1 / 20

Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld

INSO www.inso.tuwien.ac.at. INSO - Industrial Software Institute of Computer Aided Automation | Vienna University of Technology. Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld. E- Voting in Austria. First legally binding election in Austria

terris
Télécharger la présentation

Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. INSOwww.inso.tuwien.ac.at INSO - Industrial SoftwareInstitute of Computer Aided Automation | Vienna University of Technology Council of Europe e-voting meetingProgress Report – AustriaAndreas Ehringfeld

  2. E- Voting in Austria • First legally binding election in Austria • Federation of Students Election 2009 • E-voting as additional voting channel using Austrian citizen card • 21 universities • 230.749 eligible voters • 376 different elections

  3. Project Setup

  4. Challenges of the Project • Highest requirements on security • Organizational level • Technical level • Emotional topic, public • High tensions from the beginning • Public discussion around voter coercion, transparency, smart card, security • Timeframe • Many opponents and activists • Protest by Federation of Students right away

  5. Recommendations Rec(2004)11 • Attacks during the election: • Denial of Service (DoS) attacks • Fake videos • Phishing attacks • Social engineering attacks • Distraction of eligible voters Recommendation Rec(2004)11of the Committee of Ministers to member stateson legal, operational and technical standards for e-voting

  6. Summary and Conclusion • Recommendation Rec2004(11) provides a good basic framework. The challenge is to face state of the art attacks • E-voting demands an overall security strategy • Covering all aspects (legal, technical, operational), considering international experience and state of the art mechanisms in all project phases and implementing a continiuous improvement process • 11 appeals to constitutional court Paper (EVOTE 2010): Analysis of Recommendation Rec(2004)11 Based on the Experiences of Specific Attacks Against the First Legally Binding Implementation of E-Voting in Austria Evaluation Report: http://www.oeh-wahl.gv.at/

  7. Contact Information • Andreas Ehringfeld • andreas.ehringfeld@inso.tuwien.ac.at • INSO - Industrial Software • Faculty of Informatics • Vienna University of Technology • http://www.inso.tuwien.ac.at/

  8. Additional Slides

  9. Rec2004(11)

  10. Chronicles of Attacks - dDoS Rec(2004)11 (art. 45): “remote e-voting may start and/or end at an earlier time than the opening of any polling station. Remote e-voting shall not continue after the end of the voting period at polling stations…”

  11. Chronicles of Attacks – Fake E-Voting System Rec(2004)11 (art. 46): “For every e-voting channel, support and guidance arrangements on voting procedures shall be set up for, and be available to, the voter. In the case of remote e-voting, such arrangements shall also be available through a different, widely available communication channel” Rec(2004)11 (art. 103): “The audit system shall record times, events and actions, including: [...] any attacks on the operation of the e-voting system and its communications infrastructure [...] malfunctions and other threats to the system”

  12. Chronicles of Attacks – Fake Vote Buying Rec(2004)11 (art. 80): “The e-voting system shall restrict access to its services, depending on the user identity. User authentication shall be effective before any action can be carried out.” Rec(2004)11 (art. 51): “A remote e-voting system shall not enable the voter to be in possession of a proof of the content of the vote cast.”

  13. Chronicles of Attacks – Fake Vote Flipping Rec(2004)11 (art. 76): “Where incidents that could threaten the integrity of the system occur, those responsible for operating the equipment shall immediately inform the competent electoral authorities, who will take the necessary steps to mitigate the effects of the incident. The level of incident which shall be reported shall be specified in advance by the electoral authorities.”

  14. Chronicles of Attacks – Social Engineering Rec(2004)11 (art. 79): “The e-voting system shall perform regular checks to ensure that its components operate in accordance with its technical specifications and that its services are available.”

  15. Voting Process

More Related