Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.



Similar documents
GI-Edition. Electronic Voting Proceedings. Lecture Notes in Informatics P-86. Robert Krimmer (Ed.)

An Electronic Voting System Based On Blind Signature Protocol

E-Democracy and e-voting

2. All references to Returning Officers in this code should be taken to refer to Counting Officers for referendums.

Voting with confidence

Secure Electronic Voting

VoteID 2011 Internet Voting System with Cast as Intended Verification

1. The Electoral Commission (the Commission) welcomes the UK Government s second consultation on prisoners voting rights.

Internet voting feasibility study

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Guidance for candidates and agents

The Design of Web Based Secure Internet Voting System for Corporate Election

Eballot Software Storage Solutions

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

E-vote 2011 Version: 1.0 References Date: 26/10/2009. E-vote Relevant Reference Projects Project: E-vote 2011

Authentication is not Authorization?! And what is a "digital signature" anyway?

Verification and Validation Issues in Electronic Voting

Why can t I vote online? ONLINE SECURITY AND THE FUTURE OF INTERNET VOTING

2011 municipal and county council elections

Electoral Results Transmission

How To Ensure Correctness Of Data In The Cloud

Cryptography: Authentication, Blind Signatures, and Digital Cash

SSLPost Electronic Document Signing

Online Voting for Better Government State IT Management Initiative

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

Information Security Basic Concepts

Guidance for campaigners and agents on the conduct of tellers in and around polling places

Chapter 17. Transport-Level Security

Volume I, Appendix C Table of Contents

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Electronic Voting Protocol Analysis with the Inductive Method

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Securing VoIP Networks using graded Protection Levels

SECURITY FLAWS IN INTERNET VOTING SYSTEM

An electronic scheme for the Farnel paper-based voting protocol

Amendments and Modifications to Internal Procedure Rules of AS Talveaed.

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

Le vote électronique : un défi pour la vérification formelle

Technical Guideline eid-server. Part 2: Security Framework

Liberty response to The Electoral Commission consultation on the review of ballot paper design

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Extracted from Secure and Fair Elections (SAFE) Workshop: Model Curriculum International Institute for Democracy and Electoral Assistance 2015.

Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1

TOP SECRETS OF CLOUD SECURITY

E-Voting System Security Optimization

Individual Electoral Registration FREQUENTLY ASKED QUESTIONS

Screening/Scoping Pro Forma Section Electoral Services

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

On Coercion-Resistant Electronic Elections

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

REGISTER OF ELECTORS

Directory and File Transfer Services. Chapter 7

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

Real World Experiences with Bingo Voting and a Comparison of Usability

Mobile implementation and formal verification of an e-voting system

Near Sheltered and Loyal storage Space Navigating in Cloud

SENATE BILL State of Washington 64th Legislature nd Special Session

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Speaker s Commission on Digital Democracy Consultation on Electronic Voting

E-Voting System and Its Importance

DRAFT Standard Statement Encryption

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Electronic voting in the Netherlands

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

THE LAW ON NATIONAL COUNCILS OF NATIONAL MINORITIES I. GENERAL PROVISIONS. Article 1

How do I apply to vote by post?

Comparison of e-voting schemes: Estonian and Norwegian solutions

Part D Absent voting

Cryptography and Network Security: Summary

IY2760/CS3760: Part 6. IY2760: Part 6

REFERENDUM PROCEDURES

Building an Anonymous Public Storage Utility Wesley Leggette Cleversafe

Draft for Discussion Quality Assurance and Configuration Management Requirements March 7, 2007

Business Plan: Municipal Elections

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Description of the Technical Component:

NGSS. Evolutionary Safeguards Surveillance. Nuclear measurement solutions for safety and security. NUCLEAR MEASUREMENTS BUSINESS UNIT OF AREVA NAS

A guide for the Voters. Control unit and Balloting Unit of Electronic Voting Machine

Information Security Policies. Version 6.1

TPM Key Backup and Recovery. For Trusted Platforms

PUBLIC REPORT. Red Team Testing of the ES&S Unity Voting System. Freeman Craft McGregor Group (FCMG) Red Team

Control and management of privileged users

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Tradeoffs for Internet Voting Options

Matthias Hauss- SRC Security Research & Consulting GmbH October PCI DSS Requirements in the Context of European Data Protection Law

Recommendations for companies planning to use Cloud computing services

e-voting software CS 312 Project Software Requirements Specification (SRS) Document {Anurag, Ashish, Harshavardhan, Ramkrishan, Sumesh}

Chapter 7 Transport-Level Security

Management of Official Records in a Business System

COMESA Guidelines on Free and Open Source Software (FOSS)

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

Security Policy Revision Date: 23 April 2009

Federated Identity Architectures

Network Management - SNMP

Translation Service Program

Chap. 1: Introduction

Transcription:

New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

Introduction. Since 2001 T-Systems made research on secure online voting systems in cooperation with the PTB and other prominent institutes under the support of the Federal Ministry of Economics Last year the voting systems developed in the W.I.E.N. project underwent a security review by the Technical University of Darmstadt Because of some security flaws the whole architecture of the system was rebuild with regard to special cryptological add-on modules and the optimization of the client-server communication At this time the project is in the planning of a certification process on the Common Criteria for the new implemented system which runs in cooperation with the BSI and an accredited testing centre. Besides, the voting system should be subject to a comprehensive check by the PTB The system is now being developed to a remote voting system Seite 1

Technical Modification of the Voting System. Previous voting protocol Validator RQ70 RQ10 RQ30 RP80 RP40 RP20 RQ50 RP60 RP100 RQ90 Vote Server RQ10: Registration of Voting RP20: Issue of Voting Documents Voting phase RQ30: Request of blinded Voter Signature RP40: Issue of blinded Voting Register Signature RQ50: Delivery of the Vote RP60: Confirmation of Ballot Box RQ70: Confirmation for Register of Voters RP80: Confirmation of Register of Voters RQ90: Initiate counting RP100: Receipt Votes for counting Voting Client Voting Administration Seite 2

Technical Modification of the Voting System. This voting protocol devised previously in W.I.E.N. entails the physical and administrative separation of the voting register and the ballot box and also includes the separation of vote and identity The most important elements are the Validator (provides the electronic voter register), the Ballot Box (contains the electronic ballot box) and the voting Client himself Separated storage of persistent dates (Problem: redundant data management inconsistency of communication problems) For the purpose of anonymity the identity is strictly separated during the whole communication ( the voting register knows the identity, the Ballot Box does not) Seite 3

Technical Modification of the Voting System. Technically laborious recovery procedure in case of incidents The protocol is based on the use of blind signatures and other cryptographic procedures but remains time-consuming, laborious and insecure in some important aspects That s why T-Systems developed by means of the TU Darmstadt a new voting scheme, which is simpler and easier to implement and offers a better security level The main principles of the former architecture have remained the same, like the use of blinding or the division of powers Seite 4

Technical Modification of the Voting System. Newly implemented voting protocol Bulletin Board Validator RP20 RQ10 Voter Vote Server RP40 RQ30 Mix Net Tallier RP60 RQ50 Administrator RP80 RP100 RQ70 RQ90 Voting Phase RQ10: Request vote validation RP20: Receipt of blinded Validator Signature RQ30: Public Delivery Server of the vote with Validator Signature RP40: Voting Confirmation RQ50: Initiate Mixing / Collection of the votes Mixing RP60: Confirmation of Mixing RQ70: Initiate counting of the mixed votes RP80: Public Receipt of the mixed Votes for counting Tallying Phase RQ90: Publishing election result / tallier key RP100: Conformation of successful publishing Seite 5

Technical Modification of the Voting System. The new implemented voting protocol has five main players: The Voting Client (which can be found at home, in a working station, in a special polling station or from any other end device), the Mix Net (separates the encrypted votes from the identity of the voter and randoms the order), the Tallier (counts and encrypts the mixed votes), the Validator (proof of voter authorisation and issue of Validator signature) and the Bulletin Board (central data storage) The Bulletin Board is a consistent data base for all participants plays an absolutely passive role and is not able to communicate with the other players. It has the function as a placard, because after the election the public has the possibility to check if certain votes are counted and if they are counted in a correct manner. It shows not only the counted votes but also the the Tallier key. Seite 6 It is not possible for anyone to delete or to overwrite messages on it

Technical Modification of the Voting System. The protocol is supplemented with some cryptographic components like the use of blinding and mixing by David Chaum and the use of a public key system Furthermore it is assumed that a trustworthy PKI is available, the use of a communication protocol like TCP/IP based on TLS, which guarantees authentication of parties the voting booth, the mix net and the bulletin board are considered trustworthy Policies regulate the logical and organisational separation of identity and vote Seite 7

Technical Modification of the Voting System. The main advantages of the new protocol are the following: Public transparency by the bulletin board (publication of tallier key, etc.) Inured to technical troubles like interruption of access, etc, uncomplicated recovery Possibility of configuration for different voting models by policies Greater performance Seite 8

Adherence to Voting Legislation Principles. The five main voting legislation principles in Germany for publicly regulated elections are universality (everyone has the same rights to vote) directness (everyone has to vote by himself without deputies) freedom (everyone should vote without impact of any kind) equality (everyone's vote has the same weight) secrecy (everyone must cast his vote unobserved) Apart from that, the accessibility to the public in the voting procedure plays a special role, which means that the voting result can be monitored, although casting of the votes has to be secret as a matter of course. Accessibility to the public is necessary for all voting stages and is performed by the electoral committee, but also by any member of the public. Problem: Remote Internet Voting removes the location of voting from public view! Seite 9

Adherence to Voting Legislation Principles. Furthermore there are several auxiliary principles for the voting act like comprehensibility (everyone must be confronted with a simple voting act) simultaneity (everyone must cast his vote in the same period) free of charge (everyone's voting act must be free of charge for the voter) In conclusion these aspects should be considered by creating an electronic voting system Seite 10

Adherence to Voting Legislation Principles. The new developed voting system considered the prevailing legislation principles like the Federal Electoral Law The addition of the bulletin board comprehensively delivers an advantage of postal voting by increasing the principle of accessibility to the public The public must be able to monitor the correct implementation of the election at all times that s why they have available access to contend on the bulletin board if this aspect is desired by the electoral boarder Moreover the principle of universality is also increased by giving more access options to the voter Seite 11

Conclusions. Most legal reservations against electronic voting were rebutted The new voting protocol became not only simpler and got a higher security level but also now offers a better integration of the general public a special criticism point often mentioned in the public discussion All this brings us one step closer to feasible electronic voting models for elections in the range of operational but also political elections Recently accomplished voting projects in the Germany Telekom Group exemplified the simple use of online voting systems and the great advantages concerning economics and democracy Seite 12

Thank you for your attention! Seite 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information