NIST Research on UOCAVA Voting

About This Presentation

Title:

Description:

Number of Views:60

Avg rating:3.0/5.0

Slides: 16

Provided by: AndrewReg7

Learn more at: https://www.nist.gov

Category:

more less

Transcript and Presenter's Notes

Title: NIST Research on UOCAVA Voting

1
NIST Research on UOCAVA Voting

2
Overview

3
EAC/NIST Involvement in UOCAVA voting -1

Help America Vote Act - EAC to study electronic
transmission of ballots
National Defense Authorization Act FY2005 - EAC
guidelines on electronic absentee voting
Military and Overseas Voting Empowerment Act-
Pilot Project

4
EAC/NIST Involvement in UOCAVA voting -2

NIST conducting research to support EACs efforts
on UOCAVA voting
Scope of current NIST research focused on
security
New security issues introduced by UOCAVA voting
Past NIST research on usability, accessibility,
reliability, software assurance, etc., would
apply to UOCAVA voting systems

5
EAC/NIST Involvement in UOCAVA voting -3

6
UOCAVA Report Overview -1

7
UOCAVA Report Overview -2

8
UOCAVA Report Overview -3

Threat analysis performed for each transmission
option at each stage
Analysis based on NIST SP 800-30 Risk Management
Guide for Information Technology Systems
Identified mitigating security controls, where
possible
Both technical and procedural controls
Security controls taken from NIST SP 800-53
Recommended Security Controls for Federal
Information Systems

9
Initial Conclusions -1

Registration and Ballot Request
Main concern handling/transmitting sensitive
voter information
Threats to electronic transmission can be
mitigated through technical controls and
procedures
Threats to e-mail and web-based systems pose
greater security challenges

10
Initial Conclusions -2

Blank Ballot Delivery
Main concerns reliable delivery, integrity of
ballots
Threats to electronic transmission can be
mitigated through technical controls and
procedures
Electronic ballot accounting more difficult than
with physical ballots

11
Initial Conclusions -3

Voted Ballot Return
Main concerns reliable delivery, privacy,
integrity of voter selections
Electronic methods pose significant challenges
Fax presents fewer challenges, but limited
privacy protection
Threats to telephone, e-mail, and web voting are
more serious and challenging to overcome

12
Current Work -1

IT Security Best Practices for UOCAVA Voting
Systems
Minimal set of best practices applicable to all
UOCAVA election system components
Intended to help jurisdictions and manufacturers
develop better systems and supporting procedures
Based on NIST guidelines for federal IT systems
Will include best practices on user
authentication, cryptography, system hardening,
and network security
Expected draft for public comment 1st quarter of
2010

Page 12
13
Current Work -2

Best Practices for Securing the Electronic
Transmission of Election Materials
Collected UOCAVA election procedures from
multiple jurisdictions
Will document security best practices for using
e-mail and web sites for ballot requests and
ballot delivery
Augments EACs existing best practices for UOCAVA
voting
Expected draft for public comment 2nd quarter of
2010

Page 13
14
Current Work -3

Security Considerations for Remote Electronic
UOCAVA Voting
Research document that will define security
objectives for remote electronic voting
Will identify security issues that can or cannot
be solved with current technology
Purpose to inform future work on remote
electronic voting
Expected release 2nd quarter of 2010