Upload
mari
View
36
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Internet Voting. a menace to society? Jan Meijer. POWER. You exercise your right to vote. If you are elligable Anonymous In private, it’s YOUR vote, leave your consultant at home to elect well defined subject(s). According to a well defined process. Water boards & RIES. - PowerPoint PPT Presentation
Citation preview
Internet Votinga menace to society?
Jan Meijer
POWER
You exercise your right to vote...• If you are elligable• Anonymous• In private, it’s YOUR vote, leave your
consultant at home• to elect well defined subject(s)
According to a well defined process
Water boards & RIES
• 2003, Water board Rijnland, Rijnland Internet Election System
• 1.2 million voters• 300k for Internet voting
Postal + Internet
RIES: The ”Robers” protocol
• Herman Robers. Electronic elections employing DES smartcards. Master's thesis, Delft University of Technology, December 1998. http://www.iscit.surfnet.nl/team/Herman/election.ps.
• http://www.cs.ru.nl/W.Pieters/compsac2005.pdf
• Virtual ballot using DES
3 phase system
• Phase 1: Prepare. – Distribute pseudo Id and voter secret to each
voter• Phase 2: Voting window• Phase 3: Tally
Network paradigmclient (voter) server (polling station)network (internet)process stage
vote process
processingverification
vote contact
vote materials
vote result
vote confirmation
unsecured
secured
Security is a mindset
Know your goal: won the battle..
Know your risks
shit will happen
Know when it’s good enough...
System characteristics
• Peak performance 2004: 23 voters/s over SSL• Holistic approach• Compartimentalized security• Layered security• Sustain multiple component failure• BCP, common sense• ”Lazy running”• Dirt cheap
Not in outer space
• You scavenge...• A network• Existing services (DNS, RPS, NTP, ...)• SURFnet-CERT• ...
Architecture overview
Our dashboard
It worked…Resource usageRijnland elections
No peak?
vote server 1, 2006 vote server 2, 2006
vote server 1, Dommelvote server 1, Rijnland
So, a menace to society?
ONLY IF DONE BADLY
Easiest to monitor
10.000 polling stations(Nigeria, UK, NL?)
or
1 station
/me?
• Voting by the people, for the people: it’s democracy stupid!
• Internet age opportunity• Publicly owned system, open source• End commercial incompetence• Power to the people!
State of our eVoting systems is a professional disgrace!
Still not convinced?http://www.theregister.co.uk/2007/05/17/sarasota_county_network_breached/
“Slammer turns Florida election result into worm food”
…The county server was breached on the first day of early voting in the 2006 election, which included a now-disputed race for a seat in the US House of Representatives. The attack code was a variant of the infamous Slammer worm that penetrated the county's server, which unbelievably, was missing five years worth of security patches…