1 / 26

Protection Profile for e-voting systems

Kwangwoo Lee, Yunho Lee, Woongryul Jeon, Dongho Won, Seungjoo Kim Sungkyunkwan University, Information Security Group, Korea http://www.security.re.kr. Protection Profile for e-voting systems. Why we use the e-voting system?.

ervin
Download Presentation

Protection Profile for e-voting systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Kwangwoo Lee, Yunho Lee, Woongryul Jeon, Dongho Won, Seungjoo Kim Sungkyunkwan University, Information Security Group, Korea http://www.security.re.kr Protection Profile for e-voting systems

  2. Why we use the e-voting system? • Many counties try to adopt the e-voting machine in their election • Argentina, Australia, Austria, Belgium, Bosnia and Herzecobina, Brazil, Canada, Costa Rica, Finland, France, Germany, India, Japan, Korea, Netherlands, Portugal, Slovakia, Spain, Sweden, Swiss, United Kingdom, United States, Venezuela, etc. • What is the advantages of e-voting system? • Accurate and fast tabulation of votes • Low cost • Improved accessibilty

  3. The type of e-voting system Our concern Paper Voting Electronic Voting Cunnected Not cunnected Polling Station Voting KIOSK Remote Voting

  4. General Process of e-voting Voter 1.Registration Registration Authority 2. Authentication & Authorization Tallying Authority 3.Voting 4.Tallying Election Result

  5. Election Actors • Voter • Voter has the right for voting, and he votes in the election • Registration Authority • Registration authorities register eligible voters before the election day. These authorities ensure that only registered voters can vote and they vote only once on the election day. Registration authorities may be registrar authenticator, authorizer, ballot distributor and/or key generator • Tallying Authority • The tallying authorities collect the cast votes and tally the results of the election. Tallying authorities may be counter, collector, or tallier

  6. Election Phases • Registration • Voters register themselves to registration authorities and the list of elibible voters is compliled before the election day • Authentication and Authorization • On the election day registerd voters request ballot or voting privilege from the registration authorities. Registration authorities check the credentials of those attempting to vote and only allow those who are eligible and registerd befor • Voting • Voter casts his vote • Tallying • The tallying authorities count the votes and announce the election results

  7. General Security Requirements

  8. Problems • Can you believe the result? • How do you reflect your belief in its accuracy? • Many of voters cannot believe the black-box e-voting machines • To overcome these problems, many countries are trying to evaluate the e-voting system using the CC • It can reduce risks and make voter to trust the election result

  9. Verifiable e-voting • Individual verifiability • A voter should be able to satisfy him/herself that the voted ballot has been captured correctly (cast-as-intended) • Universal verifiability • Anyone should be able to satisfy him/herself that the voted ballot is counted correctly (counted-as-cast)

  10. Implementation of Verifiable e-voting system Voting Phase Tallying Phase Ballot i Encrypted Votes i WBB Mix-Net Result Receipts i Encrypted votes Decrypted votes Individual Verifiability Universal Verifiability

  11. The Existing Protection Profiles

  12. TOE (Target of Evaluation) Eletoral College DB Client Eletoral College DB Client Voter Identification Identification & Authorization Identification & Authorization TOE Voting machine (DRE) Identification & Authorization Issuing Receipts Vote Encryption Check Cast as Intended Audit Data Record Vote Record Audit Data Tallying Vote Administrator Identification Vote Decryption Check Vote Integrity WBB (Web Bulletin Board)

  13. The Contents of Protection Profile Protection Profile PP Introduction PP Reference TOE Overview Conformance Claims CC conformance Claim PP Claim, Package Claim Conformance Rationale Conformance Statement Security Problem Definition Assumptions Threats Organizational Security Objectives Security Objectives Security Objectives for the TOE Security Objectives for the Operational Environment Security Objectives Rationale Extended Components Definition Extended Components Definition Security Requirements Security Functional Requirements Security AssuranceRequirements Security Requirements Rationale

  14. Threats (1/2)

  15. Threats (2/2)

  16. Assumptions

  17. Organizational Security Policy(OSP)

  18. Security Objectives for the TOE

  19. Security Objectives for the TOE

  20. Security Objectives for the Operational Environment

  21. Security Functional Requirements

  22. Security Functional Requirements

  23. Security Assurance Requirements • Our protection profile adopts EAL4+ level • E-voting system is a critical information system • The result of attack can cause terrible confusion in society • We extend security assurance requirements to reinforce verification of implementation • Extended requirements are ADV_IMP_2, ATE_DPT.3, AVA_VAN.4.

  24. Comparison T : Threat A: Assumption OSP: Organizational Security Policy VVAT: Voter Verifiable Audit Trail

  25. Conclusion • Many of voters cannot believe the black-box e-voting machines • The PP for e-voting systems should consider the voter verifiability • We proposed a protection profile of an e-voting system for evaluation against CC v3.1

  26. Q & A

More Related