Biometrics and E-Voting
Overview of the Last Article
When Biometric technology is examined in comparison to all of the other security technologies which are available today, it is the most prone to scrutinization mostly by the American people, and even amongst some other populations worldwide. Why is it that Biometrics has such a strong influence regarding implications it brings to society as a whole?
The primary reason cited was that it is a piece of our either (or even both) of our physiological or behavioral selves which is being captured to confirm our particular identity subsequently. For example, as we present ourselves to a Biometric Modality, we have no control as to what transpires after these raw images are captured.
Because of this, Biometrics is often viewed as a “Black Box,” garbage in garbage out, with no sense of understanding of what is happening in between. Because of this, there is often angst as to how this information and data will be used.
But, there is also an alarming gap between the actual adoption and usage of adoption in the United States when compared to some of the other developing nations in geographic regions like Africa and. It was cited that as US citizens, we are granted certain rights and liberties by the Constitution.
Because of this, it is a guarantee that will be counted as unique individuals in the eyes of our own Constitution. Therefore, we can make many choices of our own free will, which includes whether or not to use Biometric Technology.
But the citizens of these developing nations are very often not even regarded as unique citizens by their own governments, thus using Biometric technology gives them that particular sense. This is because an irrefutable proof of evidence now exists, which these governments now have to recognize and abide by.
Also, the issue of Privacy Rights and Civil Liberties Violations were examined in more detail, and they stem from three main sources
- The issue of Anonymity.
- The fears of Tracking and Surveillance.
- The growing problem of Profiling.
Finally, the other variables of Human Factors and Function Creep were reviewed as well. With the former, it is how a particular modality is perceived at first glance which affects its social acceptance.
Regarding the latter, there is often great fear and mistrust amongst the American people of the Federal Government using the Biometric metadata for other purposes, covertly.
This article examines yet another area of a Biometrics application where it too has great social implications that of E-Voting.
The Security Vulnerabilities of E-Voting
Here in the United States, we just held our 45th Presidential Elections. There are still some polling places which use the traditional paper ballot system, but nowadays, the use of Electronic Voting (or also known simply as “E-Voting”) has become widespread. Rather than having to fill in ovals or punch a paper ballot, a voter can select the candidates of their choice by using an electronic touch screen. In fact, this type of system is also being used worldwide as well. Although it does have significant advantages over the traditional paper system (such as instantaneous tabulation of votes in real time), it has its own set of security vulnerabilities as well. Many of these E-Voting machines are often interlinked with another, and also to a central server, or servers, depending upon the network configuration.
The following are some examples of security vulnerabilities
This occurs when a voter is either intentionally or unintentionally wrongly identified and authenticated to vote at a particular station. This often happens when there are loose knit security policies put in place to confirm the identity of a voter. The result of this is that a voter can assume the identity of another voter under false pretenses.
Adware, Malware, and Spyware
In this grouping, the most pronounced security threat is that of the Trojan Horse. These are individual pieces of software which can be injected into a computer, a wireless device, or even an E-Voting kiosk at a polling station. The latter can cause the voter to cast their ballot in a particular fashion, thus even altering the outcome of an election.
This refers to software that has been developed to create the electronic interfaces used by the polling officials and the voters themselves. These applications can be developed using either closed source or open source software, but the key thing to be remembered is that these applications must be thoroughly QA and Penetration Tested before they are deployed into the E-Voting Infrastructure. If not, security gaps and holes could still be remnant from the time when these specific applications were being developed. A prime example of this is known as the “Backdoor.” These are used in the software development process to give the developers quick and easy access to the software code. If these are not removed before the actual deployment and Cyber attacker can gain covert access to the E-Voting Infrastructure.
This can happen when an election or government official who has knowledge of the inner workings of an E-Voting kiosk can covertly manipulate the technology for either personal gain, or to change the outcome of an election. The only countermeasures to prevent these types of vulnerabilities from surfacing is to implement the use of the “Separation of Duties” principle, and/or have an independent third party conduct audit checks of the E-Voting Infrastructure.
Man In the Middle Attacks
This type of security threat can be defined as “An attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.” (SOURCE 1). When this type of attack is used on an E-Voting Infrastructure, a specialized type of electronic device is implanted into the E-Voting kiosk. In these instances, a Logical Analyzer can be used, which then lets the Cyber attacker see the exchange of information and data that is being sent back and forth between the E-Voting kiosk and the central server(s) that are processing and tabulating the E-Votes which have been cast. The idea is to mimic the metadata so that falsified E-Votes can be cast and tabulated. This particular type of security threat preys upon the use of open standard communication formats which are used quite heavily in the E-Voting Infrastructure.
Biometrics and E-Voting
To help combat these security vulnerabilities, Biometrics has been called upon to add an extra layer(s) of security. Some of the E-Voting technologies of today use only use one Biometric modality as the exclusive means of security (primarily that of Fingerprint Recognition), and this is not the perfect solution to be utilized either.
Rather, the approach of using a Multimodal security is greatly needed, in which Biometrics serves as one angle to it. Other security mechanisms which could also work well here include the use of non-Biometric security devices such as that of Smart Cards, to provide a secondary means in which to confirm the identity of the particular voter.
Also, the principles of Cryptography can also be used to help secure the transmission of the E-Votes which have been cast (this will be reviewed in more detail in the next section).
The Biometric Technologies which are being used today to help fortify the security levels an E-Voting Infrastructure include the following
- Fingerprint Recognition.
- Iris Recognition.
- Facial Recognition.
- Hand Geometry Recognition.
- Signature Recognition.
It should be noted that an E-Voting Infrastructure encompasses all of the market applications in which Biometrics is being used for today. It is not just being used to secure the E-Voting kiosk. For example, these are the typical facets which require extra layers of security
Physical Access Entry
By using any of the Biometric modalities listed above, this ensures that only the legitimate government and election officials can have access to not only the polling stations but also to the servers that process and tabulate the E-Votes and any other tangible assets that are involved with the E-Voting Infrastructure.
Time and Attendance
This type of Biometric application can be used to ensure the proper clocking in and clocking out of all the government and election officials who are employed to oversee the smooth functioning and processing capabilities of the E-Voting Infrastructure.
Single Sign on Solutions
Today, with the heavy usage of wireless devices, remote E-Voting can also take place (this simply means that a voter does not have to visit a particular polling place, he or she can vote directly from their Smartphone via the use of a special mobile app). Thus, extra efforts are required to fully ensure that only the legitimate and fully authenticated voters can cast their E-Votes. In this regard, a two-layer approach has been used, namely that of Fingerprint Recognition and a PIN Number. There have been calls from E-Voting Security advocates that a third layer is needed, namely that of Iris Recognition.
The Use of BioCryptography in Remote E-Voting
In remote E-Voting applications, the principles of BioCryptograpjy can be a prime tool which can be used to fortify the security levels of an existing E-Voting Infrastructure further, using a Virtual Private Network (VPN).
Essentially, a VPN is literally a private network which is encompassed into the overall, worldwide Internet infrastructure. The data packets which traverse across the VPN are actually encapsulated into another data packet, to provide for that extra layer of protection.
A subset of the VPN is known as the ‘OpenVPN.’ Specifically, the OpenVPN makes use of the VNI Architecture as well (which stands for Virtual Network Interface). Essentially, this tool captures all incoming network traffic (which are data packets) before they are encrypted, and then sounds out the network traffic to the appropriate places of destination after the data packets have been decrypted.
In an e-Voting infrastructure, the OpenVNI performs the following functions:
- It receives the e-Votes from all of the voters who have cast their ballots electronically, and after collection, the data packets which correspond to the e-Votes are then further compressed.
- After the compression process has been completed, the data packets are then encrypted (via the usage of the appropriate mathematical algorithms).
- These compressed and encrypted data packets are then sent across the Virtual Private Tunnel to the receiving end (which are the servers).
- At this receiving end, the OpenVPN tool then double checks for the authenticity and the integrity by performing reverse Cryptographic functions (this is dependent upon once again on the mathematical algorithms which are being used).
- The data packets are then decompressed.
- The data packets are then reconstructed into a readable and decipherable format to the end user (which in the case of the e-Voting infrastructure, it would be the election and government officials).
With the remote E-Voting process, the Biometric Template of the voter is securely bound to a Cryptographic key in such a fashion that neither key or the Biometric Template can be retrieved, except only in those cases where the voter’s identity has been successfully confirmed in a verification (or 11) scenario.
To further elaborate upon this Biometric Encryption principle, as it has been proposed for use in an e-Voting infrastructure, a separate Biometric Key Generator is first generated for the voter when they are first enrolled into the Biometric system at the e-Voting kiosk.
Also, a separate Digital Cryptographic Key is generated during this enrollment process and is later regenerated again for the verification process (when the identity of the voter is being actually confirmed).
Using the appropriate mathematical hashing functions, the Biometric Template is then ‘hashed.’ This resultant hash then becomes the actual Digital Cryptographic Key. This specific key is then correlated with the appropriate fingerprint and is a Private Key.
Subsequently, a Public Key is also generated (which is associated with the Private Key) utilizing the Standard Hashing Algorithms (also known as SHA). This then becomes the Private/Public Key combination if a Public Key Infrastructure is utilized in an e-Voting infrastructure.
So, when a voter then casts his or her specific ballot, this e-Vote is then broken up into a series of data packets, and are then further encapsulated into other data packets (as it was mentioned earlier), and then literally tunneled over a secured network.
Then, at the receiving end (which are the servers in the e-Voting infrastructure), these encapsulated data packets are then de-encapsulated via the AES 128 Encryption algorithm.
Conclusions: A Case Studies Using E-Voting with Biometrics
In the developing nations, such as those primarily found in African and Asia, the fundamental right to vote and being counted as a citizen in the eyes of citizen’s own government is a freedom which is now being greatly cherished.
Thus, the adoption and embracement of an e-Voting infrastructure is very high in these geographic regions. But, in the developed nations such as those found in Europe and particularly here in the United States, the right to vote and other freedoms we enjoy (which have been endowed to us by our Constitution) are liberties which we have enjoyed for quite a long time, and therefore, take for granted.
This is so because to some degree or another, we know that as United States citizens, we will be recognized in the eyes of our government, and at least from a theoretical perspective, we do have some assurances that our vote will be counted and tabulated in the final results for the respective candidates.
Therefore, as a result, the need for a one hundred percent adoption of an e-Voting infrastructure is not there. This is not to say that e-Voting does not exist here in the United States, it does, but it is widely dispersed across the states. In other words, there is still a strong blend of the traditional methods being used as well as e-Voting.
To conclude this article, we look at a case study which examines the deployment of an e-Voting infrastructure in the African nation of Mozambique. This system was deployed in full by Innovatrics, SRO, a leading Biometrics Vendor based out of Slovakia.
Innovatrics and Mozambique
In June 2007, the Secretariado Tecnico da Administracao Eleitoral (also known as the STAE) is a division of the Mozambique National Electoral Commission recognized the need to enroll the country’s citizens using a unified and electronic procedure. In their elections, the country has suffered from a tremendously high rate of voter fraud. But because the nation’s population is greatly spread out, and even difficult to locate because of the daunting terrain, other requirements have persisted in revamping their current voting processes. Some of these are
- The use of 3,500 mobile devices which could enroll Mozambique citizens who are located in the desolate, rough terrain.
- Technical support would be needed throughout all of the capitals of the nation’s eleven provinces.
- Have the ability to print out a voter list at the local polling stations.
- The implementation of a centralized, national database which would contain the records of all the voting citizens.
- The overall need to deploy an e-Voting infrastructure which would greatly reduce the cases of voter fraud and from the citizens casting multiple votes at different polling stations. This would call for the separate implementation of an end to end Biometric Analysis and Capture System (also referred to an AFIS based infrastructure).
Although the government of Mozambique chose to partner with a locally based company to deploy the Biometrics in their soon to be implemented e-Voting infrastructure, Innovatrics was called upon to provide the actual Biometrics based solution. This primarily involved the usage of their ‘ExpressID AFIS’ Biometrics solution, there were other components involved as well, and they included the following
- An ‘IDKit PC’ Software Development Kit (SDK) to provide for both the registration and authentication functionality in the country’s new e-Voting infrastructure.
- The actual Biometric hardware, which were the 320LC Fingerprint Recognition scanners provided by Cross Match Technologies.
- The Mobile Registration Units consisted of USB scanners as well as miniature Fingerprint Recognition Systems.
- Other computer related hardware which included the usage of Hewlett-Packard based servers as well as the Oracle 11g database (this is used to store all of the Biometric Templates and conduct duplication checks amongst the citizens).
- The use of ASP.Net to further develop the software applications which would be used to help the citizens have their fingerprints enrolled into the Fingerprint Recognition Systems and subsequently be stored in the database.
Because of the implementation of this Biometric System into the e-Voting infrastructure of Mozambique, over ten million citizens were registered to vote over an extremely short period of time, and an electronic based voter roll was also created for use in the future elections. The use of this particular Biometric System ensured that each and every voter is unique in the system, thus greatly curtailing voter fraud and the submission of multiple votes by a particular citizen.
- W. Trappe and L.C. Washington. Introduction to Cryptography with Coding Theory. Pearson, New York, 2005.