Publication: Estonya elektronik seçimleri bireysel oy doğrulama sistemi
Abstract
Estonya, 2005 senesinden itibaren yasal bağlayıcılığı olan ve ülke genelinde yapılan seçimlerde elektronik seçimi kullanmaktadır. Kullanılan bu sistem ile seçmen geleneksel yöntemle kağıt tabanlı oy verme işlemini yapabildiği gibi internet üzerinden kişisel bilgisayarlarıyla oy verme işlemini de yapabilmektedir. Bu durum internet üzerinden oy vermenin kolaylığı, oy sayım süreçlerinde elektronik cihazların kullanımı, hızlı olması gibi birçok avantajı getirdi, fakat güvenlik açısından beraberinde farklı sorun uzayları da getirdi. Yeni sistemin en az geleneksel seçim sistemi kadar güvenli olması ayrıca seçmenin kullanmış olduğu oyu hiçbir şekilde başka şahıslara ıspatlayamaması ve oy gizliliğinin sağlanması gerekmektedir. Bu açılardan bakıldığında yeni sistemin getirdiği problemler, yeni nesil teknolojiler ve gelişen kriptografi bilimi ile kapatılmaktadır.Zaman içerisinde çeşitli güncellemelerle birlikte geliştirilmekte olan bu sisteme, 2011 yılında yapılabilirliği gösterilen bir saldırı ve sistemde görülen bir aksaklık neticesinde, bireysel oy doğrulama opsiyonu eklenmiştir. Sisteme eklenen bu opsiyon bir zafiyeti kapatmak için getirildi fakat sisteme oy gizliliği ile ilgili yeni zafiyet getirdi. Gelen zafiyetle ilgili çözüm önerisi olmuş, fakat pratikte kullanılabilecek bir çözüm maalesef önerilmemiştir. Bu çalışmada, 2016 senesinden sonra güncellenmiş ve hali hazırda kullanılmakta olan IVXV yapısının aynı zafiyeti hala barındırdığı gösterilmekte, ayrıca bu zafiyetin giderilebilmesi için pratikte de uygulanabilecek çözümler önerilmektedir.
Estonia has been using the Estonian Internet Voting scheme for state-wide legally binding general elections since 2005. By means of this, voters can vote not only paper-based voting by using the conventional method but also on the internet with their personal computers. This brought many advantages such as the ease of voting over the internet, the use of electronic devices in the counting processes, and its speed, but it also brought different problem spaces in terms of security. The new system must ensure vote privacy and it must be at least as safe as the conventional election system. In addition, it must not be able to prove the voting cast by other people in any way. From this point of view, the problems brought by the new system are covered with new generation technologies and developing cryptography science.Estonia Internet Voting scheme has been developed over the time with various updates. In the 2011 election period, the individual vote verification component was added to the system as a result of developing an attack against the election system and encountering invalid vote in the central server. The individual vote verification component was added to cover the weakness, but it caused a new weakness regarding vote privacy in the system. There was a solution suggestion regarding the weakness, but unfortunately, a solution that could be used in practice was not offered. In this study, the scheme labeled as IVXV, which was updated later in 2016 and is currently being used, is shown to still have the same weakness and solutions that can be applied in practice is proposed in order to eliminate this weakness.
Estonia has been using the Estonian Internet Voting scheme for state-wide legally binding general elections since 2005. By means of this, voters can vote not only paper-based voting by using the conventional method but also on the internet with their personal computers. This brought many advantages such as the ease of voting over the internet, the use of electronic devices in the counting processes, and its speed, but it also brought different problem spaces in terms of security. The new system must ensure vote privacy and it must be at least as safe as the conventional election system. In addition, it must not be able to prove the voting cast by other people in any way. From this point of view, the problems brought by the new system are covered with new generation technologies and developing cryptography science.Estonia Internet Voting scheme has been developed over the time with various updates. In the 2011 election period, the individual vote verification component was added to the system as a result of developing an attack against the election system and encountering invalid vote in the central server. The individual vote verification component was added to cover the weakness, but it caused a new weakness regarding vote privacy in the system. There was a solution suggestion regarding the weakness, but unfortunately, a solution that could be used in practice was not offered. In this study, the scheme labeled as IVXV, which was updated later in 2016 and is currently being used, is shown to still have the same weakness and solutions that can be applied in practice is proposed in order to eliminate this weakness.
Description
Keywords
Bilgi güvenliği, Bireysel Oy Doğrulaması, E-seçim, Elections, Electronics, Elektronik, Engineering, Estonian, Estonian Internet Voting, Estonya, Estonya Internet Seçim Sistemi, Individual Verifiability, Information security, Kullanılabilirlik E-voting, Mahremiyet, Mühendislik, Privacy, Seçimler, Usability