivers. But I have not investigated that. In this case, the frequency is lower than RFID.
If the CU controller is not ON, how will you do the "magic" necessary with it? Please explain your scheme in detail. The devil is in the details.
Rahul Mehta
BRF Oldie
Posts: 2577
Joined: 22 Nov 2001 12:31
Location: Ahmedabad, India --- Bring JurySys in India
Contact:

Re: Should we discontinue EVMs?

Post by Rahul Mehta »

Dileep wrote:The random bytes are NEVER put in by the manufacturer. If random bytes are put, they are done by the originator of the binary. Now, if the originator can put code in the encrypted instruction form, he can very well do it in the regular instruction form as well. Why go the encrypted route?
Yes, putting random bytes need support of the team lead. But this removes dependence on person who verifies the chip when it comes from Hitachi. So personnel count needed to rig chip does not increase

---
And encrypted or not, you need to transfer control to that code block. This should be done from the regular code block, so it will be evident.
Say there 10 registers in chip, A0 to A9. Now "INCR A9" can be written as

INCR A9
check byte# A9 , byte# A9+1 , byte# A9+3 in code ROM
if it is 56, 57 and 58, then decrypt and execute encrypted code.

Now INCR A9 will be called very very sparingly. So there is no time loss in general. And if code review person sees Incr A9, he will not suspect that a trojan is being called.

----

In radio enabled EVMs, the EVMs are only receiving and not sending. So a coiled antenna in 2mm * 2mm block will suffice. And receiving needs near zero power. The receiver needs power, but if EVMs have RTC clock, which I think they do that that much power will be enough to receive and store one byte (candidate number).

---

Dileep,

In mod-5, the chip has rigged code when it came from Hitachi. CU replacement is needed after counting ONLY if there is a fear that some honest technical hands will actually get opportunity to dissect CU. Given that most SCjs are sold out, I dont see that happening. So mod-5 theory does not CU replacement.

And the examples of trusts you gave do not apply here. They are too tiny compared to what we are talking about. I will never cheat anyone for Rs 100 does not mean I will handle Rs 100 cr transaction honestly. And EVMs rigging if worth Rs 10,00,000 cr for Congress.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote:
Pranav wrote: CU controller need not be on, but you do need a wake-up protocol to bring device out of sleep state. There is power consumption in sleep state, but it is very low - low enough to be suitable for implantable medical devices.

It may be possible to get enough energy for the wake-up from the received signal itself, as is done by RFID receivers. But I have not investigated that. In this case, the frequency is lower than RFID.
If the CU controller is not ON, how will you do the "magic" necessary with it? Please explain your scheme in detail. The devil is in the details.
A very rough plan is something like this: Rigging data consists of start-time for miscounting, end-time, and the key to be favoured. There is a flag that indicates that the rigging data is available. The rigging data is received by the receiver and is made accessible to the controller.

Whenever the controller is powered-on, it checks the flag. If the flag is 1, it reads the rigging data, and then miscounts in the desired fashion.

Note that the complete PCB is made by the foreign defense contractor, so there is considerable flexibility in design.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Rahul Mehta wrote: Yes, putting random bytes need support of the team lead. But this removes dependence on person who verifies the chip when it comes from Hitachi. So personnel count needed to rig chip does not increase.
WRONG! The person who does the verification checks the binary with a master. If the master released by the software group itself is corrupt, it won't be found in verification. And you can't put the trojan without the help of the software group.

So, the whole encrypted code thing is an un necessary complication.
Say there 10 registers in chip, A0 to A9. Now "INCR A9" can be written as

INCR A9
check byte# A9 , byte# A9+1 , byte# A9+3 in code ROM
if it is 56, 57 and 58, then decrypt and execute encrypted code.

Now INCR A9 will be called very very sparingly. So there is no time loss in general. And if code review person sees Incr A9, he will not suspect that a trojan is being called.
There is a non-zero chance of INCR A9 being called from the other parts of the program. Also, it is not just INCR. You have to first load the address into A9, and then call the increment. How would you explain that code, with respect to the design spec?
In mod-5, the chip has rigged code when it came from Hitachi.
That would be classified under line 1, Rigged Chip + Mod 5 Roulette.
CU replacement is needed after counting ONLY if there is a fear that some honest technical hands will actually get opportunity to dissect CU. Given that most SCjs are sold out, I dont see that happening. So mod-5 theory does not CU replacement.
I will remove Line 4 then.

So, the updated list is:

1. Rigged Chip + Mod-5 Roulette
2. Rigged Chip + Key Code at Booth
3. Rigged Chip + Key Code at Warehouse
4. Removed.
5. Replaced CU + Key Code at Booth
6. Replaced CU + Key Code at Warehouse
7. Replaced CU + Radio Activation.
And the examples of trusts you gave do not apply here. They are too tiny compared to what we are talking about. I will never cheat anyone for Rs 100 does not mean I will handle Rs 100 cr transaction honestly. And EVMs rigging if worth Rs 10,00,000 cr for Congress.
It sure does. The trust of the payment I make is big for the maid, and the trust of the tapper is big for me. It is all depends upon the situation.

Would I trust EVMs made by Mehta Electronics Pvt. Ltd.? No. But I would trust BEL with that.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote: A very rough plan is something like this: Rigging data consists of start-time for miscounting, end-time, and the key to be favoured. There is a flag that indicates that the rigging data is available. The rigging data is received by the receiver and is made accessible to the controller.
The clock inside the CU is not IST time. It is just a timestamp clock, giving accurate time intervals. It can't be otherwise, since there is no set-clock function in the EVM.

That will not work for you.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote:
Pranav wrote: A very rough plan is something like this: Rigging data consists of start-time for miscounting, end-time, and the key to be favoured. There is a flag that indicates that the rigging data is available. The rigging data is received by the receiver and is made accessible to the controller.
The clock inside the CU is not IST time. It is just a timestamp clock, giving accurate time intervals. It can't be otherwise, since there is no set-clock function in the EVM.

That will not work for you.
There are ways around such an eventuality (for example by putting a clock on the PCB), but please give ref for clock info (with page No, if referring to a multi-page document) .
Rahul Mehta
BRF Oldie
Posts: 2577
Joined: 22 Nov 2001 12:31
Location: Ahmedabad, India --- Bring JurySys in India
Contact:

Re: Should we discontinue EVMs?

Post by Rahul Mehta »

.

The US guy could hack EVM because he had one to begin with. In India, EC will not give EVM to third party hackers and people such as Dileep insist that EVMs and source code MUST not be given to hackers. And then they claim that "Indian EVM unlike West is unhackable" !!

Well, Sonia etc do have source code of EVM can get as many EVMs they want for making and testing their hacks. By keeping source code and EVM unaccessible, you have only created an asymmetry, not a proof that EVMs cant be hacked.

And look at "ulta chor kotwal ko dante" -- Dileep opposes giving EVMs and source code to public, and then cites "people like RM" as a reason for not doping so !! :rotfl:

----

There is an important deduction from US experience and in general. The hacks more often from third party "unknown" hackers in public rather than agencies which certify that products are hack proof. eg expert committees must have given "hack proof" certificate to the EVM that later got hacked. But since that EVM was available to public, the hackers got it and could hack it.

If EC is so confident that EVM cant be hacked, it should give out the source code and EVMs for cost price, and it should be ANY EVM that hackers pick at DC's warehouse.

.
Last edited by Rahul Mehta on 12 Aug 2009 17:43, edited 1 time in total.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote: There are ways around such an eventuality (for example by putting a clock on the PCB), but please give ref for clock info (with page No, if referring to a multi-page document) .
There is no reference. It is a deduction from available data. In no place there is a procedure to "set time", so it can't be IST. And IST is not needed for a timestamp. Only time difference is important there.

If there are ways, they should be specified.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Rahul Mehta wrote:.
The US guy could hack EVM because he had one to begin with. In India, EC will not give EVM to third party hackers and people such as Dileep insist that EVMs and source code MUST not be given to hackers. And then they claim that "Indian EVM unlike West is unhackable" !!
I NEVER said, don't give it to hackers. There is nothing wrong in giving a unit to a qualified hacker, but then people like you will jump up and down, calling CIA sellout.

BTW, the guy could hack the EVM, because it had a data input port. Without a data input mechanism, the EVMs can NEVER be hacked in the field.
Well, Sonia etc do have source code of EVM can get as many EVMs they want for making and testing their hacks. By keeping source code and EVM unaccessible, you have only created an asymmetry, not a proof that EVMs cant be hacked.

And look at "ulta chor kotwal ko dante" -- Dileep opposes giving EVMs and source code to public, and then cites "people like RM" as a reason for not doping so !! :rotfl:
Are YOU qualified to hack it Rahul? Are ANYONE on this forum qualified? I can do part of the job, but still I am not confident of getting it into a successful hack. How many people in India are qualified to do the hack?

And is Mr. Stephen himself come forward, offering to hack, I have no problem in giving him an EVM unit. If someone else with proven credentials come also, it can be given.

I know it is OK. Maybe the other echnically competent people will.

But netas like YOU, who shamelessly raise dishonest arguments to further your cheap cause, will immediately call SELL-OUT!! The EC has sold out the EVM 'codes' to an american!!

It is a better idea to defend the EVM in the current turf, not on the chaos that is going to be created in the above scenario.

I have welcomed a deepest level analysis by an expert committee, nominated by the parties. That will not raise the sell-out cry at least.
There is an important deduction from US experience and in general. The hacks more often from third party "unknown" hackers in public rather than agencies which certify that products are hack proof. eg expert committees must have given "hack proof" certificate to the EVM that later got hacked. But since that EVM was available to public, the hackers got it and could hack it.

If EC is so confident that EVM cant be hacked, it should give out the source code and EVMs for cost price, and it should be ANY EVM that hackers pick at DC's warehouse.
And Mr. Rahul Mehta, you, or a dirty politician like yourself will be the first to call SELL-OUT!! Great strategy onlee!!

Let me ask you this? Have you, in your infinite wisdom, ever contested that the Indian EVM could be 'field hacked'? ie, hacked without inserting or replacing something in the hardware? To be precise, work with an existing good EVM, without opening it.

If so, please do that NOW. Because that is what goes around everywhere, including Stephen's hack. If you can't, drop that issue here itself.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote:
Pranav wrote: There are ways around such an eventuality (for example by putting a clock on the PCB), but please give ref for clock info (with page No, if referring to a multi-page document) .
There is no reference. It is a deduction from available data. In no place there is a procedure to "set time", so it can't be IST. And IST is not needed for a timestamp. Only time difference is important there.

If there are ways, they should be specified.
Irrespective of what time format is being used, as long as we are aware of the conversion to IST (a reasonable assumption), we can tailor the activation data accordingly.
rohiths
BRFite
Posts: 407
Joined: 26 Jun 2009 21:51

Re: Should we discontinue EVMs?

Post by rohiths »

I have one more conspiracy theory how EVMs can be possibly manipulated. :)
Before I start I need to make a couple of disclaimers
1. I do not believe the EVMs of the Apr-May elections were rigged and the elections were free and fair.
2. I have not read most of the posts on this thread and many things I have said here may be debated and disproven.

Assumption
1. There is a timer circuit on the EVM which keeps running all the time. We all know that there is a long life battery inside every EVM. The present day circuits for clock generation and time measurement consume approx 10uW of power. We also do not require a very accurate clock. Error of +/- 10 minutes is also acceptable. So the assumption is not entirely unreasonable.

Various ways of rigging EVMs
1. Rig only specific EVMs
2. Rig all the EVMs

Rigging specific EVMs and transporting them to the desired place and producing them in adequate numbers to create significant effect is very complex and can be easily leaked and close to impossible to keep it secret. [Here rigging means adding malicious code]

Rigging all the EVMs is much simpler than rigging specific EVMs.

The rigging algorithm
1. The EVM gets into rigging mode only on specified date and on all other days it remains in normal operation. (Using the timing circuit which is there in all the EVMs)
2. For each candidate in the EVM, define a pattern which rigs the EVM in favour of that person. This is done while programming the ROM for every EVM manufactured.
3. The pattern is highly unlikely under normal circumstances given that maximum capactity of an EVM is in the order of thousands of people.
4. When the pattern is entered as defined in the ROM, then EVM is rigged in favour of the candidate by giving him extra votes but keeping the total votes constant
5. By using less than 20 people we can rig a single EVM using this method since you can build patterns which are highly unlikely**
6. The people who are used in this manner to rig an EVM will not even know that they have rigged ,since all they are doing is voting in a predetermined manner which is hardly suspicious.

**Let us assume in a constituency there are 5 significant contenders A,B,C,D,E.
Assume that there are 20 people who are voting for a particular EVM.
The total number of ways of voting patterns is 5^20 (=9.53*10^13)which is a very large number.

Implementation of this algorithm takes very less memory space since at initialization you have to go to rigged mode if date=election date else remain in normal mode.
Modern microcontrollers need only 64 bits to store this instruction.
To store the rigging pattern you only need a few kilobits.

The advantages of this rigging method
1. Very simple to implement and can maintain lot of secrecy.
2. Impossible to prove the machine is rigged without examining the source code and object code.
3. The method does not need any prior information about which candidate is in which position in the EVM
4. The method is invunerable to any honest official trying to run the election in fair manner. Any amount of randomization and monitoring by booth agents and officials will not affect the system

The vunerabilities of this method are
1. If you check the source code or the object code you will know that the machine is rigged.

But there is a way around this too.
You can modify the compiler or write a compiler of your own which adds the malicious code to a good source code. (not too difficult)
All you need is one or two programmers who can modify the compiler and although the source code will be perfect the binary code will be corrupt and the only way to know if the machine is truly rigged or not is to examine the machine instructions one by one and building the whole logic.


I believe the method I have proposed to rig the EVM is easy to implement with the right connections and you need minimal amounts of people hence maintaining secrecy.
Even if the whole Election commission is trustworthy it makes no difference. Any randomization and monitoring by officials and poll agents will never be able to detect fraud .

Constructive criticisms are welcome.
Please try to have a open mind and please do not be mean to anyone who does not share the same thoughts as you.
Raja Bose
BRF Oldie
Posts: 19477
Joined: 18 Oct 2005 01:38

Re: Should we discontinue EVMs?

Post by Raja Bose »

OK e-mail sent to Stephen Checkoway (of EVM hacking using return-oriented programming fame). I have provided him the following links for reference:

1) Basic info about EVM and its operation during polling: http://northgoa.gov.in/EVM-ECIL1.pdf
2) Claims of security features of EVM: http://www.bel-india.com/BELWebsite/ima ... atures.pdf .
3) Some description of how EVMs are stored during polling: http://pib.nic.in/release/release.asp?relid=51718

In case some more useful links are available let me know and I can provide them to him, in case he responds.
TIA.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Here is how Rohit's scheme fits into the existing knowledge base.

1. Rigging on a specific day time only.
2. Activation by a set sequence of 20 votes. You define five different strings of mod-5 (0-4) numbers, and point them to the first five candidates. In order to activate, you need to assemble a sequence of 20 voters, and ask each of them to vote certain candidate. This will activate the rigging.

Issue 1 is moot because you don't know when the poll happens when the machine is manufactured, and EVMs are used for different polls.

Issue 2 is way less viable than RM's mod-5 scheme, because you need to take action in each booth, that too involving 20 people each. this makes it almost unviable.

Then, this needs code rigging, which is the weakest link.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote:
Dileep wrote: Irrespective of what time format is being used, as long as we are aware of the conversion to IST (a reasonable assumption), we can tailor the activation data accordingly.
It is not the format. It is the time number. The time will be kept in a 32 bit integer which counts the seconds. One need to set it to the current time number to synchronize it across the devices. Since there is no time set function, each device will have its own number.
Muppalla
BRF Oldie
Posts: 7115
Joined: 12 Jun 1999 11:31

Re: Should we discontinue EVMs?

Post by Muppalla »

Dileep wrote: It is not the format. It is the time number. The time will be kept in a 32 bit integer which counts the seconds. One need to set it to the current time number to synchronize it across the devices. Since there is no time set function, each device will have its own number.
I guess converting the number to time is only possible if there is manual entry of time to associate a value of time to a number. There is no manual entry of such things to Indian EVMs. In OS based EVMs it may be always possible.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Dileep wrote: It is not the format. It is the time number. The time will be kept in a 32 bit integer which counts the seconds. One need to set it to the current time number to synchronize it across the devices. Since there is no time set function, each device will have its own number.
The purpose of putting a clock in there is to record time of keystrokes, so that audit can be done if necessary. The logical thing would be for all clocks to be synchronized, otherwise BEL will have to maintain records of which machine has what clock setting.

Even in the worst case, assuming that each machine has a different clock, it's not an insurmountable problem. You have two options:

1. Don't bother about synchronizing the clock on the replacement PCB with the original clock. This will not create any problems unless there is an audit.
2. Otherwise you need to put on board an adder to convert between some standard time and the time of the clock. The activation data will always in terms of the standard time. The number to be added would differ from PCB to PCB so this would require some extra labour.

One point is that if you replace PCB in ballot unit, then this clock issue does not arise since clock is in CU. Obviously you need some clock with some standard time on the replacement PCB. BTW, one doesn't need to have the whole ballot unit powered up to receive the activation data. Here I am assuming there is some kind of keypad controller in the BU - such a controller would be needed for encoding of key-presses etc.
Pranav
BRF Oldie
Posts: 5280
Joined: 06 Apr 2009 13:23

Re: Should we discontinue EVMs?

Post by Pranav »

Often a credulous attitude is harmful to democracy.

For example, Americans trust the US dollar. But the corporation that prints it (the Federal Reserve) is privately owned, and has been throwing around trillions of dollars to bail out crooks, with no accountability or transparency. So, a skeptical attitude would have served Americans better - but they were too busy with their hamburgers and baseball games.

Dileep wrote:It is not faith. It is trust.

The entire word runs on trust, and the checks and balances bolster the trust.

My vegetable guy trusts a piece of paper I give him in exchange of the merchandise he gives me. My maid trusts a similar paper in exchange of her hard labour. I trust the vegetable guy not to over poison the stuff, and the lady to reasonably well clean the plates. I trust the chef at rhe restaurant not to poison me.

I trust my employer to pay me at the end of the month. That is miniscule compared to the trust he puts on me, because I have control over much of the intellectual property of his company, on which the tens of millions of dollars of business depend upon.

I trust my tapper at my rubber plantation to do the tapping properly, not harm the trees, and not to steal the produce. I trust the little company that buys my latex to pay me after the 45 days window is over. I trust the girl in my bank counter to credit my account with the cash I give her. I even trust the eBay seller to ship the stuff I ordered.

I trust our prime minister (though many here don't) to do a reasonably good job of running the government. I trust our forces to protect us. I trust the government offices with my property, to keep the records in my name, so that I continue to own them.

I trust the truck driver coming from the opposite direction not to barge into my lane and kill me. I trust him to stop at the red light, while I cross the intersection on my green. I trust the airline pilot to fly me safe. I trst the CISF guy to do his security job properly so that no al-keeda places a bomb on my plane.

I am sure guys like RM and Pranav does the same (except the PM, of course)

All these trust come from established systems, processes, and the checks, balances, and deterrence by consequences.

Deterrence by consequence is one of the primary pillars of trust. When you plan to maliciously break the trust, you should always think of the consequence. If the consequence is huge compared to the gain, then you won't do it.

I know I can trust the vegetable guy because I have personally inspected the produce. He knows he can trut my piece of paper, because he has personally inspected it to be a legal tender currency of the state. He trust the legal tender currency of the state, because he trust the state.

Yes, I also trust the technology, business, logistical, and manufacturing processes involved in the EVM to the extent to approve their use in the election. I trust them more than I trust the two bit neta who want to subvert the ballot.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Pranav wrote: The purpose of putting a clock in there is to record time of keystrokes, so that audit can be done if necessary. The logical thing would be for all clocks to be synchronized, otherwise BEL will have to maintain records of which machine has what clock setting.
The timestamp just logs the time number, hence you will get the time difference between events. That is good enough for the security purpose.

[/quote]
Even in the worst case, assuming that each machine has a different clock, it's not an insurmountable problem. You have two options:

1. Don't bother about synchronizing the clock on the replacement PCB with the original clock. This will not create any problems unless there is an audit.
2. Otherwise you need to put on board an adder to convert between some standard time and the time of the clock. The activation data will always in terms of the standard time. The number to be added would differ from PCB to PCB so this would require some extra labour.

One point is that if you replace PCB in ballot unit, then this clock issue does not arise since clock is in CU. Obviously you need some clock with some standard time on the replacement PCB. BTW, one doesn't need to have the whole ballot unit powered up to receive the activation data. Here I am assuming there is some kind of keypad controller in the BU - such a controller would be needed for encoding of key-presses etc.[/quote]
The BU is a dumb unit, with no active circuitry. It is just a key and LED matrix. So, if you want to rig it, you need to add a controller, and a relay matrix to do the switching. It takes a lot of power.
Javee
BRF Oldie
Posts: 2377
Joined: 13 Jan 2003 12:31
Location: NJ

Re: Should we discontinue EVMs?

Post by Javee »

CHENNAI: The Madras High Court on Wednesday ordered that the Pattali Makkal Katchi, represented by its president, G.K.Mani, is expected to remain present at the Election Commission on August 27 and point out whatever defects it found in Electronic Voting Machines (EVMs).

A Division Bench comprising the Chief Justice H.L.Gokhale and Justice D.Murugesan passed the order on a public interest litigation petition filed by the party. The PMK said that EVMs were not fully secure and fool-proof.

The petitioner said his party was one among others which had all along been objecting to the use of EVMs in elections for the past several years. The machines and the control panel were manufactured by Central public undertakings and there was every possibility of tampering with the machines at the time of election.

http://www.hindu.com/2009/08/13/stories ... 670400.htm
Raja Bose
BRF Oldie
Posts: 19477
Joined: 18 Oct 2005 01:38

Re: Should we discontinue EVMs?

Post by Raja Bose »

^^^ Good...now the courts are stepping in and forcing the people who made allegations to prove them too.
Raja Bose
BRF Oldie
Posts: 19477
Joined: 18 Oct 2005 01:38

Re: Should we discontinue EVMs?

Post by Raja Bose »

OK. Got a response from Steve Checkoway. Quoted here are: (1) My e-mail to him, (2) His reply. He is currently travelling so I have asked him to let me know if he wants to discuss after he gets back to UCSD.
In my e-mail I wrote: > It was really interesting for me to read about your demonstration of
> hacking an EVM without injecting any malicious code by using return-
> oriented programming. At this point in time, tt is especially
> interesting to me since currently there is a huge debate raging in
> India about the security of EVMs used in the Indian General Elections
> (the largest in the world). In case you are interested (and have some
> free time on your hands), I would like to get your opinion of the
> "hackability" of the Indian EVMs.
>
> In the rest of my e-mail I will be briefly mentioning some differences
> between the US EVMs and the Indian EVM and for your reference, provide
> links to certain articles which may help you in understanding how the
> Indian EVM works and its claimed security features.
>
> Reading about your EVM exploit, I noticed that you guys used a Sequoia
> AVC Advantage EVM for your demonstration. The EVMs
> used in the US seem to all be pretty sophisticated OS based systems
> with large codebase and all its accompanying vulnerabilities. However,
> in contrast the EVMs used in India are relatively low-tech
> devices with extremely simple firmware running on a OTP MCU. The
> device itself consists of a Ballot Unit (which is where the voter
> indicates his/her choice) and a Control Unit (operated by the polling
> officer in charge of the polling booth). The Ballot unit and Control
> Unit are connected using a cable (with the cable permanently attached
> to the Ballot Unit).
> Other than this cable there are no active external interfaces (network
> or portable memory-based). For your reference this is a very
> high-level description of the EVM used in India and its operating
> procedures: http://northgoa.gov.in/EVM-ECIL1.pdf
>
> The following is a document from the manufacturers of the EVM (they
> are a government entity) with their claims about security features of
> the Indian EVMs:
> http://www.bel-india.com/BELWebsite/ima ... atures.pdf .
>
> The security apparatus for the EVM before the actual polling includes
> involvement of party workers for each candidate who is standing for
> election and the EVM warehouse is monitored 24/7 via video and
> physical guards. For your reference, the following is a press release
> which among other things gives some detail on the security apparatus
> for storing the EVM prior to actual polling:
> http://pib.nic.in/release/release.asp?relid=51718
> The Election Commision of India actually held a week-long open house
> where it invited anybody to come and attempt to hack a randomly chosen
> EVM (EVMs were randomly shipped in from different
> districts(counties)/states in India). However, none of the attempts
> have succeeded till date - ofcourse this does not prove anything.
>
> My basic question therefore is, whether according to you, based on
> your experience, does there seem to be any *practical* possiblity of
> exploiting the EVMs in use in India - by practical I mean whether it
> can be done in such a way as to have some impact on the election
> results. As per my understanding, even the method you demonstrated on
> the Sequioa machine requires individual access to each machine and
> manual activation of the exploit (through the external data
> port) - this may be suitable for small/local elections in low-
> population countries but in India where the scale of elections (esp.
> the countrywide General elections) is massive, such manual activation
> and access cannot go undetected on a scale which can affect election
> results. Please let me know your thoughts.
Steven Checkoway wrote: I'm still at the conference hotel and the internet connection is slow enough that loading pdfs is a painful proposition. I don't know anything about Indian elections, but I do have a few comments.

First, the machine that we hacked is a very simple machine. It was all custom-built and contains no OS. There are no external network connections. This simplicity is what led the AVC Advantage to be more secure than more modern machines which are far more complex simply because there are fewer places for the machine to screw up.

You correctly point out that we had to gain access to each machine individually. I don't know how elections in India are, but many recent elections in the US have been close enough that tampering with the voting machines in just a few key precincts may have been enough to change the outcome. (Not that I'm alleging that this happened, merely that it would have been possible.)

The week given to hack the machines is really not anywhere near enough time, especially if the people looking at the machines are not given access to all of the documentation and source code. The California Top- To-Bottom Review had teams of computer scientists from the University of California and other places working together for several weeks at least and all with complete access to source code.
Dileep
BRF Oldie
Posts: 5891
Joined: 04 Apr 2005 08:17
Location: Dera Mahab Ali धरा महाबलिस्याः درا مهاب الي

Re: Should we discontinue EVMs?

Post by Dileep »

Maybe the EC should move the court against RM's advertisement (they have taken note of it, as mentioned in their PR) and force him to testify. :twisted:
Locked