Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna.

Slides:

Advertisements

Similar presentations

THE COUNCIL OF EUROPE and the Information Society Council of Europe Summit (May 2005), Action Plan on e-democracy: "We will also take initiatives so that.

Advertisements

IST E-POLL Electronic Polling System for remote voting operation

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium May 2012.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Professional Behaviour

Chancellerie fédérale Section des droits politiques Voting observation in the context of the Swiss internet voting projects Workshop on the "Observation.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.

Security Controls – What Works

Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Office of Inspector General (OIG) Internal Audit

Computer Security: Principles and Practice

Mohammad Alshayeb 19 May Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.

Voting System Qualification How it happens and why.

Author: Michał Rajkowski Tutor: prof. dr hab. inż. Zbigniew Kotulski.

Central Electoral Commission of The Republic of Lithuania THE LITHUANIAN CONCEPT OF VOTING VIA INTERNET FOR ELECTIONS AND REFERENDA Approved by the Seimas.

BUNDESMINISTERIUM FÜR INNERES, 1014 WIEN, HERRENGASSE 7, TEL.: (0) Functioning of Electoral Management Bodies – Austrian Experiences.

Elections in Canada Introduction Each MP or Member of Parliament represents one constituency or riding. The number of constituencies in a province relates.

Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development December, 2008 Nuclear Safety in Infrastructure Building.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

United States Election Assistance Commission EAC UOCAVA Documents: Status &Update EAC Technical Guidelines Development Committee Meeting (TGDC)

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Evolving IT Framework Standards (Compliance and IT)

1 Bölgesel Rekabet Edebilirlik Operasyonel Programı’nın Uygulanması için Kurumsal Kapasitenin Oluşturulmasına Yönelik Teknik Yardım Technical Assistance.

John Oates Andrew Rawnsley Birgit Whitman. Plan The background to the Framework The structure of the Framework How the Framework might be implemented.

Secure Information Technology Center - Austria Workshop on the certification of e-voting systems Council of Europe Strasbourg, 26 November 2009 Certification.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

PASSPORT SYSTEM – STANDARD AND E-PASSPORT The Passport includes standard international Security Features such as: Hologram Ultra Violet Print (can be seen.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

UOCAVA Report Overview and Status July 2008 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology.

International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

AN OVERVIEW OF THE ELECTORAL SYSTEM. election period pre-election period post-election period period in-between elections pre-election period electoral.

ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.

UK LEADS THE ADOPTION OF E-VOTING STANDARDS John Borras Chair Election & Voter Services Technical Committee

DOST and RA 9369 or the Automated Election Law. Background on RA9369  Authorizes the Comelec to implement an end to end nationwide automated election.

Online voting: a legal perspective

Engineering Essential Characteristics Security Engineering Process Overview.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Standards for e-Enabled Elections: The work of the OASIS Election & Voter Services Technical Committee John Borras Chair Technical Committee

Csaba Tiberiu Kovacs Secretary General of the Romanian Permanent Electoral Authority Secretary General of the Romanian Permanent Electoral Authority.

How and what to observe in e-enabled elections Presentation by Mats Lindberg, Election Adviser, Organisation for Security and Co-operation in Europe (OSCE)

The OASIS Election & Voter Services Technical Committee EML Interoperability Demo

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

TGDC Meeting, Jan 2011 Development of High Level Guidelines for UOCAVA voting systems Andrew Regenscheid National Institute of Standards and Technology.

ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.

LEGAL FRAMEWORK PLANNING & IMPLEMENTATION TRAINING & EDUCATION VOTER REGISTRATION ELECTORAL CAMPAIGN VOTING OPERATIONS & ELECTION DAY VERIFICATION OF RESULTS.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.

Getting Ready for the NOCTI test April 30, Study checklist #1 Analyze Programming Problems and Flowchart Solutions Study Checklist.

CS457 Introduction to Information Security Systems

Importance of Elections

National Electoral Register

IS4550 Security Policies and Implementation

Communication and Consultation with Interested Parties by the RB

Cyber security Policy development and implementation

The Italian Academic Community’s Electronic Voting System

PLANNING A SECURE BASELINE INSTALLATION

Current Status and Recent Developments

Run of Show Goals of RESEA EvalTA (Cycles of Learning and Doing) 0:51

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna University of Technology INSO

INSO – Industrial Software E- Voting in Austria First legally binding election in Austria Federation of Students Election 2009 E-voting as additional voting channel using Austrian citizen card 21 universities eligible voters 376 different elections

INSO – Industrial Software Project Setup

INSO – Industrial Software Challenges of the Project Highest requirements on security Organizational level Technical level Emotional topic, public High tensions from the beginning Public discussion around voter coercion, transparency, smart card, security Timeframe Many opponents and activists Protest by Federation of Students right away

INSO – Industrial Software Recommendations Rec(2004)11 Attacks during the election: Denial of Service (DoS) attacks Fake videos Phishing attacks Social engineering attacks Distraction of eligible voters Recommendation Rec(2004)11 of the Committee of Ministers to member states on legal, operational and technical standards for e-voting Evaluation: Analysis of attacks, explaination of countermeasures and relation to Rec(2004)11 Act: Recommentations and updates that should be discussed within the biennial review cycle of Rec(2004)11 Experiment: 2009 Austrian federation of students election Hypothesis: Are Rec(2004)11 sufficient to handle state-of-the-art real world attacks PlanDo CheckAct

INSO – Industrial Software Summary and Conclusion Recommendation Rec2004(11) provides a good basic framework. The challenge is to face state of the art attacks E-voting demands an overall security strategy Covering all aspects (legal, technical, operational), considering international experience and state of the art mechanisms in all project phases and implementing a continiuous improvement process 11 appeals to constitutional court Paper (EVOTE 2010): Analysis of Recommendation Rec(2004)11 Based on the Experiences of Specific Attacks Against the First Legally Binding Implementation of E-Voting in Austria Evaluation Report:

INSO – Industrial Software Contact Information Andreas Ehringfeld INSO - Industrial Software Faculty of Informatics Vienna University of Technology

INSO – Industrial Software Additional Slides

INSO – Industrial Software Rec2004(11)

INSO – Industrial Software Chronicles of Attacks - dDoS Rec(2004)11 (art. 45): “remote e-voting may start and/or end at an earlier time than the opening of any polling station. Remote e-voting shall not continue after the end of the voting period at polling stations…”

INSO – Industrial Software Chronicles of Attacks – Fake E-Voting System Rec(2004)11 (art. 46): “For every e-voting channel, support and guidance arrangements on voting procedures shall be set up for, and be available to, the voter. In the case of remote e-voting, such arrangements shall also be available through a different, widely available communication channel” Rec(2004)11 (art. 103): “The audit system shall record times, events and actions, including: [...] any attacks on the operation of the e-voting system and its communications infrastructure [...] malfunctions and other threats to the system”

INSO – Industrial Software Chronicles of Attacks – Fake Vote Buying Rec(2004)11 (art. 80): “The e-voting system shall restrict access to its services, depending on the user identity. User authentication shall be effective before any action can be carried out.” Rec(2004)11 (art. 51): “A remote e-voting system shall not enable the voter to be in possession of a proof of the content of the vote cast.”

INSO – Industrial Software Chronicles of Attacks – Fake Vote Flipping Rec(2004)11 (art. 76): “Where incidents that could threaten the integrity of the system occur, those responsible for operating the equipment shall immediately inform the competent electoral authorities, who will take the necessary steps to mitigate the effects of the incident. The level of incident which shall be reported shall be specified in advance by the electoral authorities.”

INSO – Industrial Software Chronicles of Attacks – Social Engineering Rec(2004)11 (art. 79): “The e-voting system shall perform regular checks to ensure that its components operate in accordance with its technical specifications and that its services are available.”

INSO – Industrial Software Voting Process

INSO – Industrial Software