The slides about e-voting. It describes the recent voting system in Iraq, and shows some privacy issues in the system.
Also, it contains some recommendations to mitigate these issues.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Iraqi Elections in 2014: a Privacy Requirement Evaluation Based on a Polling Place Experience
1. Iraqi Elections in 2014: a Privacy Requirement
Evaluation Based on a Polling Place Experience
Ali Fawzi Najm Al-Shammari & Adolfo Villafiorita
1,2 1
1. Fondazione Bruno Kessler - Italy
2. University of Kerbala - Iraq
25th September 2014
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
2. Outline
• Historical overview.
• Current voting System in Iraq.
• Stakeholders.
• Components.
• Procedures.
• Security Issues.
• Recommendations.
• Conclusion.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
3. Historical Overview
• Democracy was not a common practice in Iraq before 2003.
• In 2005, the new Iraqi constitution allows citizens to elect the
parliament, and the provincial councils every four years.
• Independent High Electoral Commission (IHEC) introduced to
manage and run elections.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
4. Historical Overview
Seven country wide elections were conducted:
• January 2005: National Assembly + Provincial Councils
• October 2005: Constitution
• December 2005: Parliamentary
• January 2009: Provincial Councils
• Mars 2010: Parliamentary
• April 2013: Provincial Councils
• April 2014: Parliamentary
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
5. Seven country wide elections were conducted:
• January 2005: National Assembly + Provincial Councils
• October 2005: Constitution
(Observer)
• December 2005: Parliamentary
(Observer)
• January 2009: Provincial Councils
(Station Manager)
• Mars 2010: Parliamentary
• April 2013: Provincial Councils
• April 2014: Parliamentary
Historical Overview
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
6. Iraqi Voting System
• Before 2014, paper based voting.
• Simple.
• Usable.
• There were some concerns raised:
• Vote stuffing!
• Vote manipulation!
• Some verification mechanisms, but they are manual, and time
consuming.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
7. Voting System Improvement
• In 2014, electronic component involved in the polling place.
• Motivation is to improve the system against the current
concerns, i.e.:
• Votes stuffing and manipulation.
• Improve voter’s authorization process in the poll.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
8. Approach
• Automates vote traceability.
• Mechanism of tracing the vote cast serial number.
• Automates voter authorization.
• Smart Identification Card (SID) for each voter.
• Biometric Identification.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
9. Smart Card Reader System (SCRS)
Fingerprint Scanner
Futronic FS80
Plastic Seal
Smart Card Reader System
(SCRS)
Thermal Printer &
Smart Card Reader
DATECS DPP-250
Tablet BQ Maxwell Plus 2
Camera
The new tool implemented by Indra
(Spanish Company).
• Offline database in the component.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
10. Polling Station Experience
Stakeholders.
Components.
Procedures.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
11. Polling Station - Stakeholders
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
12. Polling Station - Stakeholders
Station Manager (SM)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
13. Polling Station - Stakeholders
Authorization Officer (AO)
Station Manager (SM)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
14. Polling Station - Stakeholders
Authorization Officer (AO)
Station Manager (SM)
Ballot Issuer (BI)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
15. Polling Station - Stakeholders
Authorization Officer (AO)
Station Manager (SM)
Ballot Issuer (BI)
Ballot Box Observer (BBO)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
30. Polling Station - Components
SCRS
Ballots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Supervisor Smart Card (SSC)
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
31. Polling Station - Components
SCRS
Ballots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Supervisor Smart Card (SSC)
Voting Ink
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
32. Polling Station - Components
SCRS
Ballots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Supervisor Smart Card (SSC)
Station Forms
Voting Ink
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
33. Polling Station - Components
SCRS
Ballots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Supervisor Smart Card (SSC)
Station Forms
Voting Ink
Secure Plastic Bag
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
34. Polling Station - Components
SCRS
Ballots Pack
Ballot Stamp
Voters’ List
Voting Cabins
Ballot Box
Supervisor Smart Card (SSC)
Smart ID (SID)
Station Forms
Voting Ink
Secure Plastic Bag
Security Seal
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
35. Election Procedures
Starting the Election Day
1. SM : - receives the sensitive materials from Polling Place Manager (PPM).
- records the ballots packs’ serial number in station forms.
- seals the ballot box using plastic seals, and records its numbers in station forms.
2. AO : - turns on the SCRS using the SSC.
Identifying a Voter
1. Voter : - walks to authorization desk.
2. AO : - inserts voter’s SID in the SCRS.
- scans voter’s fingerprint by the SCRS.
3. SCRS : - verifies voter’s data.
- if the voter is eligible:
- saves voter’s access time.
- blocks voter’s SID.
- updates voter’s status in the database.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
36. Election Procedures
Issuing Ballot
1. AO : - passes voter’s ID to the BI.
2. BI : - checks voter’s name in the voters’ list.
- issues and stamps the ballot, and passes it to AO.
3. AO : - scans the QR code of the issued ballot using the SCRS.
4. SCRS : - stores the scanned code of the ballot.
5. Voter : - takes the issued ballot, and walks to the voting cabin.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
37. Election Procedures
Casting Vote
1. Voter : - fills in the ballot anonymously in voting cabin.
- folds the filled-in ballot, and walks to the ballot box.
- marks her indicator finger in the voting ink.
- casts her vote by putting the filled-in ballot in the ballot box.
2. BBO: - controls that a voter marks her finger with voting ink before casting the vote.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
38. Election Procedures
Special Case...
• If the SCRS fails in reading the SID of a voter.
• e.g., SID failure, or Database failure.
• Voter’s name exists in the voters’ list.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
39. Election Procedures
Special Case...
• If the SCRS fails in reading the SID of a voter.
• e.g., SID failure, or Database failure.
• Voter’s name exists in the voters’ list.
The voter has the right to vote!
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
40. Election Procedures
Special Case Voting Procedure
1. SM : - takes voter’s SID and puts it in a secure envelope.
- writes on the envelope (voter’s name, card’s serial number, and the reason of
collection).
2. BI : - asks the voter to sign in the voters’ list.
- releases Ballot for the voter.
3. AO : - signs the back of the ballot with “Smart card was not readable”.
- Does not scan the QR code of the ballot.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
41. Election Procedures
Closing the Polling Station
1. SCRS : - stops accepting any card.
2. SM : - secures ballot box.
3. AO : - stores the SCRS data in the SSC.
- prints the SCRS report.
• polling station name.
• total number of eligible voters in the station.
• number of voters who accessed the polling station.
• total number of scanned fingerprints.
• the total number of scanned QR codes.
• the time of opening and closing the poll.
• the list of scanned codes of ballots.
4. SM : - secures the SSC and the SCRS report in a plastic bag.
- records the number of the secure bag in the station forms.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
42. Election Procedures
Tallying Process
1. SM : - verifies the serial numbers of the ballot box seals through a comparison with the
records in the station forms.
- open the box.
2. Polling Place Employees : - starts the tallying process publicly.
3. EO: - observes the tallying process.
- records the tallying results in the station forms.
4. SM : - secures the ballots, and stations forms.
- provides the secured sensitive materials to the Polling Place Manager.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
44. Stakeholders’ Access
Stakeholder Pre-election During Election During Tallying After Election Day
- - -
Voter Ballot Serial Number
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
45. Stakeholders’ Access
Stakeholder Pre-election During Election During Tallying After Election Day
- - -
Voter Ballot Serial Number
- -
AO , BI Voter’s Name
Ballot Serial Number
Votes Cast
(Station)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
46. Stakeholders’ Access
Stakeholder Pre-election During Election During Tallying After Election Day
- - -
Voter Ballot Serial Number
- -
AO , BI Voter’s Name
Ballot Serial Number
Votes Cast
(Station)
- -
SM Voter’s Name
(Special Case)
Votes Cast
(Station)
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
47. Stakeholders’ Access
Stakeholder Pre-election During Election During Tallying After Election Day
- - -
- -
AO , BI Voter’s Name
Ballot Serial Number
- -
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Election
Officials
SCRS
Voters’ list
- Votes Cast (Precinct)
SCRS Data
Voters’ List
Special Case Voters
-
Votes Cast
(Station)
SM Voter’s Name
(Special Case)
Votes Cast
(Station)
Voter Ballot Serial Number
Tuesday 7 October 14
48. Attack Scenarios
General Assumption
• Malicious election official could compromise the privacy IF:
• the ballot serial number is linked with voter’s name.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
49. Attack Scenarios
Voter Attack
• Assumption: malicious voter.
• The malicious voter collects ballot serial number and provides it to a
third party.
• Forced.
• Attempt to sell vote.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
50. Attack Scenarios
Voter Attack
• Assumption: malicious voter.
• The malicious voter collects ballot serial number and provides it to a
third party.
Note that, even if there is no malicious election official,
some voter could be coerced by a malicious third party!
Just by asking him/her to provide the vote cast serial
• Forced.
• Attempt to sell vote.
number as an evidence to the way she/he voted.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
51. Attack Scenarios
Station Employee Attack 1
• Assumption: malicious AO/BI.
• The malicious AO/BI memorize voter’s name, and ballot serial
number.
• The malicious AO/BI links between voter and vote while tallying
the votes.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
52. Attack Scenarios
Station Employee Attack 1
• Assumption: malicious AO/BI.
• The malicious AO/BI memorize voter’s name, and ballot serial
number.
• The malicious AO/BI links between voter and vote while tallying
the votes.
We don’t need to assume that a malicious election official
exists.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
53. Attack Scenarios
Station Employee Attack 2
• Assumption: malicious Polling Place Employee.
• The malicious employee reveals the vote of the special case voter
in the tallying phase.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
54. Attack Scenarios
Station Employee Attack 2
• Assumption: malicious Polling Place Employee.
• The malicious employee reveals the vote of the special case voter
in the tallying phase.
We don’t need to assume that a malicious election official
exists.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
55. Attack Scenarios
Malicious Component Attack1
• Assumption: malicious SCRS, malicious election official.
• The malicious SCRS saves information that links voter with ballot
serial number.
• The malicious election official accesses the SCRS malicious data.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
56. Attack Scenarios
Malicious Component Attack 2
• Assumption: malicious SCRS, malicious person nearby the
polling place.
• The malicious SCRS broadcasts information that links the voter
and her ballot serial number using its Wifi, or bluetooth.
• The malicious person nearby, receives this information using a
malicious application installed in a device (e.g., smart phone).
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
57. Main Failures
• The ballot serial number is not protected.
• Voter identification and ballot issuing processes are performed
together.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
58. Recommendations
1.Protecting the Ballot Serial Number.
• Eg., scratch to reveal, or invisible ink marking pen.
• Using random codes for the ballots.
2.Modifies the procedures.
• Ballot QR codes scanning must be done after closing the poll.
• Does not marks the issued ballot of the special case.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
59. Conclusions
• The IHEC effort was to improve traceability, and election fairness.
• Current system has vulnerabilities that could compromise privacy,
caused by:
• Two critical processes performed by the same component.
• Ballot serial number is readable.
• Our goal is to improve the system with consideration of minimal
changes, which includes:
• Improving the ballot.
• Modifying procedures.
• Modifying SCRS software.
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14
60. Thank You For Your Attention
شكراً لإصغائكم
alshammari@fbk.eu
INFORMATIK 2014 - eVoting Workshop - Stuttgart
Tuesday 7 October 14