Tradeoffs for Internet Voting Options



Similar documents
VoteID 2011 Internet Voting System with Cast as Intended Verification

E-Democracy and e-voting

Web Presence Security

Data Normalization in Electronic Voting Systems: A County Perspective

Brainloop Cloud Security

Ashley Jelleyman FBCS CITP M Inst. ISP Head of Information Assurance. Privacy vs Security. You Can t Have Both At the same time

Computer Security. Draft Exam with Answers

Voting Systems Security, Testing & More

Volume I, Appendix C Table of Contents

How To Protect Your Data From Being Stolen

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Le vote électronique : un défi pour la vérification formelle

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

The Design of Web Based Secure Internet Voting System for Corporate Election

Security and Privacy in Cloud Computing

UNITED STATES BANKRUPTCY COURT DISTRICT OF ARIZONA

Introduction. Conducting a Security Review

Electronic Voting Protocol Analysis with the Inductive Method

Cloud Services Prevent Zero-day and Targeted Attacks

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Protecting Voter Data Privacy While Expanding Participation

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

User Documentation Web Traffic Security. University of Stavanger

CS 161 Computer Security Spring 2010 Paxson/Wagner MT2

Identity Theft Prevention Presented by: Matt Malone Assero Security

Secure Electronic Voting

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

Going Paperless The Utah Experience. Mike Pecorelli Project Manager Utah DEQ

IA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE

Remote (Internet) Voting in Digital India

IAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner IAIK

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Design Principles for Protection Mechanisms. Security Principles. Economy of Mechanism. Least Privilege. Complete Mediation. Economy of Mechanism (2)

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

The Benefits of SSL Content Inspection ABSTRACT

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Global Security Report 2011

HOW TO: Privacy Aware Mobile Application Development

Colorado Secretary of State Election Rules [8 CCR ]

Arizona Secretary of State. Effective Absentee System for Elections (EASE)2. Technical Proposal. Catalog of Federal Domestic Assistance Number 12.

AN INVESTIGATION OF SECURITY THEME FOR CLOUD COMPUTING

How we keep harmful apps out of Google Play and keep your Android device safe

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

PUBLIC REPORT. Red Team Testing of the ES&S Unity Voting System. Freeman Craft McGregor Group (FCMG) Red Team

SECURITY ANALYSIS OF CLOUD COMPUTING

How We're Getting Creamed

White Paper. Securing and Integrating File Transfers Over the Internet

SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation

Cisco PIX vs. Checkpoint Firewall

Getting Started ONLINE APPLICATION. Access the online certification application system

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

White Paper. Enhancing Website Security with Algorithm Agility

What Do You Mean My Cloud Data Isn t Secure?

Midterm 2 exam solutions. Please do not read or discuss these solutions in the exam room while others are still taking the exam.

Information Security for Modern Enterprises

Chapter 10 - Options

1CHAPTER. Information about Judges of Election and Polling Place Administrators JUDGES OF ELECTION. Appointment/Assignment.

2016 Presidential Election Calendar Maryland State Board of Elections 151 West Street - PO Box 6486 Annapolis, MD

Software Review and Security Analysis of Scytl Remote Voting Software. Michael Clarkson Brian Hay Meador Inge abhi shelat David Wagner Alec Yasinsac

Automatic vs. Manual Code Analysis

Summary of Results from California Testing of the ES&S Unity /AutoMARK Voting System

Avaya TM G700 Media Gateway Security. White Paper

Avaya G700 Media Gateway Security - Issue 1.0

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

DEVELOP ROBOTS DEVELOPROBOTS. We Innovate Your Business

Fighting Advanced Threats

Integrated Threat & Security Management.

USE OF DIGITAL SIGNATURES IN COMMUNICATIONS WITH PUBLIC ENTITIES IN CALIFORNIA

s86 When motion must be decided by secret ballot [SM, s 88]

CHAPTER 7 INITIATIVE, REFERENDUM AND RECALL PROCEDURES

Public Key Applications & Usage A Brief Insight

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

Breaking the Myths of Extended Validation SSL Certificates

Expense Report: Guide for Students

International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 2, Special Issue (NCRTIT 2015), January 2015.

Transcription:

Tradeoffs for Internet Voting Options Submitted to SB11 Working Group Jeremy Epstein October 13 2015 Purpose The purpose of this document is to identify advantages and disadvantages of several different approaches to internet voting, when assumed to be used with a CAC card. All of the options share certain potential advantages and disadvantages compared to not having internet voting. All previous studies have concluded that internet voting is not doable securely using today s technology, including reports from Utah, Connecticut, the technical experts group (E2E-VIV), Heritage Foundation, etc. This tradeoff document should be seen in that light not that any of the proposed solutions is acceptable, but to identify the pros & cons of each, within the scope that none are acceptable. Other designs beyond those sketched here are possible; the advantages & disadvantages will vary slightly. All of the choices are expensive, but the expense varies the email solutions require the least technology development, but the most training and highest per-ballot cost, while the web form requires the most technology development, and the lowest perballot cost. Centralized solutions at the State Board of Elections are likely to be less expensive (because there is no need to maintain 140+ installations, and train 140+ sets of users), but introduce the bottleneck of distributing ballots. Advantages of all approaches Perception gives voters impression of being more modern Timeliness - allows military voters to cast their vote from wherever they are, up until the last minute CAC signature can be used to validate voter identity (compare CAC digital signature to name on form) Disadvantages of all approaches Cost prior internet voting efforts have cost up to thousands of dollars per vote, when including cost of software development/maintenance/testing, operation, monitoring for attacks, etc. Security risks of vote tampering none of the approaches provide a secure solution, including vulnerability to attacks on state servers, risks of malware in voter s computer, etc.

Privacy risks of loss of voter privacy none of the approaches provide a secret ballot Turnout none of the approaches are likely to increase voter turnout Alternatives Six alternatives are considered, along two axes (technical approach and use of central vs. locality-based receipt): Email to each locality Email to a central facility & distribution Web upload to each locality Web upload to a central facility & distribution Web form for each locality Web form at a central facility & distribution The following subsections offer a brief description of a design using a CAC card, followed by advantages & disadvantages. Email to each locality CAC card to digitally sign an email containing a PDF or JPG of the ballot and associated affidavit, which is sent to voter s locality. PDF could be either an image of the ballot (i.e., a scan), or a filled out form. Locality receives & prints ballot. Simplest for voters to use Allows voters to submit ballots up until last minute, without having to No changes required for each election, because there s no smarts in email handling Email is unencrypted while CAC can provide encryption, actual CAC cards are not set up that way for most users, and can only be sent to other CAC cards (of which the localities would not be listed in the database); point-topoint encryption is possible, but not end-to-end Risk to localities: if ballot contains malware, when locality opens it, will get infected so each locality needs security measures in place Training would require training each locality how to handle and verify signed ballots Phishing need to train voters to submit ballots to their election office email address, and not be subject to phishing attacks

Email to a central facility & distribution CAC card to digitally sign an email containing a PDF or JPG of the ballot and associated affidavit, which is sent to State Board of Elections. PDF could be either an image of the ballot (i.e., a scan), or a filled out form. SBE prints ballot & affidavit, forwards them in paper form to locality. Simplest for voters to use No changes required for each election, because there s no smarts in email handling Email is unencrypted while CAC can provide encryption, actual CAC cards are not set up that way for most users, and can only be sent to other CAC cards (of which the SBE would not be listed in the database); point-to-point encryption is possible, but not end-to-end Risk to SBE: if ballot contains malware, when locality opens it, will get infected central facilities needs appropriate security measures (but just one site vs. 140+ for previous option) Training would require training SBE how to handle and verify signed ballots (but just one site vs. 140+ for previous option) Phishing need to train voters to submit ballots to SBE office, which is easier than training 140+ different offices Web upload to each locality CAC card to digitally sign a PDF or JPG image of the ballot and associated affidavit, which is uploaded to a web site maintained by the voter s locality. PDF could be either an image of the ballot (i.e., a scan), or a filled out form. Allows voters to submit ballots up until last minute, without having to Provides end-to-end encryption of the ballot from voter to election office, No changes required for each election, because there s no smarts in file upload

Risk to localities: if ballot contains malware, when locality opens it, will get infected so each locality needs security measures in place Training would require training each locality how to handle and verify signed ballots Phishing need to train voters to submit ballots to their election office web site, and not be subject to phishing attacks Web upload to a central facility & distribution CAC card to digitally sign a PDF or JPG image of the ballot and associated affidavit, which is uploaded to a web site maintained by the SBE. PDF could be either an image of the ballot (i.e., a scan), or a filled out form. SBE prints ballot & affidavit, forwards them in paper form to locality. Provides end-to-end encryption of the ballot from voter to election office, No changes required for each election, because there s no smarts in file upload Risk to SBE: if ballot contains malware, when locality opens it, will get infected central facilities needs appropriate security measures (but just one site vs. 140+ for previous option) Training would require training SBE how to handle and verify signed ballots (but just one site vs. 140+ for previous option) Phishing need to train voters to submit ballots to SBE office, which is easier than training 140+ different offices Web form for each locality Description: No distribution of blank ballots to voters. Voter goes to web site maintained by locality, fills out form, which generates a submission including the voter s identifying information, selections. May be possible to provide digital signatures on submissions. Best at preventing under/over votes Allows voters to submit ballots up until last minute, without having to Provides end-to-end encryption of the choices from voter to election office, If designed appropriately, eliminates risk of malware submission Commercial products are available

Unclear whether CAC digital signatures could be used Phishing need to train voters to submit ballots to their election office web site, and not be subject to phishing attacks The riskiest solution, as custom software solutions are the most likely to have functional or security flaws Must be reprogrammed for each election, to reflect what s on the ballot Web form at a central facility & distribution Description: No distribution of blank ballots to voters. Voter goes to web site maintained by SBE, fills out form, which generates a submission including the voter s identifying information, selections. May be possible to provide digital signatures on submissions. SBE prints ballot & affidavit, forwards them in paper form to locality. Best at preventing under/over votes Provides end-to-end encryption of the choices from voter to SBE, using HTTP/S, and then (potential) re-encryption of the ballot before storage If designed appropriately, eliminates risk of malware submission Commercial products are available Unclear whether CAC digital signatures could be used Phishing need to train voters to submit ballots to SBE web site, and not be subject to phishing attacks The riskiest solution, as custom software solutions are the most likely to have functional or security flaws Must be reprogrammed for each election, to reflect what s on the ballot Scaling is potentially problematic, since SBE site would need to have all ballot styles for the entire state

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information