Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virginia State Military Electronic Absentee Voting.

Similar presentations

Presentation on theme: "Virginia State Military Electronic Absentee Voting."— Presentation transcript:

1 Virginia State Military Electronic Absentee Voting

2 The web portal will be used for registration purposes only Stand in for VERIS system (Represents the portal that is already in place ) Portal is not tied to voting counter, they are independent systems

3 FWVIC is the Freewater virtual demo environment, which represents the DoD and Certificate Authority FWVIC is providing the root certificate for demo purposes only This root certificate has been trust by “”. is our representation of the VA voting system

4 Key point in the relationship between the organizations is that DoD does not have to be involved in the setup of this system DoD (FWVIC for this demonstration purposes) creates their root certificate which is published online and Virginia State trusts it (that simple)

5 For this demonstration there are 2 users ‘soldier’ – holds a valid certificate ‘notasoldier’ – does not have a certificate Note: *certificates are already provided by DoD, this is not done at the portal registration process which will be addressed in the next slide*

6 First, the soldier will register in the online portal PDF attachments are sometimes blocked inbound on DOD email, so the system is setup to have the voter download the ballot.

7 Process Overview For ‘Soldier’ Voter registers in online portal Voter receives an e-mail with a link directing them to a site for PDF download Voter downloads the ballot Voter completes ballot and sends e-mail, which DoD policy requires be digitally signed with the service member certificate In the event the voter forgets to attach the PDF a reply message is auto generated to notify the voter. The voter will then resend the message including the PDF attachment If all checks pass the ballot is sent to a designated printer (which is represented by website for demo purposes) and the voter is marked “voted” Voter receives confirmation of successful submission If logic fails the ballot is blocked For ‘Not a Soldier’ When ‘Not a Soldier’ registers, downloads and votes the system will recognize he is not a valid certificate holder. The system will ‘black hole’ the message.

8 Benefits Voter registration is independent verification There is no need to devote resources to stopping people from voting The communication is TLS encrypted The system can be verified and reprinted in the event of questions on vote count Human interaction and involvement is minimized Malicious actors are presented with the smallest attack surface possible Highly adaptable in order to meet legal voting requirements

9 Common Vulnerabilities Web ApplicationsEmail SQL InjectionPhishing (Defeated by no human interaction with voting system) Session/Token Manipulation Cross-Site Scripting Sensitive Data Exposure Cross-Site Request Forgery












Download ppt "Virginia State Military Electronic Absentee Voting."

Similar presentations

Ads by Google