Ideas for today and tomorrow
Remote (Internet) Voting in Digital India
National Conference on Remote Voting (NCRV) 2015
20-21st July 2015
“The fundamental challenge in public voting is how to
reconcile the conflict between demonstrable integrity and
ballot privacy”
Agenda
Today’s Need
Internet Voting – Basic architecture Voting Requirements
The Global Picture Current Issues Indian Scenario Various Stages
Technology and Security Issues (Client side, Server side, Connection related) Security Solutions
C-DAC Cyber security Solutions Suggested steps for realization
• Modernizing the election process
• User friendly – can be used even by illiterates
• Simple to operate and can be installed in a short time • Preserves voting secrecy
• No scope for invalid votes
• Facilitates quick and accurate counting – possible to declare results
instantaneously
• Lowers operating costs
• Provision can be made to connect to a “CENTRAL STATION” to consolidate and display / record the results countrywide
Today’s Need
Internet Voting – Basic Architecture
• Cast votes Online
• Web browser/Mobile
app
• Vote from your
Voting requirements
• Only eligible voters can vote and no one votes twice
Eligibility
• Any traceability between the voter and his vote must be removed
Anonymity
• A voter is able to verify that his or her vote is counted in the final tally.
Verifiability
• No one should be able to compute a partial tally as the election progresses
Fairness
• No one can use force or compel anybody to vote
Coercibility
• A voter cannot prove that he or she voted in a certain way.
Receipt-freeness
• No coalition of participants can gain any information about the voter’s vote.
Privacy
• Faulty behaviour of any reasonably sized coalition of participants can be tolerated.
Estonia
Switzerland
Canada
The Global Picture
Estonia (population of 1.3 million)• Rolled out e-voting in 2005 and by 2009 nearly a quarter of all votes cast were online
• Various ways of voter identification: ID Card with Pin Code, Digital ID, Mobile ID
• E-Voting for general elections, the model can be considered as one of the successful model and scalability of that model for large voter based needs to be analyzed
Switzerland (population of 8.2 million)
• First used it in Geneva in 2003, with Zurich and Neuchatel cantons soon following
Canada
• Uses online voting in municipal elections
• The town of Markham, in Ontario, has offered online ballots in local elections since 2003
• Overall turnout rose nearly 10% from 2006 to 2010
Sweden & Latvia are among the countries that have tested Internet voting
Some of the US states have tested the system unsuccessfully and the demand for Internet based voting is growing
US has set up a committee for coming out with procedures End to end verifiable Internet voting (E2E-VIV)
United States
Indian scenario
• Remote voting through post• Digital India Initiative for Transforming to digital
• 80 crores plus mobile phones : Excellent mobile penetration • 86 crores plus Indians have Aadhar ID Number
• 20 % of India population uses Internet
• Expected to grow in next five years due to programs like Digital India, National
Optical Fiber Network, Etc.
• Gujarat has already started providing online voting facility
• Since penetration of Internet and mobiles are increasing , Internet voting can be
Need of the hour
Policy
• Government needs to set up policy for Internet voting
• Voter registration process • Standards to be
developed internet voting
Political
• Political system has to be convinced with the
methodology adopted for Internet voting
Technical
• Architecture should be in place
• Solution development through multi party participation
• Ensure Security
Cultural/Public
• Awareness needs to created among voters and a huge awareness program has to be planned
End to end security
•
Authentication of voter
•
Anonymity and privacy of vote given by the voter
•
Secure servers for voting, tallying and data backup
•
Secure communication among various servers
•
End to end encryption of the information
•
DNS security
•
Application level security
• Client side • Server Side
•
Network level security
• No fool proof test to find malicious payload
• Installed through CDs • E-mails
• Buffer overflows • Activex controls
• Remote control of client computer (Open source Back Orifice 2000) • Triggering malicious software in scheduled manner
• Chernobyl Virus (April 26, 1999)– modified BIOS so the systems couldn’t boot
• Proxy redirects
• Authentication threats - Private key in smart cards – smart card readers are
connected through Pcs – malicious code can change your vote
• Mobile phones – limited display area, lost/stolen, prohibitive costs
• Distributed Denial of Service (DDOS)
• Cause
• Flooding the network
• Overload server’s computational resources
• Effects
• Servers may cut off from Internet • Disenfranchisement of eligible voters
• Solutions
• No effective protective mechanism
• Voting machines should locally store the vote and sync later
Server side Security Issues
• Distributed Denial of Service (DDOS)
• On Domain name service(DNS) sever
• On IP router – will block whole region from casting votes
• DNS Spoofing
• Effect
• True IP address is replaced with fake IP address • Voter is redirected to a voting page look-alike
• Could be done during Voter registration too. Only during voting, it will found that they
are not registered
• Solution
• Using DNSSec
• Digital Signatures – people are not familiar with SSL connections and Certificates
Connection related Security Issues
Security issues with DNS
• In some cases, attacks target the actual infrastructures, which include servers hosting the
domain names
• In other cases, hackers look to exploit loopholes in the software to create abnormal situations
from which they can profit
• Threats at servers side
• DOS/DDOS attacks
• DNS cache-poisoning
• Threats at client side: Malware • Threats on Network
• DNS spoofing/Data modification/redirection
DNSSEC Overview
• It ensures end-to-end DNS data integrity and authentication of origin. • Uses Public key cryptography to sign the DNS data.
• RSA/SHA
• Public Keys published(DNSKEY)
• Delegation Signer(DS)
Trust of Sign
• Trust anchor
• The starting Point of trust, typically obtained via some trusted source.
• Example:
• DNSKEY of root servers and other trusted domains.
• Chain of Trust from Trust anchors
• Hierarchical key verification from trust anchor to end.
• Example:
Security Solutions Needed for Internet
Voting
• Certified Cryptographic implementations for encryption and
authentication
• End point security for desktop and mobile • Security solutions for DNS
• Multi level authentication system • Malware Detection and Prevention • Network & Gateway Security
• Web Security
C-DAC - Cyber Security Solutions
• Cryptographic systems
• Most widely used stream, block and public key crypto systems
• End Point Security
– USB Pratirodh, AppSamvid, Browser JSGuard, Application and Device
Control (ADC) & M-Kavach
• Malware Detection and Prevention
– M-Resist, Malware Nivarak
• Network & Gateway Security
– Guard Your Network (GYN) - IPS, Insider Attack Detection (PAX), UTM
Appliance, CHAKRA – Dynamic Firewall, EDGE – Self Management Network Solution
C-DAC Cyber security solutions
• Web Security
• WebSAFE & PHP Application Vulnerability Scanner (PAVS)
• Authentication Systems & Biometrics
• The Bharatiya AFIS Suite, Bharatiya-IRIS, Touch screen based Bharatiya Biometric Attendance System, Automatic Face Recognition System, PKI solutions & e-Sign
• Cyber Forensics
• CyberCheck Suite, NetForce Suite, MobileCheck, SIMXtractor, AdVik- CDR
22
e-Pramaan Authentication Methods
SMS/Mobile / Email based OTPs
Biometric – Fingerprint / Iris
OTP
Digital Signature Certificate (USB/Soft
Token) Biometrics
Training & Awareness Activities
• Training labs establishment (for users)
• Training - Detailed plan, Infrastructure & Content
• Regular 3-day/5-day/2-week programs and corporate trainings
• PGDITISS-Post Graduate Diploma In IT Infrastructure Systems and
Security(6 months)
• Online Course on Cyber Security
• Information Security Education and Awareness (ISEA) • PKI Awareness
Way Forward
• With the rich experience and solutions in cyber security domain
C-DAC can
• Develop solutions required for Internet voting on client side and
server side
• Can develop solutions for authentication
• Secure applications for vote tallying at serve side
• Can audit the security of overall system
Electronic Voting Systems Security -
Technologies
• Homomorphic Encryption for end-to-end security
• Anonymous Voting - blind signatures
• Trusted Authorities - Trusted Third Parties, digital certificates, etc
• End-to-end auditable cryptographic protocols
• Individual verifiability: a voter can check that her own ballot is included in the election’s bulletin board
• Universal verifiability: anyone can check that the election outcome corresponds to the ballots published on
the bulletin board
• Eligibility verifiability: anyone can check that each vote in the election outcome was cast by a registered
voter and there is at most one vote per voter
• Electronic Voting System Protocols and software should be open for public inspection
• Highly secure implementations – source code from trusted sources
• Secure Platforms which cannot be tampered with – eg HSM, TPM etc
Proposed Steps for Realization
• An eco system needs to be developed under the supervision of Election commission for
Internet voting
• Formulate a major program and identify regulator and developer organizations with
the following actionable items
• Select suitable security protocols through evaluation
• Define timelines for implementation of solution
• Engage organizations for implementing the following
• Client side implementation
• Server side application and communication design
• Development of standards for evaluation of systems and software before they put to real use • Implement through following phases
• Pilot test initially in elections that have less impact: Like water body elections
• Providing internet voting facility to NRIs and voters away from their constituencies • Moving forward to Corporation and municipal elections
