The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000

What is CINECA A Consortium of 15 Italian Universities Mission: to provide the most advanced computing and networking services to universities and industries Founded in 1969 About 150 full time researchers

CINECA resources Cray T3E - 256 nodes IBM SP/2 - 32 nodes SGI Onyx2 SGI Origin 2000 SGI Challenge L-2 Gigabit backbone LAN 10+ Mbps connection to Internet The first and unique Virtual Theatre in Italy

How Italian Universities recruit teaching staff When a University offers a position, an evaluation committee is needed Members of the committee have to be elected amongst all the teaching staff in all the Italian Universities belonging to the scientific discipline related to the position offered Each offered position, therefore, requires a nation-wide election (!)

Complexity Thousands of elections, each with a different list of candidates and involving many thousands of electors Achieving this objective with traditional methods is impossible The Ministry for University and Scientific and Technologic Research asked us to build an Electronic Voting System

Requirements As in a traditional election: Legitimacy: only those who have the right to vote can vote and can cast only one vote Secrecy: no one can read the vote until the polling phase Anonymity: the identity of the voter cannot be traced from the vote cast Integrity: the vote cannot be modified once it has been cast In addition: Acknowledge receipt of each vote cast

The Electronic Voting System A Central Electoral Office for voting authorizations A Central Ballot-Box collecting votes Many Polling Stations distributed all over the country and directly connected to the two central entities Smart card based asymmetric cryptography

The Polling Station

Voting operations The voter is identified at a Polling Station by an electoral committee He receives a one time use personal secret code He votes using a network terminal The printer prints out a record with the name of the voter and periodic accounting on the number of voters

Polling operations Each Recruitment Procedure Officer, using his smart card, gets the encrypted votes from the Central Ballot-Box and decrypt them He determines the results, signs them with the smart card and gets them published on the Web in real-time

Polling Station software A specific client in Java No local data Simple to use even for non-technical skilled people Mouse use not required Confirmation required before any critical action

The Certification Authority Issues X.509v3 certificates for: Polling Stations Recruitment Procedure Officers

Global architecture The voting phase Central Electoral Office Issued Voting Authorization Central Ballot-Box Used or Expired Voting Authorization Voting Authorization + Public-Key for encryption List of Candidates + Voting Authorization + Encrypted Vote Voter identification Acknowledge of receipt Polling Station Voter

Global architecture The poll phase Central Electoral Office Central Ballot-Box Authorizes operation Verifies credentials IIdentification Ecrypted votes Polling station Recruitment Procedure Officer

Hardware CONTROL WORKSTATION CENTRAL ELECTORAL OFFICE ACCESS ROUTERS BALLOT-BOX Polling station x Polling station y CERTIFICATION AUTHORITY ISDN ROUTER PRINTER ISDN ROUTER PRINTER STATION 1 STATION 2 STATION 1 STATION 2 STATION 3

The Network Private ISDN network configured as a closed user group Direct connection from each Polling Station to the central servers Dial-on-demand with multi-link PPP Caller ID verification Centralized management of each network device

Security systems Votes are protected by: Strong asymmetric cryptography based on smart card SSL authentication with X.509v3 certificates Digital signature of the Polling Station

RECRUITMENT PROCEDURE OFFICER Votes flow ENCRYPTED VOTE ENCRYPTED VOTE Polling station sign - SSL RECRUITMENT PROCEDURE OFFICER PUBLIC KEY CENTRAL BALLOT-BOX PUBLIC KEY POLLING STATION PRIVATE KEY ENCRYPTED VOTE Polling station sign - Polling phase ISDN LINE ISDN LINE RECRUITMENT PROCEDURE OFFICER PRIVATE KEY CENTRAL BALLOT-BOX

Why is the system secure? Authentication for both client and server All communications are 1024 bit RSA protected The intranet is not connected to the public Internet Each vote is encrypted with the Recruitment Procedure Officer public key and signed by the Polling Station No relation between the vote and the voter Protection against the system managers

System certification This solution has been checked and certified as safe by a Technical Committee on behalf of the Ministry for University and Scientific and Technologic Research

The first voting session in 1999 Some numbers 1969 elections and different candidate lists 42497 electors 79 Polling Stations in 72 Universities 209 Voting Stations 26873 voters (63%) 163645 votes cast Opening time for Polling Stations: 3 weeks Average number of votes due by each voter: 6 Average elapsed time for each voter: 5 minutes Average elapsed time from the beginning of the polling phase and the publishing of the results on the Web: 1 minute

Future extensions A personal identity card for each voter instead of the one-time-use secret code Polling Stations on the public Internet Feasibility of voting from any PC Other kinds of elections...

For any information evote@cineca.it