Online voting can't be trusted on standard PCs
Published: 08 Mar 2004 12:35 GMT
What you need to know
Gartner believes that until trustable computing platforms are widely available in standard PCs, online voting will require significant investment in additional security methods (such as smart cards or "portable sandboxes") to maintain the integrity of elections. The open review of online voting software is also required for high security and trust.
Analysis
A standard security tenet is that the criticality of the application defines how strongly the system must be secured. Online voting systems require the highest levels of security to maintain the integrity of the election process. Standard PCs are not secure enough to meet the security requirements of online voting. Software and hardware capabilities must be added.
Security requirements for online voting
The critical security requirements for online voting are:
- Authentication -- Voters' real-world identities must be strongly proved, and voters must be certain that their votes are sent to a legitimate voting system.
- Confidentiality -- Voters must be confident that unauthorised parties can't determine how they voted.
- Confirmation/nonrepudiation -- Voters must be certain that their votes are counted toward the candidate for whom they voted.
The physical systems used for in-person voting and mail-in absentee balloting don't provide perfect levels of these three categories of security, as proved by the 2000 US presidential elections. However, election fraud on a mass scale is difficult, costly and hard to conceal in old-fashioned physical voting systems. Online voting systems that accept votes from any PC, anywhere, escalate the risk.
Trustable computers are required
The MyDoom worm (see "How to Limit Damage from the MyDoom Worm") is the most-recent example of globally spread malicious software attacks that install Trojan software onto Windows-based PCs. Trojan software looks like a standard application, but it can include hostile capabilities, such as keystroke capture, screen scraping and remote control. This software has been discovered on public computers in cybercafes, college campuses and copy shops, as well as on PCs. Spyware -- software covertly installed by Web sites on visiting PCs -- poses a similar threat.
If this type of software can run on a PC while a voter is entering his or her vote online, there can be no guarantee of authentication, confidentiality or nonrepudiation. This risk may be acceptable for online commerce and even online banking, where transactions can be cancelled if fraud is suspected. However, even in those markets, the Trojan software problem has led to the use of out-of-band authentication (such as password generator tokens or text messaging to cellular phones) or additional hardware, such as smart cards or biometrics, for high-value transactions. Online voting is one of the highest-value transactions.
A trusted execution environment (see "Trustable Computing Platforms Defined" and "Three Scenarios for Trustable Computing Platforms") is required on PCs that participate in online voting to enable secure voting. A trusted execution environment ensures that untrusted software can't run while trusted software is running. This capability is not available on the standard PC platform because the Windows operating system and Intel processor architecture don't support the necessary safeguards.
The Trusted Computing Group (TCG) consortium ("Trusted Computing Group Will Have Little Impact") is developing standards for trustable computing platforms that will support a trusted execution environment. This environment will be built around Microsoft's Next-Generation Secure Computing Base modifications to its Windows kernel and Intel's LaGrand technology improvements to the standard PC CPU/motherboard hardware. Prior to 2008, trustable computing platforms will not be available in more than 80 percent of PCs (0.7 probability).
Previous
Did you find this article useful?
2000 out of 2140 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
