1 / 10

An Overview of E-Voting Security Challenges

An Overview of E-Voting Security Challenges. IDTrust April 14, 2009 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology. Overview. Background Security Challenges in E-voting Strong authentication and Voter privacy Transparency and Auditability

halil
Télécharger la présentation

An Overview of E-Voting Security Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Overview of E-Voting Security Challenges IDTrust April 14, 2009 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology

  2. Overview Background Security Challenges in E-voting Strong authentication and Voter privacy Transparency and Auditability Usability and Accessibility Difficulty of making good security decisions Research Areas in E-voting

  3. NIST Voting Efforts • NIST provides technical support to the EAC in the development of the voting guidelines • VVSG • Technical research items • UOCAVA voting • Topic Areas • Security • Usability and Accessbility • Hardware & software reliability

  4. (Nearly) Conflicting Goals Need to identify and authenticate voters to ensure only eligible people vote Need to protect voter privacy to prevent coercion Protect privacy even from insiders Protect voters from themselves (vote selling) This is why voting is an interesting crypto problem

  5. I&A for E-voting I&A works differently for different systems Polling place e-voting I&A performed by officials separately from voting machines Voters receive a token to vote after checking in Authentication information varies Internet voting Voting systems authenticate voters Typically, PINs are used

  6. Transparency and Auditing Many systems must provide evidence of correct behavior It’s mostly a matter of: Who can do the auditing? What information do they need? Often owners/operators need assurance of correct behavior by equipment Auditing can be difficult on voting systems The general public needs assurance of fair & honest elections

  7. Usability and Accessibility These are goals for many systems Accessibility is mandated by law Usability hampered by: Limited opportunity for training Systems seldom used Expectation that any voter can walk up to a voting machine and easily vote without assistance These issues limit acceptable technical solutions to security challenges. 2/6/2009

  8. Decision Making Goal is cost-effective, risk-based security This is difficult to do with voting There are no risk assessments on voting systems It can be difficult to detect security violations Difficult to monetarily quantify loss

  9. Current Research Auditable Voting Systems Split-Process Architectures Spread out trust over several pieces of equipment Detect fraud when at least one device functions properly End-to-End Voting Systems Cryptographic schemes Voters can verify integrity of their own votes Anyone can verify vote tabulation

  10. Thank you

More Related