Protection Profile for evoting systems - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Protection Profile for evoting systems

Description:

Registration authorities register eligible voters before the election day. ... On the election day registerd voters request ballot or voting privilege from the ... – PowerPoint PPT presentation

Number of Views:342
Avg rating:3.0/5.0
Slides: 27
Provided by: ARTC98
Category:

less

Transcript and Presenter's Notes

Title: Protection Profile for evoting systems


1
Protection Profile for e-voting systems
Kwangwoo Lee, Yunho Lee, Woongryul Jeon, Dongho
Won, Seungjoo Kim Sungkyunkwan University,
Information Security Group, Korea http//www.secur
ity.re.kr
2
Why we use the e-voting system?
  • Many counties try to adopt the e-voting machine
    in their election
  • Argentina, Australia, Austria, Belgium, Bosnia
    and Herzecobina, Brazil, Canada, Costa Rica,
    Finland, France, Germany, India, Japan, Korea,
    Netherlands, Portugal, Slovakia, Spain, Sweden,
    Swiss, United Kingdom, United States, Venezuela,
    etc.
  • What is the advantages of e-voting system?
  • Accurate and fast tabulation of votes
  • Low cost
  • Improved accessibilty

3
The type of e-voting system
Our concern
Paper Voting
Electronic Voting
Cunnected
Not cunnected
Polling Station Voting
KIOSK
Remote Voting
4
General Process of e-voting
Voter
1.Registration
Registration Authority
2. Authentication Authorization
Tallying Authority
3.Voting
4.Tallying
Election Result
5
Election Actors
  • Voter
  • Voter has the right for voting, and he votes in
    the election
  • Registration Authority
  • Registration authorities register eligible voters
    before the election day. These authorities ensure
    that only registered voters can vote and they
    vote only once on the election day. Registration
    authorities may be registrar authenticator,
    authorizer, ballot distributor and/or key
    generator
  • Tallying Authority
  • The tallying authorities collect the cast votes
    and tally the results of the election. Tallying
    authorities may be counter, collector, or tallier

6
Election Phases
  • Registration
  • Voters register themselves to registration
    authorities and the list of elibible voters is
    compliled before the election day
  • Authentication and Authorization
  • On the election day registerd voters request
    ballot or voting privilege from the registration
    authorities. Registration authorities check the
    credentials of those attempting to vote and only
    allow those who are eligible and registerd befor
  • Voting
  • Voter casts his vote
  • Tallying
  • The tallying authorities count the votes and
    announce the election results

7
General Security Requirements
8
Problems
  • Can you believe the result?
  • How do you reflect your belief in its accuracy?
  • Many of voters cannot believe the black-box
    e-voting machines
  • To overcome these problems, many countries are
    trying to evaluate the e-voting system using the
    CC
  • It can reduce risks and make voter to trust the
    election result

9
Verifiable e-voting
  • Individual verifiability
  • A voter should be able to satisfy him/herself
    that the voted ballot has been captured correctly
    (cast-as-intended)
  • Universal verifiability
  • Anyone should be able to satisfy him/herself that
    the voted ballot is counted correctly
    (counted-as-cast)

10
Implementation of Verifiable e-voting system
11
The Existing Protection Profiles
12
TOE (Target of Evaluation)
13
The Contents of Protection Profile
Protection Profile
PP Introduction
PP Reference TOE Overview
Conformance Claims
CC conformance Claim PP Claim, Package
Claim Conformance Rationale Conformance Statement
Security Problem Definition
Assumptions Threats Organizational Security
Objectives
Security Objectives
Security Objectives for the TOE Security
Objectives for the Operational Environment Securit
y Objectives Rationale
Extended Components Definition
Extended Components Definition
Security Requirements
Security Functional Requirements Security
AssuranceRequirements Security Requirements
Rationale
14
Threats (1/2)
15
Threats (2/2)
16
Assumptions
17
Organizational Security Policy(OSP)
18
Security Objectives for the TOE
19
Security Objectives for the TOE
20
Security Objectives for the Operational
Environment
21
Security Functional Requirements
22
Security Functional Requirements
23
Security Assurance Requirements
  • Our protection profile adopts EAL4 level
  • E-voting system is a critical information system
  • The result of attack can cause terrible confusion
    in society
  • We extend security assurance requirements to
    reinforce verification of implementation
  • Extended requirements are ADV_IMP_2, ATE_DPT.3,
    AVA_VAN.4.

24
Comparison
T Threat A Assumption OSP Organizational
Security Policy VVAT Voter Verifiable Audit Trail
25
Conclusion
  • Many of voters cannot believe the black-box
    e-voting machines
  • The PP for e-voting systems should consider the
    voter verifiability
  • We proposed a protection profile of an e-voting
    system for evaluation against CC v3.1

26
Q A
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Protection Profile for evoting systems" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!