![](\"https:\/\/media.wired.com\/photos\/5d4e13c9cd01ff000804cba3\/master\/pass\/security_defcon_voting-2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Sat, 10 Aug 2019 01:16:00 +0000<\/strong><\/p>\n For the last <\/span>two years, hackers have come to the Voting Village at the DefCon<\/a> security conference in Las Vegas to tear down voting machines and analyze them for vulnerabilities. But this year\u2019s Village features a fancy new target: a prototype secure voting machine created through a $10 million project at the Defense Advanced Research Projects Agency. You know it better as Darpa<\/a>, the government's mad science wing.<\/p>\n Announced in March, the initiative aims to develop an open source voting platform built on secure hardware. The Oregon-based verifiable systems firm Galois is designing the voting system. And Darpa wants you to know: its endgame goes way beyond securing the vote. The agency hopes to use voting machines as a model system for developing a secure hardware platform\u2014meaning that the group is designing all the chips that go into a computer from the ground up, and isn\u2019t using proprietary components from companies like Intel or AMD.<\/p>\n \u201cThe goal of the program is to develop these tools to provide security against hardware vulnerabilities,\u201d says Linton Salmon, the project\u2019s program manager at Darpa. \u201cOur goal is to protect against remote attacks.\u201d<\/p>\n Other voting machines in the Village are complete, deployed products that attendees can take apart and analyze. But the Darpa machines are prototypes, currently running on virtualized versions of the hardware platforms they will eventually use. A basic user interface is currently being provided by the secure voting firm Voting Works.<\/p>\n "We want people to find things."<\/p>\n Dan Zimmerman, Galois<\/p>\n To vote using the system, you go up to a touchscreen, make your picks (Which Is The Best Star Wars<\/em> Movie<\/em>; Are Hot Dogs Sandwiches<\/em>), confirm your selections, and then send them to print out. Your selections appear along with a QR code in the upper right-hand corner of the page. Next, you feed your printed votes into a secure ballot box\u2014currently part of a filing cabinet frankensteined to some printer components. The ballot box scans the document as you insert it, and uses the QR code to perform a cryptographic validity check. If the paper doesn\u2019t pass the test, either by being fraudulent or from a different election, the scanner will reject the paper and won\u2019t record the vote.<\/p>\n Currently all of the components that a voter would interact with are bare bones prototypes that don\u2019t provide much to hack. At the 2020 village, Darpa plans to have a more complete system for attendees to assess. But hackers can still probe the secure hardware infrastructure and attempt to find flaws in its layers of protection against hardware-based attacks, everything from complicated strikes speculative execution attacks<\/a> and Rowhammer<\/a> to more common flaws like buffer overflows.<\/p>\n Participants sitting down to assess the system on Friday told WIRED that it seems promising. And creating an open source secure hardware platform that anyone can incorporate into their products has the potential, beyond voting machines, to have a major impact on Internet of Things security overall.<\/p>\n \u201cAll of this is here for people to poke at,\u201d says Dan Zimmerman, principal researcher at Galois. \u201cI don\u2019t think anyone has found any bugs or issues yet, but we want people to find things. We\u2019re going to make a small board solely for the purpose of letting people test the secure hardware in their homes and classrooms and we\u2019ll release that.\u201d<\/p>\n