Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Information Technology Center - Austria Workshop on the certification of e-voting systems Council of Europe Strasbourg, 26 November 2009 Certification.

Published byHeather King Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Information Technology Center - Austria Workshop on the certification of e-voting systems Council of Europe Strasbourg, 26 November 2009 Certification."— Presentation transcript:

1 Secure Information Technology Center - Austria Workshop on the certification of e-voting systems Council of Europe Strasbourg, 26 November 2009 Certification of the e-voting software used at the Austrian Student Union elections 2009 Daniel Konrad

2 Strasbourg, 23 November 2009Slide 2 About A-SIT Public funded non-profit association (since 1999), Established as competence center for IT- security Members –Federal Ministry of Finance –OeNB (Austrian Central Bank) –Graz University of Technology

3 Strasbourg, 23 November 2009Slide 3 Activities Technical evaluations –Confirmation body (Article 3(4) of EU-directive on el. signatures) –Inspection body (ISO 17020) Advising the public sector on IT-security –e-government, e-health, … Observing existing and emerging technologies –Cryptography, SmartCards, e-ID, etc.

4 Strasbourg, 23 November 2009Slide 4 A-SIT & e-voting 2001: e-voting defined in laws –Austrian Student Union –Chamber of Commerce Laws define that a confirmation body (signature law) has to certify the compliance with security requirements  Technology observation  Participation in CoE‘s multidisciplinary ad hoc group  Participation in Austrian working group on legal, technical and international aspects (Federal Ministry of Interior)

5 Strasbourg, 23 November 2009Slide 5 Certification Requirements Law (2001): –Security level equal to qual. el. signatures, –Basic requirements (secrecy, identity verification, privacy, integrity, prevent overhasty casting of votes) Ordinance (issued Oct. 2008): –Client & voting-server software to be certified 60 days before the election –Certification based on CoE Rec2004(11) –Right of access to source code & certification reports for electoral commission & observers

6 Strasbourg, 23 November 2009Slide 6 The Main Players Federal Ministry of Science and Research –Responsible authority Scytl –Software (pnyx-austria) Federal Computing Centre –Operation, infrastructure INSO (research group for industrial software at Vienna University of Technology) –Security-concepts, testing, etc.

7 Strasbourg, 23 November 2009Slide 7 Certification Procedure Kick-off with main players in Dec. 2008 –Definition of timetable and requirements: –existing evaluation reports –no formal CC evaluation & certification –provided documentation should follow CC catalog –CC-based risk analysis of CoE Rec2004(11)

8 Strasbourg, 23 November 2009Slide 8 Provided documentation (developer evidence) –Security Compliance Conformance between sec. functionalities & sec. objectives (based on CoE Rec) –Development: Threat Analysis Security Architecture Functional Specification Architectural Design –Guidance Documents Deployment Guide

9 Strasbourg, 23 November 2009Slide 9 Provided documentation (developer evidence) –Life-Cycle Support CMS documentation ISO 90003 certification –Testing Software development testing proofs –Vulnerability Analysis penetration testing –Source code –Access to Scytl‘s bugzilla-system Contact developers (Q&A) View test results

10 Strasbourg, 23 November 2009Slide 10 Confirmation („Bescheinigung“) issued and published on 27 March 2009 detailed evaluation report available for electoral commission & observers –at source-code review event (8 Mai 2009) one maintanance report (minor changes, issued 15 Mai 2009)

11 Strasbourg, 23 November 2009Slide 11 Constraints Configuration of keylengthes –equal to requirements for qual. signatures Client-PCs –free of malicious software –prevent residual information Voting Server Software –audited compiling & installation Electronic Ballot Box & Keys –handling in post-voting stage

12 Strasbourg, 23 November 2009Slide 12 Additional tasks Auditing of security relevant procedures (together with certified IT professional engineer) –compiling –deployment –key ceremonies –pre-mixing –mixing –secure data destruction

13 Strasbourg, 23 November 2009Slide 13 Statistics E-voting period: 18 May 2009 – 22 May 2009 Paper: 26 May 2009 – 28 May 2009 Eligible voters: 230.749 Votes: 58.502 „Eligible“ E-voters: ~14.000 E-Votes: 2.161 No security incidents or hacking attacks some „unfriendly“ activities –„availability-check“ tool –Persiflage e-voting site

14 Strasbourg, 23 November 2009Slide 14 Lessons learned CoE Rec2004(11) provided a good basis for our confirmation Traceability of installation, compiling, etc. raised confidence of electoral authorities A reuseable and broadly accepted certification of core functionalities would be very useful Some residual risks could not be directly adressed (unsecure client PCs) Public debate in Austria was much more fundamental than technical

15 Strasbourg, 23 November 2009Slide 15 Thank you for your attention… Daniel Konrad daniel.konrad@a-sit.at Secure Information Technology Center Austria Weyringergasse 35, A-1040 Wien, www.a-sit.at

Download ppt "Secure Information Technology Center - Austria Workshop on the certification of e-voting systems Council of Europe Strasbourg, 26 November 2009 Certification."

Similar presentations

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
Internet Voting in Estonia Tarvi Martens Project Manager National Electoral Committee.

Internet Voting in Estonia Tarvi Martens Project Manager National Electoral Committee.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
ETen E-Poll ID – Strasbourg COE meeting 23-24 November, 2006 Slide 1 E-TEN 29332 E-POLL Project Electronic Polling System for Remote Operation Strasbourg.

ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium 30-31 May 2012.

ICT IN THE ELECTORAL PROCESS: LESSONS LEARNED Susanne Caarls International Electoral Affairs Symposium May 2012.
Welcome to ISO 9000 for Managers

Welcome to ISO 9000 for Managers
German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.

German Research Center for Artificial Intelligence Protection Profile for Central Requirements for Online Voting German Research Center for Artificial.
Chancellerie fédérale Section des droits politiques Voting observation in the context of the Swiss internet voting projects Workshop on the Observation.

Chancellerie fédérale Section des droits politiques Voting observation in the context of the Swiss internet voting projects Workshop on the "Observation.
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, 18-19 March 2010.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Security Controls – What Works

Security Controls – What Works
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Overview of NSF Standards Process and Joint Committee Formation Sustainable Water Contact Products Stakeholder Meeting October 30, 2012.

Overview of NSF Standards Process and Joint Committee Formation Sustainable Water Contact Products Stakeholder Meeting October 30, 2012.
Estonia 2005 the first practice of Internet voting Epp Maaten Councillor of the Elections Department Chancellery of the Riigikogu Strasbourg, 23 November.

Estonia 2005 the first practice of Internet voting Epp Maaten Councillor of the Elections Department Chancellery of the Riigikogu Strasbourg, 23 November.
BUNDESMINISTERIUM FÜR INNERES, 1014 WIEN, HERRENGASSE 7, TEL.: +43 - (0)1 - 531 26 - 0 Functioning of Electoral Management Bodies – Austrian Experiences.

BUNDESMINISTERIUM FÜR INNERES, 1014 WIEN, HERRENGASSE 7, TEL.: (0) Functioning of Electoral Management Bodies – Austrian Experiences.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Similar presentations

Ads by Google