Evaluation of an E-Voting Device based on a Common Criteria Protection Profile Roland Vogt, DFKI GmbH Dr. Sönke Maseberg, datenschutz nord GmbH 8th ICCC,

Slides:



Advertisements
Similar presentations
NeDAP eSecurity Action Line SOIS meeting , Riga Jaak Tepandi, Estonia.
Advertisements

Automated Evaluation of Runtime Object States Against Model-Level States for State-Based Test Execution Frank(Weifeng) Xu, Gannon University Dianxiang.
A Pairing-Based Blind Signature
Will Your Vote Count? Will your vote count? Voting machine choices N.C. Coalition for Verified Voting Joyce McCloy Pros and Cons of voting.
ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
Electronic Ballot Reader Rosa Arias Chad Feller Walter Smith.
ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium May 2012.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Effective Design of Trusted Information Systems Luděk Novák,
BSI activities in developing PPs and the BSI-PP/ST-Guide Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security.
German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Information Security Policies and Standards
CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Electronic Voting Linh Nguyen. Electronic Voting  Voting Technologies  The Florida 2000 Election  Direct Recording Electronic Devices (DREs)‏ - Diebold.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
TESTING THE SECRUITY OF ELECTRONIC VOTING SYSTEM Presented By: NIPUN NANDA
Ballot Processing Systems February, 2005 Submission to OASIS EML TC and True Vote Maryland by David RR Webber.
Estonia 2005 the first practice of Internet voting Epp Maaten Councillor of the Elections Department Chancellery of the Riigikogu Strasbourg, 23 November.
Informatics Online Voting Opportunities and Risks STOA Workshop at the European Parliament Brussels, 17 March 2011 Prof. Dr. Rüdiger Grimm IT Risk Management.
H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Information Security Technological Security Implementation and Privacy Protection.
Storage Security and Management: Security Framework
An Internet Voting System Manager Yonghua Li Kansas State University October 19, 2001 MSE Project - Phase I.
Certification of e-voting systems Mirosław Kutyłowski, Poland.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
Big Data Bijan Barikbin Denisa Teme Matthew Joseph.
SEMINAR TOPIC ON GLOBAL WIRELESS E-VOTING
Andreas Steffen, , LinuxTag2009.ppt 1 LinuxTag 2009 Berlin Verifiable E-Voting with Open Source Prof. Dr. Andreas Steffen Hochschule für Technik.
Preparing for and Conducting Election Day: John Bennett Greater London Returning Officer Systems and Logistics.
Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005.
Electronic Voting: The 2004 Election and Beyond Prof. David L. Dill Department of Computer Science Stanford University
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
Strasbourg – How to create trust-1 © G. Skagestein November 2006 How to create trust in electronic voting over an untrusted platform A possible solution.
Online voting: a legal perspective
Future ICT Landscapes – Security and Privacy Challenges & Requirements Simone Fischer-Hübner IVA Workshop, Stockholm 24th May 2012.
Working with HIT Systems
Focus Groups Experiences with Prêt à Voter Steve Schneider, University of Surrey 3 September 2010 TexPoint fonts used in EMF. Read the TexPoint manual.
STEPS TO STUDENT VOTE #1 – Register with CIVIX: The program is free, offered in both official languages, and open to any school. #2 – Receive.
William H. Bowers – Ethics for the Information Age Chapter 6.5 – Online Voting.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Election Assistance Commission 1 Technical Guidelines Development Committee Meeting Post-HAVA Voting System Requirements – Federal Perspective February.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology.
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
What is electronic voting An electronic voting (e-voting) system is a voting system in which the election data is recorded, stored and processed primarily.
Secure, verifiable online voting 29 th June 2016.
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
E-Voting Application using Internal Vtoken Bowo Prasetyo Isolated e-Voting System in a Precinct Secured with Vote Sealing and Paper Audit Trail December.
Charte Paris EUROPLACE 2008
EVoting 23 October 2006.
E-voting …and why it’s good..
Con Electronic Voting Preston Pope, Zach White, Ankit Shrivastava, Max Alexander.
ICT meeting Business needs
Electronic Voting Machine Using MSP430 With Voice Feedback System
Electronic voting – safe or not?
Geneva's approach to Internet voting (eVoting) certification
Opening the vote center before the polls open
ISI Day – 20th Anniversary
Final HIPAA Security Rule
Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth.
Presentation transcript:

Evaluation of an E-Voting Device based on a Common Criteria Protection Profile Roland Vogt, DFKI GmbH Dr. Sönke Maseberg, datenschutz nord GmbH 8th ICCC, Rome

Agenda  E-Voting device to be used for the Hamburg state parliament election in February 2008  Pros and Cons  Election Principles and Security Policy  Crucial decisions and their implications  Challenges of the evaluation  Conclusion

E-Voting device dotVote ® I  Digital Election Pen

E-Voting device dotVote ® II  Stand-alone laptops  Electronic ballot box

E-Voting device dotVote ® III  Automatic as well as manual validation of votes  Calculation of results Product info (german):

Pros & Cons Pros  Traditional vote casting  No artificial invalidation  Voter verifiable audit trail  Standard platform Cons  Difficult validation of votes  Accidental invalidation  Resolution of counting problems  Digital election pens with limited security features

Election Principles and Security policy  CC 2.3 Protection Profile „Digital Pen Election System“ (BSI-PP-0031; german)  Votes must not be intercepted nor modified  Votes must not be known before the official ballot reading  Only registered voters should be able to vote  Each voter should have one and only one vote  Vote secrecy is guaranteed: it never will be possible to link a voter to his/her vote  All critical events should be auditable

Crucial decisions and their implications I  Trustworthy scrutineers  OSPs vs. Threats  In analogy to traditional election  Voters as attackers  Votes are the target of attack  Standard platform  No network connections, i.e. election districts are isolated

Crucial decisions and their implications II  Paper ballots as emergency backup  Destruction of storage media is an accepted risk  EAL3  How to demonstrate correct implementation of unlinkability mechanism?  Code Review?

Challenges I  Authenticity/Integrity of pens  SOF claim for seals  Unlinkability while storing on a standard file system  SOF claim & vulnerabilities

Challenges II  Analysis/ Validation of votes  Insufficient amount of labelled training/evaluation data  Correctness vs. Effectiveness vs. Performance  Should the voter considered as an attacker here?

Conclusion  E-Voting is one of the challenging applications of CC evaluation  Protection Profile (BSI-PP-0031) is existing  Currently the digital election pen system dotVote ® is in evaluation based on this PP  Experience are expected in February 2008

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.