Federal Voting Assistance Program (FVAP)

Similar documents
SMart esolutions Information Security

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Overview. SSL Cryptography Overview CHAPTER 1

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Public Key Infrastructure. What can it do for you?

CSE 565 Computer Security Fall 2018

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Certification Authority

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Public Key Infrastructure

U.S. E-Authentication Interoperability Lab Engineer

Implementing Secure Socket Layer

PKI Configuration Examples

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

SECURITY & PRIVACY DOCUMENTATION

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Network Security and Cryptography. 2 September Marking Scheme

Support for the HIPAA Security Rule

ISO INTERNATIONAL STANDARD. Road vehicles Extended data link security. Véhicules routiers Sécurité étendue de liaison de données

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Technologies for Securing the Networked Supply Chain. Alex Deacon Advanced Products and Research Group VeriSign, Inc.

Configuring SSL CHAPTER

Government PKI Factors Influencing Architecture for the Equal Employment Opportunity Commission

Syllabus: The syllabus is broadly structured as follows:

CERTIFICATE POLICY CIGNA PKI Certificates

Information Security CS 526

Configuring SSL. SSL Overview CHAPTER

Digital Certificates Demystified

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

ASIA PKI Forum Overcome PKI Deployment Obstacles. Terry Leahy, CISSP Vice President, Wells Fargo Sept 15th, 2003

Axway Validation Authority Suite

Emerging IT Trends and their Implications to the C&A Process. Annual Computer Security Applications Conference (ACSAC 07) 12 December 2007

HP Instant Support Enterprise Edition (ISEE) Security overview

Security+ SY0-501 Study Guide Table of Contents

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Public-key Infrastructure Options and choices

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

CERN Certification Authority

Security Digital Certificate Manager

Configuring SSL. SSL Overview CHAPTER

PKI is Alive and Well: The Symantec Managed PKI Service

User Authentication Principles and Methods

IBM. Security Digital Certificate Manager. IBM i 7.1

Grid Computing Fall 2005 Lecture 16: Grid Security. Gabrielle Allen

Proving who you are. Passwords and TLS

Electronic Signature Policy

INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD

FPKIPA CPWG Antecedent, In-Person Task Group

Managing Certificates

Federated Access. Identity & Privacy Protection

DoD Wireless Smartphone Security Requirements Matrix Version January 2011

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Complete document security

IBM i Version 7.2. Security Digital Certificate Manager IBM

(2½ hours) Total Marks: 75

CryptoEx: Applications for Encryption and Digital Signature

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

Public Key Enabling Oracle Weblogic Server

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

Voting System Security as per the VVSG

ConnectUPS-X / -BD /-E How to use and install SSL, SSH

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

TELIA MOBILE ID CERTIFICATE

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Key Management and Distribution

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Identität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist

Single Sign-On Architectures. Jan De Clercq Senior Member of Technical Staff Technology Leadership Group Hewlett-Packard

UNIT - IV Cryptographic Hash Function 31.1

egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

SONERA MOBILE ID CERTIFICATE

Chapter 8 Information Technology

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Common Access Card for Xerox VersaLink Printers

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Network Security and Cryptography. December Sample Exam Marking Scheme

Towards Scalable Authentication in Health Services

CNATRAINST A N6 3 Mar 16. Subj: CNATRA ELECTRONIC MAIL DIGITAL SIGNATURE AND ENCRYPTION POLICY

TEL2813/IS2820 Security Management

SSL Certificates Certificate Policy (CP)

The Mobile Finnish Identity Certificate

E-commerce security: SSL/TLS, SET and others. 4.2

ASEAN e-authentication Workshop Balwinder Sahota

Digital Certificate Operation in a Complex Environment PKI ARCHITECTURE QUESTIONNAIRE

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

19.1. Security must consider external environment of the system, and protect it from:

Diffie-Hellman. Part 1 Cryptography 136

An Overview of Secure and Authenticated Remote Access to Central Sites

Security Management Models And Practices Feb 5, 2008

HIPAA by the Numbers. Presented by: Mark L. Schuweiler Director of Global Information Assurance Services EDS Corporation

Transcription:

16th Annual Computer Security Application Conference (ACSAC) December 2000 Federal Voting Assistance Program (FVAP)

Provide Background on VOI Pilot Effort Provide High Level Technical Overview Security Services

Post-election Surveys Show That the Single Biggest Barrier to Military and Overseas Citizen Absentee Voting Is Mail Transit Time Use of Fax Transmission During Desert Shield/desert Storm Was a Great Success 46 States Now Allow Electronic Transmission of Absentee Voting Materials Can the Internet Be Used As an Alternative Absentee Voting Method? Must Preserve Integrity, Secrecy and Ability to Audit Electoral Process

To examine the feasibility of using the Internet as an alternative method for absentee registration and voting for UOCAVA* citizens through a small scale pilot system Multiple Layers of Security to Achieve Acceptable Risk Reduction Use the Internet As a Communications Backbone Maximize the Use of Commercial Off-the-shelf Technologies) Use the DoD Public Key Infrastructure * Uniformed and Overseas Citizens Absentee Voting Act

Feasibility Assessment: Technology & Process Small Scale, Federal/State/Local Pilot Program Participating Jurisdictions State of South Carolina Okaloosa & Orange Counties, Florida Dallas County, Texas Weber County, Utah Provided Absentee Registration and Voting for 2000 General Election

FVAP Admin LEO Internet Internet FVAP Server Citizen Workstations DoD PKI Certificate Cert Authority Directory Services Defense Megacenter 5 LEO Servers

Commercial off-the-shelf HW & SW RSA toolkits Microsoft IIS and SQL Server Netscape Browser Open standards Custom software applications Registration Ballot generation tool Voting Internet communications backbone

Citizen with a DoD Certification (P12 file) on a floppy disk PC with Internet Connectivity Netscape Browser with strong encryption Custom VOI plug-in installed

FVAP Server Segment Provides PKI Services to all Backend LEO Server Segments Acts As a Trusted post office Appends a date time stamp on objects from the Citizen Signs the new object Distributes the object to correect LEO Transaction Monitor Records system transactions

PKI Services Signature Check CRL Check CRL Loaded Manually Certificate Chain Validation CA-1 or CA-2 and DoD Root Date Expiration Check

Receives All Completed Registration Forms and Voted E-Ballots Support LEO Workflow Support E-Ballot Processing Reconciliation Stripping Citizen info from E-Ballot Object E-Ballot Decryption E-Ballot Printing

Multiple layers of security to achieve acceptable risk reduction Object security Transmission security Operational security Physical security Personnel security

Public Key Cryptography Integrity Identification & Authentication Non-repudiation Confidentiality Secure Sockets Layer Transmission security Intrusion Detection System Unauthorized probing and access

Certificate-based access control for citizens Portable Security - Floppy is the Token Access limited to VOI Pilot participants Access control based on Citizen s Common Name SSL3 Certificate-based access control for FVAP and LEO admin staff Admin staff authenticated using standard COTS SSL3 mechanisms Access limited to small list of authorized personnel Access control based on Admin s Common Name

SSL3 without required client certificates between Citizens and the FVAP Server Citizen is NOT required to load certificate into the browser prior to accessing the system SSL3 with client authentication for LEO and FVAP admin staff Certificates must be installed into the browser prior to accessing the system SSL3 without required client certificates between FVAP and LEO servers COTS web products do not support certificate exchange for mutual authentication!

Router based security Access control filters Access restricted based on source and destination IP addresses Access restricted based on network service type (TCP, ICMP) Access restricted based on TCP application service ports

Digital Signatures 1024 bit keys Widely used for various security services Authentication Data integrity Non-repudiation Encryption E-Ballot Triple DES encryption (112 bit keys) modeled after S/MIME secure messaging model for confidentiality (secret ballot) E-Ballots encrypted using LEO privacy certificate Only authorized LEO staff can ever decrypt E-Ballots

COTS Alone Inadequate to Meet Security and Operational Requirements Custom plug-in Voting application required modifications to existing protocols Third Party Review of Security Architecture and Design Required to Build Confidence

This Is About As Important As Any Application There Is Need to Move Carefully and Diligently Security is Recognized as the Key Component

Presenter POC Info Edward Rodriguez Booz, Allen & Hamiltion, Inc. rodriguez_ed@bah.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback