Technology Risks to EVM?

N

Neotheone

Figuring stuff out
Adept
Well, the attitude of Indian authorities, including the honorable supreme court, towards technology adoption, based on their actions and words, seems to suggest that they seem to often have a flimsy understanding of risks that can befall populations when technology is implemented at scale. Their statements frankly seem to often be driven by bureaucratic affidavits, without concern to true assessment of potential risks, including privacy. It has been discussed here in the context of AADHAR in the past, so I would not harp on that further.

In this case, I am keen to understand, how reliable are assurances from EC, government, and the honorable supreme court that One-Time Programmable (OTP) memory used in EVMs are tamper proof? I am not saying that any layperson or even a skilled team can easily tamper with it, but arguably, there are state actors and agencies with access to cutting edge technology (including unpublished research) like the CIA, Mossad, Chinese Intelligence who probably have an interest in influencing election outcomes globally.

I am not a materials science expert, but I want to get perspectives from any experts in the area in this regard. Please also share your views on what ChatGPT had to say on this (see below). Please refrain from making it a political discussion as the question is only driven by my interest in the areas of risk, technology, and geopolitics.

There are no mainstream or well-known material science methods that can selectively and reliably alter the contents of OTP memory without causing damage or destruction to the chip. The very design of OTP memory is intended to make such alterations impossible using electronic methods after the initial programming.

However, in the realm of high-security applications and advanced research, there may be less known or experimental methods that could potentially alter the contents of OTP memory, but such methods would likely be highly specialized, not widely disclosed, and not practical for common use. Here are a few hypothetical possibilities that might be explored in research but are not standard practices:

  1. Focused Ion Beam (FIB) Microscopy: In theory, a FIB could be used to physically alter the structure of a memory chip. This technique is usually used for failure analysis or repair in semiconductor manufacturing. However, it is extremely precise and requires a controlled environment, making it impractical for most tampering attempts. Additionally, the process would likely leave visible marks of tampering.
  2. Localized Heating: Extreme precision in heating could potentially cause changes in the memory structure, but such an approach would require nanoscale control and may result in physical damage that is detectable.
  3. Electromigration: This is a phenomenon where high-density current flows can cause the physical movement of material within a chip, potentially leading to failures or changes in the circuitry. However, this process is generally uncontrollable and would more likely destroy the chip than alter it in a useful way.
  4. Advanced Chemical Processes: Theoretically, certain chemicals might be used to selectively alter materials at the microscopic level, but this would be exceedingly difficult to control and apply to something as small and complex as an integrated circuit.
  5. X-rays or Gamma Radiation: High-energy radiation can cause changes in semiconductor materials, but again, this is typically more destructive than it is precise or controllable.
It's important to note that any method capable of altering OTP memory would likely be considered a significant security threat and would be closely guarded, whether by government agencies, private security firms, or malicious actors. As such, any actual methods developed for this purpose would likely be classified or proprietary, and not available in the public domain.

Moreover, the discussion of such methods is largely theoretical and speculative. The practicality, legality, and ethics of attempting to alter OTP memory are all highly questionable.

For accurate and up-to-date information on current capabilities and research in the field of material science as it pertains to memory technologies, it is necessary to consult the latest scholarly articles, patents, and industry publications. Such sources would provide the most credible and detailed insights into any emerging techniques that might have relevance to this topic.
Click to expand...
 
For deciding whether any system is secure, the threat vector needs to be defined. I.e. nothing is secure from every threat, but certain systems are secure from certain attacks.

Focusing on OTP being "tamper-proof" is wrong in this case. Like you say, this technology drama is taking place in the non-technical world, so correct security practices will not be applied. Only sensationalism and TRPs will drive the conversation. The correct question is : OTP is tamper proof against what ?

Now if the process and players are all honest, storing voting data in simple hard disk is secure. The system should simply not be given to bad guys so that they can tamper.

If the process and players are not honest, the EVM is clearly not secure. If the material of OTP is secure, it will simply be replaced by a clone that has the tampered data. About a decade ago, a Mr. Bharadwaj from AAP had demonstrated in Delhi legislative assembly that whole innards of an EVM can be replaced - so whether the chip is tamper proof is a moot point. From a technical perspective, it was a stupid demonstration - obviously it can be done. But it shows that if attackers have inside support, technology cannot stop them.
 
I'm no expert on this. I'm just speaking from my limited understanding of having officiated one election.

The EVMs do not have any network connectivity, no wi-fi, no bluetooth, nor any CDMA or GPRS. So they cannot be hacked remotely.

If the checks and balances in place are working as expected, then EVM cannot be tampered before the election without the risk of being caught. Before voting begins, party members conduct a mock poll and verify the results. The EVM is them reset and sealed. If the results don't match, party members can ask for EVM replacement on the spot. Then EC will have to send one from the nearest center.

What happens after election is totally up to the handlers of the EVM. If the election commission is completely independent and free of political influence, chances of tampering are low. EC maintains EVMs in sealed state till counting begins. If EVM seal is found tampered with at the time of counting, appropriate action will need to be taken by the EC.

However, as the above post points out, you need to define the threat vector. If the storage area is compromised, then anyone can just replace the insides of the EVM. If the counting people are compromised, they can just put the wrong numbers, any of these can happen. Even if the EVM is tamper proof, the whole process still remains vulnerable.
 
Yeah, the absence of networking connectivity reduces the surface area for attacks. But, there are other ways to compromise it as said above. As things stand now, we as public don't have any idea how EVM works. As a result, we have to take at face value whatever govt/ECI/supreme Court says about the EVM being tamper-proof.
Moreover, the way the ECI handled the EVM hack challenge doesn't inspire confidence. The recent verdict of SC denying open-sourcing EVM's schematics and firmware is again a problem.
 
gourav said:
However, as the above post points out, you need to define the threat vector. If the storage area is compromised, then anyone can just replace the insides of the EVM.
Click to expand...
Too much effort required and EVM is a red herring that everybody gets distracted with
gourav said:
If the counting people are compromised, they can just put the wrong numbers, any of these can happen. Even if the EVM is tamper proof, the whole process still remains vulnerable.
Click to expand...
Now this is a more interesting angle. Stalin said elections were all about who does the counting.

What are the minimum amount of votes needed to make a candidate win or a competitor lose.

The difference depends on the election. A city council election would have less difference but at the state and national level it could be tens of thousands if not more.

So let's say you can fix whomever. Still takes many winners for a party to enter office. Again city, state or national election.

The larger the electorate the harder it is to pull off just because more people would be required to cooperate and keep quiet.

So if you win at the state level what about national. More states have to be won. Can you see how doing this becomes geometrically harder and one leak will burst the whole dam.

No doubt if there is a will there is a way but the technology just adds too many roadblocks compared to previous paper ballots. And this is the bit that is not appreciated. It doesnt take mil spec equipment to ensure things are secure just adding layers of complexity from cheap off the shelf hardware does the job.

How to get away with it. The numbers have to be made public and there are any manner of statistical techniques that can be used to examine if the numbers are naturally occurring or fake. This btw is how income tax depts catch fake returns.

If people are suspicious then maybe examine data of past elections nation,state wide etc and see if anything dodgy comes up. This then gives a clue, as to where if any fraud is occurring.

This will be more productive than beating dead horse EVM argument. So it's not about technological risk but System risk.

The one thing I notice with India. There are eyes EVERYWHERE

Disclaimer : I have a history on this board of zealously defending EVMs going back to 2008.
 
Last edited:
blr_p said:
Too much effort required and EVM is a red herring that everybody gets distracted with
Click to expand...
I respect the views but as I said, I'm just keen on understanding the technological possibilities, because if there exists a technology to interfere, the state actors most likely to interfere, are also the ones most likely to have access to that technology. I am tempted to respond to your specific points otherwise, but I am sure we can discuss other aspects maybe some other time.
 
Neotheone said:
I'm just keen on understanding the technological possibilities, because if there exists a technology to interfere, the state actors most likely to interfere, are also the ones most likely to have access to that technology.
Click to expand...
If you have access to the evm then you can tamper with it. How successfully is another question. There are security measures where the chips self destructs so you would need to have pretty detailed info how to work around.

I doubt there is without replacing the chip that stores the data. Now think how many evms you need and the other logistical hurdles for wider coverage. I do not see this as practical at all. This is really the dumb way of going about it.

Long ago (circa 2008?) I posted a blog that went into the technical details.

The ECI has an open invite to any hacker in the world who can show them how it can be done. Fully paid food & lodging for as long as it takes. The condition is you do it on their premises. You don't get to take the EVM off the premises. Nobody has accepted the challenge yet the allegations never cease.

Actively promoted by sore losers of AAP & BJP over a decade back when they were losing but of late both have fallen silent. Wonder why.

There are some people in TN who refuse to believe Chidambaram won in 2008 without a fix.
Neotheone said:
I am tempted to respond to your specific points otherwise, but I am sure we can discuss other aspects maybe some other time.
Click to expand...
Upto you
 
Last edited:
Just to hopefully be clearer - I am just looking for any insights into any known technologies that might exist, or potentially come into being, that could make the EVM or for that matter any semiconductor devices with One-Time Programmable (OTP) memories vulnerable to hacks.
 
Neotheone said:
Just to hopefully be clearer - I am just looking for any insights into any known technologies that might exist, or potentially come into being, that could make the EVM or for that matter any semiconductor devices with One-Time Programmable (OTP) memories vulnerable to hacks.
Click to expand...
The answer in the context of EVM is not going to be easy. OTP memory by itself provides a good level of protection against tampering. But, then there are different types of OTP memory availabe. I am not an expert in this.
We can try to explore the answers.
1. If able to get physical access, one can entirely replace the existing memory with another one with botched firmware. This is far-fetched. But, is possible.

2. What is OTP NAND being used for? To store firmware for the EVM. If the firmware code is clean, robust and extensively tested then that's great. If the firmware itself is malicious, then even OTP memory can't help. But, then this is issue of firmware not OTP memory.

In short, for most semicon devices with OTP memory, the protection can be circumvented by physically replacing the memory. For a device that has huge ramifications for a country, just using OTP is not enough.
 
Neotheone said:
Just to hopefully be clearer - I am just looking for any insights into any known technologies that might exist, or potentially come into being, that could make the EVM or for that matter any semiconductor devices with One-Time Programmable (OTP) memories vulnerable to hacks.
Click to expand...
Let's say there is. How many EVM's would you need to compromise to throw an election at the
1)city
2) state
3) national level?

Risk assessment. That's your thing isn't it.
 
Neotheone said:
Just to hopefully be clearer - I am just looking for any insights into any known technologies that might exist, or potentially come into being, that could make the EVM or for that matter any semiconductor devices with One-Time Programmable (OTP) memories vulnerable to hacks.
Click to expand...
Tried looking into this as much as I could; short answer is none as of yet. Obviously can't speak for things "potentially coming into being", but there are mitigations present in the current EVM for issues discussed in this thread.

I actually found an Indian YouTube video covering this quite well, if you can believe it! But it is in Tamizh without cc; will share anyway.

The suggestions for improvement at the end of this video aren't well thought-out though. For instance: the proposed 'hybrid-system' to count the printed sheets as well to verify integrity sounds like a good idea, but people might could tamper those and potentially altercate an actual fair result.
 
All electronic, s/w based systems are vulnerable to abuse one way or other.
How practical it is the question.

@blr_p
> Let's say there is. How many EVM's would you need to compromise to throw an election at the...

Reason why it is done in phases, take month+ for results to be declared /s ;)

At this point, India have no option than to go with EVM, probably an open thorough review of the system may bring clarity for everyone.
For eg., opensource the firmware or s/w etc, but chances for that is next to impossible considering this is govt. and security through obscurity is also considered a thing.
 
TEUser2K1 said:
@blr_p
> Let's say there is. How many EVM's would you need to compromise to throw an election at the...

Reason why it is done in phases, take month+ for results to be declared /s ;)
Click to expand...
Reason it takes as long is to cater to the biggest electorate in the world.

My question was to think about the logistical challenges that come after
 
TEUser2K1 said:
At this point, India have no option than to go with EVM, probably an open thorough review of the system may bring clarity for everyone.
Click to expand...
When it comes to implementation point of view, all the problems that are there in EVMs are also there in paper ballots, only worse.
  • Can you change votes? Yes, just throw out the current ballot papers and stuff your own
  • Can you manipulate? Yes, just stuff with your own ballot papers
  • Can you miscount? Yes
So while EVM may have its shortcomings, there's no better alternative as of now. Paper ballots are far worse and much more prone to tampering.
 
All you need to know.
Independent Research on it
Lecture by the same researcher
(23:32)

Nobody is contesting that the EVM's are rigged, infact the human involvement will make sure that it's very improbable to keep it a secret during election processes. But the twist is that if they became compromised, nobody will know, even for years.

There were 2 companies hired by the Indian govt. Pre 1990's to burn software on the physical chip present in the machine. After this, ECI has never allowed any independent research to happen on it.

First Congress defended EVM, BJP attacked, now the opposite. That's why there are no conclusive evidence on it. Now SC also are being boomers and just don't want any research to be done on it.

I would highly suggest to read the above research done by independent scientists, and make your conclusions.
 
samavery42 said:
So?
Click to expand...
That crucial info is left out on your post, hence mentioned to avoid people from being misinformed.

samavery42 said:
ECI doesn't allow independent research on the revised ones
Click to expand...
They didn't, strictly speaking, allow on the previous gen. The paper acknowledges the anonymous party who illicitly sourced the EVM for this research; created quite the ruckus obviously.

samavery42 said:
This is the only credible research we have.
Click to expand...
Which has been irrelevant for over a decade, as they fixed issues with the next gen.

If I have to mention, not to discredit that research.
 
blr_p said:
Let's say there is. How many EVM's would you need to compromise to throw an election at the
1)city
2) state
3) national level?

Risk assessment. That's your thing isn't it.
Click to expand...
Well, since not many people are actually willing to discuss the actual question, I might as well indulge especially as you mentioned risk.

From a risk-taking perspective, my view is that to keep organizations alive for decades, or centuries, you have to survive tail events over long run. Nations are (hopefully) supposed to survive tails for centuries, and technology will continue to emerge rapidly, hence I believe deeper questions need to be asked instead of just focusing on operational unlikelihood. On top of that, humans naturally cannot grasp tail risks because we have evolved by dealing with base case risks (things that usually happen). Hence, I'm usually interested in things of events that seem near impossible. With rapid emergent technology, we have already seen many past impossibles turning into everyday experience. I would actually not put anything in the impossible category, even if the probability of that event lies many standard deviations away from the mean.

I am sharing an example not because it is directly related, but more because it is an interesting story, and hopefully highlights how unlikely events are structurally ignored by even analytical organizations:

I used to once manage liquidity risk for a financial institution where failure could have systemic implications. Our models for regulatory compliance used to throw up a "good-looking" measure of risk based on assumptions of normality. It basically said that we had zero liquidity risk up to nearly 18 months as far as submissions to regulator was concerned. However, when a major unlikely liquidity event happened in 2018, after 3 days of reassessment, we had 21 days of liquidity left.

To state the big reason again: A risk assessor should think in terms of what can go wrong, and not be too comfortable based on reasons why it would not. That too even if he or she sounds like a broken record for a long time, and especially so if he/she is dealing with risks over the scale of centuries.
 
Back
Top