Slides for my talk @EPFL on Jan 18th 2019:..
Abstract
The voting and election processes are the backbone of Swiss democracy and threats to those processes are not to be taken lightly. For this reason, the Federal Chancellery introduced new rules and requirements on Internet Voting systems back in 2014, defining thresholds on the availability of Internet Voting, subjected to three increasing compliance levels.
This talk will introduce some of the security properties defined in the federal requirements, and summarize the work done in collaboration between the eVoting group at the Berner Fachhochschule and the State of Geneva.
We will conclude with a brief overview of the state of the project and of the work that still remains to be done, focusing on the cryptographic protocol.
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...CSSaunders
A presentation by Paul Whittaker CBE, Common Platform Transformation Director, CPS, on how digital technology will transform the interface between policing and the criminal justice system - delivered at the Police Foundation's annual conference 'Policing and justice for a digital age' December 2016.
PARELON (Electronic Online Parliament) presentation slides (english version).
A new advanced and accessible Direct Democracy online platform for all political movements.
Presentation made by Emanuele Sabetta from Movimento 5 Stelle at Palazzo Madama (italian senate), 19 September 2013.
An e-Tendering System (or Electronic Tendering System) facilitates the complete tendering process from the advertising of the requirement through to the placing of the contract. This includes the exchange of all relevant documents in electronic format.
Data to develop user centred justice services - Luc AltmannOECD Governance
Presentation by Luc Altmann made at the OECD Global Policy Roundtable on Equal Access to Justice, 28 March 2019.
For more information see www.oecd.org/gov/equal-access-to-justice-oecd-expert-roundtable-portugal-2019.htm
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...CSSaunders
A presentation by Paul Whittaker CBE, Common Platform Transformation Director, CPS, on how digital technology will transform the interface between policing and the criminal justice system - delivered at the Police Foundation's annual conference 'Policing and justice for a digital age' December 2016.
PARELON (Electronic Online Parliament) presentation slides (english version).
A new advanced and accessible Direct Democracy online platform for all political movements.
Presentation made by Emanuele Sabetta from Movimento 5 Stelle at Palazzo Madama (italian senate), 19 September 2013.
An e-Tendering System (or Electronic Tendering System) facilitates the complete tendering process from the advertising of the requirement through to the placing of the contract. This includes the exchange of all relevant documents in electronic format.
Data to develop user centred justice services - Luc AltmannOECD Governance
Presentation by Luc Altmann made at the OECD Global Policy Roundtable on Equal Access to Justice, 28 March 2019.
For more information see www.oecd.org/gov/equal-access-to-justice-oecd-expert-roundtable-portugal-2019.htm
The Elia Stakeholders’ Day was held on 22 November 2013 in the Square venue located in Brussels. More than 200 guests attended with keynote speakers such as Pierre Crevits, chef de cabinet du Secrétaire d’Etat à l’Energie Melchior Wathelet/kabinetschef Staatssecretaris voor Energie Melchior Wathelet and Marie-Pierre Fauconnier , President of the Commission for the Regulation of Electricity and Gas (CREG).
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)Shandy Aditya
Berdasarkan buku Loudon, K. C., & Travel, C. G. (2014). E-Commerce: Business, Technology, Society. New Jersey: Pearson Education.
kali ini kita akan membahas chapter 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
Video Presentation Link:
https://youtu.be/iROXWRrTuW8
Software602 delivered technology tools, including application designer, trained UPC’s IT specialists and delivered intensive support during the initial phase of the project.
WSO2Con EU 2015: Implementing National Interoperability PlatformWSO2
WSO2Con EU 2015: Implementing National Interoperability Platform
The Government of Republic of Moldova has been implementing an interoperability platform, named MConnect, to facilitate data exchanges between government entities. MConnect is the core of the process for public services re-engineering, since it allows streamlining public services delivery, both, for citizens and businesses, as well as optimizing internal governmental business processes. MConnect is a technological solution based on the WSO2 stack and provides the foundation for implementing the e-Transformation Agenda of the Government. This session describes the implemented solution.
Presenters:
Artur Reaboi
Enterprise Architect,
e-Government Center of Moldova
Iurie Turcanu
Chief Technology Officer,
e-Government Center of Moldova
Identity and Access Management (IAM) Linkage to
Innovative Service Delivery
February 17th, 2012
Victoria, B.C.
Brian Reed, IAM Practice Lead,
HP Enterprise Services, Canada
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Video presentation for 100+ Indian civil servants, for www,cips.org.in in Hydrabad (IN) 25 February 2016. Part of 3 day workshop see http://bit.ly/21iO1Qb done.
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
The huge project of the MEKIK (Hungarian Electronic Public Administration Interoperability Framework) has already been started; the next steps were the specification of the middleware and MEKIK portal and the pilot implementation of technical standards catalogue that would be accessible via this portal. These requirements affected the work in connection with the secure communication and the usage of electronic signature in the public administration. The project – correspondingly to the standards of the catalogue – also covered the general conception of security framework, requirements of certification service providers, signature creation application and devices, cryptographic protocols, legal aspects and secures mobile communication. This article introduces the actualities in connection with the interoperability of electronic public administration.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Key findings among the industry analysts: “Managing telecom & cloud expenses is a complex task that requires knowledge about multiple technical an business topics”.
Widecoup Billing has helped our clients to find savings primarily through the reduction on the different types of telco consumption and communications expenditures
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
More Related Content
Similar to The road towards verifiable internet voting
The Elia Stakeholders’ Day was held on 22 November 2013 in the Square venue located in Brussels. More than 200 guests attended with keynote speakers such as Pierre Crevits, chef de cabinet du Secrétaire d’Etat à l’Energie Melchior Wathelet/kabinetschef Staatssecretaris voor Energie Melchior Wathelet and Marie-Pierre Fauconnier , President of the Commission for the Regulation of Electricity and Gas (CREG).
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)Shandy Aditya
Berdasarkan buku Loudon, K. C., & Travel, C. G. (2014). E-Commerce: Business, Technology, Society. New Jersey: Pearson Education.
kali ini kita akan membahas chapter 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
Video Presentation Link:
https://youtu.be/iROXWRrTuW8
Software602 delivered technology tools, including application designer, trained UPC’s IT specialists and delivered intensive support during the initial phase of the project.
WSO2Con EU 2015: Implementing National Interoperability PlatformWSO2
WSO2Con EU 2015: Implementing National Interoperability Platform
The Government of Republic of Moldova has been implementing an interoperability platform, named MConnect, to facilitate data exchanges between government entities. MConnect is the core of the process for public services re-engineering, since it allows streamlining public services delivery, both, for citizens and businesses, as well as optimizing internal governmental business processes. MConnect is a technological solution based on the WSO2 stack and provides the foundation for implementing the e-Transformation Agenda of the Government. This session describes the implemented solution.
Presenters:
Artur Reaboi
Enterprise Architect,
e-Government Center of Moldova
Iurie Turcanu
Chief Technology Officer,
e-Government Center of Moldova
Identity and Access Management (IAM) Linkage to
Innovative Service Delivery
February 17th, 2012
Victoria, B.C.
Brian Reed, IAM Practice Lead,
HP Enterprise Services, Canada
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Video presentation for 100+ Indian civil servants, for www,cips.org.in in Hydrabad (IN) 25 February 2016. Part of 3 day workshop see http://bit.ly/21iO1Qb done.
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
The huge project of the MEKIK (Hungarian Electronic Public Administration Interoperability Framework) has already been started; the next steps were the specification of the middleware and MEKIK portal and the pilot implementation of technical standards catalogue that would be accessible via this portal. These requirements affected the work in connection with the secure communication and the usage of electronic signature in the public administration. The project – correspondingly to the standards of the catalogue – also covered the general conception of security framework, requirements of certification service providers, signature creation application and devices, cryptographic protocols, legal aspects and secures mobile communication. This article introduces the actualities in connection with the interoperability of electronic public administration.
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Key findings among the industry analysts: “Managing telecom & cloud expenses is a complex task that requires knowledge about multiple technical an business topics”.
Widecoup Billing has helped our clients to find savings primarily through the reduction on the different types of telco consumption and communications expenditures
Similar to The road towards verifiable internet voting (20)
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Launch Your Streaming Platforms in MinutesRoshan Dwivedi
The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown:
Pros of Speedy Streaming Platform Launch Services:
No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge.
Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker.
All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations.
Things to Consider:
Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions.
Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option.
Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options).
Examples of Services for Launching Streaming Platforms:
Muvi [muvi com]
Uscreen [usencreen tv]
Alternatives to Consider:
Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited.
Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform.
Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
1. 22/01/2019 - Page 1
Improvements
to CHvote
The road towards an
end-to-end verifiable
internet voting system
Office cantonal des systèmes d'information et du numérique
Département des infrastructures
2. 22/01/2019 - Page 2
Short Bio
• EPFL MSc in IT
• IT / Java consultant
• Now
Internet voting cryptography @ State of Geneva
Java DEV & AppSec
• Outside from work
OWASP-Geneva co-chapter leader
Married, 2 kids
Thomas Hofer / @thhofer / thomas.hofer@etat.ge.ch
3. 22/01/2019 - Page 3
Outline
Context
Security properties and challenges
Federal requirements
Protocol overview
State of the project
Conclusion
4. 22/01/2019 - Page 4
Outline
Context
Security properties and challenges
Federal requirements
Protocol overview
State of the project
Conclusion
5. 22/01/2019 - Page 5
The past of CHvote
First generation E-Voting system
• 2001: start of project
• 2003: first use
• Partners
6. 22/01/2019 - Page 6
Context
New Federal
Requirements
Version «1.5»:
- Remove java
applet
- Add individual
verifiability
12.2013
09.2015
06-09.2016
01.2017
V2.0: project
preparation
Project start
11.2018
Project
terminated
04-05.2019
Expected
publication date
Timeline
7. 22/01/2019 - Page 7
Context
Challenges
Exigences fédérales de
sécurité
Protocole cryptographique
Software as a service
Federal requirements
Individual and universal verifiability
End-to-end encryption
Independent control components
Symbolic and cryptographic proofs
Common Criteria EAL 2 et EAL 4
OWASP Code review
SMSI, ISO 27001 Certification
Internal and public penetration test
Source code publication
Cryptography
Bespoke cryptographic protocol
Strong performance requirements
Several academic partners
Implementation of less common cryptographic
primitives
Massively parallel computations
Control
Components
Hardware
6x 26 cores x86 256 Go
2x 16 cores IBM Power 256 Go
30 TB «live» data
4 distinct OS + 3 distinct JRE
implementations + 2 distinct CPU
architectures
BDD PostgreSQL high-availability
Encrypted and signed communications
0-loss tolerance
No remote access, dedicated physical
access control
4 independent pairs of
administration teams
Open Source
AGPL v3 License
Publication forbidden before
audits and certification
Documentation targeted at
external contributors
Image risks (cherry-picking of
issues)
Software as
a service
Multi-tenant (cantons,
languages, legal frameworks)
Autonomous ballot
organisation
High-availability
24/7 usage, limited windows
for maintenance
Integrity and authenticity of
data
8. 22/01/2019 - Page 8
Outline
Context
Security properties and challenges
Federal requirements
Protocol overview
State of the project
Conclusion
9. 22/01/2019 - Page 9
Security properties
Target security properties
Vote secrecy Result integrity
No early tallyAvailability Voter authentication
Enfranchisement
10. 22/01/2019 - Page 10
Security challenges
• Vote secrecy vs. result integrity
Cryptographically challenging (but feasible)
• Enfranchisement vs. authentication
Typically opposed
But: in CH, voting legitimation cards are sent to voters (Swiss
Post is trusted)
For mail-in ballots / polling station voting:
− Voting card + signature + DOB
For internet voting:
− Secrets printed on voting card + DOB
Partially contradicting requirements and other challenges
11. 22/01/2019 - Page 11
Security challenges
• Availability
OK, but… DDOS??
Standard technical counter-measures
Internet voting closes 24 hours before polling stations
• DNS-cache poisoning (nov. 2018 news)
Impacts everyone
Some technical counter-measures in place, others coming
Most importantly: certificate fingerprint printed on voting material
Partially contradicting requirements and other challenges (ctd.)
12. 22/01/2019 - Page 12
Outline
Context
Security properties and challenges
Federal requirements
Protocol overview
State of the project
Conclusion
13. 22/01/2019 - Page 13
Federal requirements
• Published in 2013, enacted 2014
Collaborative work between lawmakers, academia and operating
staff
• Compliance levels
The higher the compliance, the more voters allowed
• Reference
https://www.bk.admin.ch/themen/pore/evoting/07979/index.html
New Ordinance on Electronic Voting
14. 22/01/2019 - Page 14
Federal requirements
Individual Verifiability
Voters must receive proof that the server system has registered the vote as it
was entered by the voter on the user platform – VEleS, art. 4
15. 22/01/2019 - Page 15
Federal requirements
End-to-End Encryption
Votes must not be stored or transmitted in unencrypted form at any time from
being entered to tallying. – Technical and administrative requirements, section
3.3.4
16. 22/01/2019 - Page 16
Federal requirements
Universal Verifiability
For universal verification, the auditors receive proof that the result has been
ascertained correctly. They must evaluate the proof in a observable procedure.
– VEleS, art. 5 paragraph 4
17. 22/01/2019 - Page 17
Federal requirements
Control Components
The trustworthy part of the system includes either one or a small number of
groups of independent components secured by special measures (control
components). Their use must also make any abuse recognisable if per group
only one of the control components works correctly and in particular is not
manipulated unnoticed. – VEleS, art. 5, par. 6
18. 22/01/2019 - Page 18
Federal requirements
• First level
Individual verifiability
Internet voting for up to 30% of voters
• Second level
Add certifying audit
Internet voting for up to 50% of voters
• Third level
Add universal verifiability, control components and end-to-end
encryption
New certifying audit
Internet voting for up to 100% of voters
Compliance levels
19. 22/01/2019 - Page 19
Outline
Context
Security properties and challenges
Federal requirements
Protocol overview
State of the project
Conclusion
20. 22/01/2019 - Page 20
Protocol actors
Stakeholders from the perspective of the cryptographic protocol
Election officer Control
components
Bulletin Board
Voting client VoterPrinting
Authorities
21. 22/01/2019 - Page 21
Key cryptographic primitives
• El Gamal homomorphic encryption
• Oblivious Transfer for individual verifiability
Cast-as-Intended Verification in Electronic Elections Based on
Oblivious Transfer
• Pedersen Commitments
• Non-interactive Zero-Knowledge Proofs (ZKP)
• Wikström’s Proof of a Shuffle
A brief overview
22. 22/01/2019 - Page 22
Homomorphic encryption
• Principles
Operations performed on cipher texts
Result visible on recovered plain texts
Example:
− Encrypt 2
− Multiply cipher text by 3
− Decrypt
− Result is 6
• For this project: El Gamal encryption
What is it?
23. 22/01/2019 - Page 23
Homomorphic encryption
• Used for voter credentials
Voter authentication
• Used for encrypting the ballots
Vote secrecy
• Allows re-encryptions
Useful for anonymizing when shuffling
Vote secrecy
• Allows for key sharing
Control components each hold a key share
Vote secrecy & result integrity
How and why?
24. 22/01/2019 - Page 24
Oblivious Transfer
• In short
Server knows n secret messages
Client allowed to retrieve k secret messages
Server cannot know which messages the client asked for
Perfect match for the verification codes issue!
Vote secrecy & Result integrity
• In detail
Cast-as-Intended Verification in Electronic Elections Based on
Oblivious Transfer
What does it mean and why is it useful?
25. 22/01/2019 - Page 25
Commitments and ZKPs
• “public” commitments for the secrets
Share a value computed from secret, without leaking info
• ZKPs relative to those commitments
Prove that
− Secret value used in computation =
secret value used for commitment
Chain of truth from key generation to ballot decryption
• Combination yields Universal verifiability
Result integrity
How and why?
26. 22/01/2019 - Page 26
Wikström’s Proof of a Shuffle
• Re-encrypting mix-net
Each component re-encrypts each ballot and shuffles them
• Since shuffled, simple pre-image proofs would not work
• Since re-encrypted, ciphertexts are not equal
Vote secrecy
• Need for a specific proof that the cryptographic shuffle is
valid
Result integrity
Why?
27. 22/01/2019 - Page 27
Outline
Context
Security properties and challenges
Federal requirements
Protocol overview
State of the project
Conclusion
28. 22/01/2019 - Page 28
State of the Project
(those figures represent estimates by the team)
67%
33%
Development
Done To Do
40%
60%
Infrastructure
Done To Do
20%
80%
Audits and
certification
Done To Do
29. 22/01/2019 - Page 29
Outline
Context
Security properties and challenges
Federal requirements
Protocol overview
State of the project
Conclusion
30. 22/01/2019 - Page 30
Further reading
• Published protocol specification
https://eprint.iacr.org/2017/325
• Published PoC code
https://github.com/republique-et-canton-de-geneve/chvote-
protocol-poc
• Federal requirements
https://www.bk.admin.ch/bk/fr/home/droits-politiques/groupe-
experts-vote-electronique/criteres-pour-les-essais.html
And references
32. 22/01/2019 - Page 32
Thank you!
Office cantonal des systèmes d'information et du numérique
Département des infrastructures
Thomas Hofer thomas.hofer@etat.ge.ch @thhofer
33. 22/01/2019 - Page 33
This work is licensed under https://creativecommons.org/licenses/by/4.0/
Please attribute Republique et Canton de Genève with a link to
https://republique-et-canton-de-geneve.github.io/chvote-1-0