Upload
abril-wardwell
View
218
Download
2
Tags:
Embed Size (px)
Citation preview
The Italian Academic The Italian Academic Community’sCommunity’sElectronic Voting SystemElectronic Voting System
Pierluigi BonettiPierluigi BonettiLisbon, May 2000Lisbon, May 2000
What is CINECAWhat is CINECA
A Consortium of 15 Italian Universities Mission: to provide the most advanced
computing and networking services to universities and industries
Founded in 1969 About 150 full time
researchers
CINECA resourcesCINECA resources
Cray T3E - 256 nodes IBM SP/2 - 32 nodes IBM SP/3 - 8 nodes SGI Onyx2 SGI Origin 2000 SGI Challenge L-2 Gigabit backbone LAN 10+ Mbps connection to Internet The first and uniqueVirtual Theatre in Italy
How Italian Universities How Italian Universities recruit teaching staffrecruit teaching staff
When a University offers a position, an evaluation committee is needed
Members of the committee have to be elected amongst all the teaching staff in all the Italian Universities belonging to the scientific discipline related to the position offered
Each offered position, therefore, requires a nation-wide election (!)
ComplexityComplexity
Thousands of elections, each with a different list of candidates
and involving many thousands of electors
Achieving this objective with traditional methods is impossible
The Ministry for University and Scientific and Technologic Research
asked us to build an Electronic Voting System
RequirementsRequirements
As in a traditional election: Legitimacy: only those who have the right to vote can
vote and can cast only one vote Secrecy: no one can read the vote until the polling
phase Anonymity: the identity of the voter cannot be traced
from the vote cast Integrity: the vote cannot be modified once
it has been cast In addition:
Acknowledge receipt of each vote cast
The Electronic Voting SystemThe Electronic Voting System
A Central Electoral Office for voting authorizations
A Central Ballot-Box collecting votes Many Polling Stations distributed all over
the country and directly connected to the two central entities
Smart card based asymmetric cryptography
Voting operationsVoting operations
He votes using a network terminal The printer prints out a record with the
name of the voter and periodic accountingon the number of voters
The voter is identified at a Polling Station by an electoral committee
He receives a one time use personal secret code
Polling operationsPolling operations
Each Recruitment Procedure Officer, using his smart card, gets the encrypted votes from the Central Ballot-Box and decrypt them
He determines the results, signs them with the smart card and gets them published on the Web in real-time
Polling Station softwarePolling Station software
A specific client in Java
No local data Simple to use
even for non-technical skilled people
Mouse use not required Confirmation required before any critical action
The Certification AuthorityThe Certification Authority
Issues X.509v3 certificates for:
Recruitment Procedure OfficersPolling Stations
Global architectureGlobal architecture
The voting phaseThe voting phase
CentralElectoral
Office
CentralBallot-Box
Voter
Polling Station
Voter identificationVoting Authorization +
List of Candidates +
Public-Key for encryption Votin
g A
utho
rizat
ion
+
Encr
ypte
d Vo
te
Issued Voting Authorization
Used or Expired Voting Authorization
Ack
now
ledg
e of
rece
ipt
Global architecture Global architecture
The poll phaseThe poll phase
IIden
tific
atio
n
CentralElectoral
Office
CentralBallot-Box
Recruitment Procedure Officer
Verifies credentials
Authorizes operation
Ecryp
ted
vote
s
Polling station
HardwareHardware
CENTRALELECTORALOFFICE
CENTRALBALLOT-BOX
CONTROL WORKSTATION
ACCESS ROUTERS
PRINTERISDN ROUTER
Polling station y
PRINTER ISDN ROUTER
Polling station x
STATION 1 STATION 2 STATION 1 STATION 2 STATION 3
CERTIFICATIONAUTHORITY
The NetworkThe Network
Private ISDN network configured as a closed user group
Direct connection from each Polling Station to the central servers
Dial-on-demand with multi-link PPP Caller ID verification Centralized management of
each network device
Security systemsSecurity systems
Votes are protected by: Strong asymmetric
cryptography based on smart card
SSL authentication with X.509v3 certificates
Digital signature of the Polling Station
Votes flowVotes flow
RECRUITMENTPROCEDURE OFFICER
PUBLIC KEY
ENCRYPTEDVOTE
ENCRYPTEDVOTE
POLLING STATIONPRIVATE KEY
CENTRAL BALLOT-BOXPUBLIC KEY
ISDN LINE
CENTRAL BALLOT-BOXRECRUITMENT PROCEDURE OFFICER
PRIVATE KEYPol
ling
phas
e
ISDN LINE
SSL
ENCRYPTEDVOTE
Why is the system secure?Why is the system secure?
Authentication for both client and server All communications are 1024 bit RSA protected The intranet is not connected to the public
Internet Each vote is encrypted with
the Recruitment Procedure Officer public key and signed by the Polling Station
No relation between the vote and the voter
Protectionagainst
the systemmanagers
System certificationSystem certification
This solution has been checked and certified as safe
by a Technical Committee on behalf of the
Ministry for University and Scientific and Technologic Research
The first voting session in 1999The first voting session in 1999Some numbersSome numbers
1969 elections and different candidate lists
42497 electors
79 Polling Stations in 72 Universities
209 Voting Stations
26873 voters (63%)
163645 votes cast
Opening time for Polling Stations: 3 weeks
Average number of votes due by each voter: 6
Average elapsed time for each voter: 5 minutes
Average elapsed time from the beginning of the polling phase and the publishing of the results on the Web: 1 minute
Future extensionsFuture extensions
A personal identity card for each voter instead of the one-time-use secret code
Polling Stations on the public Internet Feasibility of voting from any PC Other kinds of elections...