Transcript Voto elettronico

The Italian Academic
Community’s
Electronic Voting System
Pierluigi Bonetti
Lisbon, May 2000
What is CINECA
 A Consortium
of 15 Italian Universities
 Mission: to provide the most advanced
computing and
networking services
to universities
and industries
 Founded in 1969
 About 150 full time
researchers
CINECA resources
 Cray T3E - 256 nodes
 IBM SP/2 - 32 nodes
 IBM SP/3 - 8 nodes
 SGI Onyx2
 SGI Origin 2000
 SGI Challenge L-2
 Gigabit backbone LAN
 10+ Mbps connection to
Internet
 The first and unique
Virtual Theatre in Italy
How Italian Universities
recruit teaching staff

When a University offers a position, an
evaluation committee is needed
 Members of the committee have to be
elected amongst all the teaching staff in
all the Italian Universities belonging to
the scientific discipline related to the
position offered
 Each offered position, therefore, requires
a nation-wide election (!)
Complexity
Thousands of elections,
each with a different list of candidates
and involving many thousands of electors
Achieving this objective with traditional methods
is impossible
The Ministry for University
and Scientific and Technologic Research
asked us to build
an Electronic Voting System
Requirements


As in a traditional election:
 Legitimacy: only those who have the right to vote can
vote and can cast only one vote
 Secrecy: no one can read the vote until the polling
phase
 Anonymity: the identity of the voter cannot be traced
from the vote cast
 Integrity: the vote cannot be modified once
it has been cast
In addition:
 Acknowledge receipt of each vote cast
The Electronic Voting System
 A Central
Electoral Office for voting
authorizations
 A Central Ballot-Box collecting votes
 Many Polling Stations distributed all over
the country and directly connected to the
two central entities
 Smart card based asymmetric cryptography
The Polling Station
Voting operations

The voter is identified at a Polling Station
by an electoral committee
 He receives a
one time use
personal secret code
 He votes using a network terminal
 The printer prints out a record with the
name of the voter and periodic accounting
on the number of voters
Polling operations
 Each
Recruitment Procedure Officer,
using his smart card,
gets the encrypted votes
from the Central Ballot-Box
and decrypt them
 He
determines the results, signs them
with the smart card and gets them
published on the Web in real-time
Polling Station software

A specific client
in Java
 No local data
 Simple to use
even for
non-technical
skilled people

Mouse use not required
 Confirmation required before any critical action
The Certification Authority
Issues X.509v3 certificates for:
Polling Stations
Recruitment Procedure
Officers
Global architecture
The voting phase
Central
Electoral
Office
Issued Voting Authorization
Used or Expired Voting Authorization
Polling Station
Voter
Central
Ballot-Box
Global architecture
The poll phase
Central
Electoral
Office
Authorizes operation
Verifies credentials
Polling station
Recruitment
Procedure Officer
Central
Ballot-Box
Hardware
CONTROL WORKSTATION
CENTRAL
ELECTORAL
OFFICE
CERTIFICATION
AUTHORITY
ACCESS ROUTERS
PRINTER
STATION 1
ISDN ROUTER
STATION 2
CENTRAL
BALLOT-BOX
ISDN ROUTER
STATION 1
STATION 2
PRINTER
STATION 3
The Network
 Private
ISDN network configured
as a closed user group
 Direct connection from each
Polling Station to the central servers
 Dial-on-demand with multi-link PPP
 Caller ID verification
 Centralized management of
each network device
Security systems
Votes are protected by:
 Strong asymmetric
cryptography based on
smart card
 SSL authentication with
X.509v3 certificates
 Digital signature of the
Polling Station
Votes flow
RECRUITMENT
PROCEDURE OFFICER
PUBLIC KEY
ISDN LINE
CENTRAL BALLOT-BOX
CENTRAL BALLOT-BOX
PUBLIC KEY
POLLING STATION
PRIVATE KEY
ISDN LINE
RECRUITMENT PROCEDURE OFFICER
PRIVATE KEY
Why is the system secure?

Authentication for both client and server
 All communications are 1024 bit RSA protected
 The intranet is not connected to the public
Internet
 Each vote is encrypted with
the Recruitment Procedure
Protection
Officer public key and signed
against
by the Polling Station
the system
 No relation between the vote
managers
and the voter
System certification
This solution has been checked
and certified as safe
by a Technical Committee
on behalf of the
Ministry for University and
Scientific and Technologic Research
The first voting session in 1999
Some numbers

 Opening time for Polling
1969 elections and
different candidate lists Stations: 3 weeks

42497 electors


Average number of votes
due by each voter: 6
79 Polling Stations in
72 Universities

Average elapsed time for
each voter: 5 minutes

209 Voting Stations


26873 voters (63%)

163645 votes cast
Average elapsed time from
the beginning of the polling
phase and the publishing of
the results on the Web:
1 minute
Future extensions
 A personal
identity card for each voter
instead of the one-time-use secret code
 Polling Stations on the public Internet
 Feasibility of voting from any PC
 Other kinds of elections...
For any information
[email protected]