If election security is an engineering problem, the Defense Advanced Research Projects Agency is heading to the right place to solve it. The Pentagon’s blue skies projects agency is taking its System Security Integrated Through Hardware and Firmware (SSITH) to the 2019 DEF CON hacking conference to demonstrate its capabilities before the dark lords and apprentices of the underground community.
SSITH will be on display as part of the conference’s Voting Village, where researchers will explore what can and cannot be done to interfere with voting machines and, by extension, elections.
“We expect the voting booth demonstrator to provide tools, concepts and ideas that the election enterprise can use to increase security; however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices and beyond,” said Dr. Linton Salmon, the program manager leading SSITH, in a release from DARPA.
DARPA sees securing faith in the literal machinery of elections as a national security issue. To prove that faith in the security systems is warranted, DARPA is letting hackers take a stab at the “SSITH voting system demonstrator,” with processors mounted on programmable arrays and installed in a ballot box. To get to the system, hackers can enter via either an Ethernet port or a USB port, loading software to try and get past the system’s hardware gatekeeping and security functions.
As an example of a hardware barrier, DARPA cites a design by a team from the University of Michigan that “changes the unspecified semantics of a system every 50 milliseconds,” obscuring a possible path into the code. Other methods incorporated into the SSITH demonstrator are built to tackle weaknesses ranging from permissions exploitation, privilege in the system architectures, memory errors, information leaks, code injection, all identified by the NIST as common vulnerabilities.
The 2019 DEF CON appearance will be followed by a larger-scale demonstration in 2020, with a whole system built that incorporates lessons from vulnerabilities and exploits discovered this year. The STAR-Vote system to be used in 2020 is built on open-source architecture, and includes a verifiable paper ballot in addition to its series of microprocessors.
The entire project is a bold move to secure the legitimacy of elections through better mechanical processing, though the technical focus inherently leaves out the broader social and political factors that can contribute to a lack of faith in elections.
There is also the curious choice to pick an acronym that shares a name with a fictional autocratic cult that, in 2005’s “Revenge of the Sith,” subverted an entire electoral system to install an emperor. Perhaps if DARPA’s system can secure the integrity of an election against autocratic interference, it will offer a real redemption for the SSITH.