Presentation is loading. Please wait.

Presentation is loading. Please wait.

TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology

Published byBryce Gibson Modified over 8 years ago

Similar presentations

Presentation on theme: "TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology"— Presentation transcript:

1 TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology http://vote.nist.gov DRAFT

2 TGDC Meeting, July 2010 Page 2 Overview Background on NIST UOCAVA Voting Work 2008- Threat Analysis on UOCAVA Voting Systems 2010- Information System Security Best Practices for UOCAVA Supporting Systems 2010- Security Best Practices for the Electronic Transmission of UOCAVA Election Materials Overview of Security Considerations for Remote Electronic UOCAVA Voting

3 TGDC Meeting, July 2010 Background - 1 NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems Concluded that threats to electronic transmission of registration materials and blank ballots can be effectively mitigated with widely deployed technology Threats to electronic return of ballots more serious and challenging to overcome Multi-track approach Page 3

4 TGDC Meeting, July 2010 Background - 2 Registration/Ballot Return Developed two best practices documents Information System Security Best Practices for UOCAVA Supporting Systems Security Best Practices for the Electronic Transmission of UOCAVA Election Materials Ballot Return Research document framing important security issues for policymakers Security Considerations for Remote Electronic UOCAVA Voting Collaboration between NIST computer security and human factors experts Page 4

5 TGDC Meeting, July 2010 Page 5 Report Overview - 1 Security Considerations for Remote Electronic UOCAVA Voting Report identifies: Potential benefits Desirable security properties Major security threats Current and emerging technologies Open issues

6 TGDC Meeting, July 2010 Report Overview - 2 Organized by security goals Confidentiality Integrity Availability Identification and Authentication Page 6

7 TGDC Meeting, July 2010 Report Overview - 2 Potential Benefits Desirable Properties- Based on properties/requirements in SERVE documentation Internet voting Common Criteria Protection Profile Council of Europe standards Page 7

8 TGDC Meeting, July 2010 Report Overview - 3 Threats Identifies and describes major threats Based on threats identified in NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems Current and Emerging Technologies Open Issues Page 8

9 TGDC Meeting, July 2010 Confidentiality - 1 Potential Benefits Strong technical ballot secrecy protections Some protection against unsophisticated coercion attacks Page 9

10 TGDC Meeting, July 2010 Confidentiality - 2 Desirable Properties Ballot secrecy Protect voter registration information Incoercability Minimal storage Limited communication Page 10

11 TGDC Meeting, July 2010 Page 11 Confidentiality - 3 Threats Violating ballot secrecy at election office Small-scale violations possible with mail-in/fax voting Large-scale violations possible with electronic methods Violating ballot secrecy in-transit Generally difficult with mail-in, fax, telephone voting Possible with unencrypted email Web-based methods easy to protect Coercion Small scale attacks via mail-in voting Attacks scale better with electronic methods Client-side threats to email/web voting

12 TGDC Meeting, July 2010 Page 12 Confidentiality - 4 Mitigations for Electronic Transmission Proper use of cryptography can provide strong protections for data in-transit against modification or interception Cryptography, access control mechanisms, and separation of duties can protect ballots at-rest, with some trust assumptions End-to-end cryptographic voting protocols can provide additional strong protections against modification on servers

13 TGDC Meeting, July 2010 Integrity - 1 Potential Benefits Authenticity of electronic records Strong integrity protections in-transit Page 13

14 TGDC Meeting, July 2010 Integrity - 2 Desirable Properties Data Integrity Accuracy Auditability Verifiability Traceability Recoverability Software Integrity Page 14

15 TGDC Meeting, July 2010 Page 15 Integrity -3 Threats Ballot modification after reception Procedural protections for mail-in/fax voting Variety of potential sophisticated large-scale attacks on electronic systems Ballot modification in-transit Generally difficult with mail-in, fax, telephone voting Possible with unencrypted email Web-based methods easy to protect Software-based threats server-side Software-based threats client-side GTISC- 15% of US computers infected with botnet malware Malware kits available on the black-market for <$1000

16 TGDC Meeting, July 2010 Integrity - 4 Mitigations for Electronic Transmission Client side protections are very difficult These systems are typically outside control of election officials Antivirus/antiphishing software may not be present, update- to-date, or effective An area with continuous research and development Emerging technologies: Trusted computing and/or virtualization Kiosks can enforce protections Page 16

17 TGDC Meeting, July 2010 Availability - 1 Potential Benefits Timeliness of delivery Confirmation of receipt Flexibility of physical locaitons Page 17

18 TGDC Meeting, July 2010 Availability - 2 Desirable Properties Availability Reliability Recoverability Fault-Tolerance Fail-Safe Scalable Page 18

19 TGDC Meeting, July 2010 Page 19 Availability - 3 Threats Transit times Overseas mail delivery times vary (e.g., 7-12 days to Middle East) Electronic systems have significant advantages Denial of Service attacks Cyber attacks on e-commerce sites, Estonia (2007), Georgia (2008) Difficult to guard against, but easy to detect Client-side disruption Small-scale attacks with mail-in voting Large scale attacks possible with electronic methods (e.g., malware)

20 TGDC Meeting, July 2010 Availability - 4 Mitigations for Electronic Transmission Attacks on availability cannot be prevented, but can be made more difficult Redundancy and over-provisioning Coordinating with Internet service providers for filtering Emerging technology: Cloud computing DoS attacks difficult to prevent, but easy to detect

21 TGDC Meeting, July 2010 I&A - 1 Potential Benefits Automated authentication mechanisms Strong remote authentication Page 21

22 TGDC Meeting, July 2010 I&A - 2 Desirable Properties Voter/Administrator/Component I&A Non-transferable credentials Page 22

23 TGDC Meeting, July 2010 Page 23 I&A - 3 Threats Strength of authentication mechanisms Mail-in, fax, and email rely on verification of hand signatures Stronger mechanisms available for web-based systems Credential Selling Same impact as vote selling Large-scale attacks possible depending on authentication mechanism (e.g., PIN, password) Phishing/Pharming Major threats to web-based systems 2008 Gartner report- 5 million victims Low-tech, but highly effective attack Malware attacks May allow theft of voters’ and administrators’ credentials Social engineering May result in theft of administrator credentials

24 TGDC Meeting, July 2010 I&A - 4 Mitigations for Electronic Transmission Strong authentication mechanisms exist PINs and passwords are cheap, but comparatively easy to steal One-time password devices require deployment of physical devices to voters Cryptographic authentication methods offer the strongest assurances, but may be expensive to deploy Smart Card Authentication Common Access Card already deployed to military personnel Lack of smart card readers on personally-owned computers Intended to be used by the 2004 SERVE project In-person authentication at supervised kiosks Page 24

25 TGDC Meeting, July 2010 Next Steps - 1 Best Practices documents Use security best practices as input to updating EAC UOCAVA Best Practices Must also bring in usability, accessibility, and election management best practices Page 25

26 TGDC Meeting, July 2010 Next Steps - 2 Security research documents Threats, mitigating security controls, and current/emerging technologies will serve as basis for draft risk management matrices NIST will work with the voting community to fill in remaining issues Page 26

27 TGDC Meeting, July 2010 Page 27 All documents will be available at: http://vote.nist.gov NIST UOCAVA Voting Documents

Download ppt "TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology"

Similar presentations

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.

Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.

Appropriate Access: Levels of Assurance Stefan Wahe Office of Campus Information Security.
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.

United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
TGDC Meeting, December 2011 Andrew Regenscheid National Institute of Standards and Technology Update on UOCAVA Risk Assessment by.

TGDC Meeting, December 2011 Andrew Regenscheid National Institute of Standards and Technology Update on UOCAVA Risk Assessment by.
TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.

TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.
TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL

TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL

Similar presentations

Ads by Google