ΤΕΧΝΟΛΟΓΙΕΣ ΙΑΣΦΑΛΙΣΗΣ Ι ΙΩΤΙΚΟΤΗΤΑΣ Μάθηµα: Τεχνολογίες ιασφάλισης Ιδιωτικότητας Μελέτες Περίπτωσης ιδάσκων:αν. Καθ. Κ. Λαµπρινουδάκης clam@unipi.gr Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 1 What is electronic voting (system)? An electronic voting (e-voting) system is a voting system in which the election data is recorded, stored and processed primarily as digital information. Network Voting System Standards, VoteHere, Inc., April 2002 Voting Paper voting E-voting Paper ballots... Punch cards Polling place voting Internet voting Precinct voting Kiosk voting Note: Traditional electronic voting is 134 years old (T. Edison, Electrographic Vote Recorder, U.S. Patent, 1869). Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 2 1
Generic voting principles Only eligible persons vote. No person can vote more than once. The vote is secret. Each (correctly cast) vote gets counted. The voters trust that their vote is counted. Internet Policy Institute, Report of the National Workshop on Internet Voting, March 2001 Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 3 Identifying e-voting requirements An e-voting system may be specified: as a set of the guidelines to be adopted for ensuring conformance to the legislation. ( State Authority point of view) or in terms of the problems associated with the provision of the adequate level of security (anonymity, authentication, tractability, etc.). ( System Engineer point of view) Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 4 2
Identifying e-voting requirements none of these approaches is complete! Legal requirements abstract formulations (e.g. laws, principles, etc.) Functional requirements - Usability properties Non-functional requirements Security and System properties (e.g. flexibility, efficiency, etc.) Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 5 Identifying e-voting requirements A third approach,...: Requirements elicitation based on a Generic Voting Model, taking into account the: European Union legislation. Organisational details of the conventional voting processes. Opportunities offered and the constraints imposed by state-of-theart technologies. Aim of the developers is to express: The legal requirements. The security (non-functional) requirements. The functional requirements. as a User Requirements Specification document that sets specific Design Criteria. Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 6 3
Voting systems design criteria Authentication:Only authorized voters should be able to vote. Uniqueness: No voter should be able to vote more than once. Accuracy: Voting systems should record the votes correctly. Integrity: Votes should not be able to be modified without detection. Verifiability: Should be possible to verify that votes are correctly counted for in the final tally. Auditability: There should be reliable and demonstrably authentic election records. Reliability: Systems should work robustly, even in the face of numerous failures. Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 7 Voting systems design criteria Secrecy: No one should be able to determine how any individual voted. Non-coercibility: Voters should not be able to prove how they voted. Flexibility: Equipment should allow for a variety of ballot question formats. Convenience: Voters should be able to cast votes with minimal equipment and skills. Certifiability: Systems should be testable against essential criteria. Transparency: Voters should be able to possess a general understanding of the whole process. Cost-effectiveness:Systems should be affordable and efficient. Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 8 4
Voting Systems Functional Requirements Support all essential services for organizing and conducting an opinion expressing process: Poll Decision-making (e.g. Referenda) Internal election General election Depending on the specific process, the services may include voter registration, vote casting, voter authentication, calculation of the vote tally, versification of the election result, etc. Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 9 Requirements for different types of election process The General requirements are practically a superset of those regarding the other election processes Polls Decision-making procedures (e.g. Referenda) Internal elections General elections Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 10 5
Is a Secure Voting Protocol Enough?? A lot of research effort has been spent on designing and building voting protocols that can support the voting process, while fulfilling the security requirements However, not much attention has been paid in the administrative part of an electronic voting system that supports the actors of the system to set-up the election. Possible security gaps in the administrative workflow of the system may result in deteriorating the overall security level of the system. Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 11 Workflow Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 12 6
Identified System Actors Actors Organizers Personnel Judicial Officers Party Representatives Independent Third Parties Voters Description People responsible for organizing the election process and ensuring that it is properly conducted. People actually performing the system use-cases, under the supervision of Organizers. People responsible for monitoring the election process and ensuring that it is carried out in a legal way. People appointed by parties to monitor the election process. People neutral from participating parties, responsible for monitoring the election process and for providing reasonable assurance with regard to the integrity of it. People eligible to participate in the voting process. Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 13 Actors participation in e-voting: Authorization and Validation Use cases can only be performed by authorized actors ("roles") An additional validation phase is employed before committing the outcome of a use case The validation phase is implemented through the implementation of the separate use case "Validate Action" Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 14 7
Actors participation in e-voting Use Case Validate Action Use Case activation Participating Roles Organizer Party Representative Personnel Voter Judicial Officer Independent Third Party Authenticate Actor A A A A A A Validate Action N/A A A A A Modify System State A V V Manage Districts Provide System Parameters V A V A V Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 15 Actors participation in e-voting Use Case Validate Action Use Case activation Organizer Party Representative Manage Voters V A Provide Authentication Means V A Manage Parties V A Manage Candidates V A Preview Ballots A A A Participating Roles Personnel Voter Judicial Officer Independent Third Party Cast Vote A Tally Votes A V V V Verify Result Integrity A V V Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 16 8
Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 17 Παρακολούθηση Ασθενούς Τεχνολογίες ιασφάλισης Ιδιωτικότητας Αν. Καθ. Κ. Λαµπρινουδάκης 18 9