Presentation is loading. Please wait.

Presentation is loading. Please wait.

Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna.

Published bySydney Holt Modified over 8 years ago

Similar presentations

Presentation on theme: "Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna."— Presentation transcript:

1 Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna University of Technology INSO www.inso.tuwien.ac.at

2 INSO – Industrial Software E- Voting in Austria First legally binding election in Austria Federation of Students Election 2009 E-voting as additional voting channel using Austrian citizen card 21 universities 230.749 eligible voters 376 different elections

3 INSO – Industrial Software Project Setup

4 INSO – Industrial Software Challenges of the Project Highest requirements on security Organizational level Technical level Emotional topic, public High tensions from the beginning Public discussion around voter coercion, transparency, smart card, security Timeframe Many opponents and activists Protest by Federation of Students right away

5 INSO – Industrial Software Recommendations Rec(2004)11 Attacks during the election: Denial of Service (DoS) attacks Fake videos Phishing attacks Social engineering attacks Distraction of eligible voters Recommendation Rec(2004)11 of the Committee of Ministers to member states on legal, operational and technical standards for e-voting Evaluation: Analysis of attacks, explaination of countermeasures and relation to Rec(2004)11 Act: Recommentations and updates that should be discussed within the biennial review cycle of Rec(2004)11 Experiment: 2009 Austrian federation of students election Hypothesis: Are Rec(2004)11 sufficient to handle state-of-the-art real world attacks PlanDo CheckAct

6 INSO – Industrial Software Summary and Conclusion Recommendation Rec2004(11) provides a good basic framework. The challenge is to face state of the art attacks E-voting demands an overall security strategy Covering all aspects (legal, technical, operational), considering international experience and state of the art mechanisms in all project phases and implementing a continiuous improvement process 11 appeals to constitutional court Paper (EVOTE 2010): Analysis of Recommendation Rec(2004)11 Based on the Experiences of Specific Attacks Against the First Legally Binding Implementation of E-Voting in Austria Evaluation Report: http://www.oeh-wahl.gv.at/http://www.oeh-wahl.gv.at/

7 INSO – Industrial Software Contact Information Andreas Ehringfeld andreas.ehringfeld@inso.tuwien.ac.at INSO - Industrial Software Faculty of Informatics Vienna University of Technology http://www.inso.tuwien.ac.at/

8 INSO – Industrial Software Additional Slides

9 INSO – Industrial Software Rec2004(11)

10 INSO – Industrial Software Chronicles of Attacks - dDoS Rec(2004)11 (art. 45): “remote e-voting may start and/or end at an earlier time than the opening of any polling station. Remote e-voting shall not continue after the end of the voting period at polling stations…”

11 INSO – Industrial Software Chronicles of Attacks – Fake E-Voting System Rec(2004)11 (art. 46): “For every e-voting channel, support and guidance arrangements on voting procedures shall be set up for, and be available to, the voter. In the case of remote e-voting, such arrangements shall also be available through a different, widely available communication channel” Rec(2004)11 (art. 103): “The audit system shall record times, events and actions, including: [...] any attacks on the operation of the e-voting system and its communications infrastructure [...] malfunctions and other threats to the system”

12 INSO – Industrial Software Chronicles of Attacks – Fake Vote Buying Rec(2004)11 (art. 80): “The e-voting system shall restrict access to its services, depending on the user identity. User authentication shall be effective before any action can be carried out.” Rec(2004)11 (art. 51): “A remote e-voting system shall not enable the voter to be in possession of a proof of the content of the vote cast.”

13 INSO – Industrial Software Chronicles of Attacks – Fake Vote Flipping Rec(2004)11 (art. 76): “Where incidents that could threaten the integrity of the system occur, those responsible for operating the equipment shall immediately inform the competent electoral authorities, who will take the necessary steps to mitigate the effects of the incident. The level of incident which shall be reported shall be specified in advance by the electoral authorities.”

14 INSO – Industrial Software Chronicles of Attacks – Social Engineering Rec(2004)11 (art. 79): “The e-voting system shall perform regular checks to ensure that its components operate in accordance with its technical specifications and that its services are available.”

15 INSO – Industrial Software Voting Process

16 INSO – Industrial Software

17

18

19

20

Download ppt "Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna."

Similar presentations

THE COUNCIL OF EUROPE and the Information Society Council of Europe Summit (May 2005), Action Plan on e-democracy: We will also take initiatives so that.

THE COUNCIL OF EUROPE and the Information Society Council of Europe Summit (May 2005), Action Plan on e-democracy: "We will also take initiatives so that.
IST E-POLL Electronic Polling System for remote voting operation

IST E-POLL Electronic Polling System for remote voting operation
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium 30-31 May 2012.

ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium May 2012.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Professional Behaviour

Professional Behaviour
Chancellerie fédérale Section des droits politiques Voting observation in the context of the Swiss internet voting projects Workshop on the Observation.

Chancellerie fédérale Section des droits politiques Voting observation in the context of the Swiss internet voting projects Workshop on the "Observation.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, 18-19 March 2010.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Security Controls – What Works

Security Controls – What Works
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.

Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Mohammad Alshayeb 19 May 2009. Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.

Mohammad Alshayeb 19 May Agenda Update on Computer Science Program Assessment/Accreditation Work Update on Software Engineering Program Assessment/Accreditation.
Voting System Qualification How it happens and why.

Voting System Qualification How it happens and why.

Similar presentations

Ads by Google