140 likes | 320 Views
Review of VVSG 1.1. Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL http://vote.nist.gov. Background. VVSG 1.1 will incorporate requirements from VVSG 2.0 draft that are not controversial and do not require hardware changes
E N D
Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL http://vote.nist.gov
Background VVSG 1.1 will incorporate requirements from VVSG 2.0 draft that are not controversial and do not require hardware changes This presentation will describe the specific key requirements to be included in this revision of VVSG 1.1
Technical Areas Accessibility and usability Core functionality Operational temperature and humidity Software workmanship Reliability and accuracy Security Electronic records Voter verifiable paper audit trail (VVPAT) Security specifications Software validation Access control Event logging
Usability and Accessibility Background VVSG 1.1 based on VVSG 2.0 Usability benchmark testing not included per EAC Poll worker and end-to-end accessibility requirements which require user-based testing were included
Revisions Based on Comments Minor changes based on public comments Simplification to color/contrast requirements based on NIST research Changes based on EAC 9/21/10 policy decisions Clarification of scope of audio/video synchronization Clarification of voter verification accessibility requirements Addition of input jack requirement for personal assistive technology Page 5
Additional Revisions Requested Add requirement to specify minimum size of optical scan ballot voting target area Add clarifications based on newest EAC responses to requests for interpretation RFI 2009-01: Features to support accessible review of paper records RFI 2009-02: Intrinsic support for all alternate languages RFI 2009-5: T-Coil mode applies to audio ballot RFI 2010-6: Accessibility requirements apply to EBM’s Update VVSG 1.1 test methods based on all revisions Page 6
Core functionality Integrate EAC RFI responses where applicable Harmonize Volume II documentation requirements with EAC manuals Add operating temperature and humidity requirement from the VVSG 2.0 draft Category 3K3 of IEC 60721-3-3 cited in IEEE P1583 draft 5.3.2b Add to scope of this revision: Address ballot-marking devices (EBMs) and hybrid devices as best can without a major rewrite
Software workmanship The software workmanship requirements are based on the VVSG 2.0 draft and revised in response to previous public review comments Prescriptive, language-specific style requirements are removed; published, credible coding standards must be used instead Requirements having an obvious, defensible impact on software integrity are retained and reinforced The Volume II protocol for correcting logic faults was revised This revision to clarify scoping versus commercial-off-the-shelf and related definitions
Reliability and Accuracy Accuracy is evaluated based on performance over the course of the entire test campaign (minus exceptions) Reliability was similar in the first public review draft, using benchmarks derived from an election official-supplied use case A California-style volume test/mock election was not included This revision: New approach to reliability (to be elaborated in a later presentation) Explicit requirement for software to be 100% accurate
Security Electronic Records Back-ported requirements from draft VVSG 2.0, section 4.3 Primarily summary count reports from tabulators, DREs and election management systems Includes requirement to digitally sign reports VVPAT Back-ported requirements from draft VVSG 2.0, section 4.4 Very similar to previous VVSG 1.0 VVPAT requirements Includes more specific requirements on the information that must be printed on VVPRs to support hand auditing Security specifications back-ported from VVSG 2.0 part II Integrated EAC RFI responses where applicable Notably, using NIST checklist program as a baseline for secure configurations
Software Validation Background- External Interface Objective: Verify that only authorized software is present on system Section 7.4.6 includes a requirement that systems provide a means to verify software through a trusted external interface NIST received feedback that these requirements were vague and/or difficult to implement Alternative Software Validation Method in VVSG 1.1 Systems must authenticate software updates prior to applying them using digital signatures Updates include software installations, modifications and removals Systems may only implement one mechanisms for updating software Similar guidelines have since been developed for desktop/laptop computer firmware and are expected to be implemented in that industry soon Manufacturers may choose either method- digitally signed updates or the external interface- to be complaint with VVSG 1.1
New Security Additions After the initial public comment period, the EAC requested additional changes, including updated access control and event logging guidelines Access Control VVSG 1.0 only includes basic requirements for documenting access control mechanisms Plan to back-port some VVSG 2.0 access control requirements Expected to require moderate software updates to current systems Event Logging VVSG 1.1 includes basic logging requirements in Section 5.4 Plan to back-port some VVSG 2.0 event logging requirements Effort will include protections for the event log and minimal logging requirements
Small Changes Clarified cryptography requirements to say systems must use FIPS 140-2 validated modules and security strengths >= 112 bits Plan to remove most trusted build requirements This topic is now covered by the EAC Testing and Certification Program Manual Plan to remove some informative sections Section 7.8- A description of Independent Verification (IV) Systems without any requirements Appendix C- Descriptions of IV systems and cryptographic voting systems
Discussion/Questions Page 14