22-12-2010, 12:06 PM
Prepared by:
Sonja Hof
University of Linz, Austria
Institute of Applied Computer Science,
Division: Business, Administration and Society;
University of Linz, AUSTRIA
Sonja Hof
University of Linz, Austria
Institute of Applied Computer Science,
Division: Business, Administration and Society;
University of Linz, AUSTRIA
Abstract:
As e-Voting gains more importance while practicable solutions arebeing implemented, more questions arise concerning alternative possibilities for a secure and feasible authentication. The specific peculiarities of secure
authentication to a system are various and for a sensitive area like e-Voting also challenging. In this paper we evaluate biometric systems in order to prove their capabilities for e-Voting systems.
Introduction
This contribution tries to look into e-Voting from a different angle on the necessary citizen authorization from a different angle. Instead of concepts such as one-time passwords or smart cards, we try to look into the pros and cons of a biometric approach. Biometrics is the science that tries to fetch human biological features with an automated machine either to authentication or identification [LA02]. Biometric products should remove the necessity of password or PINs. Typical two-factor authorizations use possession, e.g. smart card, and knowledge, e.g. PIN. Biometric systems try to exchange knowledge with an individual feature, e.g. finger print. Recording of the feature should be comfortable and fast. The most commonly use biometric feature is the finger print. It is well known and in wide spread use in daily police work. In contrast to passwords or pin codes, biometric features are dynamic, i.e. they change over time. This is probably the most challenging property of the biometric system. One has to find a balance between a check which is too strict and generates too many rejections, and a check which is too loose and generates too many false accepts.
This paper gives an overview of biometric approaches to e-Voting. The first section gives an introduction into e-Voting. The second section elaborates on security issues specific to e-Voting systems. Finally, it focuses on security in e-Voting systems with biometric systems.
2 E-Voting
Many countries have started research projects or even pilots for e-Voting (UK [html5],[PKK03], ACM US [html6], NIST [html7], Austria [SM03], Switzerland [BR03],[html9],[html8], Germany [BR03]. There are two main motivations to introduce e-Voting: cost savings and increased voter participation and interest. Providing information and increasing the convenience for the citizens goes hand in hand, and it also offers disabled people the possibility to use e-Voting systems [html10]. Some approaches of putting e-Voting into practise are quite innovative, such as voting using SMS [html8] but still they have to cope with a lot of unsolved technical problems and therefore, it is doubtful if they will be implemented. The most sensitive aspects within e- Voting are fraught with secrecy and access issues.
3 E-Voting and Security
E-Voting is probably the most security sensitive process handled electronically nowadays [Cr02]. The main reason for this being that the worst-case scenario is really catastrophic. For example, assume an electronic vote for the German Bundestag is discovered to have been tampered with. This fraudulent act will not only have drastic consequences for Germany itself, but will also have enormous consequences for the whole European Union and further a field. Bearing this in mind, the highest achievable security is never too much for an e-Voting system.
Generally one can divide the requirements for an electronic vote into three basic musts:
• Do the actual laws in a given country allow for the electronic handling of votes?
• Does a technical solution exist that fulfils all the restrictions and requirements imposed on it by the corresponding laws?
• Do the actual voters desire and accept an electronic voting system and in particular, the designed voting system [Ba04] [Ev04]?
Fulfilling these requirements is quite challenge. Especially as their individual areas of expertise are different: law, technology and social science.
4 Biometric
Identification in E-Voting In this section, we will have a look at biometric systems [Zi03] focusing on their relevance for e-Voting systems. We will look at their different aspects regarding e- Voting systems, e.g. the huge number of persons using the biometrics or the small expertise of typical users.
One of the main issues we like to stress is the difference between biometric authentication compared to “classic” authentication as e.g. smart cards. In this comparison we ignore the well known concept of card readers based on biometrics, e.g. card readers with fingerprint authentication; In this case, the biometric input is not used to authenticate the user to the e-Voting system, but rather to authenticate his/her smart card. The e-Voting system does not interact in any way with the biometric characteristics of the actual users, but still authenticates the user with the help of the user’s authentication certificate as present on the card. Seen from this perspective, this solution is not a biometric approach to e-Voting. From now on, we will focus on biometric approaches that actually use the biometric data to authenticate the e-Voting system. Another issue with biometric systems is their relative young age, there is still currently a set of standardisation efforts going on
We will first have a look at some of the possible biometric properties that can be used for the authentication of individual persons. In this paper, we will restrict ourselves to present just a subset of different biometric properties. We explicitly do not focus on their feasibility, but rather try to show the wide spectrum of “theoretically” possible human properties that can be used in biometric systems.
REFERENCE:
http://docs.googleviewer?a=v&q=cache:Beb...YM1KPayt5g