Secure Electronic Voting



Similar documents
E-Democracy and e-voting

An Electronic Voting System Based On Blind Signature Protocol

Electronic Voting Protocol Analysis with the Inductive Method

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract)

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

The Design of Web Based Secure Internet Voting System for Corporate Election

Remote (Internet) Voting in Digital India

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

Le vote électronique : un défi pour la vérification formelle

An Implementation of Secure Online Voting System

Associate Prof. Dr. Victor Onomza Waziri

E-Voting System Security Optimization

Verification and Validation Issues in Electronic Voting

Volume I, Appendix C Table of Contents

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Thank you in advance for your consideration,

Secure cloud access system using JAR ABSTRACT:

VoteID 2011 Internet Voting System with Cast as Intended Verification

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Advanced Authentication

Overview. SSL Cryptography Overview CHAPTER 1

Software Review and Security Analysis of Scytl Remote Voting Software. Michael Clarkson Brian Hay Meador Inge abhi shelat David Wagner Alec Yasinsac

Attestation and Authentication Protocols Using the TPM

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

DEA's New Proposed Regulations For E-Prescribing

Computer Security. Draft Exam with Answers

Chapter 1: Introduction

International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 2, Special Issue (NCRTIT 2015), January 2015.

E-voting System: Specification and Design Document

Information Security Basic Concepts

Journal of Electronic Banking Systems

Colorado Secretary of State Election Rules [8 CCR ]

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF STATE Harrisburg, PA BASIC GUIDE TO STUDENT VOTING IN PENNSYLVANIA

REGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.

CESG Certification of Cyber Security Training Courses

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Design Principles for Protection Mechanisms. Security Principles. Economy of Mechanism. Least Privilege. Complete Mediation. Economy of Mechanism (2)

Bellevue University Cybersecurity Programs & Courses

Voting with confidence

SCORE An Overview. State of Colorado Registration and Election Management

Security of smart grid communication protocols

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

How to prove security of communication protocols?

Page 1. Lecture 1: Introduction to. Introduction to Computer Networks Security. Input file DES DES DES DES. Output file

CPSC 467: Cryptography and Computer Security

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

PUBLIC REPORT. Red Team Testing of the ES&S Unity Voting System. Freeman Craft McGregor Group (FCMG) Red Team

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

White Paper: Multi-Factor Authentication Platform

Ballot Casting Assurance

Election Activity Watchers Colorado law & regulations

2016 Election Calendar

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Comparison of e-voting schemes: Estonian and Norwegian solutions

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

s86 When motion must be decided by secret ballot [SM, s 88]

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

ELECTRONIC COMMERCE WORKED EXAMPLES

Central Agency for Information Technology

Tradeoffs for Internet Voting Options

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

Opinion and recommendations on challenges raised by biometric developments

Secure Frequently Asked Questions

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

What is an SSL Certificate?

Transcription:

7 th Computer Security Incidents Response Teams Workshop Syros,, Greece, September 2002 Secure Electronic Voting New trends, new threats... Prof.. Dr. Dimitris Gritzalis Dept. of Informatics Athens University of Economics & Business & Data Protection Commission of Greece

What is electronic voting (system)? An electronic voting (e-voting) system is a voting system in which the election data is recorded, stored and processed primarily as digital information. Network Voting System Standards, VoteHere, Inc., April 2002 Voting Paper voting E-voting Paper ballots.. Punch cards Polling place voting Internet voting Precinct voting Kiosk voting Note: Traditional electronic voting is 132 years old! (T. Edison, Electrographic Vote Recorder, US Patent, 1869). 2

Do we need electronic voting systems*? They could lead to increased voter turnout (USA 2001: 59%, 18-24 yrs: 39%), thus supporting democratic process. They could give elections new potential (by providing ballots in multiple languages, accommodating lengthy ballots, facilitate early and absentee voting, etc.) thus enhancing democratic process. They could open a new market, thus supporting the commerce and the employment. * D. Gritzalis (Ed.), Secure Electronic Voting, Kluwer Academic Publishers, USA 2002. 3

Inherent gaps Technological gap: Disparity between expectations from software/hardware and the performance being delivered (security flaws, etc.). Socio-technical gap: Difference between social policies (laws, codes, etc.) and computer policies (procedures, functionalities, etc.). Social gap: Difference between social policies and human behavior (equipment misuse, etc.). 4

Opportunities for electronic voting Most countries believe that Internet voting will occur within the next decade. Internet voting options satisfy voter s desire for convenience. Internet voting can meet the voting needs of the physically disabled. Several countries are ready to try Internet voting for a small application immediately. Several countries are contemplating voting system replacement and are frustrated with the limited number of options available. Many countries are interested in touch screen systems. 5

Barriers to electronic voting Lack of common voting system standards across nations. Time and difficulty of changing national election laws. Time and cost of certifying a voting system. Security and reliability of electronic voting. Equal access to Internet voting for all socioeconomic groups. Difficulty of training election judges on a new system. Political risk associated with trying a new voting system. Need for security and election experts. 6

Time-sequence of a typical voting process* * E. Gerck, Private, secure, and auditable Internet voting, in D. Gritzalis (Ed.), Secure Electronic Voting, Kluwer Academic Publishers, USA 2002. 7

Generic voting principles Only eligible persons vote. No person gets to vote more than once. The vote is secret. Each (correctly cast) vote gets counted. The voters trust that their vote is counted. Internet Policy Institute, Report of the National Workshop on Internet Voting, March 2001 8

Voting systems design criteria* Authentication: Only authorized voters should be able to vote. Uniqueness: No voter should be able to vote more than once. Accuracy: Voting systems should record the votes correctly. Integrity: Votes should not be able to be modified without detection. Verifiability: Should be possible to verify that votes are correctly counted for in the final tally. Auditability: There should be reliable and demonstrably authentic election records. Reliability: Systems should work robustly, even in the face of numerous failures. * Internet Policy Institute, Report of the National Workshop on Internet Voting: Issues and Research Agenda, USA, March 2001. 9

Secrecy: Voting systems design criteria* No one should be able to determine how any individual voted. coercibility: Voters should not be able to prove how they voted. Equipment should allow for a variety of ballot question formats. Voters should be able to cast votes with minimal equipment and skills. Systems should be testable against essential criteria. Voters should be able to possess a general understanding of the whole process. effectiveness: Systems should be affordable and efficient. Non-coercibility Flexibility: Convenience: Certifiability: Transparency: Cost-effectiveness * Internet Policy Institute, Report of the National Workshop on Internet Voting: Issues and Research Agenda, USA, March 2001. 10

Voting systems security requirements System Wide Properties Security Requirements Flexibility Voter mobility Walk-away Verifiable participation Fairness Uncoercibility Verifiability Robustness Privacy Unreusability Eligibility Democracy Soundness Completeness Accuracy Inalterability Voting Protocols and Schemes TRUSTED AUTHORITIES Karro Yes Yes Yes Yes Yes Cmp No Indi No Yes Yes Yes Yes ANONYMOUS VOTING Fujoka Yes Yes No Yes Yes Cmp No Opn No Yes No No Yes Yes Baraani Yes Yes Yes Yes Yes Cmp Yes Univ No Yes No Yes Yes Yes HOMOMORPHIC ENCRYPTION Schoenmakers Hirt Yes Yes Yes Yes Yes Cmp Yes Univ No Yes Yes Yes Yes No Yes Yes Yes Yes Yes Cmp Yes Indi Yes Yes Yes Yes No No Damgaard Yes Yes Yes Yes Yes Cmp Yes Univ No Yes Yes Yes Yes No Baudron Yes Yes Yes Yes Yes Cmp Yes Univ No Yes Yes Yes Yes No Privacy: Inf=Information-theoretical, Cmp=Computational Verifiability: Indi=Individual, Opn=Individual with open objection, Uni=Universal 11

Security voting systems technologies Cryptography Homomorphic encryption, digital signatures, blind signatures, Trusted Third Parties, digital certificates, etc.) Antiviral software Firewalls Biometrics Smart cards 12

A simple electronic voting model*: Generic description 1. the voter constructs an anonymous electronic ballot ; 2. the voter shows adequate proof of identity to the election authority; 3. the authority stamps the ballot after verifying that no other ballot has been stamped for this voter; 4. the voter anonymously inserts the ballot into an electronic mail box. Note: After the voting deadline passes, votes are counted and a database containing all ballots are made public. Anybody can verify that his/her vote is contained in the database. * R. Peralta, Issues, non-issues, and cryptographic tools for Internet-based voting, in D. Gritzalis (Ed.), Secure Electronic Voting, Kluwer Academic Publishers, USA 2002. 13

A simple electronic voting model: The ballot design ELECTION IDENTIFICATION VOTER S NONCE VOTE SIGNATURE OF ELECTION AUTHORITY The Election Identification is a long number, which identifies the specific election. The Voter s Nonce is a long number, which is kept secret and is different for each voter. The Vote Field is a short number, which denotes the confidential voter s selection(s). The Signature of Election Authority is a cryptographic signature of the other three fields. 14

DVS: An e-voting system architecture* * E. Gerck, Private, secure, and auditable Internet voting, in D. Gritzalis (Ed.), Secure Electronic Voting, Kluwer Academic Publishers, USA 2002. 15

DVS: Functionalities implementation table Modules Layer Sub-Modules Functions CPF (Central Processor & Firewall) LS (Local Server) EBS (Electronic Ballot Server) RBB (Remote Ballot Box) AL (Audit Logger) Central (Federal) Local (County) Group (State) Group Local Central, Group, Local Probe DVC Verifier Reverse Proxy Receipt Interface Log DVC Issuer Receipt Interface Log DVC Verifier Ballot Server Receipt Interface Log DVC Verifier Ballot Box Receipt Tally Audit Report Interface Log DVC Verifier Interface Log Probe and Protect Client Verify and Decrypt DVCs Provide Pass-Through Service Provide Notice of Receipt Interface with Client and other Modules Postmark and Register Events Issue and Encrypt DVCs; Register Voters Provide Notice of Receipt Interface with Client and other Modules Postmark and Register Events Verify and Decrypt DVCs Provide Ballot Views Protect Server and Client Provide Notice of Receipt Interface with Client and other Modules Postmark and Register Events Verify and Decrypt DVCs Receive Return Ballots Distribute Return Ballots Provide Notice of Receipt; Verify Voter Receipt Calculate Tally Audit Inputs & Outputs Report Results Interface with other Modules Postmark and Register Events Verify and Decrypt DVCs Interface with other Modules Postmark and Register Events 16

(Secure) Electronic voting: (instead of) Conclusions Rapidly emerging issue... Of a socio-technical nature... There are contradicting views... Several questions remain open... Context-dependent answers Security experts and skillful judges needed... Need for further experimentation In the meantime, complementary only... 17

Electronic voting technology: Things to remember* Voting is not like any other electronic transaction. There are two kinds of Internet voting: Polling place Internet voting, and remote Internet voting. Remote Internet voting is highly susceptible to voter fraud Remote Internet voting may erode our right to cast a secret ballot and lead to political coercion in the workplace. Remote Internet voting poses a threat to personal privacy. There is a huge politics and technology information gap. There is a generational technology gap. Changing technology is not enough; voter education is needed. Transparency in the voting process fosters voter confidence. Software used should be open to public inspection. * K. Alexander, Ten things I want people to know about voting technology, Democracy Online Project's National Task Force, National Press Club, Washington D.C., USA, January 18, 2001. 18

There is a debate still going on... The shining lure of this hype-tech voting schemes is only a technological fool s gold that will create new problems far more intractable than those they claim to solve P. Neumann (SRI), 2002 An Internet voting system would be the first secure networked application ever created in the history of computers B. Schneier (Counterpane), 2002 At least a decade of further research and development on the security of home computers is required before Internet voting from home should be contemplated R. Rivest (MIT), 2001 19

Looking for a moto Regarding electronic and Internet voting, between optimism and pessimism let s choose realism! 20

Bibliography CALTECH-MIT Voting Technology Project, Voting: What is, what could be, USA, July 2001. European Commission, IST Programme, e-vote Project (IST-2000-29518). E-Voting Security Study, X/8833/4600/6/21, (Crown Copyright), United Kingdom, July 2002. Gritzalis D. (Ed.), Secure Electronic Voting, Kluwer Academic Publishers, USA, October 2002. Internet Policy Institute, Report of the National Workshop on Internet Voting, USA, March 2001. US Dept. of Defense, Voting Over the Internet Pilot Project Assessment Report, DoD Washington Headquarters Services Federal Voting Assistance Program, USA, June 2001. VoteHere Inc., Network Voting Systems Standards, Public Draft 2, USA, April 2002. 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information