The Italian Academic Communitys Electronic Voting System

1
The Italian Academic CommunitysElectronic
Voting System

• Pierluigi Bonetti
• Lisbon, May 2000

2
What is CINECA

• A Consortium of 15 Italian Universities
• Mission to provide the most advanced computing
  and networking services to universities and
  industries
• Founded in 1969
• About 150 full timeresearchers

3
CINECA resources

• Cray T3E - 256 nodes
• IBM SP/2 - 32 nodes
• IBM SP/3 - 8 nodes
• SGI Onyx2
• SGI Origin 2000
• SGI Challenge L-2
• Gigabit backbone LAN
• 10 Mbps connection to Internet
• The first and uniqueVirtual Theatre in Italy

4
How Italian Universities recruit teaching staff

• When a University offers a position, an
  evaluation committee is needed
• Members of the committee have to be elected
  amongst all the teaching staff in all the Italian
  Universities belonging to the scientific
  discipline related to the position offered
• Each offered position, therefore, requires a
  nation-wide election (!)

5
Complexity
Thousands of elections, each with a different
list of candidates and involving many thousands
of electors
Achieving this objective with traditional methods
is impossible
The Ministry for University and Scientific and
Technologic Research asked us to build an
Electronic Voting System
6
Requirements

• As in a traditional election
• Legitimacy only those who have the right to vote
  can vote and can cast only one vote
• Secrecy no one can read the vote until the
  polling phase
• Anonymity the identity of the voter cannot be
  traced from the vote cast
• Integrity the vote cannot be modified once it
  has been cast
• In addition
• Acknowledge receipt of each vote cast

7
The Electronic Voting System

• A Central Electoral Office for voting
  authorizations
• A Central Ballot-Box collecting votes
• Many Polling Stations distributed all overthe
  country and directly connected to the two central
  entities
• Smart card based asymmetric cryptography

8
The Polling Station
9
Voting operations

• The voter is identified at a Polling Station by
  an electoral committee
• He receives a one time use personal secret code

• He votes using a network terminal
• The printer prints out a record with the name of
  the voter and periodic accountingon the number
  of voters

10
Polling operations

• Each Recruitment Procedure Officer, using his
  smart card, gets the encrypted votes from the
  Central Ballot-Box and decrypt them

• He determines the results, signs them with the
  smart card and gets them published on the Web in
  real-time

11
Polling Station software

• A specific client in Java
• No local data
• Simple to use even for non-technical skilled
  people

• Mouse use not required
• Confirmation required before any critical action

12
The Certification Authority
Issues X.509v3 certificates for
13
Global architectureThe voting phase
Central Electoral Office
Central Ballot-Box
Polling Station
Voter
14
Global architecture The poll phase
Central Electoral Office
Central Ballot-Box
Polling station
Recruitment Procedure Officer
15
Hardware
CONTROL WORKSTATION
CENTRAL ELECTORAL OFFICE
ACCESS ROUTERS
CENTRAL BALLOT-BOX
Polling station x
Polling station y
CERTIFICATION AUTHORITY
ISDN ROUTER
ISDN ROUTER
PRINTER
PRINTER
STATION 1
STATION 2
STATION 1
STATION 2
STATION 3
16
The Network

• Private ISDN network configured as a closed user
  group
• Direct connection from each Polling Station to
  the central servers
• Dial-on-demand with multi-link PPP
• Caller ID verification
• Centralized management of each network device

17
Security systems

• Votes are protected by
• Strong asymmetric cryptography based on smart
  card
• SSL authentication with X.509v3 certificates
• Digital signature of the Polling Station

18
Votes flow
RECRUITMENT PROCEDURE OFFICER PUBLIC KEY
CENTRAL BALLOT-BOX PUBLIC KEY
POLLING STATION PRIVATE KEY
Polling phase
ISDN LINE
ISDN LINE
RECRUITMENT PROCEDURE OFFICER PRIVATE KEY
CENTRAL BALLOT-BOX
19
Why is the system secure?

• Authentication for both client and server
• All communications are 1024 bit RSA protected
• The intranet is not connected to the public
  Internet
• Each vote is encrypted with the Recruitment
  Procedure Officer public key and signed by the
  Polling Station
• No relation between the vote and the voter

Protection against the system managers
20
System certification
This solution has been checked and certified as
safe by a Technical Committee on behalf of the
Ministry for University and Scientific and
Technologic Research
21
The first voting session in 1999Some numbers

• 1969 elections and different candidate lists
• 42497 electors
• 79 Polling Stations in 72 Universities
• 209 Voting Stations
• 26873 voters (63)
• 163645 votes cast

• Opening time for Polling Stations 3 weeks
• Average number of votes due by each voter 6
• Average elapsed time for each voter 5 minutes
• Average elapsed time from the beginning of the
  polling phase and the publishing of the results
  on the Web 1 minute

22
Future extensions

• A personal identity card for each voter instead
  of the one-time-use secret code
• Polling Stations on the public Internet
• Feasibility of voting from any PC
• Other kinds of elections...

23
For any information
evote_at_cineca.it