Volume 5, Issue 1 (2011)

The Journal of Physical Security 5(1), 2011

Welcome to the 5th Volume of the Journal of Physical Security (JPS). This issue contains articles about vulnerabilities in balanced magnetic door switches, elections, and computers.

The paper by Sharon Meroni discusses an analysis of election security in Illinois. The findings are disturbing and relevant to elections elsewhere in the country. Election integrity is a homeland security issue, and we had better start taking it seriously. Suggestions for better election security are offered both in her paper, and in the viewpoint paper that follows. Speaking of election security, we in the Vulnerability Assessment Team at Argonne National Laboratory recently demonstrated another man-in-the-middle physical attack on a different electronic voting machine.

We don’t usually publish papers in JPS about cyber security, but the final paper by undergraduate student Tyler Murphy does a nice job of emphasizing the importance of physical security in cyber security, and also points out the risks of social engineering.

As usual, the views expressed by the editor and authors in the Journal of Physical Security are their own and should not necessarily be ascribed to Argonne National Laboratory, the United States Department of Energy, or the authors’ home institutions.

DOWNLOAD: PDF [88 pages, 5.5MB] - You may also download the articles separately (see below).

POSTED ON: Wed, Oct. 26, 2011 | UPDATED ON: Thu, Nov. 03, 2011

CITE as: The Journal of Physical Security 5(1), http://jps.anl.gov/

Editor’s Comments
Roger G. Johnston

Some rambling thoughts about: the importance of reminding people to be honest; recent papers with important implications for mitigating the insider threat and for security managers and supervisors; interesting quotes about homeland security; questionable homeland security expenditures and initiatives; and... electronic censorship.

DOWNLOAD: PDF [4 pages, 72KB]

CITE as: The Journal of Physical Security 5(1), i-iv (2011), http://jps.anl.gov/

Paper 1 - Trivial Defeat of a Balanced Magnetic Switch
John T. Jackson, Jr.

Balanced Magnetic Switch vulnerabilities render it defeatable by trivial means. A detailed description of the most common BMS and procedures germane to its defeat including a method of how to design defeat tools and apparatus for analysis of any common BMS based upon glass reed technology are provided.

DOWNLOAD: PDF [11 pages, 826KB]

CITE as: The Journal of Physical Security 5(1), 1-11 (2011), http://jps.anl.gov/

Paper 2 - Vulnerability Assessment and Security Audit of Election Day Polling Place Procedures for the April 5, 2011 Municipal Election in Chicago, Illinois
Sharon Meroni

Does my vote really count? It’s amazing how complicated it can be to answer such a simple question. The more ballot integrity is investigated, the more questions that arise! At Defend the Vote, we believe the only way to have an accurate vote is through strict and transparent procedures that hold those in charge accountable for the security of the ballot. These procedures must provide a transparent record on the chain-of-custody of each event that potentially impacts the integrity of the vote, especially during the process of casting and counting the ballot. It also includes security protocols around election machines and materials during their storage and transportation; before, during and after elections. Seal protocols are vital to the integrity of any election, but just because someone places a seal on a device does not magically protect it. Seals can be tampered with even with the best protocols in place. In Illinois, “tamper evident” seals are placed on ballot supplies and equipment to secure ballot boxes, voting-machines and the components that operate them, the bags used to transfer election results, and the large equipment containers that transfer the equipment from one location to another. On the surface, the Chicago Board of Elections (CBE) looks like a legitimate organization that is genuinely concerned about the integrity of our vote—that’s their job, after all! Does the CBE have security measures in place that reasonably assure an accurate vote? The research contained in this report concludes they do not. We find the actual procedures in place are inadequate even when they were followed. Our investigations uncovered that current Election Day voting security procedures are not tracked, maintained, or reinforced. Seals used to indicate tampering, their use protocols, and other related security measures are not sufficient to detect or deter tampering with the ballot. How lax has the system become?...

DOWNLOAD: PDF [61 pages, 3.5MB]

CITE as: The Journal of Physical Security 5(1), 12-72 (2011), http://jps.anl.gov/

Paper 3 - Viewpoint Paper: Suggestions for Better Election Security (*)
Roger G. Johnston and Jon S. Warner

The following suggestions for better election security are provided by the Vulnerability Assessment Team (VAT) at Argonne National Laboratory. The suggestions fall into two categories, “Minimum”, which are security features that are essential in our view, and “Recommended”, which are needed for the best security...

(*) Editor’s Note: This paper was not peer reviewed.

DOWNLOAD: PDF [5 pages, 311KB]

CITE as: The Journal of Physical Security 5(1), 73-77 (2011), http://jps.anl.gov/

Paper 4 - A Comparison of Cyber Attack Methods
Tyler J. Murphy

Have you ever seen the movie “Swordfish”? Do you remember when Hugh Grant was writing that “super worm” that was going to punch through the banks security systems and steal a whole bunch of money for John Travolta? What sticks out for me is that while he was writing his “super worm”, there where graphical cubes floating around his 6 monitors, and every time something went wrong one of the cubes would shoot out of order. When he finished the hack, everything fit together like he was working on a jigsaw puzzle or something. Unfortunately, that is exactly how real world hacking doesn’t happen...

DOWNLOAD: PDF [5 pages, 103KB]

CITE as: The Journal of Physical Security 5(1), 78-82 (2011), http://jps.anl.gov/