Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Similar documents
Secure and Reliable Electronic Voting. Dimitris Gritzalis

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Electronic Voting Systems

Secure Electronic Voting

E- Voting System [2016]

E-Voting, a technical perspective

L9. Electronic Voting

CHAPTER 2 LITERATURE REVIEW

SECURE e-voting The Current Landscape

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

Functional Requirements for a Secure Electronic Voting System

SEMINAR WORK: E- ELECTIONS AND E- VOTING - THE CASE OF SWITZERLAND AND FRANCE

Security Analysis on an Elementary E-Voting System

Addressing the Challenges of e-voting Through Crypto Design

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

Swiss E-Voting Workshop 2010

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

PRIVACY PRESERVING IN ELECTRONIC VOTING

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

The usage of electronic voting is spreading because of the potential benefits of anonymity,

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Statement on Security & Auditability

Key Considerations for Oversight Actors

Key Considerations for Implementing Bodies and Oversight Actors

L14. Electronic Voting

VOTERGA SAFE COMMISSION RECOMMENDATIONS

Should We Vote Online? Martyn Thomas CBE FREng Livery Company Professor of Information Technology Gresham College

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE

E-Voting Systems Security Issues

SMART VOTING. Bhuvanapriya.R#1, Rozil banu.s#2, Sivapriya.P#3 Kalaiselvi.V.K.G# /17/$31.00 c 2017 IEEE ABSTRACT:

Ballot Reconciliation Procedure Guide

Office for Democratic Institutions and Human Rights OSCE/ODIHR DISCUSSION PAPER IN PREPARATION OF GUIDELINES FOR THE OBSERVATION OF ELECTRONIC VOTING

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

Designing issues and requirement to develop online e- voting system systems having a voter verifiable audit trail.

Arthur M. Keller, Ph.D. David Mertz, Ph.D.

An Application of time stamped proxy blind signature in e-voting

GAO ELECTIONS. States, Territories, and the District Are Taking a Range of Important Steps to Manage Their Varied Voting System Environments

Good morning. I am Don Norris, Professor of Public Policy and Director of the

E-Voting Solutions for Digital Democracy in Knowledge Society

DESIGN AND ANALYSIS OF SECURED ELECTRONIC VOTING PROTOCOL

Volume I Appendix A. Table of Contents

Privacy of E-Voting (Internet Voting) Erman Ayday

CALTECH/MIT VOTING TECHNOLOGY PROJECT A

PRESIDEN T /VICE PRESIDENT OF THE UNITED STATES Vote for One

Estonian National Electoral Committee. E-Voting System. General Overview

Introduction of Electronic Voting In Namibia

ARKANSAS SECRETARY OF STATE

Additional Case study UK electoral system

TO: Chair and Members REPORT NO. CS Committee of the Whole Operations & Administration

AFFIDAVIT OF DOUGLAS W. JONES. NOW COMES Douglas W. Jones, who, first being duly sworn, deposes and says of his own personal knowledge as follows:

EXPERIENCING SMALL-SCALE E-DEMOCRACY IN IRAN. Mohsen Kahani Department of Computer Engineering,

Between Law and Technology: Internet Voting, Secret Suffrage and the European Electoral Heritage

ARKANSAS SECRETARY OF STATE. Rules on Vote Centers

Electronic Voting For Ghana, the Way Forward. (A Case Study in Ghana)

Chapter 2.2: Building the System for E-voting or E- counting

Privacy Issues in an Electronic Voting Machine

Every electronic device used in elections operates and interacts

Voting Systems: From Art to Science 1RWH

SECURE REMOTE VOTER REGISTRATION

WHY, WHEN AND HOW SHOULD THE PAPER RECORD MANDATED BY THE HELP AMERICA VOTE ACT OF 2002 BE USED?

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

Nevada Republican Party

Cuyahoga County Board of Elections

M-Vote (Online Voting System)

Distributed Protocols at the Rescue for Trustworthy Online Voting

THE PROPOSAL OF GIVING TWO RECEIPTS FOR VOTERS TO INCREASE THE SECURITY OF ELECTRONIC VOTING

Democracy depends on losers accepting the results

The Future of Elections: Technology Policy & Funding Conference

E-Poll Books: The Next Certification Frontier

DIRECTIVE November 20, All County Boards of Elections Directors, Deputy Directors, and Board Members. Post-Election Audits SUMMARY

A Study on Ways to Apply the Blockchain-based Online Voting System 1

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

POLL WATCHER S GUIDE

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

Submission for Roger Wilkins AO and the NSW Electoral Commission. Review of the NSW ivote internet and telephone voting system

CRS Report for Congress

Recommendations of the Symposium. Facilitating Voting as People Age: Implications of Cognitive Impairment March 2006

Thoughts On Appropriate Technologies for Voting

Citizen engagement and compliance with the legal, technical and operational measures in ivoting

Voting Protocol. Bekir Arslan November 15, 2008

Elections. Mission Statement. Mandates. Expenditure Budget: $1,583,167. General Government Expenditure Budget: $69,278,846

The documents listed below were utilized in the development of this Test Report:

Testimony of George Gilbert Director of Elections Guilford County, NC

An Object-Oriented Framework for Digital Voting

Municipality of Chatham-Kent. Legislative Services. Municipal Governance

HOUSE BILL 1060 A BILL ENTITLED. Election Law Delay in Replacement of Voting Systems

Response to questions from the Speakers Commission on Digital Democracy regarding electronic voting

An OASIS White Paper. The Case for using Election Markup Language (EML)

IC Chapter 3. Counting Ballot Card Votes

Electronic Voting A Strategy for Managing the Voting Process Appendix

The E-voting Controversy: What are the Risks?

An untraceable, universally verifiable voting scheme

Speaker s Commission on Digital Democracy Inquiry into Electronic Voting

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

INSTRUCTIONS AND INFORMATION

Transcription:

Secure Electronic Voting: Capabilities and Limitations Dimitris Gritzalis

Secure Electronic Voting: Capabilities and Limitations 14 th European Forum on IT Security Paris, France, 2003 Prof. Dr. Dimitris Gritzalis Dept. of Informatics Athens University of Economics & Business & e-vote Project European Commission, IST Programme

What is an electronic voting (system)? An electronic voting (e-voting) system is a voting system in which the election data is recorded, stored, and processed, primarily as digital information. Network Voting System Standards, VoteHere, Inc., April 2002 Voting Paper voting E-voting Paper ballots... Punch cards Polling place voting Internet voting Precinct voting Kiosk voting Note: Traditional electronic voting is 134 years old (T. Edison, Electrographic Vote Recorder, U.S. Patent, 1869). 3

What are e-voting systems good for? * They could lead to increased voter turnout (USA 2001: 59%, 18-24 yrs: 39%), thus supporting democratic process. They could give elections new potential (by providing ballots in multiple languages, accommodating lengthy ballots, facilitate early and absentee voting, etc.), thus enhancing democratic process. They could drastically cut down the cost of election process, thus saving money for public administration. They could open a new market, thus supporting the commerce and the employment. * D. Gritzalis (Ed.), Secure Electronic Voting, Kluwer Academic Publishers, USA, January 2003. 4

Some (inherent) gaps Technological gap: Disparity between expectations from software/hardware and the performance being delivered (e.g. security flaws). Socio-technical gap: Difference between social policies (e.g. laws, codes) and computer policies (e.g. procedures, functionalities). Social gap: Difference between social policies and human behavior (e.g. equipment misuse). 5

Opportunities for e-voting Most countries believe that Internet voting will occur within 10 years. Internet voting options satisfy voter s desire for convenience. Internet voting can meet the voting needs of the physically disabled. Several countries are ready to try Internet voting for a small application immediately. Several countries are contemplating voting system replacement and are frustrated with the limited number of options available. Many countries are interested in touch screen systems. Many countries pursue the delivery of e-government services to their citizens. 6

Barriers to e-voting Lack of common voting system standards across nations. Time and difficulty of changing national election laws. Time and cost of certifying a voting system. Security and reliability of electronic voting. Equal access to Internet voting for all socioeconomic groups. Difficulty of training election judges on a new system. Political risk associated with trying a new voting system. Need for security and election experts. Lack of trust on new technology and reluctance in the adoption of new processes. 7

Time-sequence of a typical voting process * * E. Gerck, Private, secure, and auditable Internet voting, in D. Gritzalis (Ed.), Secure Electronic Voting, Kluwer Academic Publishers, USA 2003. 8

Generic voting principles Only eligible persons vote. No person can vote more than once. The vote is secret. Each (correctly cast) vote gets counted. The voters trust that their vote is counted. Internet Policy Institute, Report of the National Workshop on Internet Voting, March 2001 9

Identifying e-voting requirements An e-voting system may be specified: as a set of the guidelines to be adopted for ensuring conformance to the legislation ( State Authority point of view) or in terms of the problems associated with the provision of the adequate level of security (anonymity, authentication, tractability, etc.) ( System Engineer point of view) 10

Identifying e-voting requirements none of these approaches is complete! Legal requirements abstract formulations (laws, principles, etc.) Functional and user requirements - Usability properties Non-functional requirements Security and System properties (flexibility, efficiency, etc.) 11

Identifying e-voting requirements A third approach, proposed by the e-vote project: Requirements elicitation based on a Generic Voting Model, taking into account the: European Union legislation. User needs and expectations. Organisational details of the conventional voting processes. Opportunities offered and constraints imposed by state-of-the-art technologies. Aim of the developers is to express: The legal requirements. The security (non-functional) requirements. The functional requirements. as a User Requirements Specification document that sets specific Design Criteria. 12

Voting systems design criteria * Authentication: Only authorized voters should be able to vote. Uniqueness: Accuracy: Integrity: Verifiability: Auditability: Reliability: No voter should be able to vote more than once. Voting systems should record the votes correctly. Votes should not be able to be modified without detection. It should be possible to verify that votes are correctly counted for in the final tally. There should be reliable and demonstrably authentic election records. Systems should work robustly, even in the face of numerous failures. * Internet Policy Institute, Report of the National Workshop on Internet Voting: Issues and Research Agenda, USA, March 2001. 13

Voting systems design criteria * Secrecy: No one should be able to determine how any individual voted. Non-coercibility: Voters should not be able to prove how they voted. Flexibility: Equipment should allow for a variety of ballot question formats. Convenience: Voters should be able to cast votes with minimal equipment and skills. Certifiability: Systems should be testable against certain criteria. Transparency: Voters should be able to possess a general understanding of the whole process. Cost-effectiveness: Systems should be affordable and efficient. * Internet Policy Institute, Report of the National Workshop on Internet Voting: Issues and Research Agenda, USA, March 2001. 14

Inalterability Completeness Soundness Eligibility Unreusability Privacy Robustness Verifiability Uncoercibility Fairness Walk-away Voter mobility Flexibility Voting systems security requirements Voting Protocols and Schemes Accuracy Security Requirements Democracy System Wide Properties TRUSTED AUTHORITIES Karro Yes Yes Yes Yes Yes Cmp No Indi No Yes Yes Yes Yes ANONYMOUS VOTING Fujoka Yes Yes No Yes Yes Cmp No Opn No Yes No No Yes Yes Baraani Yes Yes Yes Yes Yes Cmp Yes Univ No Yes No Yes Yes Yes HOMOMORPHIC ENCRYPTION Verifiable participation Schoenmakers Yes Yes Yes Yes Yes Cmp Yes Univ No Yes Yes Yes Yes No Hirt Yes Yes Yes Yes Yes Cmp Yes Indi Yes Yes Yes Yes No No Damgaard Yes Yes Yes Yes Yes Cmp Yes Univ No Yes Yes Yes Yes No Baudron Yes Yes Yes Yes Yes Cmp Yes Univ No Yes Yes Yes Yes No Privacy: Inf=Information-theoretical, Cmp=Computational Verifiability: Indi=Individual, Opn=Individual with open objection, Uni=Universal 15

Voting Systems Functional Requirements Support all essential services for organizing and conducting an opinion expressing process: Poll Decision-making procedure (e.g. referendum) Internal or local elections General election Depending on the specific process, the services may include voter registration, vote casting, voter authentication, calculation of the vote tally, verification of the election result, etc. 16

Requirements for different types of election process The General Election requirements are practically a superset of those regarding the other election processes Polls Decision-making procedures Internal or local elections General elections 17

Identified System Actors Actors Election Organizers Election Personnel Judicial Officers Party Representatives Independent Third Parties Voters Description People responsible for organizing the election process and ensuring that it is properly conducted. People actually performing the system use-cases, under the supervision of Election Organizers. People responsible for monitoring the election process and ensuring that it is carried out in a legal way. People appointed by parties to monitor the election process. People neutral from participating parties, responsible for monitoring the election process and for providing reasonable assurance with regard to the integrity of it. People eligible to participate in the voting process. 18

Actors participation in e-voting Actors Election setup Voting Phase Election in progress Election concluded Election Organisers Election Personnel Judicial Officers Party Representatives Independent Third Parties Voters 19

(Secure) e-voting: (instead of) Conclusions Rapidly emerging issue... Of a socio-technical nature... Contradicting views... Several questions remain open... Context-dependent answers Security experts and skillful judges needed... Further experimentation is needed in the meantime, as complementary only! 20

e-voting technology: Things to remember * Voting is not like any other electronic transaction. Types of Internet voting: Polling-place Internet voting, and remote- Internet voting. Remote Internet voting: a) is susceptible to voter fraud, b) may erode the right to cast a secret ballot and lead to political coercion in the workplace, and c) poses a threat to personal privacy. There is a (huge) politics and technology information gap. There is a generational technology gap. Changing technology is not enough; voter education is needed. Transparency in the voting process fosters voter confidence. Software used should be open to public inspection. * K. Alexander, Ten things I want people to know about voting technology, Democracy Online Project's National Task Force, National Press Club, Washington D.C., USA, January 18, 2001. 21

e-voting: Real-life cases USA, Midterm elections (2002) Touch-screen Technology (~510 counties, 10%) USA (Oct. 2002): $3.9 billion for updating the nation s election procedures Optical Scanning (~1200 counties, 27%) Punch Cards Machines (32%) Computerized Voting capability (e.g. Georgia) United Kingdom, Local elections (2002) Internet Voting capability (Swindon 11%, Bristol 2.7%, Croydon 3.4%) Phone Voting capability (Swindon 5%) Turnout increased (Swindon 3.5%) 22

e-voting: Real-life cases Brazil, General elections (2002) Full-scale national elections 115.000.000 registered voters 406.000 touch-screen machines 700 US$ per machine ~300.000.000 US$ for hardware and software alone Voters were able to vote at any polling station, not just where they live...the touch-screen systems are worse than punch cards This is like trusting a calculator that somebody made in their garage It s not just about the integrity, it s about the perception of the integrity and people s willingness to participate (D. Chaum, 2002). 23

The debate is still going on... The shining lure of this hype-tech voting schemes is only a technological fool s gold that will create new problems far more intractable than those they claim to solve. P.N. (2002) An Internet voting system would be the first secure networked application ever created in the history of computers. B.S. (2002) At least a decade of further research and development on the security of home computers is required before Internet voting from home should be contemplated. R.R. (2001) 24

To cut the long story short... Electronic voting today: Between the pessimism of bureaucracy and the optimism of technology, let s focus on the realism of democracy! 25

REFERENCES 1. CALTECH-MIT Voting Technology project, Voting: What is, what could be, USA, 2001. 2. E-Voting Security Study, X/8833/4600/6/21, United Kingdom, 2002. 3. Gritzalis, D., Secure Electronic Voting, Springer, USA, 2003. 4. Gritzalis, D., Principles and requirements for a secure e-voting system, Computers & Security, vol. 21, no. 6, pp. 539-556, 2002. 5. Internet Policy Institute, Report of the National Workshop on Internet Voting, USA, 2001. 6. Lambrinoudakis, C., Gritzalis, D., Katsikas, S., Building a reliable e-voting system: Functional requirements and legal constraints, Proc. of the 13 th International Workshop on Database and Expert Systems Applications, pp. 435-446, 2002. 7. Mitrou, L., Gritzalis, D., Katsikas, S., Quirchmayr, G., Electronic voting: Constitutional and legal requirements, and their technical implications, in Secure Electronic Voting, Gritzalis, D. (Ed.), pp. 43-60, Springer, 2003. 8. Mitrou, L., Gritzalis, D., Katsikas, S., Revisiting legal and regulatory requirements for secure e-voting, Proc. of the 17 th IFIP International Information Security Conference, pp. 469-480, Kluwer Academic Publishers, 2002. 9. US Dept. of Defense, Voting Over the Internet Pilot Project Assessment Report, USA, 2001. 26

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback