White Paper: Redefining Electronic Draw Security
Electronic draw machines are being used by lotteries to optimize the draw process and reduce costs, while opening up the opportunity for new games. Their use, however, has been challenged by recent events involving draw fraud and faults. This is because the security requirements, auditable processes, and certification standards developed by lotteries, gaming authorities and certification agencies – despite their obvious benefits – do not fully protect lotteries against draw system vulnerabilities. These include hardware failures, software defects, and insider fraud – all which are difficult to spot because incorrect or fraudulent numbers may look like randomly generated outcomes!
The answer to these problems is to shift from traditional preventive security methods to the ultimate solution – draw nonrepudiation: proof of the draw outcomes and their origin. With this solution, the draw generation process can be fully transparent through:
- systemic proof of draw integrity of the random outcomes and the process that generated them,
- verification of the proof on an independent system by third parties such as auditors or outside entities,
- detection of faults or fraud immediately when they occur and at any later time when needed, and
- legal protection to prove in the court of law that draws were (not) interfered with and were (not) resulting from faulty systems.
Maintaining the status quo is not an option: most draw machines currently in use have limited security features and lack sufficient mechanisms for detecting problems. These traditional systems do not support nonrepudiation of the draw results, leaving them vulnerable to faults and fraud. Now, when the industry is realizing the potential repercussions of draw problems, it is crucial for each lottery to carefully consider the benefits that nonrepudiation offers, as many early adopters have already done.
The full white paper provides information about recent faults and fraud that occurred in the US, opinions from lottery executives about the negative impacts these events could have for the industry, and a non-technical guide to the kind of vulnerabilities that electronic draw systems face, along with a suggested solution.
Disclaimer: Our analysis of events is strictly based on publicly available information and our knowledge and experience with RNG technology.
Determining what actually happened in specific cases was not our goal. We, rather, use the events as examples of problems and vulnerabilities of electronic draw systems. We present a solution that protects against RNG risks independent of the source of the problem and that has been used by lotteries since 2005.Szrek Printable Whitepaper