Electronic elections.
I am currently investigating the possibility to conduct electronic elections on the web. My aim is to be able to cut the costs and the administative overhead of having an ordinary election. The organization it involves right now is Uppsala university student union and its approximate 30.000 members. Every year they elect 41 people to rule over the student union for the nexrt year, currently 2/3 of the votes comes via snail-mail and the rate of participation is very low. So Im looking for a system that will give me the following: * Ease of use for non computer experts. * Secure, i.e. one vote per person. * Anonymous voting, i.e. no conection between a certain vote and a certain person. * Shall produce good statistics and be able to perform sanity checks of the data, i.e. if any cheating is undertaken it shall be easy to find out. * Easy to administrate, shall be able to handle both parties and persons. (A vote can be casted both on a party and on a special person in that party) One can assume that all the voters have a encryted passfrase stored in a central password file. The voters are not familiar with personal certificates and we can't expect that we can use thoose for identification. The system I have sketched on works as follows: 1) A website presents all the data on the candidates and the parties involved. 2) A voter can log in to the system and cast a vote on a special candidate in a special party. 3) The login is carried out using SSLv3 encrypted connection and authorizing against a encrypted passwd file. 4) Ones a voter submits the vote a post in a sql-database is created where one stores that a certain person has submitted a vote and from what computer (ip#) and at what time. 5) The vote is stored in another table. The party and the possible candidate is stored. As well is a encrypted value about how submitted the vote stored. This is pgp encrypted using a public key that belongs to a trusted third party. Possible even with a key that is in part stored at several different locations, i.e. one pice at each of the participating parties. In point 5 above I wonder wether there is any other good way of securing both the anonymity of the voters and preserving the security. If there is no system available for doing this I will most probably implement it as a Roxen module with a mysql backend. What do you think of the above described system? What work has been dowe before and is there any similar organizations having electronic elections? Best regards, /Per |-Per Kangru--http://kangru.org-+46-(0)[EMAIL PROTECTED]| |Lasercooling @ Stockholm Univ. +46-(0)8-161136 [EMAIL PROTECTED] | |Consultant @ Roxen IS AB +46-(0)709-153939 [EMAIL PROTECTED]| |-PGP-fingerprint-672C8-5632-7DC49-CFECC-E0EE-3DA4-E82E-A036F-59A1|
GSM awnser to A5/1
Found this somewere. Any coments? /Per 16 December 1999 Joint statement by Chairman GSM Association Security Group and Chairman ETSI SMG10 Security Group Many questions were raised by the paper of Alex Biryukov and Adi Shamir [1] on the GSM A5/1 over the air encryption algorithm, we would like to make the following comments: The paper describes an interesting application of the time^^memory trade^^off principle to the A5/1 algorithm. This results in the described attack on A5/1 requiring known plaintext relating to the first few minutes of a GSM call. We, and others, have previously examined similar attacks against A5/1, but they were considered not practicable. This is because the nature of the design of the GSM voice encoding and the GSM frame structure leads to very little known plaintext for A5/1. Although of theoretical interest, the attack described by Biryukov and Shamir requires a similar quantity of known plaintext and must therefore be considered to be mainly of academic interest. There is still no evidence of any commercial violation of the A5/1 algorithm, which has now been in use for more than ten years. However, we are not complacent about GSM security and remain totally committed to constantly enhancing the protection offered to our customers and to ensuring that GSM is afforded even better security. Michael Walker Chairman ETSI SMG 10 Charles Brockton Chairman GSMA SG --- Per Kangru, physics student at Uppsala University, part time worker at Idonex AB. All opinons are mine and does not necessarily have any influence over the opinons of Idonex AB or Uppsala University. --- priv email: [EMAIL PROTECTED] Phone, home: +46-(0)18-509363 work email: [EMAIL PROTECTED] Phone, mobile +46-(0)707-545556 univ email: [EMAIL PROTECTED] Phone, work +46-(0)709-153939 Private web page at http://per.kangru.org -Support free speech online ---
Re: DEA says drug smugglers used crypto & Net but cops got around
On Fri, 29 Oct 1999, Bjørn Remseth wrote: > it > Reply-To: > In-Reply-To: <[EMAIL PROTECTED]>; from John Gilmore on Fri, Oct > 29, 199 > Organization: Yes Interactive AS > > > Years of work in standards committees and years of technical work can > > all go for naught, when those responsible for operating the service are > > untrustworthy. End-to-end encryption is your friend; it needs to get > > designed into some cellphones. > > The Norwegian defense forces has designed a GSM phone with end-to-end > encryption. It uses the proprietary NSK chip and the secret NSK algorithm, > and will not be available for the general public, only for the generals and > their friends :) > > The design looks sound enough though, and the phone also looks nice (the > producer is the Swedish company "Sectra": http://www.sectra.se/). Are you realy sure that it was designed by the Norwegian defense forces? The Swedish military has aswell bought the phone (before the Norwegians) and to the best of my knowledge Sectra has been doing the construction much of their own (with alot of discussions etc with the military.) /Per --- Per Kangru, physics student at Uppsala University, part time worker at Idonex AB. All opinons are mine and does not necessarily have any influence over the opinons of Idonex AB or Uppsala University. --- private email: [EMAIL PROTECTED] Phone, home: +46-(0)18-509363 work email: [EMAIL PROTECTED]Phone, mobile +46-(0)707-545556 school email: [EMAIL PROTECTED] Phone, work +46-(0)8-6198505 Private web page at http://kangru.org -Support free speech online ---
