In the previous article (“Models of electronic elections and their safety”), we examined the systems of electronic elections and methods of protection of votes, the nuances of each of them. In this article we’ll try to consider the principles and methods of identification and authentication of voters.
Nowadays, information systems of various scales are becoming part and parcel of the basic infrastructure of any business, state and society. Modern information technologies offer new opportunities and collective decision-making tools that can improve efficiency and reduce the costs of this process, and as a result the effectiveness of the process increases. Such systems have been working for a long time in those businesses and corporations, where they are aware of the cost of spending time and try to reduce the costs of decision-making.
But why the government avoids automation of interaction with society? Is it expensive? Not safe? Or not profitable?
The question of cost and benefits will be discussed the next time, now let’s talk about safety, namely the identification and authentication.
The main user registration procedures in the information system are identification – receiving of an answer to the question “Who are you?” – and authentication – proving that “you are the one who you tell you are”. Accordingly, within the construction of a system of electronic elections we are to establish a system of identification and authentication of the total population. And if the identification of special labor will not take place, as it has long been existing (identification code), the authentication procedure is to be choosen.
Nowadays, the main method of identification and authentication of every citizen of the country is identification code and passport, enterprises and institutions have identification documents, entrance tickets. With the help of them we confirm our data, powers, rights. They coped well with their tasks in the last century, but in this century they are being replaced by electronic identification and authentication. We use them and see them every day: username and password, electronic entrance tickets and keys, plastic cards with magnetic stripe, chip, biometric systems. Accordingly, for the identification of the citizen within the state it is enough to implement a unified system of identification and authentication that will allow automating this process.
Currently, there are following types of identification and authentication:
Username and password:
Without going into the formulation it is enough to say that “username” is (usually) an open symbol set presenting by the user of the information system to perform identification and access to it. “Password” is (usually) a closed symbol set known only to the user (and less frequently to the system administrator) of the information system and is used to confirm username ownership, authentication.
We can use this method of identification and authentication in a model of the “Internet elections” that will allow to solve the problem at minimum expense. To minimize the risks associated with the fraud of a pair of “username-password” it is recommended to use SMS confirmation at the moment of the identification-authentication procedure. Also protection can be intensified by cryptographic key.
As a result we get a safe, encoded and authentic communication channel between the voter and the “Internet election” system that will ensure the accuracy of the election. These security principles are used in corporate systems, Internet banks (Privat 24), systems of international payments (PayPal, WebMoney).
ID plastic card with built-in contact chip and\or magnetic media (contactless chip) used to identify its owner in the information system. The visual part of the ID-card can include the holder information – last name, first name, personal identification code, date of birth, gender, picture (photo) of the person, the image of the signature of the holder. Additionally it can include information about the ID of the card – its number, date of issue and validity, as well as the issuing authority.
A magnetic media (or contactless chip) includes most of the information that is visible in the visual part of the identity card, photographs (of the owner and fingerprints), it is meant for quick identification in electronic systems.
A contact chip can include all the necessary information, inter alia cryptographic keys; rewriting information may be placed there.
PIN-code, password are used as a means of authentication.
SMS confirmation can be used to intensify the security.
These cards are used in pass entry systems of the companies: bank plastic cards, ID cards in several countries, and they are a reliable means of identification and authentication.
Ukraine is planning to introduce biometric passports that are essentially the integration of a chip (with posted information about the owner) in a paper passport.
This method can be used in “direct electronic elections”.
Biometric identification and authentication:
In the process of biometric identification and authentication, the user presents to the information system a parameter, which is a part of it. Individual characteristics of a person undergo identification (papillary picture, iris, fingerprints, facial thermogram, etc.).
These methods of accessing are very comfortable for the users of the information system. Unlike passwords or information carriers (ID-cards) that may be lost (forgotten), stolen, copied. Biometric access systems are based on human parameters that are always with them, and the problem of their preservation does not arise. It is almost impossible to lose them. Also it becomes complicated to transfer the identifier to third parties.
There are several methods of biometric identification and authentication:
To improve the reliability the methods can be combined, the PIN-code or password can be used. This method can be used in “direct electronic elections”.
As we see there is a number of ways to ensure the identification and authentication of voters in the process of electronic elections, and the choice of method is just a technical problem conditioned by the choice of the model.
Date: 15 June 2015
Date: 2 June 2015
Date: 10 March 2015
Date: 25 February 2015
Date: 3 February 2015