![Page 1: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/1.jpg)
Estonian Internet Voting
Arnis Parsovs
October 16, 2012
![Page 2: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/2.jpg)
Estonian Internet Voting Scheme
Voter
HSM
Vote StorageServer
Vote CountingApplication
Internet
CA
banon = Encspub(c, rnd) – RSA-OAEPb = Sigv (banon) – Digital Signature by Estonian ID-card
![Page 3: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/3.jpg)
Parliamentary elections 2011
• I-voting since 2005
• 24.3 % votes cast by i-voting
• Proof-of-concept malware
• Revocation appeals
• Invalid i-vote
• Re-voting 500+ times
• Reputation attacks
![Page 4: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/4.jpg)
OSCE/ODIHR Report 2011
The OSCE/ODIHR recommends that the NEC forms an inclusiveworking group to consider the use of a verifiable Internet votingscheme or an equally reliable mechanism for the voter to checkwhether or not his/her vote was changed by malicious software.
![Page 5: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/5.jpg)
Individually Verifiable Vote Auditing Scheme
Voter
Internet
• Crack the vote by brute-forcing candidates
• Re-voting attack
• For how long vr should work?
rnd , vrvr Sigv (banon)
![Page 6: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/6.jpg)
Amendments in Election Law
§48. Verification of the i-vote
(1) The voter can verify whether the vote given by internet votinghas been sent to i-voting system according to the voter’sintention.
(2) Verification procedures are established by ElectoralCommission.
![Page 7: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/7.jpg)
CoE Recommendations for e-voting
A remote e-voting system shall not enable the voter to be inpossession of a proof of the content of the vote cast.
![Page 8: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/8.jpg)
Coercion/Vote-buying
• Possible vectors:• Observe voting• Obtain ID-card
• Verifiability adds coercion vectors• QR code as receipt
• Re-voting as anti-coercion measure• Internet re-voting• Re-voting in polling station (cancels i-vote)
• Remote voting methods vulnerable
• Coercion attacks rather inefficient
![Page 9: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/9.jpg)
What Verifiability Solves?
• Detection of election rigging malware
• Decrease revocation appeals?
• Improve reputation of i-voting?
![Page 10: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/10.jpg)
Norwegian Experiences with Verifiable Electronic Voting
In addition to the 74 (out of 28,001) reports on incorrect bindings,the support call center received another 35 return code relatedcalls:
• 11 voters reported not having received a poll card
• 5 voters who voted online reported not receiving a returncode
• 4 voters received a poll card with the return codes smeared
• 1 person received two poll cards, one with the correct bindingand one incorrect
• 2 callers reported having received return codes withouthaving voted
![Page 11: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/11.jpg)
Voting in ID-card
• Voting application in ID-card
• Preserves vote secrecy
• Protection against disenfranchisement attackEncspub2(b, vcode)vcodesent encrypted == vcodereceived plain ?
• Smart card application updates
• Force ID-card to leak rnd for auditing
![Page 12: Estonian Internet Voting - satoss.uni.lu€¦ · Arnis Par sovs October 16, 2012. Estonian Internet Voting Scheme Voter HSM Vote Storage Server Vote Counting Application Internet](https://reader033.vdocument.in/reader033/viewer/2022050423/5f922cce782ba97a3b4e7bed/html5/thumbnails/12.jpg)
Thank you!
Questions, comments, opinions?