Topic:

Automated election PCOS machine

Thesis

statement: A PCOS machine could not be hacked on a short period of time.

 Under

the automated election system (AES) that will be implemented pursuant to Republic Act No.8436 (Poll Modernization Law), as amended by Republic Act No. 9369, the counting, tally, transmission and consolidation of votes will be done by computers this was the Precinct Count Optical Scan (PCOS) machines.

The PCOS

In the world of cyber security, it is presumed that nothing is impossible and everything is hackable. The only question is, WHEN? A system could be hacked tomorrow, next week, next month or next year, all these depends on the security measures implemented and the knowledge or the stupidity of those responsible in the field of cyber security.

Security key receptable Ballot entry slot Administrator access compartment

Operator LCD screen with counter

Printer compartment Transmission port

Operator access

Ballot exit slot

Battery Power port

AC power port

Removable memory card

Thermal paper

Security key

The smartmatic

Avante International/ Canon Marketing Philippines/ DB Wizards/ NETNODE Technologies/ Creative Point Indra Sistemas/ Strategic Alliance Holdings, Inc. (SAHI)/ Hart Intercivic Sequoia Voting Systems Inc./ Universal Storefront Services Corporation/ USSC-Sequoia Voting Solutions Inc. Smartmatic International/ Total Information Management Corp. Syrex Inc./ Amalgamated Motors Phils. Inc./ Avision Inc. AMA Group Holdings Corp./ Election Systems and Software Intl Inc. (ES&S) Gilat Satellite Network Ltd./ F.F. Cruz and Co., Inc./ Filipinas (Prefab Building) Systems Inc.

. The SBAC will test the machine under 26 criteria. The PCOS should be able to detect fake ballots and not reading repeat ballots as one of the main criteria.declared May 18 2010, the only bidder qualified for the P11.2 billion automation contract bidding.According to SBAC vice chairman Adolfo Ibanez, Smartmatic and Total Information Management has complied with the poll bodys set requirements. The consortium of Smartmatic and Total Information Management the lowest calculated responsive bid. Their partnership asked only for a financial bid of P 7,191,484,739.48, which is P4 billion cheaper than the set P11.2 billion budget.Ibanez cleared that this declaration does not mean the award was already given to Smartmatic/TIM consortium

Smartmatic (also referred as Smartmatic Corp. or Smartmatic International) is a multinational corporation founded in 2000 that specializes in the design and deployment of complex purpose-specific technology solutions.

Antonio Mugica, Alfredo Anzola, Antonio Mugica Rivero, Roger Piate, Antonio Mugica Sesma and Luis Feliu and incorporated in Florida in 2000. Seven years prior, the company was then a Venezuelan research groupcalled, "The Research and Development Unit of Panagroup in Venezuela". Bizta Corporation that, until a couple of years ago was doing very poorly

SECURITY FEATURES SECURITY ANAYSIS SECURITY APPLICATIONS

SAES ("Smartmatic Auditable Elections System") is an electronic voting system comprising hardware (voting machines), the software operative in same, election management software, and canvassing software for a central location's servers. It includes several security mechanisms, such as encryption using a public key infrastructure (PKI) with 2048-bit digital certificates.

Bar Code. Paper Based. Optical Scan. Encryption. Access Codes. Audit Log. Transparency.

PHYSICAL LEVEL LOGIC LEVEL

Security key

magnetic lock

Front loading slot

Console port

Thermal printer

Central counting server

Rj45 port

The owner of a software program (copyright holder) can license his program for use by other people. The license can be of two kinds: (1) a binary license is a permission to use the binary code or machine code on a computer. (2) a source license is a permission to use the binary code on a computer, together with a copy of the source code, which the licensee is allowed to read and study Example

USP ("Smartmatics Unified Security Platform") automates the interaction between network devices, operators, end users, and securityspecific applications. . It is designed to provide an end-to-end solution for emergency response using technology to support the handling of emergency calls and to provide immediate responses.

Identity management SIMS ("Smartmatic Identity Management Solutions") enables government agencies to manage people's biographic and biometric information securely, from voter registration to civil registry, from immigration control to national identity projects. It uses both specialized mobile devices for enrollment of people in field applications and an integrated system for stationary use. It includes ID management software, and a back-office system for data consolidation and safeguard.

The deactivation of the ultra violet light detector on the PCOS machines which would distinguish genuine ballots from fake ballots and instead merely relying on the bar codes, The elimination of the personbased digital signatures of the Board of Election Inspectors that would encrypt the data before transmission and instead just limiting it to the machine-based digital signatures on the PCOS machines,

The controversy on the source code review of the software that would ultimately run the automated Encryption and digital signatures, if used properly can indeed ensure authenticity and reliability of information and data transmission. ounting and canvassing.

Speed in transmitting electronic results can significantly reduce or eliminate ballot switching or snatching or stuffing. It can likewise obviate the notorious dagdag bawas * The audit log which records every action taken on or by the machines can serve as a deterrent to would-be cheaters that their activities will not go undetected

Hashing would indeed provide parties with the capability to detect any alterations on the original software. (Hashing is putting the software or file thru an algorithm and producing an alphanumeric value. This value will change if there is any alteration on the software or file). But this presupposes that the parties had indeed ensured that the original software that was hashed and put in escrow with the Bangko Sentral is not a bastardized version from the very beginning.

This is the steps how to hack that machine. First Step:If you are one of the hackers, you need to acquire at least one of the machine. 2nd:Study the machine, find documentations about the machines. What are the components used in that machine. Once you have that all, all you need to do is find vulnerability of that machine. There was leak of source codes and hardware documentation

Once you have that all, all you need to do is find vulnerability of that machine. There was leak of source codes and hardware documentation this process can apply into PCOS Machine of Smartmatic.It is true AES128 key is the encryption. But hackers surely without dealing that AES128.it is easy right

It took 22,000 participants, using idle time of 50,000 CPUs, hitting 72 quadrillion possible keys to break 56-bit data encryption standard. The effort needed to break 128-bit is much more and it discourages all enthusiastic hackers. how much more for 128bits? with 128 its encryption of PCOS machine it is 309,485,009,821,345,068,724,781,056 times stronger than 40-bit encryptionyes, it can be hack but how long it will take 2 days 2 monts 2 years or maybe 2 decades or more.

This research concludes that a PCOS machine is hackable but it could not be hacked on a short period of time it takes too long for just encrypting and studying about the source code that even experts take too long too manipulate just for testing the said machine also even some had the knowledge of hacking this machine they eat the time on coding those 128 bit codes..

Further more as it had discussed the PCOS machine is protected by multiple layers of security and it will be online only during the transmission of electoral results from the 82,000 precincts. Hacking the results of just one precinct, because of its 128 bit encryption system, will take 50 years to decode. Hacking into the central servers is virtually impossible and the servers cannot be fed hacked data as it only accepts data from specific PCOS machines. The time to hacked a PCOS machine had to be a long long action to take .