1 / 15

NIST Research on UOCAVA Voting

NIST Research on UOCAVA Voting. Andrew Regenscheid National Institute of Standards and Technology http://vote.nist.gov. Overview. EAC/NIST Involvement in UOCAVA voting Overview of UOCAVA Threats Report Current Work. EAC/NIST Involvement in UOCAVA voting -1.

marcos
Download Presentation

NIST Research on UOCAVA Voting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology http://vote.nist.gov

  2. Overview EAC/NIST Involvement in UOCAVA voting Overview of UOCAVA Threats Report Current Work

  3. EAC/NIST Involvement in UOCAVA voting -1 • Help America Vote Act - EAC to study electronic transmission of ballots • National Defense Authorization Act FY2005 - EAC guidelines on electronic absentee voting • Military and Overseas Voting Empowerment Act- Pilot Project

  4. EAC/NIST Involvement in UOCAVA voting -2 • NIST conducting research to support EAC’s efforts on UOCAVA voting • Scope of current NIST research focused on security • New security issues introduced by UOCAVA voting • Past NIST research on usability, accessibility, reliability, software assurance, etc., would apply to UOCAVA voting systems

  5. EAC/NIST Involvement in UOCAVA voting -3 • Past Work • A Threat Analysis on UOCAVA Voting Systems • Current Work • IT Security Best Practices for UOCAVA Voting Systems • Best Practices for Securing the Electronic Transmission of Election Materials • Security Considerations for Remote Electronic UOCAVA Voting

  6. UOCAVA Report Overview -1 NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems Report looks at using different technologies for all aspects of UOCAVA voting Splits voting process into three stages Voter Registration/Ballot Request (e.g, FPCA) Ballot Delivery Ballot Return

  7. UOCAVA Report Overview -2 • Five transmission methods considered for each stage • Postal Mail • Telephone • Fax • Electronic Mail • Web-based (e.g., web sites)

  8. UOCAVA Report Overview -3 • Threat analysis performed for each transmission option at each stage • Analysis based on NIST SP 800-30 RiskManagement Guide for Information Technology Systems • Identified mitigating security controls, where possible • Both technical and procedural controls • Security controls taken from NIST SP 800-53 Recommended Security Controls for Federal Information Systems

  9. Initial Conclusions -1 Registration and Ballot Request • Main concern: handling/transmitting sensitive voter information • Threats to electronic transmission can be mitigated through technical controls and procedures • Threats to e-mail and web-based systems pose greater security challenges

  10. Initial Conclusions -2 Blank Ballot Delivery • Main concerns: reliable delivery, integrity of ballots • Threats to electronic transmission can be mitigated through technical controls and procedures • Electronic ballot accounting more difficult than with physical ballots

  11. Initial Conclusions -3 Voted Ballot Return • Main concerns: reliable delivery, privacy, integrity of voter selections • Electronic methods pose significant challenges • Fax presents fewer challenges, but limited privacy protection • Threats to telephone, e-mail, and web voting are more serious and challenging to overcome

  12. Current Work -1 IT Security Best Practices for UOCAVA Voting Systems • Minimal set of best practices applicable to all UOCAVA election system components • Intended to help jurisdictions and manufacturers develop better systems and supporting procedures • Based on NIST guidelines for federal IT systems • Will include best practices on user authentication, cryptography, system hardening, and network security • Expected draft for public comment: 1st quarter of 2010 Page 12

  13. Current Work -2 Best Practices for Securing the Electronic Transmission of Election Materials • Collected UOCAVA election procedures from multiple jurisdictions • Will document security best practices for using e-mail and web sites for ballot requests and ballot delivery • Augments EAC’s existing best practices for UOCAVA voting • Expected draft for public comment: 2nd quarter of 2010 Page 13

  14. Current Work -3 Security Considerations for Remote Electronic UOCAVA Voting • Research document that will define security objectives for remote electronic voting • Will identify security issues that can or cannot be solved with current technology • Purpose to inform future work on remote electronic voting • Expected release: 2nd quarter of 2010 Page 14

  15. NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems available at: http://vote.nist.gov UOCAVA Report

More Related