100 likes | 243 Views
An Overview of E-Voting Security Challenges. IDTrust April 14, 2009 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology. Overview. Background Security Challenges in E-voting Strong authentication and Voter privacy Transparency and Auditability
E N D
An Overview of E-Voting Security Challenges IDTrust April 14, 2009 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology
Overview Background Security Challenges in E-voting Strong authentication and Voter privacy Transparency and Auditability Usability and Accessibility Difficulty of making good security decisions Research Areas in E-voting
NIST Voting Efforts • NIST provides technical support to the EAC in the development of the voting guidelines • VVSG • Technical research items • UOCAVA voting • Topic Areas • Security • Usability and Accessbility • Hardware & software reliability
(Nearly) Conflicting Goals Need to identify and authenticate voters to ensure only eligible people vote Need to protect voter privacy to prevent coercion Protect privacy even from insiders Protect voters from themselves (vote selling) This is why voting is an interesting crypto problem
I&A for E-voting I&A works differently for different systems Polling place e-voting I&A performed by officials separately from voting machines Voters receive a token to vote after checking in Authentication information varies Internet voting Voting systems authenticate voters Typically, PINs are used
Transparency and Auditing Many systems must provide evidence of correct behavior It’s mostly a matter of: Who can do the auditing? What information do they need? Often owners/operators need assurance of correct behavior by equipment Auditing can be difficult on voting systems The general public needs assurance of fair & honest elections
Usability and Accessibility These are goals for many systems Accessibility is mandated by law Usability hampered by: Limited opportunity for training Systems seldom used Expectation that any voter can walk up to a voting machine and easily vote without assistance These issues limit acceptable technical solutions to security challenges. 2/6/2009
Decision Making Goal is cost-effective, risk-based security This is difficult to do with voting There are no risk assessments on voting systems It can be difficult to detect security violations Difficult to monetarily quantify loss
Current Research Auditable Voting Systems Split-Process Architectures Spread out trust over several pieces of equipment Detect fraud when at least one device functions properly End-to-End Voting Systems Cryptographic schemes Voters can verify integrity of their own votes Anyone can verify vote tabulation