Voto elettronico
Download
Report
Transcript Voto elettronico
The Italian Academic
Community’s
Electronic Voting System
Pierluigi Bonetti
Lisbon, May 2000
What is CINECA
A Consortium
of 15 Italian Universities
Mission: to provide the most advanced
computing and
networking services
to universities
and industries
Founded in 1969
About 150 full time
researchers
CINECA resources
Cray T3E - 256 nodes
IBM SP/2 - 32 nodes
IBM SP/3 - 8 nodes
SGI Onyx2
SGI Origin 2000
SGI Challenge L-2
Gigabit backbone LAN
10+ Mbps connection to
Internet
The first and unique
Virtual Theatre in Italy
How Italian Universities
recruit teaching staff
When a University offers a position, an
evaluation committee is needed
Members of the committee have to be
elected amongst all the teaching staff in
all the Italian Universities belonging to
the scientific discipline related to the
position offered
Each offered position, therefore, requires
a nation-wide election (!)
Complexity
Thousands of elections,
each with a different list of candidates
and involving many thousands of electors
Achieving this objective with traditional methods
is impossible
The Ministry for University
and Scientific and Technologic Research
asked us to build
an Electronic Voting System
Requirements
As in a traditional election:
Legitimacy: only those who have the right to vote can
vote and can cast only one vote
Secrecy: no one can read the vote until the polling
phase
Anonymity: the identity of the voter cannot be traced
from the vote cast
Integrity: the vote cannot be modified once
it has been cast
In addition:
Acknowledge receipt of each vote cast
The Electronic Voting System
A Central
Electoral Office for voting
authorizations
A Central Ballot-Box collecting votes
Many Polling Stations distributed all over
the country and directly connected to the
two central entities
Smart card based asymmetric cryptography
The Polling Station
Voting operations
The voter is identified at a Polling Station
by an electoral committee
He receives a
one time use
personal secret code
He votes using a network terminal
The printer prints out a record with the
name of the voter and periodic accounting
on the number of voters
Polling operations
Each
Recruitment Procedure Officer,
using his smart card,
gets the encrypted votes
from the Central Ballot-Box
and decrypt them
He
determines the results, signs them
with the smart card and gets them
published on the Web in real-time
Polling Station software
A specific client
in Java
No local data
Simple to use
even for
non-technical
skilled people
Mouse use not required
Confirmation required before any critical action
The Certification Authority
Issues X.509v3 certificates for:
Polling Stations
Recruitment Procedure
Officers
Global architecture
The voting phase
Central
Electoral
Office
Issued Voting Authorization
Used or Expired Voting Authorization
Polling Station
Voter
Central
Ballot-Box
Global architecture
The poll phase
Central
Electoral
Office
Authorizes operation
Verifies credentials
Polling station
Recruitment
Procedure Officer
Central
Ballot-Box
Hardware
CONTROL WORKSTATION
CENTRAL
ELECTORAL
OFFICE
CERTIFICATION
AUTHORITY
ACCESS ROUTERS
PRINTER
STATION 1
ISDN ROUTER
STATION 2
CENTRAL
BALLOT-BOX
ISDN ROUTER
STATION 1
STATION 2
PRINTER
STATION 3
The Network
Private
ISDN network configured
as a closed user group
Direct connection from each
Polling Station to the central servers
Dial-on-demand with multi-link PPP
Caller ID verification
Centralized management of
each network device
Security systems
Votes are protected by:
Strong asymmetric
cryptography based on
smart card
SSL authentication with
X.509v3 certificates
Digital signature of the
Polling Station
Votes flow
RECRUITMENT
PROCEDURE OFFICER
PUBLIC KEY
ISDN LINE
CENTRAL BALLOT-BOX
CENTRAL BALLOT-BOX
PUBLIC KEY
POLLING STATION
PRIVATE KEY
ISDN LINE
RECRUITMENT PROCEDURE OFFICER
PRIVATE KEY
Why is the system secure?
Authentication for both client and server
All communications are 1024 bit RSA protected
The intranet is not connected to the public
Internet
Each vote is encrypted with
the Recruitment Procedure
Protection
Officer public key and signed
against
by the Polling Station
the system
No relation between the vote
managers
and the voter
System certification
This solution has been checked
and certified as safe
by a Technical Committee
on behalf of the
Ministry for University and
Scientific and Technologic Research
The first voting session in 1999
Some numbers
Opening time for Polling
1969 elections and
different candidate lists Stations: 3 weeks
42497 electors
Average number of votes
due by each voter: 6
79 Polling Stations in
72 Universities
Average elapsed time for
each voter: 5 minutes
209 Voting Stations
26873 voters (63%)
163645 votes cast
Average elapsed time from
the beginning of the polling
phase and the publishing of
the results on the Web:
1 minute
Future extensions
A personal
identity card for each voter
instead of the one-time-use secret code
Polling Stations on the public Internet
Feasibility of voting from any PC
Other kinds of elections...
For any information
[email protected]