Jump to content

search555

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by search555

  1. Awesome!!! I am really thankful that I found this website. I really appreciate all the inputs. But hopefully, in 2 days time I can get concrete details. Check out this news story.... http://www.gmanews.tv/story/51247/Hackers-...rity---official We are so-called "hackers". Problem with that press release is we are only IT professionals expert on our own field. They may be a few who are involve in Internet Security. But I doubt they have the capability to really try and hack the system. And so, I am soliciting some help from those "white hackers" to test the system to see if its really secured. More technical info coming in a few days time. THANK YOU ALL!!!!
  2. I was able to find something in SCYTL's website. This what I found. I believe this is the same system which they have setup for us. Any idea? Client-Server Security on the Internet To protect any transaction between the client and server over the internet several generic security measures are usually taken.The client device has anti-virus software to protect it from viruses and Trojan horses. Data passed through the internet is encrypted using Secure Sockets Layer technology or a Virtual Private Network. A firewall placed between the internet and the servers prevents the entrance of hackers into the servers. Should anyone gain entrance to the servers, Intrusion Detection Systems can alert the Systems Administrators. And of course, the servers will be protected with anti-virus software. Electronic Voting with Conventional Security An electronic voting system is typically more complex than a standard client-server system. On the server side, there will typically be two separate systems. The Vote Collection Server where the votes are collected from the internet.. En la demo, este servidor se asocia a la imagen de una urna. The Vote Tallying Server that receives the votes from the Vote Collection Server and tallies them. En la demo, este servidor se asocia a la imagen de una calculadora. Of course, an electoral authority is present to oversee the entire process. The voting process starts when the voter accesses the web page for the election. The voter logs on with the appropriate credentials (user name and password or PKI or biometrics). The Vote Collection Server sends a personalized virtual ballot to the voter. The voter makes his choices and sends the completed unsealed vote to the server through the internet in an encrypted SSL connection. The vote emerges unsealed from the SSL connection and is stored in the Vote Collection Server. The Vote Collection Server continues collecting votes until the close of the election, at which point the votes are transferred to the Tallying Server, that publishes the totals for each candidate. This can prove to be unsatisfactory to a voter who is concerned that his vote was not included in the final tally, as there is nothing to link his actions on his client device with the final result, except perhaps blind faith. Other problems result from the fact that the votes are stored without adequate protection on the servers. Anyone with privileged access to the servers can either see what the votes are and/or change them without being detected. Any hacker who breaks through the firewall could do the same. Electronic Voting Secured by Pnyx The use of Pnyx technology in the previous e-voting scenario would solve these problems. The philosophy behind Pnyx is to replicate the proven security processes that operate in conventional election systems. To do this Pnyx adds three modules to a conventional electronic voting platform. The first Pnyx module is a Mixing Service that ensures that all votes that enter the Vote Collection Server are randomly shuffled. This operation, along with the use of digital envelopes, will ensure the anonymity of the votes. The Mixing Service also performs the important task of creating the unique cryptographic key pair that is used to protect individual ballots. The Mixing Service allows Pnyx to replicate in an electronic voting platform the conventional election practise of distributing trust among members of an electoral board. An electoral board is formed by various parties representing different interests in the election. Only the electoral board operating collectively is authorized to open the voting urn. With Pnyx a qualified majority of the electoral board must present their keys to unlock the votes at the end of the voting period. The second Pnyx module is the Voting Service that is added to the Vote Collection server to handle the voting protocol with the Voting Client. Once the voter accesses the election web page the third Pnyx module, the Voting Client, is downloaded to the voter’s browser. The Voting Client asks the voter for his voting credentials, which can be a local digital certificate (generally stored in a smartcard) or a remote digital certificate downloaded from the Voting Service using the voter’s personal identification code and password. Independently of the identification mechanism, the Voting Client always uses the voter’s private key to establish a strong authentication protocol that allows the Vote Collection Server to send the personalized virtual ballot to the client device. The voter makes his choices which are passed to the Voting Client and the Voting Client generates the contents for a voting receipt. The completed vote and the contents of the voting receipt are sealed in a digital envelope. The voting client prepares the voting receipt for its validation by the Voting Service. The voting receipt validation request and the digital envelope are sent securely through the Internet. When the Voting Service confirms reception of the digital envelope, it validates the voting receipt. The Voting Client receives the voting receipt and passes it to the voter. This voting receipt will allow the voter after the election to verify the existence of his vote in the final tally but will not allow vote selling since it does not reveal who the vote was for. While stored in the Vote Collection server, the votes are securely stored in their digital envelopes that only the Electoral Board can open. This process repeats with all of the voters until the end of the polling period. At this point, the Electoral Board gathers together and collectively starts the opening of the ballot box. The Mixing Server randomly shuffles the digital envelopes, opens them and breaks the relation between the votes, the voting receipts and the voters, thereby solving the conundrum of strongly authenticating voters while allowing voter privacy. The digital urn is opened, revealing the votes and the voting receipts within but leaving no possibility of correlation between them. The votes and the voting receipt contents are sent to the tallying application, so that the results can be tallied and published along with the voting receipts. With the voting receipts Pnyx solves one of the biggest problems with electronic voting systems, that of confidence in the system. All voters can now follow their own vote through to the final count and be sure that the system worked correctly and honestly. The voters can see for themselves the existence of their voting receipt in the list published after the election. Should the receipt appear in the list, they know that their vote was included in the final tally. Should the receipt not appear in the list, then the voter can present their validated voting receipt to publicly complain about the result. Pnyx also solves the problem of certain people, such as system administrators or electoral authorities abusing their privileges. Reviewing or changing votes in the urn is rendered impossible by locking the votes in digital envelopes and securely logging all voting actions. Intruders such as malicious hackers that managed to break through the firewall would likewise be prevented from doing any damage.
  3. Hi Cooper, Thanks. I dont have the system details yet. We'll be meeting the embassy and election officials this weekend. So perhaps after the meeting I will have more details to share. Really sorry about the lack of it. Anyway, the only thing that I know now is that the system is created by SCYTL. Their website is http://www.scytl.com/.
  4. Hi Expert people! Newbie here! Just want to get some tips on how to hack an internet voting system. I am an IT professional working out of my home country. And we were commissioned by our embassy to try and hack the internet voting system which our government wanted to implement in a few years time. Sadly to say, the system is already made and I believe they are just trying to impress the public that the system is well secured because they contacted IT people which are really not into hacking. As such, I wanted to do my part and scrutinize the system. If possible, I also want to hack the system to see if its really secured. So what do I need to know beforehand to prepare for a commissioned hack? Sorry to ask all these questions. But my area of expertise is only in SAP security and no where I am versed in internet security.
×
×
  • Create New...