DataPDF Available

PVPF-CK-BS-EVoteID2019

Authors:
© 2019 UZH, CSG@IfI
The Swiss Postal Voting Process
and its System and Security Analysis
Christian Killer and Burkhard Stiller
Department of Informatics IFI,
Communication Systems Group CSG,
University of Zürich UZH
[ killer ¦ stiller ]@ifi.uzh.ch
4th E-Vote-ID 2019 E-VOTE-ID, October 1-4, 2019, Bregenz, Austria
1
Introduction
Remote Postal Voting
Threat and Risk Analysis
Conclusions
© 2019 UZH, CSG@IfI
Introduction Advertisement
2
Swiss public initiative on a “Secure and trusted democracy”
© 2019 UZH, CSG@IfI
Proposed Law
... if it is guaranteed that at least the same security against
manipulation exists as in the case of hand-written voting ...
3
© 2019 UZH, CSG@IfI
Comparing “Systems“
4
© 2019 UZH, CSG@IfI
The Swiss RPV Case
The Swiss RPV is fragmented and difficult to
generalize, due to federalism in Switzerland,
autonomy, and involvement of many external suppliers
Goal:
To identify weaknesses of RPV to allow for “hardening”
of the RPV through security and risk assessment.
Disclaimer: Focus on generalization, may not cover all
cantons and processes exactly, leaves room for exceptions.
Many exchanges with Swiss authorities and external suppliers
5
© 2019 UZH, CSG@IfI
RPV From a Voter’s Perspective
6
© 2019 UZH, CSG@IfI
PVPF: Postal Voting Process Flow
7
© 2019 UZH, CSG@IfI
Federal Government
?
??
?
Federal Chancellery
Cantonal Government
Municipality
Municipal Election Office
Eligible Voter
The Swiss Post
External Supplier
Security Threat
Identification of Stakeholders
8
© 2019 UZH, CSG@IfI
PVPF Phases
Divided into phases A to G with various stakeholders
9
PVPF: Postal Voting Process Flow
Federal Government
Federal Chancellery
Cantonal Government
Municipality
Municipal Election Office
Eligible Voter
The Swiss Post
External Supplier
Security Threat
© 2019 UZH, CSG@IfI
PVPF in Detail
10
PVPF: Postal Voting Process Flow
© 2019 UZH, CSG@IfI
A: Setup, B: Delivery
11
© 2019 UZH, CSG@IfI
A: Setup, B: Delivery
12
TE2: ER master records
TE3: ER snapshot data
TE4: Forge physical artifacts
TE5: Steal assembled VEs before dispatch
TE1: Delay production of physical artifacts
TE6: Re-route VEs
TE7: Steal VE from voter letterboxes
THREAT EVENTS
© 2019 UZH, CSG@IfI
PVPF in Detail
13
PVPF: Postal Voting Process Flow
© 2019 UZH, CSG@IfI
C: Casting, D: Storage, E: Tallying
14
© 2019 UZH, CSG@IfI
C: Casting, D: Storage, E: Tallying
15
TE8: Steal casted VEs from municipal letterbox
TE9: Re-route VEs
TE10: Cast stolen or forged VEs
TE11: Access stored VEs
TE12: Manipulate tallying
TE13: Manipulate final tally
THREAT EVENTS
© 2019 UZH, CSG@IfI
F: Validation, G: Destruction
16
© 2019 UZH, CSG@IfI
F: Validation, G: Destruction
17
TE13: Initiate premature destruction
THREAT EVENTS
© 2019 UZH, CSG@IfI
Recalling the Comparison
18
© 2019 UZH, CSG@IfI
Conclusions
19
Heterogeneous
Processes
Physical
Decentralizaton
Substantial
Trust in Third
Parties
Distribution of
Trust
© 2019 UZH, CSG@IfI
Thank you for your attention.
Many thanks are addressed to Anina Sax, Annina Zimmerli,
Dr. Christian Folini, Melchior Limacher, Marco Sandmeier,
and Dr. Benedikt van Spyk for their valuable input.
20
© 2019 UZH, CSG@IfI
Backup Slide
21
© 2019 UZH, CSG@IfI
PVPF in Detail
22
PVPF: Postal Voting Process Flow
© 2019 UZH, CSG@IfI
Future Work
Adapt the PVPF more cantons, which will allow a more
granular level and identification of realistic Threat
Events
Inquiry of deployed proprietary tools is in progress, in
active discussions with Suppliers and Authorities
23
© 2019 UZH, CSG@IfI
Risk
Assessment
What would an adversary really do?
24

File (1)

ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.