NIST Research on UOCAVA Voting - PowerPoint PPT Presentation

About This Presentation
Title:

NIST Research on UOCAVA Voting

Description:

NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology http://vote.nist.gov Page * Overview EAC/NIST Involvement in UOCAVA ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 16
Provided by: AndrewReg7
Learn more at: https://www.nist.gov
Category:

less

Transcript and Presenter's Notes

Title: NIST Research on UOCAVA Voting


1
NIST Research on UOCAVA Voting
  • Andrew Regenscheid
  • National Institute of Standards and Technology
  • http//vote.nist.gov

2
Overview
  • EAC/NIST Involvement in UOCAVA voting
  • Overview of UOCAVA Threats Report
  • Current Work

3
EAC/NIST Involvement in UOCAVA voting -1
  • Help America Vote Act - EAC to study electronic
    transmission of ballots
  • National Defense Authorization Act FY2005 - EAC
    guidelines on electronic absentee voting
  • Military and Overseas Voting Empowerment Act-
    Pilot Project

4
EAC/NIST Involvement in UOCAVA voting -2
  • NIST conducting research to support EACs efforts
    on UOCAVA voting
  • Scope of current NIST research focused on
    security
  • New security issues introduced by UOCAVA voting
  • Past NIST research on usability, accessibility,
    reliability, software assurance, etc., would
    apply to UOCAVA voting systems

5
EAC/NIST Involvement in UOCAVA voting -3
  • Past Work
  • A Threat Analysis on UOCAVA Voting Systems
  • Current Work
  • IT Security Best Practices for UOCAVA Voting
    Systems
  • Best Practices for Securing the Electronic
    Transmission of Election Materials
  • Security Considerations for Remote Electronic
    UOCAVA Voting

6
UOCAVA Report Overview -1
  • NISTIR 7551 A Threat Analysis on UOCAVA Voting
    Systems
  • Report looks at using different technologies for
    all aspects of UOCAVA voting
  • Splits voting process into three stages
  • Voter Registration/Ballot Request (e.g, FPCA)
  • Ballot Delivery
  • Ballot Return

7
UOCAVA Report Overview -2
  • Five transmission methods considered for each
    stage
  • Postal Mail
  • Telephone
  • Fax
  • Electronic Mail
  • Web-based (e.g., web sites)

8
UOCAVA Report Overview -3
  • Threat analysis performed for each transmission
    option at each stage
  • Analysis based on NIST SP 800-30 Risk Management
    Guide for Information Technology Systems
  • Identified mitigating security controls, where
    possible
  • Both technical and procedural controls
  • Security controls taken from NIST SP 800-53
    Recommended Security Controls for Federal
    Information Systems

9
Initial Conclusions -1
  • Registration and Ballot Request
  • Main concern handling/transmitting sensitive
    voter information
  • Threats to electronic transmission can be
    mitigated through technical controls and
    procedures
  • Threats to e-mail and web-based systems pose
    greater security challenges

10
Initial Conclusions -2
  • Blank Ballot Delivery
  • Main concerns reliable delivery, integrity of
    ballots
  • Threats to electronic transmission can be
    mitigated through technical controls and
    procedures
  • Electronic ballot accounting more difficult than
    with physical ballots

11
Initial Conclusions -3
  • Voted Ballot Return
  • Main concerns reliable delivery, privacy,
    integrity of voter selections
  • Electronic methods pose significant challenges
  • Fax presents fewer challenges, but limited
    privacy protection
  • Threats to telephone, e-mail, and web voting are
    more serious and challenging to overcome

12
Current Work -1
  • IT Security Best Practices for UOCAVA Voting
    Systems
  • Minimal set of best practices applicable to all
    UOCAVA election system components
  • Intended to help jurisdictions and manufacturers
    develop better systems and supporting procedures
  • Based on NIST guidelines for federal IT systems
  • Will include best practices on user
    authentication, cryptography, system hardening,
    and network security
  • Expected draft for public comment 1st quarter of
    2010

Page 12
13
Current Work -2
  • Best Practices for Securing the Electronic
    Transmission of Election Materials
  • Collected UOCAVA election procedures from
    multiple jurisdictions
  • Will document security best practices for using
    e-mail and web sites for ballot requests and
    ballot delivery
  • Augments EACs existing best practices for UOCAVA
    voting
  • Expected draft for public comment 2nd quarter of
    2010

Page 13
14
Current Work -3
  • Security Considerations for Remote Electronic
    UOCAVA Voting
  • Research document that will define security
    objectives for remote electronic voting
  • Will identify security issues that can or cannot
    be solved with current technology
  • Purpose to inform future work on remote
    electronic voting
  • Expected release 2nd quarter of 2010

Page 14
15
UOCAVA Report
  • NISTIR 7551 A Threat Analysis on UOCAVA Voting
    Systems
  • available at
  • http//vote.nist.gov
Write a Comment
User Comments (0)
About PowerShow.com