1 / 21

MIT/Caltech Voting Technology Project

MIT/Caltech Voting Technology Project. Jonathan Goler (jagoler@mit.edu) Ted Selker (selker@media.mit.edu). Roadmap. Motivation Architecture Implications. Design Principles. Trust No-One! Ensure upgradeability Simple, intuitive interface Ensure Privacy and security integrity.

gloriaconnell
Download Presentation

MIT/Caltech Voting Technology Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MIT/Caltech Voting Technology Project Jonathan Goler (jagoler@mit.edu) Ted Selker (selker@media.mit.edu) (c) 2001 MIT Media Lab

  2. Roadmap • Motivation • Architecture • Implications (c) 2001 MIT Media Lab

  3. Design Principles • Trust No-One! • Ensure upgradeability • Simple, intuitive interface • Ensure Privacy and security integrity (c) 2001 MIT Media Lab

  4. Who do we trust? • We have to trust the aggregation of many not-necessarily-trustworthy programs. • Open Source is a vital requirement • Many systems at each stage provide greater confidence in a correct answer (c) 2001 MIT Media Lab

  5. Ensuring Interoperability • Define a specification for interaction between the components • XML for data transfer (electronic and optically scanned FROGs) • Open specifications and open source (c) 2001 MIT Media Lab

  6. No single anything voting VOTER n Voter and voter system See the same bitmap VOTERn+1 VOTER n+2 Voter can authenticate datum while voting. K E Y S N A M E S Authentication Site No. 1 Authentication Site No. 2 Authentication Site No. 3 te Vote Votes live on a viewable database Vote Vote Votes live on a viewable database (c) 2001 MIT Media Lab

  7. No single anything voting • Voter Client Software • Human-readable output is the only thing shared • Voter Authentication Software • Multiple competing authentication systems must agree • Voter Aggregating Software • Multiple competing aggregating systems must agree • Vote verification Software - FROG as Transport Medium? (c) 2001 MIT Media Lab

  8. 1.Images are read by multiple voting systems 2.Voting systems have Key valuators to evaluate the validity of voters 3 Multiple authenticators check the votes 4.Multiple aggregators record the votes (c) 2001 MIT Media Lab

  9. Reference Implementation • Java for all the parts • XML data transfer • Oracle database back end (c) 2001 MIT Media Lab

  10. Processing a Vote • Transmit data to several “Authentication Servers” • Each authentication server checks the validity of the Voter • Each authentication server signs the vote and passes just the vote itself on to the next set of servers, the aggregators. (c) 2001 MIT Media Lab

  11. Blind Signatures • Each Vote is encrypted at the voting terminal • Registration data and encrypted vote are sent to authentication servers • Authentication servers ask the registration server to sign the vote • Signed, encrypted vote is passed to the aggregation servers, which can verify the signature and decrypt the vote contents. (c) 2001 MIT Media Lab

  12. Security Assurances • Multiple open source systems will have checks and balances over each other. • All votes can be recorded in multiple locations, and compared later (c) 2001 MIT Media Lab

  13. Our Implementation • Back-End Pre-Voting System (Ballot Generation /Registration) • Front-End System (Voting) • Back-End Vote Processing (Ballot Analysis) (c) 2001 MIT Media Lab

  14. Back-End Pre-Vote • Ballots are generated in Standard XML Format at a central election office, the ballot itself will contain its own meta-data. • Ballots are distributed( electronically or physically) to the voting machines (c) 2001 MIT Media Lab

  15. Voting Machine • The voting machine will render the XML Ballot • The Voter will fill out the ballot • The machine will review the selections for the voter. • The voter will confirm the selections (c) 2001 MIT Media Lab

  16. Voting Machine • Ballot will be recorded on a FROG • The ballot is signed by the registration computer and submitted. (c) 2001 MIT Media Lab

  17. Vote Processing • The signed ballot is validated by several independent systems which each submit them to the final collection servers. • The servers then decrypt the contents of the votes and report the results. (c) 2001 MIT Media Lab

  18. What’s so good? • Vote is detached from identity • Registration officials do not know how you voted • The multiple aggregation systems increase reliability and resistance to attacks. (c) 2001 MIT Media Lab

  19. What about DDoS? • The simplest solution is to have a set of aggregation servers at the precincts, and allow them to either transmit the votes at once or create encrypted records to send to the central tabulation location. Without exposure to the public internet, DDoS is irrelevant. (c) 2001 MIT Media Lab

  20. Cost • We can utilize computers in schools to run the balloting software, which does not require extensive security certification • Aggregation and Authentication servers would be highly scrutinized, thus more expensive, but far fewer are needed. (c) 2001 MIT Media Lab

  21. Q&A Jonathan Goler (jagoler@mit.edu) (c) 2001 MIT Media Lab

More Related