Certification of e-voting systems Mirosław Kutyłowski, Poland.

Slides:

Advertisements

Similar presentations

Administrative Procedures for Provisional Voting Amy Strange NC State Board of Elections March 14, 2006.

Advertisements

ELECTION DAY Hosted by Teri Loew Calhoun County Chief Deputy Clerk of Elections JEOPARDY! JEOPARDY!

County Canvassing Board Training 2010 Sheryl Moss Certification and Training Manager Office of the Secretary of State (360)

2010 ELECTION TRAINING POLL CLERK. PRECINCT OFFICIALS The precinct team consists of: The precinct team consists of:  Republican  One Inspector  One.

A Pairing-Based Blind Signature

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.

Lesson 7: The Voting Process. Opening Discussion Have you ever voted for something before? How was the winner decided? Did you think the process was fair?

ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium May 2012.

1 CS2SPE- Group project presentation Haia Al-Majali Bojin Zhou Rania Ali Suraj Patel Fatima Tunc Victoria Casas Sam Diab 19 th March 2008.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Software Verification and Validation. Verify - Merriam Webster Online Dictionary To establish the truth, accuracy, or reality of –Confirm –Bear out –Prove.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

PRESENTED BY CHRIS ANDERSON JULY 29, 2009 Using Zero Knowledge Proofs to Validate Electronic Votes.

Ballot Processing Systems February, 2005 Submission to OASIS EML TC and True Vote Maryland by David RR Webber.

TGDC Meeting, July 2011 Update on the UOCAVA Working Group Andrew Regenscheid Mathematician, Computer Security Division, ITL

An Internet Voting System Manager Yonghua Li Kansas State University October 19, 2001 MSE Project - Phase I.

Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna.

U D T Workshop on the Pressure Equipment Directive, Warsaw June 2004 INTERFACES BETWEEN NATIONAL LEGISLATION AND DIRECTIVE 97/23/EC SYSTEM OF ENSURING.

Demystifying the Independent Test Authority (ITA)

Secure Information Technology Center - Austria Workshop on the certification of e-voting systems Council of Europe Strasbourg, 26 November 2009 Certification.

Internal controls. Session objectives Define Internal Controls To understand components of Internal Controls, control environment and types of controls.

TOWARDS OPEN VOTE VERIFICATION METHOD IN E-VOTING Ali Fawzi Najm Al-Shammari17’th July2012 Sec Vote 2012.

X-Road – Estonian Interoperability Platform

 An election held before the general election  Voters choose members of their political party to run for public office in the general election  Candidates.

Getting Ready: 2009 General City Elections. Understanding the Basics of City Elections.

Andreas Steffen, , LinuxTag2009.ppt 1 LinuxTag 2009 Berlin Verifiable E-Voting with Open Source Prof. Dr. Andreas Steffen Hochschule für Technik.

Auditing of the Internet voting system: Estonian case Prof. Ülle Madise Member of the National Electoral Committee.

Securing Digital Democracy Carsten Schürmann, DemTech, IT University of Copenhagen.

Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.

County Canvassing Board Training 2010 Sheryl Moss Certification and Training Manager Office of the Secretary of State (360)

Online voting: a legal perspective

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

CSCE 522 Secure Software Development Best Practices.

WHAT IS THE NATURE OF SCIENCE?. SCIENTIFIC WORLD VIEW 1.The Universe Is Understandable. 2.The Universe Is a Vast Single System In Which the Basic Rules.

Biological Science.

Panel One Why Audit? Mary Batcher Ernst & Young and Chair of ASA Working Group on Elections.

Standards for e-Enabled Elections: The work of the OASIS Election & Voter Services Technical Committee John Borras Chair Technical Committee

How and what to observe in e-enabled elections Presentation by Mats Lindberg, Election Adviser, Organisation for Security and Co-operation in Europe (OSCE)

TGDC Meeting, December 2011 Overview of December TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards

New Election Law: Key Legal Vulnerabilities for Fraud Denys Kovryzhenko, Agency for Legislative Initiatives.

S5: Internal controls. What is Internal Control Internal control is a process Internal control is a process Internal control is effected by people Internal.

Kurt S. Browning Secretary of State Dr. Gisela Salas Director, Division of Elections Presented by: David Drury, Bureau Chief Bureau of Voting Systems Certification,

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

The Administration of Elections Extent of Federal control Elections need to be free, honest, and accurate Most election law in the U.S. is State Law.

Council of Europe workshop on the certification of e-voting systems Strasbourg, November 2009.

Evaluation of an E-Voting Device based on a Common Criteria Protection Profile Roland Vogt, DFKI GmbH Dr. Sönke Maseberg, datenschutz nord GmbH 8th ICCC,

Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology.

What is a software? Computer Software, or just Software, is the collection of computer programs and related data that provide the instructions telling.

Poll Watchers Poll watchers are members of the public who are interested in observing the processing of voters –Poll watchers do not have to be registered.

Audit of Provisional Ballots 2012 Presidential Election Presented by: Gerald Micciulla, CPA, CFE Deputy City Controller.

Secure, verifiable online voting 29 th June 2016.

Processing Voters (continued)

Hypothesis Tests l Chapter 7 l 7.1 Developing Null and Alternative

Elementary PowerPoint 4: The Voting Process

Testing Tutorial 7.

EVoting 23 October 2006.

Observation of Internet voting: Estonian case

Division of Elections Florida Department of State

Electronic Voting Machine Using MSP430 With Voice Feedback System

Electronic voting – safe or not?

Ethical questions on the use of big data in official statistics

Software Verification and Validation

The Italian Academic Community’s Electronic Voting System

CHAPTER 6 Testing and Debugging.

Presentation transcript:

Certification of e-voting systems Mirosław Kutyłowski, Poland

Overall methodology 1.goals 2.subgoals & proofs 3.checking, reports 4.evaluation  the state  a system designer  a certificating body  general public

Goals 1.list of requirements:  following from election law  specific for each country 2.assumptions, e.g.:  social issues  technical issues  risk level  evaluation system

Goals - examples Requirement:  each vote counted as cast  transparency: average voter can convince himself that this is true  vote secrecy: also in long term run Assumption:  DoS in case of up to 1% of voters is acceptable

What is not a goal? Requirement:  use code voting Assumption:  the user’s PC cannot be influenced by malicious software/hardware

Subgoals Each goal matches a list of subgoals such that: fulfilling them leads to fulfilling the goal from the list of requirements… and this is self-evident subgoals are formulated by system designers, standard organisations (ongoing work in NIST), …

Subgoals -example Popoveniuc, Kesley, Regenscheid, Vora: Performance requirements for End-toEnd Verifiable Elections E2E verifiable if: 1.presented ballots are well-formed 2.cast ballots are well-formed 3.recorded as cast 4.tailed as recorded 5.consistency 6.each recorded ballot is subject to the „recorded as cast” check

Subgoals -example Popoveniuc, Kesley, Regenscheid, Vora: Performance requirements for End-toEnd Verifiable Elections For each subgoal:  irregularity checked  when the check can be made  what is checked  detection probability  proof is system fails to check  observations

Proofs Each e-voting system must be presented together with: lists of subgoals matching the state goals, proofs that the subgoals are achieved, list of assumptions under which the proofs are valid, risk evaluation.

Certification versus evaluation Evaluation can be done by just by everybody, but nobody is obliged to do it and bears no responsibility for the result of examination. In case of certification, the author of the certificate is legally liable for its correctness and must perform checks declared.

Certification process 1.Examining the goals and the lists of subgoals. 2.Examining the proofs for: –correctness –potential flaws

Certification process Examining the assumptions for: –validity Examining the risk evaluation for: –correctness –completeness

Certification report report on: –correctness of the proof –potential known risks and threats must be self-evident, transparent and complete

Certification process properties Should not relay on trustworthness of a body performing certification. The report must be checkable.

Certification scope follows from the proposed proof, for example: check before running the system during elections, built-in check during and after elections, …

Evaluation: Challenging Certification Report Any flaw or incorrectness or a wrong assumption invalidates the whole certification result. Any third party can challenge the report. Invalidating may occur e.g. due to unpredictable advances in technology.