Towards the impact of the operational environment on the security of e-voting
Abstract
Our paper deals with the security of operational environments for e- voting and its importance for the security of electronic elections. So far the security of e-voting was focused on secure e-voting protocols. We show that the security of electronic elections requires a secure operational environment as well. We provide a comprehensive catalogue of organizational and technical requirements which have to be satisfied by the operational environment in order to operate secure remote electronic elections. Our findings provide a basis for the design and evaluation of a secure operational environment for e-voting. Security requirements for e-voting have been defined in several catalogues. We analyzed the important catalogues from the Council of Europe and the German Informatics Society as well as two Common Criteria Protection Profiles on e-voting to derive the organizational and technical requirements they include for the operational environment. We propose a procedure based on IT-Grundschutz/ISO27001 in order to use our findings for the evaluation of the operational environment thereby improving trustworthiness and security of electronic elections.
Full Text: PDF