The potential danger of cyberattacks is present in virtually every facet of our lives, whether it be tampering of medical devices, attacks on critical civil infrastructure, prying into our connected home devices, or theft of personal data. Even cyberthreats to our political processes is now a clear and present danger. The disruption of the U.S. 2016 presidential election by cyberattacks, where Russian hackers purportedly targeted elections systems in 21 states, is a prime example. These attacks led to personal information being exposed and two voter registration systems being temporarily shut down. With national elections coming up in the U.S. in November, the mere thought of further interference with the democratic process is raising deep concerns. In a survey of 5,000 voters, published earlier this year, cybersecurity firm Carbon Black found that one in four U.S. voters was considering not voting in upcoming elections due to concerns such as theft of personal data from election databases.
The Washington Post recently convened a panel of more than 100 cybersecurity leaders from across government, the private sector, academia and the research community to discuss these issues. When surveyed, nearly all agreed that U.S. state election systems were not sufficiently protected against cyberthreats. One panelist described the election systems as “massive, distributed IT systems with thousands of endpoints and back-end systems that hold and process large volumes of highly sensitive data” and noted that protecting such systems “is no small feat”.
GenKey, a leading global provider of large-scale, biometric identity solutions for governments, public institutions and businesses, addressed the problem of potential election hacking by investing in Wibu-Systems CodeMeter software protection, licensing and security technology. With headquarters in the Netherlands, one of GenKey’s missions is to prevent identity fraud in emerging countries with solutions for voter management, medical ID handling/claim processing and large-scale identity management.
Documented in an interesting case study was GenKey’s involvement with elections in the African nation of Ghana, which entailed countrywide deployment of up to 26 thousand voting machines to support more than fifteen million potential voters. At the scale of the distributed computing needs of a national election it was critical that the integrity of the results was maintained and above any suspicion and biometric data for each voter was protected.
GenKey integrated CodeMeter technology to secure the software in its voting machines. CodeMeter employs both symmetric and asymmetric encryption. The program code is encrypted using symmetric 128 bit AES encryption. Upon starting the application, asymmetric encryption (ECC, 2224 bit or RSA, 2048 bit) of the digital signature is employed. Before a GenKey system is shipped, it is loaded with software that is protected with CodeMeter. The encrypted code is bundled with a license file into a complete package. When each system boots up, the embedded software calls this file, using a digital signature to verify its authenticity. A list of conditions is verified, such as the validity of the license, or the matching of the hardware features that were initially bound to the license during the encryption process. This ensures a high level of security and integrity of the biometric data while protecting the software against potential counterfeiting and misuse during polls.
Beyond this example, the CodeMeter software protection, licensing and security platform is being deployed across a wide array of business sectors, including medical equipment and healthcare solutions, industrial equipment, factory automation, retail and banking and a host of others.