EML security

»John Ross, »Security and Standards Ltd.

•

email author •

PDF version •

XML version • forward abstract

send abstract •

latest version •

Abstract

The paper will demonstrated that technical solutions do exist to all e-democracy security concerns and that tools do exists to implement safe and secure e-voting, but what about the politicians, do they really want it?

Electronic voting offers the potential of revolutionising the democratic process, but how can we trust it. This paper looks at the security challenges of multi-channel electronic voting, including the Internet, Fixed and Mobile Phones, kiosk and the conventional ballot box.

The paper will explain the security features defined in the OASIS, Election Mark-up Language (EML) specifications defined by Election and Voter Services Technical Committee.

The EML specification defines XML schema and standardises interfaces for interoperable e-voting systems, critical to the deployment of such systems is confidence and assurance in the security of such systems.

The key security requirements will be explained and the proposed technical solutions examined. Key aspects being:

·Identity authentication: authentication of voter registration

·Right to vote authentication: authentication of the right to cast a vote

·Vote sealing and non-repudiation of vote accuracy: proof of the authenticity of cast votes and that the vote could not have been altered from the voter's intention

·Vote confidentiality: vote may not be observed until the proper time

·Voting Audit: Proof that all genuine votes has been accurately counted and none lost

Keywords

»Security In Election Markup Language.

The full paper was not available at the time the proceedings were created. Please check the conference web site, http://www.xmleurope.com, to find an updated version of this paper.

Biography

»John Ross

»Security and Standards Ltd.

»Chelmsford, Essex

»United Kingdom

Email: ross@secstan.com

Web: http://www.securityandstandards.com

John Ross set-up Security and Standards Consultancy Ltd (SSC Ltd) in November 1988. and in January 2001, Security and Standards Ltd, company providing security products and Internet services. He is the managing director and CEO of both company as well as one of SSC Ltd principal consultants.

John Ross is an internationally recognised expert in the field of IT security. He has over 30 years experience in IT, working most recently for government and commercial clients on IT-Architectures, Standards, Security, and PKI and secure Intranets. John has had direct involvement in PKI and Internet related standards for 18 years. He has worked on the development and implementation of a number of secure networking systems (e.g. secure e-mail service, signed electronic documents, secure directory services), and has played a major role in the development and specification of security standards. He has a leading role on many of the European digital signature standards initiatives. He is an editor of the ETSI and IETF, standard on advanced digital signature formats.

John Ross major client list includes, the UK Office of e-Envoy (OeE), UK Cabinet Office, ETSI, UK MOD, NATO, European Commission, CCTA, Other UK Government Departments, BT, SWIFT, DERA.