510 likes | 659 Views
Towards greater efficiency. April 2012. Pablo Sarrias EVP Sales&Marketing pablo.sarrias@scytl.com. Internet Voting Solutions. Oleksiy Lychkovakh Business Development Manager oleksiy.lychkovakh@scytl.com. Index. About Scytl Our solutions portfolio Pnyx – our core technology
E N D
Towardsgreaterefficiency April 2012 Pablo Sarrias EVP Sales&Marketing pablo.sarrias@scytl.com Internet VotingSolutions Oleksiy Lychkovakh Business Development Manager oleksiy.lychkovakh@scytl.com
Index • About Scytl • Oursolutions portfolio • Pnyx – ourcoretechnology • Advanced e-votingsecurity • E-votingriskstoconsider
About Scytl A Global provider of Election modernization
About Scytl Overview Worldwide leader in secure electronic voting & electoral modernization 70% market share 15 out of 17 countries using our system Strong scientific background university spin-off Largest patent portfolio 41 patents worldwide Leadingadvisor of international institutions & governmental agencies
About Scytl Overview
About Scytl Wherewework London Kiev Toronto Barcelona Baltimore Athens Tampa New Delhi
About Scytl Ourcustomers Canada USA Mexico Peru Argentina Finland Norway The UK France Spain Switzerland The EU Austria Slovakia BiH Ethiopia The UAE India The Philippines Australia South Africa
About Scytl Audits & Certifications European Commission (EU) Canton of Neuchâtel (Switzerland) City of Barcelona (Spain) Electoral Commission (Philippines) State of Victoria (Australia) State of Gujarat (India) State of Florida (US) Ministry of Science and Research (Austria) Ministry of Justice (UK) Ministry of Local Government (Norway) Ministry of Foreign Affairs (France) Electoral Commission (UAE)
About Scytl International awards • Scytl has received multiple international awards, including: • ICT Prize, granted by the European Commission. • European Venture Contest Award, granted by the European Association of Venture Capital. • Best Case Label, granted by the European Commission. • Leader de l’ITech-Economie,granted by the French Chambers of Commerce. • Global Innovator Award, granted by The Guidewire Group. • Red Herring 100,granted Red Herring Magazine. • Premi Ciutat de Barcelona, granted by the City of Barcelona. • ebiz egovernment award, grantedby the Austrian chancellery. • Tech Start-up 100 granted by the Telegraph • eWorld award granted by the Indian Government
About Scytl StrategicAlliances
About Scytl References (1/3) • Peru - Organization of American States • 2010 to 2011 • Comprehensive audit of the in-person electronic voting solution developed by the National Office of Elections of Peru (ONPE). • South Africa - NCOP • Expected on 2011 to 2012 • Implementation of the Parliament Voting Solution in the National Council of Provinces • United Arab Emirates – EIDA • 2011 (and next years) • Electronic Voting for the National Electoral Commission of UAE. • Norway - Ministry of Local Government • 2010 to 2015. • Voting system to cover all public Norwegian Elections i.e. County, Municipality, Parliamentary elections and Referendums. • India - State of Gujarat • 2010 to 2015. • Internet voting will be used during 5 years. • 30-40% illiteracy rate among voters. • 50 million voters. • Bosnia & Herzegovina- • Central Election Commission • 2010 to 2012 • Developed an Integrated Information Election System: Election preparation, processing, certification of candidates, political parties & printing of the ballots, Election night reporting, … 11.
About Scytl References (2/3) • United State - West Virgina State • 2010 • Absentee Voters Solution for West Virginian voters who live overseas • Australia - Victoria Electoral Commission • 2006-2010 • Voting solution for handicapped and illiterate voters for State-level Elections. • Philippines, COMELEC • 2007 • Internet Voting for Filipino citizens living abroad. • United States - Department of Defense • 2010 • Absentee Voters Solution compliant with the MOVE Act. Delivery of blank ballots and ballots marked online to 6 Million overseas voters. • United States - District of Columbia Board • of Elections and Ethics • 2010 • Early-voting solution that allowed to share voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting. • United States - State of Texas • 2010. • Early-voting solution that allowed sharing voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting. 12.
About Scytl References (3/3) • Catalonia (Spain) - City of Barcelona • 2010 • Internet-based citizen consultation to vote remotely or from one of the 110 polling centers • 1,4 million citizens • France - Ministry of Foreign Affairs • 2009 to 2013 • Internet voting for French non-residents citizens to vote for their representatives in the Senate • United States, State of Florida • 2008, 2010 • Internet Voting allowing the Military Overseas Absentee voters located in Japan, Germany and the UK participate in the 2008 and 2010 Elections. • UnitedKingdom - Ministry of Justice • 2007 • E-voting solutions in multichannel scenarios for the Municipality Elections of Rushmoor and South Bucks • Canada - • National Democratic Party • 2012 • Internet Voting for the NDP Leadership Election • France - Ministry of National Education • and Ministry of Universities and Higher Education • 2010 to 2013 • Internet voting for more than 1.000.000 staff employed by both Ministries to vote for their Union representatives. 13.
Oursolutions portfolio Solutions for all the stages in the Election life cycle
Oursolutions portfolio Solutions portfolio Corporate Management Election Management eVoting pollworker trainingasset management online help desk task management information portal voter registration election configuration voter list results consolidation election night report Internet voting voting kiosks telephone voting eBallotdelivery Parliaments & Assemblies Consulting Services eDemocracy e-consultations citizen web portal field agent dissemination & tracking satisfaction assessment in house e-voting session management internet voting webcasting electoral consultingproject management
About Scytl Product portfolio Post-Election ElectionDay Pre-Election Election Management Management Voting Talling Consolidation Reporting Electronic Pollbooks Poll-siteeVoting VoterRegistration ResultsConsolidation ElectionNightReporting PollingStationeVoteTally CandidateFiling Internet Voting ParticipationReporting ElectionHelpDesk Internet and IVR eVoteTally Pollworker Training Management Dashboard PhoneVoting PaperBallotScanning (PCOS & CCOS) BallotDesign Electronic BallotDelivery Asset Tracking Election Project Management PaperBallots
Our solutions portfolio Benefits of a provensolution VS in-house Time-to-market Research & experience Manage risk Cost effectiveness • Building state-of-the-art e-voting solutions requires extensive academic research. • Teaming up with the market leader allows learning from previous experiences. • Large amount of references successfully carrying out high-profile and election critical projects. • Using an existing and proven solution is more cost effective than building one from scratch. • Developing an advanced e-voting solution is time consuming, complex and effort extensive. • Using a certified and proven existing e-voting solution significantly reduces time-to-market. • Immediately pursue any window of opportunity. • Building a new solution may be in conflict with one or more of over 1.000 patents in the field of e-voting. • Using a certified and proven existing solution significantly eliminates risk. • Governments and companies were unsuccessful introducing new e-voting solutions.
Pnyx Internet Voting Solution overview
Pnyx WhatisPnyx? Pnyxisthenamewegave to ourcoreelectronicvotingtechnology: It is the result of over 17 years of research security applied to electronic voting processes. Itisbasedongroundbreakingcryptographictechnology. Itguarantees the same levels of trust, security and privacy that exist in conventional paper-based elections without having to trust either the administrators of the system or the complex technological systems used.
Pnyx Efficiency Scytl uses pioneering technology to optimize the delivery of public services, enhancing governments’ efficiency in carrying-out electoral processes: Cost-effective Speed Enfranchisement The use of remote electronic voting technologies is the ultimate answer to voter enfranchisement, allowing overseas and remotely located voters to exercise their right to vote. • Economies of scale: • Avoiding elevated storage and maintenance costs • Allowing to reuseexistinginfrastructure • Eliminatingprinting, postage & mailing costs Speed-up the counting process by electronically receiving the results from all the polling places, automatically consolidate them and assign the corresponding mandates. 20.
Pnyx Usability Scytl’ssolutionshavebeenspecificallydesignedto be accessible to bothcomputer-illiterate and disabledvoters, whileadapting to anylanguagespecificities: Flexibility Ease of use Accessibility Reproduce a similar process to paper-based elections, allowing computer-illiterate people to vote without any previous training. Scytl takes into account the specific needs of the voters with disabilities and enables them to participate in elections without assistance, fully guaranteeing their privacy. Adapted to any ballot format Supports multiple languages. Scytl has provided solutions in: Russian, Gujarati, Arabic, Mandarin, etc.
Pnyx Security Scytl's solutions provide end-to-end security, preventing both internal and external attacks, guaranteeing voters’ privacy and allowing their audit by authorized third-parties: Integrity Auditability Privacy Advancedtamper-proof security measures using ground-breaking and highly advanced cryptography to prevent attacks from anyone, including hackers or system administrators with privileged access. Can be audited by independent experts before, during and after the election day. Voters are provided with a voting receipt that allows them to check that their vote has been counted. Votes are encrypted in the voters' voting device before they are cast. Only the Electoral Board can decrypt the votes. The decryption of the votes is carried out by breaking the correlation between the voters' identity and their vote.
Advanced e-votingsecurity Each individual ballot is correctly added to the total number of ballots. An individual ballot remains anonymous despite any technical means that could be used to track it down. No any individual ballot that really was not cast can be added to the total number of ballots. The possibility of votes buying and selling is not higher than using traditional election procedure. The possibility of any form of 'family voting’ (in family, at workplace etc.) is not higher than using traditional election procedure. Civil society observers can verify that elections using E-voting is fair even if they don’t have any specific knowledge in computer technology. No one can misuse the voting process by offering a computer (voting point) to derive profit from it. Voting process can be suspended only due standard force majeure events not due some people’s intentional wrecking. Problems that need to be addressed
Advanced e-votingsecurity Security concepts in Internet Voting Cast as intended verification + Recorded as cast verification + Vote encryption + Multiple voting + Digital signatures Universal verifiable Mix-net + Secret Sharing Schemes + Eligibility verifiability + Immutable logs Voter privacy compromise Innacurate auditability Vote tampering Vote deletion Voter coercion, family voting and vote buying Unauthorized voters casting votes Voter impersonation / Ballot stuffing Intermediate results Specific DoS countermeasures Election boycott-denial of service
Advanced e-votingsecurity Conventionalsecuritymeasures System Administrator E-voting technological infrastructure Voter Electoral Board Electronic voting with conventional security measures • Protection only focused on external threats and attacks. • Voter’s authentication solved but voter’s privacy not addressed. • Electoral board’s has no role. • Lack of voter-verifiability (“Thank you for having voted” messages).
Advanced e-votingsecurity Scytl’sspecializedsecuritymeasures System Administrator • Application-level cryptographic protocol running on the voter’s device and on an air-gapped electoral board server. • Protection focused also on internal threats and attacks. • Focus on the specific security requirements of voting rather than on the generic ones. e-Voting technological infrastructure Voter Electoral Board Electronic voting with Scytl’s specialized security technology
Advanced e-votingsecurity Scytl’sspecializedsecuritymeasures • Scytl' specialized e-voting security technology is focused on the specific security needs of elections • End-to-end security System Administrator Electoral Board Voter • Protection of the votes: • -Protection of partial results • -Integrity of the ballot box • -Fully auditable results • -Universal verifiability State of the art E-Voting security: -Cast as Intended -Recorded as Cast -Counted as Cast -Voter self verification -Voter privacy -Zero trust Client Digital ballot box • Protection against internal attacks • (End-to-end security from the voter to the Electoral Board)
Advanced e-votingsecurity The Saeima shall be elected in general, equal and direct elections, and by secret ballot based on proportional representation Article 6 of the Constitution of Latvia
E-votingrisks to consider General securityrisks of remotevoting Voter privacy compromise Innacurate auditability Vote tampering Vote deletion Voter coercion and vote buying Election boycott-denial of service Unauthorized voters casting votes Voter impersonation / Ballot stuffing Intermediate results
E-votingrisks to consider Voterauthenticationrisks • How can we proof voter identity in a remote way? • Username and password methods: • Username and password values are stored in the voting server to verify voter identity: they are vulnerable to credential stealing. • High Risk: Unauthorized voters, voter impersonation and ballot box stuffing • Digital certificates • Digital certificates and digital signatures: provides strong authentication. No personal credentials are stored on the voting server and (encrypted) votes can be digitally signed. • Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering Pnyx
E-votingrisks to consider Voterauthenticationrisks • How can we proof voter identity in a remote way? • Supervised kiosk: • Voter is identified in-person by poll workers at a supervised center • Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering Pnyx
E-votingrisks to consider Vote secrecy • How can we protect a vote from eavesdroppers? • Network encryption: • Voting options are only encrypted while transmitted over the network but processed in clear at the voting server: they are vulnerable to attackers that have access to the server. • High Risk: Voter privacy compromise, vote tampering, intermediate results and voter coercion • Application level encryption: • Voting options are encrypted at the voting terminal and remain encrypted until the electoral board decrypts them: they are not vulnerable to server attacks. • LowRisk: Voter privacy compromise, vote tampering, intermediate results and voter coercion Pnyx
E-voting risks to consider Vote integrity • How can we protect votes from being modified? • MAC functions: • Vote integrity is protected by means of a voter/server shared MAC key stored in the voting server: they are vulnerable to key stealing. • Medium Risk: Vote tampering and vote impersonation/ballot box stuffing • Digital signatures and Zero knowledge proofs of origin: • Private values needed to perform digital signatures and ZK proofs are not stored on the server. • LowRisk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering Pnyx
E-votingrisks to consider Election Key Security • How can we protect a vote from decryption? • Access control: • Access to the decryption key is protected by authentication and authorization (ACL) means: vulnerable to brute force attacks. • High Risk: Voter privacy compromise, intermediate results and voter coercion • Secret sharing schemes: • Threshold cryptography is used to create and split the election key in shares without requiring to store the key as a whole anywhere. A minimum number of Electoral Board members must collaborate with their key shares to decrypt the votes. • Low Risk: Voter privacy compromise, intermediate results, voter coercion and denial of service Pnyx
E-votingrisks to consider Voterprivacy • How to preserve voter anonymity? • Straight forward decryption: • Clear text votes can be correlated with encrypted votes, which could be connected to the voters: voter privacy could be broken. • High Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion • Mixnets: • Encrypted votes are shuffled and decrypted (or re-encrypted and decrypted) several times before obtaining the clear-text votes. Encrypted votes and decrypted ones cannot be directly correlated by position, preserving voter privacy. • Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion Pnyx
E-votingrisks to consider Voterprivacy • How to preserve voter anonymity? • Homomorphic tally: • Encrypted votes are not individually decrypted. The result is the decryption of the operation of all the encrypted votes. • Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion Pnyx
E-votingrisks to consider Electionauditability • How to audit election fairness? • Standard logs: • Sensitive operations are registered in standard log files: logs could be altered without being noticed to hide malicious practices. • High Risk: Inaccurate auditability, voter privacy compromise, vote tampering, ballot stuffing, voter coercion, etc. • Immutable logs: • All sensitive operations are registered in cryptographically protected logs and cannot be manipulated. • Low Risk: Inaccurate auditability. • Standard receipt: • Voters receive a proof of casting based on non-cryptographically protected information (i.e., does not provide counted as cast features). • High Risk: Inaccurate auditability. Pnyx
E-votingrisks to consider Electionauditability • How to audit election fairness? • Individual voter verification - cast as intended: • Voter is able to verify that the vote recorded by the voting server contains the voting options originally selected by herself. (E.g., Return Codes). • Low Risk: Inaccurate auditability. • Individual voter verification - counted as cast: • Voters are able to verify that their votes have been included in the final tally. This verification can be complemented with the Universal verifiability • Low Risk: Inaccurate auditability. Pnyx Pnyx
E-votingrisks to consider Electionauditability • How to audit election fairness? • Universal verifiability: • Allows observers or independent auditors to verify the proper decryption of the votes by means of using cryptographic proofs (e.g., ZKP) generated by the decryption process. • Low Risk: Inaccurate auditability. • End-to-end verification: • Combination of individual and universal verifiability • Lowest Risk: Inaccurate auditability. Pnyx Pnyx
Implementation FAQ Typical questions
Implementation FAQs How much time it is needed to implement Internet Voting? Is it a reduced pilot recommended, or a country roll out? Is it better to start using the system on an Election or on a referendum or consultation? Is the legislation ready? What is the certification of the system be in Latvia? How are citizens going to be authenticated? How much does it cost? Typical questions
Latvia Current schema discussed
Our solutions portfolio Voterregistration In order to carry out Internet voting, voters must be correctly authenticated before they can access the system. Several options are available: • Existing digital certificates (e.g. an e-ID) • Voting credentials subject to physical identification • Special credentials sent by mail or online credentials • Existing credentials used to access other government systems • Personal data available to the EA. • No credentials Pnyx has been designed so that it can be easily integrated with existing voter registration systems and processes.
Our solutions portfolio Electionconfiguration Scytl allows you to configure electronically any aspect of the electoral process, including: Once the election is configured, a Electoral Board is created before the e-voting process starts. Each of the members is given a share of the election key used to open all of the digital votes. A threshold is required to reconstruct the key at the end of the e-voting process. Electoral Board
Our solutions portfolio Votingprocess Scytl offers groundbreaking and highly secure electronic voting solutions for both remote and on-site voting: eBallot Delivery Phone Voting On-site eVoting Remote eVoting Un- & Controlled environments Uncontrolled environment Uncontrolled environment Controlled environment Voters receive their ballot electronically, mark it online, return it by mail, fax or email and at any point check its status Casting of votes through any device (PC, mobile phone, PDA, etc.) with an Internet connection Casting of votes from electronic voting terminals located in polling stations Casting of votes from a land line or mobile phone, from a polling station or any place with coverage
Our solutions portfolio Ballotcounting and consolidation The decrypted ballots are talliedand the results are provided to the Electoral Board Step 1 Step 2 The Electoral Board rebuilds the election key using their shares The digital ballot box is downloaded and transported to an isolated environment under the control of the Electoral Board Step 4 Step 3 A Mixing process is started that decrypts the votes and breaks any correlation between the ballot and elector 49.
Our solutions portfolio Reporting • Election results broadcast on the web • Maps, Bar charts, Downloadable reports • RSS, Email and Social Media integration • City, County & State-wide presentation • Benefits: • Improves the dissemination of information to the public • Increases transparency and public outreach 50.