Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial...
20
Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna University of Technology INSO www.inso.tuwien.ac.at
Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna
Council of Europe e-voting meeting Progress Report Austria
Andreas Ehringfeld INSO - Industrial Software Institute of Computer
Aided Automation | Vienna University of Technology INSO
www.inso.tuwien.ac.at
Slide 2
INSO Industrial Software E- Voting in Austria First legally
binding election in Austria Federation of Students Election 2009
E-voting as additional voting channel using Austrian citizen card
21 universities 230.749 eligible voters 376 different
elections
Slide 3
INSO Industrial Software Project Setup
Slide 4
INSO Industrial Software Challenges of the Project Highest
requirements on security Organizational level Technical level
Emotional topic, public High tensions from the beginning Public
discussion around voter coercion, transparency, smart card,
security Timeframe Many opponents and activists Protest by
Federation of Students right away
Slide 5
INSO Industrial Software Recommendations Rec(2004)11 Attacks
during the election: Denial of Service (DoS) attacks Fake videos
Phishing attacks Social engineering attacks Distraction of eligible
voters Recommendation Rec(2004)11 of the Committee of Ministers to
member states on legal, operational and technical standards for
e-voting Evaluation: Analysis of attacks, explaination of
countermeasures and relation to Rec(2004)11 Act: Recommentations
and updates that should be discussed within the biennial review
cycle of Rec(2004)11 Experiment: 2009 Austrian federation of
students election Hypothesis: Are Rec(2004)11 sufficient to handle
state-of-the-art real world attacks PlanDo CheckAct
Slide 6
INSO Industrial Software Summary and Conclusion Recommendation
Rec2004(11) provides a good basic framework. The challenge is to
face state of the art attacks E-voting demands an overall security
strategy Covering all aspects (legal, technical, operational),
considering international experience and state of the art
mechanisms in all project phases and implementing a continiuous
improvement process 11 appeals to constitutional court Paper (EVOTE
2010): Analysis of Recommendation Rec(2004)11 Based on the
Experiences of Specific Attacks Against the First Legally Binding
Implementation of E-Voting in Austria Evaluation Report:
http://www.oeh-wahl.gv.at/http://www.oeh-wahl.gv.at/
Slide 7
INSO Industrial Software Contact Information Andreas Ehringfeld
[email protected] INSO - Industrial Software
Faculty of Informatics Vienna University of Technology
http://www.inso.tuwien.ac.at/
Slide 8
INSO Industrial Software Additional Slides
Slide 9
INSO Industrial Software Rec2004(11)
Slide 10
INSO Industrial Software Chronicles of Attacks - dDoS
Rec(2004)11 (art. 45): remote e-voting may start and/or end at an
earlier time than the opening of any polling station. Remote
e-voting shall not continue after the end of the voting period at
polling stations
Slide 11
INSO Industrial Software Chronicles of Attacks Fake E-Voting
System Rec(2004)11 (art. 46): For every e-voting channel, support
and guidance arrangements on voting procedures shall be set up for,
and be available to, the voter. In the case of remote e-voting,
such arrangements shall also be available through a different,
widely available communication channel Rec(2004)11 (art. 103): The
audit system shall record times, events and actions, including:
[...] any attacks on the operation of the e-voting system and its
communications infrastructure [...] malfunctions and other threats
to the system
Slide 12
INSO Industrial Software Chronicles of Attacks Fake Vote Buying
Rec(2004)11 (art. 80): The e-voting system shall restrict access to
its services, depending on the user identity. User authentication
shall be effective before any action can be carried out.
Rec(2004)11 (art. 51): A remote e-voting system shall not enable
the voter to be in possession of a proof of the content of the vote
cast.
Slide 13
INSO Industrial Software Chronicles of Attacks Fake Vote
Flipping Rec(2004)11 (art. 76): Where incidents that could threaten
the integrity of the system occur, those responsible for operating
the equipment shall immediately inform the competent electoral
authorities, who will take the necessary steps to mitigate the
effects of the incident. The level of incident which shall be
reported shall be specified in advance by the electoral
authorities.
Slide 14
INSO Industrial Software Chronicles of Attacks Social
Engineering Rec(2004)11 (art. 79): The e-voting system shall
perform regular checks to ensure that its components operate in
accordance with its technical specifications and that its services
are available.