Remote (Internet) Voting in Digital India Ideas for today and tomorrow National Conference on Remote Voting (NCRV) 2015 20-21 st July 2015 @IITM, Meghdoot, Pune
The fundamental challenge in public voting is how to reconcile the conflict between demonstrable integrity and ballot privacy Anonymous
Agenda Today s Need Internet Voting Basic architecture Voting Requirements The Global Picture Current Issues Indian Scenario Various Stages Technology and Security Issues (Client side, Server side, Connection related) Security Solutions C-DAC Cyber security Solutions Suggested steps for realization
Today s Need Modernizing the election process User friendly can be used even by illiterates Simple to operate and can be installed in a short time Preserves voting secrecy No scope for invalid votes Electronic Voting Machines (EVM) Facilitates quick and accurate counting possible to declare results instantaneously Lowers operating costs Provision can be made to connect to a CENTRAL STATION to consolidate and display / record the results countrywide
Internet Voting Basic Architecture Cast votes Online Web browser/mobile app Vote from your comfort zone
Voting requirements Eligibility Only eligible voters can vote and no one votes twice Anonymity Any traceability between the voter and his vote must be removed Verifiability Fairness Coercibility A voter is able to verify that his or her vote is counted in the final tally. No one should be able to compute a partial tally as the election progresses No one can use force or compel anybody to vote Receiptfreeness Privacy Robustness A voter cannot prove that he or she voted in a certain way. No coalition of participants can gain any information about the voter s vote. Faulty behaviour of any reasonably sized coalition of participants can be tolerated.
Canada United States The Global Picture Norway Switzerland Estonia Sweden & Latvia are among the countries that have tested Internet voting Some of the US states have tested the system unsuccessfully and the demand for Internet based voting is growing US has set up a committee for coming out with procedures End to end verifiable Internet voting (E2E-VIV) Estonia (population of 1.3 million) Rolled out e-voting in 2005 and by 2009 nearly a quarter of all votes cast were online Various ways of voter identification: ID Card with Pin Code, Digital ID, Mobile ID E-Voting for general elections, the model can be considered as one of the successful model and scalability of that model for large voter based needs to be analyzed Switzerland (population of 8.2 million) First used it in Geneva in 2003, with Zurich and Neuchatel cantons soon following Canada Uses online voting in municipal elections The town of Markham, in Ontario, has offered online ballots in local elections since 2003 Overall turnout rose nearly 10% from 2006 to 2010
Indian scenario Remote voting through post Digital India Initiative for Transforming to digital 80 crores plus mobile phones : Excellent mobile penetration 86 crores plus Indians have Aadhar ID Number 20 % of India population uses Internet Expected to grow in next five years due to programs like Digital India, National Optical Fiber Network, Etc. Gujarat has already started providing online voting facility Since penetration of Internet and mobiles are increasing, Internet voting can be better option
Need of the hour Policy Government needs to set up policy for Internet voting Voter registration process Standards to be developed internet voting Political Political system has to be convinced with the methodology adopted for Internet voting Technical Architecture should be in place Solution development through multi party participation Ensure Security Cultural/Public Awareness needs to created among voters and a huge awareness program has to be planned Accessibility
Authentication of voter End to end security Anonymity and privacy of vote given by the voter Secure servers for voting, tallying and data backup Secure communication among various servers End to end encryption of the information DNS security Application level security Client side Server Side Network level security Connection related
Client Side Security Issues No fool proof test to find malicious payload Installed through CDs E-mails Buffer overflows Activex controls Remote control of client computer (Open source Back Orifice 2000) Triggering malicious software in scheduled manner Chernobyl Virus (April 26, 1999) modified BIOS so the systems couldn t boot Proxy redirects Authentication threats - Private key in smart cards smart card readers are connected through Pcs malicious code can change your vote Mobile phones limited display area, lost/stolen, prohibitive costs
Server side Security Issues Distributed Denial of Service (DDOS) Cause Flooding the network Overload server s computational resources Effects Servers may cut off from Internet Disenfranchisement of eligible voters Solutions No effective protective mechanism Voting machines should locally store the vote and sync later
Connection related Security Issues Distributed Denial of Service (DDOS) On Domain name service(dns) sever On IP router will block whole region from casting votes DNS Spoofing Effect True IP address is replaced with fake IP address Voter is redirected to a voting page look-alike Could be done during Voter registration too. Only during voting, it will found that they are not registered Solution Using DNSSec Digital Signatures people are not familiar with SSL connections and Certificates
Security issues with DNS In some cases, attacks target the actual infrastructures, which include servers hosting the domain names In other cases, hackers look to exploit loopholes in the software to create abnormal situations from which they can profit Threats at servers side DOS/DDOS attacks DNS cache-poisoning Threats at client side: Malware Threats on Network DNS spoofing/data modification/redirection Man-in-Middle attack
DNSSEC Overview It ensures end-to-end DNS data integrity and authentication of origin. Uses Public key cryptography to sign the DNS data. RSA/SHA Public Keys published(dnskey) Delegation Signer(DS) Child zones Key is authorized by the Parent.
Trust of Sign Trust anchor The starting Point of trust, typically obtained via some trusted source. Example: DNSKEY of root servers and other trusted domains. Chain of Trust from Trust anchors Hierarchical key verification from trust anchor to end. Example: Root server signs the key of TLDs then TLD signs the key of next level and so on.
Security Solutions Needed for Internet Voting Certified Cryptographic implementations for encryption and authentication End point security for desktop and mobile Security solutions for DNS Multi level authentication system Malware Detection and Prevention Network & Gateway Security Web Security Self auditing of secure systems
C-DAC - Cyber Security Solutions Cryptographic systems Most widely used stream, block and public key crypto systems End Point Security USB Pratirodh, AppSamvid, Browser JSGuard, Application and Device Control (ADC) & M-Kavach Malware Detection and Prevention M-Resist, Malware Nivarak Network & Gateway Security Guard Your Network (GYN) - IPS, Insider Attack Detection (PAX), UTM Appliance, CHAKRA Dynamic Firewall, EDGE Self Management Network Solution
C-DAC Cyber security solutions Web Security WebSAFE & PHP Application Vulnerability Scanner (PAVS) Authentication Systems & Biometrics The Bharatiya AFIS Suite, Bharatiya-IRIS, Touch screen based Bharatiya Biometric Attendance System, Automatic Face Recognition System, PKI solutions & e-sign Cyber Forensics CyberCheck Suite, NetForce Suite, MobileCheck, SIMXtractor, AdVik- CDR Analyzer, TrueImager & TrueTraveller
e-pramaan Authentication Methods UID / Password OTP Digital Signature Certificate (USB/Soft Token) SMS/Mobile / Email based OTPs Biometrics Biometric Fingerprint / Iris 22
Centre of Excellence in DNS Security (Initiated)
Training & Awareness Activities Training labs establishment (for users) Training - Detailed plan, Infrastructure & Content Regular 3-day/5-day/2-week programs and corporate trainings PGDITISS-Post Graduate Diploma In IT Infrastructure Systems and Security(6 months) Online Course on Cyber Security Information Security Education and Awareness (ISEA) PKI Awareness
Way Forward With the rich experience and solutions in cyber security domain C-DAC can Develop solutions required for Internet voting on client side and server side Can develop solutions for authentication Secure applications for vote tallying at serve side Can audit the security of overall system Can take part in creating awareness in the areas of Internet voting
Istonia s Voting system overview
Vote casting process
Vote verification process
Vote tabulation process
Electronic Voting Systems Security - Technologies Homomorphic Encryption for end-to-end security Anonymous Voting - blind signatures Trusted Authorities - Trusted Third Parties, digital certificates, etc End-to-end auditable cryptographic protocols Individual verifiability: a voter can check that her own ballot is included in the election s bulletin board Universal verifiability: anyone can check that the election outcome corresponds to the ballots published on the bulletin board Eligibility verifiability: anyone can check that each vote in the election outcome was cast by a registered voter and there is at most one vote per voter Electronic Voting System Protocols and software should be open for public inspection Highly secure implementations source code from trusted sources Secure Platforms which cannot be tampered with eg HSM, TPM etc Hardware encryption of hard disks
Proposed Steps for Realization An eco system needs to be developed under the supervision of Election commission for Internet voting Formulate a major program and identify regulator and developer organizations with the following actionable items Select suitable security protocols through evaluation Define timelines for implementation of solution Engage organizations for implementing the following Client side implementation Server side application and communication design Development of standards for evaluation of systems and software before they put to real use Implement through following phases Pilot test initially in elections that have less impact: Like water body elections Providing internet voting facility to NRIs and voters away from their constituencies Moving forward to Corporation and municipal elections Then move forward for implementing in major elections
Voting is the most precious right of every citizen, and we have a moral obligation to ensure the integrity of our voting process Thank you