Abstract
The Rijnland Internet Election System (RIES) is a system designed for voting in public elections over the internet. A rather cursory scan of the source code to RIES showed a significant lack of security-awareness among the programmers which – among other things – appears to have left RIES vulnerable to near-trivial attacks. If it had not been for independent studies finding problems, RIES would have been used in the 2008 Water Board elections, possibly handling a million votes or more. While RIES was more extensively studied to find cryptographic shortcomings, our work shows that more down–to–earth secure design practices can be at least as important, and the aspects need to be examined much sooner than right before an election.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gonggrijp, R., Hengeveld, W.-J.: Studying the Nedap/Groenendaal ES3B voting computer, a computer security perspective. In: Proceedings of the USENIX/Accurate Electronic Voting Technology workshop (2007)
Ministerie van Verkeer en Waterstaat: Regeling waterschapsverkiezingen 2008. 15 mei 2008/Nr. CEND/HDJZ-2008/587, Staatscourant 23 mei 2008, nr. 97 / pag. 11 (2008), http://www.wijvertrouwenstemcomputersniet.nl/images/e/e7/SC85731.pdf
Council of Europe: Recommendation Rec. (2004) 11 of the Committee of Ministers to member states on legal, operational and technical standards for e-voting (2004), https://wcd.coe.int/ViewDoc.jsp?id=778189
Gedrojc, B., Hueck, M., Hoogstraten, H., Koek, M., Resink, S.: Rapportage Fox-IT - Advisering toelaatbaarheid internetstemvoorziening waterschappen (2008), http://www.verkeerenwaterstaat.nl/Images/20081302%20Bijlage%201%20rapport_tcm195-228336.pdf
Hubbers, E.-M., Jacobs, B., Pieters, W.: RIES - Internet Voting in Action. In: Bilof, R. (ed.) COMPSAC 2005, Proceedings of the 29th Annual International Computer Software and Applications Conference, COMPSAC 2005, July 26-28, pp. 417–424. IEEE Computer Society, Los Alamitos (2005), http://www.cs.ru.nl/~hubbers/pubs/compsac2005.pdf
Hubbers, E.-M., Jacobs, B.: Stemmen via internet geen probleem.Automatisering Gids #42, p.15 (October 15, 2004), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/stemmenviainternetgeenprobleem.pdf
Hubbers, E., Jacobs, B., Schoenmakers, B., Van Tilborg, H., De Weger, B.: Description and Analysis of the RIES Internet Voting System (June 24, 2008), http://www.win.tue.nl/eipsi/images/RIES_descr_anal_v1.0_June_24.pdf
Van Ekris, J.: CIBIT, Beoordeling KOA, Een beoordeling van de integriteit van ”Kiezen op Afstand” (September 11, 2008), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/eindrapportcibit.pdf
Nijmegen University - Security of Systems:?Server Audit van RIES, (July 23, 2004), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/reportkun.pdf
Jonker, H., Volkamer, M.: Compliance of RIES to the proposed e-Voting protection profile, VOTE-ID 2007 (2007)
Groth, J.: CryptoMathic: Review of RIES (v 0.3), Cryptomathic A/S (January 21, 2004), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/reviewofries.pdf
Kruijswijk, L.: Internetstemmen met RIES onder de loep (2006), http://www.wijvertrouwenstemcomputersniet.nl/Internetstemmen_met_RIES_onder_de_loep
Unie van Waterschappen: Aanbevelingen van de Raad van Europa, Evaluatie voorziening internetstemmen RIES, conform artikel 5 onderdeel b Regeling waterschaps-verkiezingen 2008, version 6 (June 2008), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77726/evaluatieaanbevelingenraadvaneuropa.pdf
GOVCERT.NL: Webapplicatie-scan, Kiezen op Afstand (September 1, 2006), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/webapplicatie-scan.pdf
Ministerie van Binnenlandse Zaken en Koninkrijksrelaties: Stemmachines, een verweesd dossier (April 17, 2007), http://www.minbzk.nl/contents/pages/86914/rapportstemmachineseenverweesddossier.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gonggrijp, R., Hengeveld, WJ., Hotting, E., Schmidt, S., Weidemann, F. (2009). RIES - Rijnland Internet Election System: A Cursory Study of Published Source Code. In: Ryan, P.Y.A., Schoenmakers, B. (eds) E-Voting and Identity. Vote-ID 2009. Lecture Notes in Computer Science, vol 5767. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04135-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-04135-8_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04134-1
Online ISBN: 978-3-642-04135-8
eBook Packages: Computer ScienceComputer Science (R0)