SlideShare a Scribd company logo

Technische Hintergründe der anonymen elektronischen Stimmabgabe

C
Christian Folini

Beschreibung der technische Hintergründe der anonymen elektronischen Stimmabgabe und wie die Quadratur des Kreises zwischen Stimmgeheimnis und Schutz der Manipulation der Ergebnisse umgesetzt wird.

Internet
1 of 8
Download to read offline
Technische Hintergründe der anonymen elektronischen Stimmabgabe netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Christian Folini / @ChrFolini
netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Christian Folini netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com ● Security Engineer ● Author ModSecurity Handbook (2. Auflage) ● OWASP ModSecurity Core Rule Set Project Co-Lead ● Programm-Leiter Swiss Cyber Storm Konferenz ● Externer Berater der Schweizerischen Post im E-Voting Projekt
netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Programm ● Rechtliche Anforderungen ● Technische Umsetzung
netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Bundesgesetz polit. Rechte Artikel 8a, Elektronische Stimmabgabe, Absatz 2: „Die Kontrolle der Stimmberechtigung, das Stimmgeheimnis und die Erfassung aller Stimmen müssen gewährleistet und Missbräuche ausgeschlossen bleiben.”
netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Übertragung auf CIA Triade Confidentiality: • Stimmgeheimnis Integrity: • Kontrolle der Stimmberechtigung • Ausschluss von Missbräuchen Availability: • Erfassung aller Stimmen
netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Source: https://www.post.ch/-/ media/post/evoting/dokumente/ evoting-system-dokumentation.pdf Retrieved: 13/Mar/2019
netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Design Decision Source: https://twitter.com/matthew_d_green/status/1100761233505087493
netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Contact christian.folini@netnea.com @ChrFolini

Recommended

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endChristian Folini
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectChristian Folini
 
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectWhat’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandChristian Folini
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanChristian Folini
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetChristian Folini
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 

Recommended

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endChristian Folini
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectChristian Folini
 
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectWhat’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandChristian Folini
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanChristian Folini
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetChristian Folini
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...Christian Folini
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Christian Folini
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerChristian Folini
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern ServersChristian Folini
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenChristian Folini
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dosChristian Folini
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusChristian Folini
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017Christian Folini
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetChristian Folini
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeChristian Folini
 

More Related Content

More from Christian Folini

The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...Christian Folini
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Christian Folini
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerChristian Folini
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern ServersChristian Folini
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenChristian Folini
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dosChristian Folini
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusChristian Folini
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017Christian Folini
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetChristian Folini
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeChristian Folini
 

More from Christian Folini (11)

The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule Set
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern Servers
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dos
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule Set
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia Mode
 

Technische Hintergründe der anonymen elektronischen Stimmabgabe

  • 1. Technische Hintergründe der anonymen elektronischen Stimmabgabe netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Christian Folini / @ChrFolini
  • 2. netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Christian Folini netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com ● Security Engineer ● Author ModSecurity Handbook (2. Auflage) ● OWASP ModSecurity Core Rule Set Project Co-Lead ● Programm-Leiter Swiss Cyber Storm Konferenz ● Externer Berater der Schweizerischen Post im E-Voting Projekt
  • 3. netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Programm ● Rechtliche Anforderungen ● Technische Umsetzung
  • 4. netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Bundesgesetz polit. Rechte Artikel 8a, Elektronische Stimmabgabe, Absatz 2: „Die Kontrolle der Stimmberechtigung, das Stimmgeheimnis und die Erfassung aller Stimmen müssen gewährleistet und Missbräuche ausgeschlossen bleiben.”
  • 5. netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Übertragung auf CIA Triade Confidentiality: • Stimmgeheimnis Integrity: • Kontrolle der Stimmberechtigung • Ausschluss von Missbräuchen Availability: • Erfassung aller Stimmen
  • 6. netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Source: https://www.post.ch/-/ media/post/evoting/dokumente/ evoting-system-dokumentation.pdf Retrieved: 13/Mar/2019
  • 7. netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Design Decision Source: https://twitter.com/matthew_d_green/status/1100761233505087493
  • 8. netnea AG | Gartenstadtstrasse 29 | CH-3097 Liebefeld | Tel +41 31 974 08 08 | www.netnea.com | info@netnea.com Contact christian.folini@netnea.com @ChrFolini