Towards greater efficiency
This presentation is the property of its rightful owner.
Sponsored Links
1 / 51

Towards greater efficiency PowerPoint PPT Presentation


  • 69 Views
  • Uploaded on
  • Presentation posted in: General

Towards greater efficiency. April 2012. Pablo Sarrias EVP Sales&Marketing [email protected] Internet Voting Solutions. Oleksiy Lychkovakh Business Development Manager [email protected] Index. About Scytl Our solutions portfolio Pnyx – our core technology

Download Presentation

Towards greater efficiency

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Towards greater efficiency

Towardsgreaterefficiency

April 2012

Pablo Sarrias

EVP Sales&Marketing

[email protected]

Internet VotingSolutions

Oleksiy Lychkovakh

Business Development Manager

[email protected]


Index

Index

  • About Scytl

    • Oursolutions portfolio

    • Pnyx – ourcoretechnology

  • Advanced e-votingsecurity

  • E-votingriskstoconsider


About scytl

About Scytl

A Global provider of Election modernization


About scytl1

About Scytl

Overview

Worldwide leader

in secure electronic voting &

electoral modernization

70% market share

15 out of 17

countries using

our system

Strong scientific background

university spin-off

Largest patent portfolio

41 patents worldwide

Leadingadvisor

of international institutions

& governmental agencies


About scytl2

About Scytl

Overview


About scytl3

About Scytl

Wherewework

London

Kiev

Toronto

Barcelona

Baltimore

Athens

Tampa

New Delhi


About scytl4

About Scytl

Ourcustomers

Canada

USA

Mexico

Peru

Argentina

Finland

Norway

The UK

France

Spain

Switzerland

The EU

Austria

Slovakia

BiH

Ethiopia

The UAE

India

The Philippines

Australia

South Africa


About scytl5

About Scytl

Audits & Certifications

European Commission (EU)

Canton of Neuchâtel (Switzerland)

City of Barcelona (Spain)

Electoral Commission (Philippines)

State of Victoria (Australia)

State of Gujarat (India)

State of Florida (US)

Ministry of Science and Research (Austria)

Ministry of Justice (UK)

Ministry of Local Government (Norway)

Ministry of Foreign Affairs (France)

Electoral Commission (UAE)


About scytl6

About Scytl

International awards

  • Scytl has received multiple international awards, including:

    • ICT Prize, granted by the European Commission.

    • European Venture Contest Award, granted by the European Association of Venture Capital.

    • Best Case Label, granted by the European Commission.

    • Leader de l’ITech-Economie,granted by the French Chambers of Commerce.

    • Global Innovator Award, granted by The Guidewire Group.

    • Red Herring 100,granted Red Herring Magazine.

    • Premi Ciutat de Barcelona, granted by the City of Barcelona.

    • ebiz egovernment award, grantedby the Austrian chancellery.

    • Tech Start-up 100 granted by the Telegraph

    • eWorld award granted by the Indian Government


About scytl7

About Scytl

StrategicAlliances


About scytl8

About Scytl

References (1/3)

  • Peru - Organization of American States

  • 2010 to 2011

  • Comprehensive audit of the in-person electronic voting solution developed by the National Office of Elections of Peru (ONPE).

  • South Africa - NCOP

  • Expected on 2011 to 2012

  • Implementation of the Parliament Voting Solution in the National Council of Provinces

  • United Arab Emirates – EIDA

  • 2011 (and next years)

  • Electronic Voting for the National Electoral Commission of UAE.

  • Norway - Ministry of Local Government

  • 2010 to 2015.

  • Voting system to cover all public Norwegian Elections i.e. County, Municipality, Parliamentary elections and Referendums.

  • India - State of Gujarat

  • 2010 to 2015.

  • Internet voting will be used during 5 years.

  • 30-40% illiteracy rate among voters.

  • 50 million voters.

  • Bosnia & Herzegovina-

  • Central Election Commission

  • 2010 to 2012

  • Developed an Integrated Information Election System: Election preparation, processing, certification of candidates, political parties & printing of the ballots, Election night reporting, …

11.


About scytl9

About Scytl

References (2/3)

  • United State - West Virgina State

  • 2010

  • Absentee Voters Solution for West Virginian voters who live overseas

  • Australia - Victoria Electoral Commission

  • 2006-2010

  • Voting solution for handicapped and illiterate voters for State-level Elections.

  • Philippines, COMELEC

  • 2007

  • Internet Voting for Filipino citizens living abroad.

  • United States - Department of Defense

  • 2010

  • Absentee Voters Solution compliant with the MOVE Act. Delivery of blank ballots and ballots marked online to 6 Million overseas voters.

  • United States - District of Columbia Board

  • of Elections and Ethics

  • 2010

  • Early-voting solution that allowed to share voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting.

  • United States - State of Texas

  • 2010.

  • Early-voting solution that allowed sharing voter data in real-time between polling places across the District, and to cast their ballots anywhere during Early Voting.

12.


About scytl10

About Scytl

References (3/3)

  • Catalonia (Spain) - City of Barcelona

  • 2010

  • Internet-based citizen consultation to vote remotely or from one of the 110 polling centers

  • 1,4 million citizens

  • France - Ministry of Foreign Affairs

  • 2009 to 2013

  • Internet voting for French non-residents citizens to vote for their representatives in the Senate

  • United States, State of Florida

  • 2008, 2010

  • Internet Voting allowing the Military Overseas Absentee voters located in Japan, Germany and the UK participate in the 2008 and 2010 Elections.

  • UnitedKingdom - Ministry of Justice

  • 2007

  • E-voting solutions in multichannel scenarios for the Municipality Elections of Rushmoor and South Bucks

  • Canada -

  • National Democratic Party

  • 2012

  • Internet Voting for the NDP Leadership Election

  • France - Ministry of National Education

  • and Ministry of Universities and Higher Education

  • 2010 to 2013

  • Internet voting for more than 1.000.000 staff employed by both Ministries to vote for their Union representatives.

13.


Our solutions portfolio

Oursolutions portfolio

Solutions for all the stages in the Election life cycle


Our solutions portfolio1

Oursolutions portfolio

Solutions portfolio

Corporate Management

Election

Management

eVoting

pollworker trainingasset management

online help desk

task management

information portal

voter registration

election configuration

voter list

results consolidation

election night report

Internet voting

voting kiosks

telephone voting

eBallotdelivery

Parliaments & Assemblies

Consulting Services

eDemocracy

e-consultations

citizen web portal

field agent

dissemination & tracking

satisfaction assessment

in house e-voting

session management

internet voting

webcasting

electoral consultingproject management


About scytl11

About Scytl

Product portfolio

Post-Election

ElectionDay

Pre-Election

Election Management

Management

Voting

Talling

Consolidation

Reporting

Electronic Pollbooks

Poll-siteeVoting

VoterRegistration

ResultsConsolidation

ElectionNightReporting

PollingStationeVoteTally

CandidateFiling

Internet Voting

ParticipationReporting

ElectionHelpDesk

Internet and IVR eVoteTally

Pollworker Training

Management Dashboard

PhoneVoting

PaperBallotScanning

(PCOS & CCOS)

BallotDesign

Electronic BallotDelivery

Asset Tracking

Election Project Management

PaperBallots


Our solutions portfolio2

Our solutions portfolio

Benefits of a provensolution VS in-house

Time-to-market

Research & experience

Manage risk

Cost effectiveness

  • Building state-of-the-art e-voting solutions requires extensive academic research.

  • Teaming up with the market leader allows learning from previous experiences.

  • Large amount of references successfully carrying out high-profile and election critical projects.

  • Using an existing and proven solution is more cost effective than building one from scratch.

  • Developing an advanced e-voting solution is time consuming, complex and effort extensive.

  • Using a certified and proven existing e-voting solution significantly reduces time-to-market.

  • Immediately pursue any window of opportunity.

  • Building a new solution may be in conflict with one or more of over 1.000 patents in the field of e-voting.

  • Using a certified and proven existing solution significantly eliminates risk.

  • Governments and companies were unsuccessful introducing new e-voting solutions.


Towards greater efficiency

Pnyx

Internet Voting Solution overview


Towards greater efficiency

Pnyx

WhatisPnyx?

Pnyxisthenamewegave to ourcoreelectronicvotingtechnology:

It is the result of over 17 years of research security applied to electronic voting processes.

Itisbasedongroundbreakingcryptographictechnology.

Itguarantees the same levels of trust, security and privacy that exist in conventional paper-based elections without having to trust either the administrators of the system or the complex technological systems used.


Towards greater efficiency

Pnyx

Efficiency

Scytl uses pioneering technology to optimize the delivery of public services, enhancing governments’ efficiency in carrying-out electoral processes:

Cost-effective

Speed

Enfranchisement

The use of remote electronic voting technologies is the ultimate answer to voter enfranchisement, allowing overseas and remotely located voters to exercise their right to vote.

  • Economies of scale:

  • Avoiding elevated storage and maintenance costs

    • Allowing to reuseexistinginfrastructure

    • Eliminatingprinting, postage & mailing costs

Speed-up the counting process by electronically receiving the results from all the polling places, automatically consolidate them and assign the corresponding mandates.

20.


Towards greater efficiency

Pnyx

Usability

Scytl’ssolutionshavebeenspecificallydesignedto be accessible to bothcomputer-illiterate and disabledvoters, whileadapting to anylanguagespecificities:

Flexibility

Ease of use

Accessibility

Reproduce a similar process to paper-based elections, allowing computer-illiterate people to vote without any previous training.

Scytl takes into account the specific needs of the voters with disabilities and enables them to participate in elections without assistance, fully guaranteeing their privacy.

Adapted to any ballot format

Supports multiple languages.

Scytl has provided solutions in: Russian, Gujarati, Arabic, Mandarin, etc.


Towards greater efficiency

Pnyx

Security

Scytl's solutions provide end-to-end security, preventing both internal and external attacks, guaranteeing voters’ privacy and allowing their audit by authorized third-parties:

Integrity

Auditability

Privacy

Advancedtamper-proof security measures using ground-breaking and highly advanced cryptography to prevent attacks from anyone, including hackers or system administrators with privileged access.

Can be audited by independent experts before, during and after the election day.

Voters are provided with a voting receipt that allows them to check that their vote has been counted.

Votes are encrypted in the voters' voting device before they are cast. Only the Electoral Board can decrypt the votes. The decryption of the votes is carried out by breaking the correlation between the voters' identity and their vote.


Advanced e voting security

Advanced e-voting security

Pnyx


Advanced e voting security1

Advanced e-votingsecurity

Each individual ballot is correctly added to the total number of ballots. 

An individual ballot remains anonymous despite any technical means that could be used to track it down. 

No any individual ballot that really was not cast can be added to the total number of ballots. 

The possibility of votes buying and selling is not higher than using traditional election procedure. 

The possibility of any form of 'family voting’ (in family, at workplace etc.) is not higher than using traditional election procedure. 

Civil society observers can verify that elections using E-voting is fair even if they don’t have any specific knowledge in computer technology. 

No one can misuse the voting process by offering a computer (voting point) to derive profit from it. 

Voting process can be suspended only due standard force majeure events not due some people’s intentional wrecking.

Problems that need to be addressed


Advanced e voting security2

Advanced e-votingsecurity

Security concepts in Internet Voting

Cast as intended verification

+

Recorded as cast verification

+

Vote encryption

+

Multiple voting

+

Digital signatures

Universal verifiable Mix-net

+

Secret Sharing Schemes

+

Eligibility verifiability

+

Immutable logs

Voter privacy compromise

Innacurate auditability

Vote tampering

Vote deletion

Voter coercion, family voting and vote buying

Unauthorized voters casting votes

Voter impersonation / Ballot stuffing

Intermediate results

Specific DoS countermeasures

Election boycott-denial of service


Advanced e voting security3

Advanced e-votingsecurity

Conventionalsecuritymeasures

System Administrator

E-voting technological infrastructure

Voter

Electoral Board

Electronic voting with conventional security measures

  • Protection only focused on external threats and attacks.

  • Voter’s authentication solved but voter’s privacy not addressed.

  • Electoral board’s has no role.

  • Lack of voter-verifiability (“Thank you for having voted” messages).


Advanced e voting security4

Advanced e-votingsecurity

Scytl’sspecializedsecuritymeasures

System Administrator

  • Application-level cryptographic protocol running on the voter’s device and on an air-gapped electoral board server.

  • Protection focused also on internal threats and attacks.

  • Focus on the specific security requirements of voting rather than on the generic ones.

e-Voting technological infrastructure

Voter

Electoral Board

Electronic voting with Scytl’s specialized security technology


Advanced e voting security5

Advanced e-votingsecurity

Scytl’sspecializedsecuritymeasures

  • Scytl' specialized e-voting security technology is focused on the specific security needs of elections

  • End-to-end security

System

Administrator

Electoral Board

Voter

  • Protection of the votes:

  • -Protection of partial results

  • -Integrity of the ballot box

  • -Fully auditable results

  • -Universal verifiability

State of the art E-Voting security:

-Cast as Intended

-Recorded as Cast

-Counted as Cast

-Voter self verification

-Voter privacy

-Zero trust Client

Digital ballot box

  • Protection against internal attacks

  • (End-to-end security from the voter to the Electoral Board)


Advanced e voting security6

Advanced e-votingsecurity

The Saeima shall be elected in general, equal and direct elections, and by secret ballot based on proportional representation

Article 6 of the Constitution of Latvia


E voting risks to consider

E-voting risks to consider


E voting risks to consider1

E-votingrisks to consider

General securityrisks of remotevoting

Voter privacy compromise

Innacurate auditability

Vote tampering

Vote deletion

Voter coercion and vote buying

Election boycott-denial of service

Unauthorized voters casting votes

Voter impersonation / Ballot stuffing

Intermediate results


E voting risks to consider2

E-votingrisks to consider

Voterauthenticationrisks

  • How can we proof voter identity in a remote way?

  • Username and password methods:

    • Username and password values are stored in the voting server to verify voter identity: they are vulnerable to credential stealing.

    • High Risk: Unauthorized voters, voter impersonation and ballot box stuffing

  • Digital certificates

    • Digital certificates and digital signatures: provides strong authentication. No personal credentials are stored on the voting server and (encrypted) votes can be digitally signed.

    • Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering

Pnyx


E voting risks to consider3

E-votingrisks to consider

Voterauthenticationrisks

  • How can we proof voter identity in a remote way?

  • Supervised kiosk:

    • Voter is identified in-person by poll workers at a supervised center

    • Low Risk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering

Pnyx


E voting risks to consider4

E-votingrisks to consider

Vote secrecy

  • How can we protect a vote from eavesdroppers?

  • Network encryption:

    • Voting options are only encrypted while transmitted over the network but processed in clear at the voting server: they are vulnerable to attackers that have access to the server.

    • High Risk: Voter privacy compromise, vote tampering, intermediate results and voter coercion

  • Application level encryption:

    • Voting options are encrypted at the voting terminal and remain encrypted until the electoral board decrypts them: they are not vulnerable to server attacks.

    • LowRisk: Voter privacy compromise, vote tampering, intermediate results and voter coercion

Pnyx


E voting risks to consider5

E-voting risks to consider

Vote integrity

  • How can we protect votes from being modified?

  • MAC functions:

    • Vote integrity is protected by means of a voter/server shared MAC key stored in the voting server: they are vulnerable to key stealing.

    • Medium Risk: Vote tampering and vote impersonation/ballot box stuffing

  • Digital signatures and Zero knowledge proofs of origin:

    • Private values needed to perform digital signatures and ZK proofs are not stored on the server.

    • LowRisk: Unauthorized voters, voter impersonation, ballot box stuffing and vote tampering

Pnyx


E voting risks to consider6

E-votingrisks to consider

Election Key Security

  • How can we protect a vote from decryption?

  • Access control:

    • Access to the decryption key is protected by authentication and authorization (ACL) means: vulnerable to brute force attacks.

    • High Risk: Voter privacy compromise, intermediate results and voter coercion

  • Secret sharing schemes:

    • Threshold cryptography is used to create and split the election key in shares without requiring to store the key as a whole anywhere. A minimum number of Electoral Board members must collaborate with their key shares to decrypt the votes.

    • Low Risk: Voter privacy compromise, intermediate results, voter coercion and denial of service

Pnyx


E voting risks to consider7

E-votingrisks to consider

Voterprivacy

  • How to preserve voter anonymity?

  • Straight forward decryption:

    • Clear text votes can be correlated with encrypted votes, which could be connected to the voters: voter privacy could be broken.

    • High Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion

  • Mixnets:

    • Encrypted votes are shuffled and decrypted (or re-encrypted and decrypted) several times before obtaining the clear-text votes. Encrypted votes and decrypted ones cannot be directly correlated by position, preserving voter privacy.

    • Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion

Pnyx


E voting risks to consider8

E-votingrisks to consider

Voterprivacy

  • How to preserve voter anonymity?

  • Homomorphic tally:

    • Encrypted votes are not individually decrypted. The result is the decryption of the operation of all the encrypted votes.

    • Low Risk: Voter privacy compromise, vote tampering, ballot stuffing and voter coercion

Pnyx


E voting risks to consider9

E-votingrisks to consider

Electionauditability

  • How to audit election fairness?

  • Standard logs:

    • Sensitive operations are registered in standard log files: logs could be altered without being noticed to hide malicious practices.

    • High Risk: Inaccurate auditability, voter privacy compromise, vote tampering, ballot stuffing, voter coercion, etc.

  • Immutable logs:

    • All sensitive operations are registered in cryptographically protected logs and cannot be manipulated.

    • Low Risk: Inaccurate auditability.

  • Standard receipt:

    • Voters receive a proof of casting based on non-cryptographically protected information (i.e., does not provide counted as cast features).

    • High Risk: Inaccurate auditability.

Pnyx


E voting risks to consider10

E-votingrisks to consider

Electionauditability

  • How to audit election fairness?

  • Individual voter verification - cast as intended:

    • Voter is able to verify that the vote recorded by the voting server contains the voting options originally selected by herself. (E.g., Return Codes).

    • Low Risk: Inaccurate auditability.

  • Individual voter verification - counted as cast:

    • Voters are able to verify that their votes have been included in the final tally. This verification can be complemented with the Universal verifiability

    • Low Risk: Inaccurate auditability.

Pnyx

Pnyx


E voting risks to consider11

E-votingrisks to consider

Electionauditability

  • How to audit election fairness?

  • Universal verifiability:

    • Allows observers or independent auditors to verify the proper decryption of the votes by means of using cryptographic proofs (e.g., ZKP) generated by the decryption process.

    • Low Risk: Inaccurate auditability.

  • End-to-end verification:

    • Combination of individual and universal verifiability

    • Lowest Risk: Inaccurate auditability.

Pnyx

Pnyx


Implementation faq

Implementation FAQ

Typical questions


Implementation faqs

Implementation FAQs

How much time it is needed to implement Internet Voting?

Is it a reduced pilot recommended, or a country roll out?

Is it better to start using the system on an Election or on a referendum or consultation?

Is the legislation ready?

What is the certification of the system be in Latvia?

How are citizens going to be authenticated?

How much does it cost?

Typical questions


Latvia

Latvia

Current schema discussed


Our solutions portfolio3

Our solutions portfolio

Voterregistration

In order to carry out Internet voting, voters must be correctly authenticated before they can access the system.

Several options are available:

  • Existing digital certificates (e.g. an e-ID)

  • Voting credentials subject to physical identification

  • Special credentials sent by mail or online credentials

  • Existing credentials used to access other government systems

  • Personal data available to the EA.

  • No credentials

Pnyx has been designed so that it can be easily integrated with existing voter registration systems and processes.


Our solutions portfolio4

Our solutions portfolio

Electionconfiguration

Scytl allows you to configure electronically any aspect of the electoral process, including:

Once the election is configured, a Electoral Board is created before the e-voting process starts. Each of the members is given a share of the election key used to open all of the digital votes. A threshold is required to reconstruct the key at the end of the e-voting process.

Electoral Board


Our solutions portfolio5

Our solutions portfolio

Votingprocess

Scytl offers groundbreaking and highly secure electronic voting solutions for both remote and on-site voting:

eBallot Delivery

Phone Voting

On-site eVoting

Remote eVoting

Un- & Controlled environments

Uncontrolled environment

Uncontrolled environment

Controlled environment

Voters receive their ballot electronically, mark it online, return it by mail, fax or email and at any point check its status

Casting of votes through any device (PC, mobile phone, PDA, etc.) with an Internet connection

Casting of votes from electronic voting terminals located in polling stations

Casting of votes from a land line or mobile phone, from a polling station or any place with coverage


Our solutions portfolio6

Our solutions portfolio

Ballotcounting and consolidation

The decrypted ballots are talliedand the results are provided to the Electoral Board

Step 1

Step 2

The Electoral Board rebuilds the election key using their shares

The digital ballot box is downloaded and transported to an isolated environment under the control of the Electoral Board

Step 4

Step 3

A Mixing process is started that decrypts the votes and breaks any correlation between the ballot and elector

49.


Our solutions portfolio7

Our solutions portfolio

Reporting

  • Election results broadcast on the web

  • Maps, Bar charts, Downloadable reports

  • RSS, Email and Social Media integration

  • City, County & State-wide presentation

    • Benefits:

    • Improves the dissemination of information to the public

    • Increases transparency and public outreach

  • 50.


    Our solutions portfolio8

    Our solutions portfolio

    Pricingpolicy

    • Multiple factors can have an influence on the cost of an election, including but not limited to:

      • The number of voters that are eligible to participate with an election.

      • Sizing and other requirements for Hardware and Network infrastructure.

      • Hosting of the solution.

      • Support requirements.

      • Helpdesk and/or call center needs.

      • Electoral requirements.

      • Voting channels that will being used.

      • Voter authentication mechanisms.

      • Potential voter registration and election administration requirements.

      • Customization requirements, potential integration with existing solutions.

      • Additional solutions and services that may be needed.


  • Login