Security Concerns Database

From: Amit Sahai <sahai_at_CS_dot_Princeton_dot_EDU>
Date: Thu Nov 27 2003 - 13:27:10 CST

Let me suggest the following reorganization and additions to the set of
security concerns (so far building on those of Clay and David). The list
is already growing large, and it is not clear how to best oragnize it.


Context: We are considering a physical computer-assisted voting system
that produces paper ballots. Right now, we are not concerned with
internet voting, etc.

I. Anonymity / Privacy Issues

   A. Monitoring people's vote
      1. Electronically (via easter eggs)
      2. Physically (e.g. via numbers on physical ballot)

   B. Inferring votes via timestamp information (i.e. if time or sequence
      information is recoverable from a collection of ballots, this can
      be correlated with a covert videotape of all the people who enter
      the polling place).

II. Robustness Issues

    A. Robustness against Hardware/Software failures

       1. Making sure ballot reconciliation is not affected by hardware
          failure during election.

    B. Robustness against other malicious attacks.

       1. Illegal modification of the ballots

          a. By Users / Voters
          b. By Voting Officials
          c. By others

          d. Types of attacks:
             i. insert
             ii. delete
             iii. modify

          e. Context for attacks:
             i. Electronic ballots
                 1. During local creation/storage
                 2. During any electronic transmission
             ii. Physical ballots (tampering, ballot-box stuffing/destruction)

       2. Related: Being able to verify/trust that all ballots were counted.
          a. Removing the "black box" aspect to electronic voting.
             This refers to voters not being able to see how the electrons
             are stored on disk to verify the votes they casted are accurate.

    C. Robustness against (non-adversarial) human error

       1. Voter error
          a. During Electronic Interaction
             i. Validating accuracy of system in recording voter intent.
          b. During physical handling of printed ballot

       2. Errors by Voting Officials
          a. In setting up electronic system
          b. In physical handling of printed ballots
          c. In closing phase of election
             i. dealing with electronic system
             ii. dealing with physical ballots

       3. Errors by others
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Sun Nov 30 23:17:11 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 30 2003 - 23:17:13 CST