Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology

Similar presentations


Presentation on theme: "12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology"— Presentation transcript:

1 12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology http://vote.nist.gov

2 12/9-10/2009 TGDC Meeting Page 2 Overview EAC/NIST Involvement in UOCAVA voting Overview of UOCAVA Threats Report Current Work

3 12/9-10/2009 TGDC Meeting Page 3 EAC/NIST Involvement in UOCAVA voting -1 Help America Vote Act - EAC to study electronic transmission of ballots National Defense Authorization Act FY2005 - EAC guidelines on electronic absentee voting Military and Overseas Voting Empowerment Act- Pilot Project

4 12/9-10/2009 TGDC Meeting Page 4 NIST conducting research to support EAC’s efforts on UOCAVA voting Scope of current NIST research focused on security New security issues introduced by UOCAVA voting Past NIST research on usability, accessibility, reliability, software assurance, etc., would apply to UOCAVA voting systems EAC/NIST Involvement in UOCAVA voting -2

5 12/9-10/2009 TGDC Meeting Page 5 Past Work A Threat Analysis on UOCAVA Voting Systems Current Work IT Security Best Practices for UOCAVA Voting Systems Best Practices for Securing the Electronic Transmission of Election Materials Security Considerations for Remote Electronic UOCAVA Voting EAC/NIST Involvement in UOCAVA voting -3

6 12/9-10/2009 TGDC Meeting Page 6 UOCAVA Report Overview -1 NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems Report looks at using different technologies for all aspects of UOCAVA voting Splits voting process into three stages Voter Registration/Ballot Request (e.g, FPCA) Ballot Delivery Ballot Return

7 12/9-10/2009 TGDC Meeting Page 7 UOCAVA Report Overview -2 Five transmission methods considered for each stage Postal Mail Telephone Fax Electronic Mail Web-based (e.g., web sites)

8 12/9-10/2009 TGDC Meeting Page 8 UOCAVA Report Overview -3 Threat analysis performed for each transmission option at each stage Analysis based on NIST SP 800-30 Risk Management Guide for Information Technology Systems Identified mitigating security controls, where possible Both technical and procedural controls Security controls taken from NIST SP 800-53 Recommended Security Controls for Federal Information Systems

9 12/9-10/2009 TGDC Meeting Page 9 Initial Conclusions -1 Registration and Ballot Request Main concern: handling/transmitting sensitive voter information Threats to electronic transmission can be mitigated through technical controls and procedures Threats to e-mail and web-based systems pose greater security challenges

10 12/9-10/2009 TGDC Meeting Page 10 Initial Conclusions -2 Blank Ballot Delivery Main concerns: reliable delivery, integrity of ballots Threats to electronic transmission can be mitigated through technical controls and procedures Electronic ballot accounting more difficult than with physical ballots

11 12/9-10/2009 TGDC Meeting Page 11 Initial Conclusions -3 Voted Ballot Return Main concerns: reliable delivery, privacy, integrity of voter selections Electronic methods pose significant challenges Fax presents fewer challenges, but limited privacy protection Threats to telephone, e-mail, and web voting are more serious and challenging to overcome

12 12/9-10/2009 TGDC Meeting Current Work -1 IT Security Best Practices for UOCAVA Voting Systems Minimal set of best practices applicable to all UOCAVA election system components Intended to help jurisdictions and manufacturers develop better systems and supporting procedures Based on NIST guidelines for federal IT systems Will include best practices on user authentication, cryptography, system hardening, and network security Expected draft for public comment: 1 st quarter of 2010 Page 12

13 12/9-10/2009 TGDC Meeting Page 13 Current Work -2 Best Practices for Securing the Electronic Transmission of Election Materials Collected UOCAVA election procedures from multiple jurisdictions Will document security best practices for using e-mail and web sites for ballot requests and ballot delivery Augments EAC’s existing best practices for UOCAVA voting Expected draft for public comment: 2 nd quarter of 2010

14 12/9-10/2009 TGDC Meeting Page 14 Current Work -3 Security Considerations for Remote Electronic UOCAVA Voting Research document that will define security objectives for remote electronic voting Will identify security issues that can or cannot be solved with current technology Purpose to inform future work on remote electronic voting Expected release: 2 nd quarter of 2010

15 12/9-10/2009 TGDC Meeting Page 15 NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems available at: http://vote.nist.gov UOCAVA Report


Download ppt "12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology"

Similar presentations


Ads by Google