Upload
asher-dickerson
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
Internet Votinga menace to society?
Jan Meijer
POWER
You exercise your right to vote...
• If you are elligable
• Anonymous
• In private, it’s YOUR vote, leave your
consultant at home
• to elect well defined subject(s)
According to a well defined process
Water boards & RIES
• 2003, Water board Rijnland, Rijnland Internet Election System
• 1.2 million voters
• 300k for Internet voting
Postal + Internet
RIES: The ”Robers” protocol
• Herman Robers. Electronic elections employing DES smartcards. Master's thesis, Delft University of Technology, December 1998. http://www.iscit.surfnet.nl/team/Herman/election.ps.
• http://www.cs.ru.nl/W.Pieters/compsac2005.pdf
• Virtual ballot using DES
3 phase system
• Phase 1: Prepare. – Distribute pseudo Id and voter secret to each
voter
• Phase 2: Voting window
• Phase 3: Tally
Network paradigm
client (voter) server (polling station)network (internet)process stage
vote process
processingverification
vote contact
vote materials
vote result
vote confirmation
unsecured
secured
Security is a mindset
Know your goal: won the battle..
Know your risks
shit will happen
Know when it’s good enough...
System characteristics
• Peak performance 2004: 23 voters/s over SSL• Holistic approach• Compartimentalized security• Layered security• Sustain multiple component failure• BCP, common sense• ”Lazy running”• Dirt cheap
Not in outer space
• You scavenge...
• A network
• Existing services (DNS, RPS, NTP, ...)
• SURFnet-CERT
• ...
Architecture overview
Our dashboard
It worked…Resource usageRijnland elections
No peak?
vote server 1, 2006 vote server 2, 2006
vote server 1, Dommelvote server 1, Rijnland
So, a menace to society?
ONLY IF DONE BADLY
Easiest to monitor
10.000 polling stations
(Nigeria, UK, NL?)
or
1 station
/me?
• Voting by the people, for the people: it’s democracy stupid!
• Internet age opportunity• Publicly owned system, open source• End commercial incompetence• Power to the people!
State of our eVoting systems is a professional disgrace!
Still not convinced?
http://www.theregister.co.uk/2007/05/17/sarasota_county_network_breached/
“Slammer turns Florida election result into worm food”
…The county server was breached on the first day of early voting in the 2006 election, which included a now-disputed race for a seat in the US House of Representatives. The attack code was a variant of the infamous Slammer worm that penetrated the county's server, which unbelievably, was missing five years worth of security patches…