Skip to main content
SpringerLink
Log in
Book cover

Proceedings of the International Conference on IT Convergence and Security 2011 pp 51–67Cite as

Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting

  • Conference paper
  • First Online:

  • 1349 Accesses

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 120))

Abstract

Well-established security models exist for testing and proving the logical security of IT systems. For example, we can assert the strength of cryptographic protocols and hash functions that prevent attackers from unauthorized changes of data. By contrast, security models for physical security have received far less attention. This situation is problematic, especially because IT systems are converging with physical systems, as is the case when SCADA systems are controlling industrial processes, or digital door locks in apartment buildings are replacing physical keys. In such cases, it is necessary to understand the strengths, weaknesses and combinations of physical and digital security mechanisms. To realize this goal, we must first learn how security requirements are realized by the physical environment alone and this paper presents a method for analyzing this, based on the KAOS requirements engineering framework. We demonstrate our method on a security-critical case, namely an election process with paper ballots. Our analysis yields a simple ontology of physical objects used in this process, and their security-relevant properties such as visibility, inertness and spatial architecture. We conclude with a discussion of how our results can be applied to analyze and improve the security in other processes and perform trade-off analysis, ultimately contributing to models in which physical and logical security can be analyzed together.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    By a "digital X" we mean an X realized in software.

  2. 2.

    For brevity, we will not elaborate on the distinction between KAOS goals and requirements.

  3. 3.

    Concerning the scope of the research, we focus on democratic voting inside a polling station using a voting booth. For a detailed investigation of remote voting (including postal voting) we refer to Puiggali and Morales-Rocha [18] and Krimmer and Volkamer [19].

References

  1. Grove J (2004) ACM statement on voting systems. Comm ACM 47(10):69–70

    Article  MathSciNet  Google Scholar 

  2. Yasinsac A, Bishop M (2008) The dynamics of counting and recounting votes. IEEE Secur Privacy 6(3):22–29

    Article  Google Scholar 

  3. Kim KY, Kim DJ, Lee BG (2011) Pre-test analysis for first experiences of korean e-voting services, in future information technology, ser. communications in computer and information science. Park JJ, Yang LT, Lee C (eds) vol 185. Springer, Berlin, pp 272–279

    Google Scholar 

  4. Probst C, Hansen R, Nielson F (2007) Where can an insider attack? in formal aspects in security and trust, ser. LNCS, vol 4691. Springer, Berlin, pp 127–142

    Book  Google Scholar 

  5. Dimkov T, Pieters W, Hartel P (2010) Portunes: representing attack scenarios spanning through the physical, digital and social domain, in ARSPA-WITS, 2010

    Google Scholar 

  6. Weldemariam K, Villafiorita A (2011) Procedural security analysis: a methodological approach. J Syst Softw 84(7):1114–1129

    Article  Google Scholar 

  7. Bryl V, Dalpiaz F, Ferrario R, Mattioli A (2009) Evaluating procedural alternatives: a case study in e-voting. Electron Government, Int J 6(2):213–231

    Article  Google Scholar 

  8. Pardue H, Landry J, Yasinsac A (2009) A risk assessment model for voting systems using threat trees and monte carlo simulation. In: Proceedings of the 2009 1st international workshop on requirements engineering for e-voting systems, IEEE Computer Society, pp 55–60

    Google Scholar 

  9. Harris J (1934) Election administration in the United States. The Brookings Institution, Washington

    Google Scholar 

  10. OSCE Office for Democratic Institutions and Human Rights (ODIHR), Guidelines for reviewing a legal framework for elections. ODIHR, 2001

    Google Scholar 

  11. Handbook for domestic election observers. ODIHR, 2003, ISBN 83-912750-8-6

    Google Scholar 

  12. Election observation handbook, 5th edn. ODIHR, 2005, ISBN 83-60190-00-3

    Google Scholar 

  13. Haley C, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133–153

    Article  Google Scholar 

  14. OSCE/ODIHR Expert group report 11–30 May 2009, Elections to the European Parliament 4–7 June 2009. ODIHR, September 2009

    Google Scholar 

  15. Ministery van Binnenlandse Zaken en Koninkrijksrelaties (2009) Werkmap voor stembureauleden - versie ‘stemmen in een willekeurig stemlokaal’. (in Dutch)

    Google Scholar 

  16. van Lamsweerde A (2009) Requirements engineering: from system goals to UML models to software specifications. Wiley, New York

    Google Scholar 

  17. Jonker H (2009) Security matters: privacy in voting and fairness in digital exchange. Ph.D. dissertation, University of Luxembourg/Technische Universiteit Eindhoven, Luxembourg

    Google Scholar 

  18. Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requirements Eng 13(3):241–255

    Article  Google Scholar 

  19. Langer L, Schmidt A, Buchmann J, Volkamer M (2010) A taxonomy refining the security requirements for electronic voting: analyzing helios as a proof of concept. In: 2010 international conference on availability, reliability and security. IEEE, pp 475–480

    Google Scholar 

  20. Puiggali J, Morales-Rocha V (2007) Remote voting schemes: a comparative analysis, in e-voting and identity ser. LNCS, vol 4896. Springer, Berlin, pp 16–28

    Google Scholar 

  21. van Cleeff A, Dimkov T, Pieters W, Wieringa RJ (2011) The security of paper voting. Universiteit Twente, Technical Report, October 2011, in preparation

    Google Scholar 

  22. California Institute of Technology and The Massachusetts Institute of Technology Corporation (2001) VOTING: What is; what could be

    Google Scholar 

  23. van Eerden J, de Jong R (eds) (2008) Fraude en ongewenste beïnvloeding bij verkiezingen. Kiesraad, (in Dutch

    Google Scholar 

  24. Norden L (2006) The Machinery of democracy: voting system security, accessibility, usability and cost. Brennan Center for Justice at NYU School of Law, New York

    Google Scholar 

  25. Jones D (2005) Threats to voting systems. In: NIST workshop on threats to voting systems, http://vote.nist.gov/threats/papers/threats_to_voting_systems.pdf. Retrieved 20 Aug 2011

  26. Chaum D, Carback R, Clark J, Essex A, Popoveniuc A, Rivest R, Ryan P, Shen E, Sherman A (2008) Scantegrity ii: End-to-end verifiability for optical scan election systems using invisible ink confirmation codes. In: Proceedings of the USENIX/Accurate electronic voting technology workshop, 2008

    Google Scholar 

  27. Krimmer R, Volkamer M (2005) Bits or paper? comparing remote electronic voting to postal voting. In: EGOV (Workshops and Posters), 2005, pp 225–232

    Google Scholar 

  28. Jones D (2005) Chain voting http://vote.nist.gov/threats/papers/ChainVoting.pdf. Retrieved 20 Aug 2011

  29. Spycher O, Haenni R, Dubuis E (2010) Coercion-resistant hybrid voting systems. In: Krimmer R, Grimm R (eds) 4th international workshop on electronic voting, Bregenz, Austria, 2010

    Google Scholar 

Download references

Acknowledgements

This research is supported by the research program Sentinels (www.sentinels.nl). Sentinels is being financed by Technology Foundation STW, the Netherlands Organization for Scientific Research (NWO), and the Dutch Ministry of Economic Affairs.

Author information

Authors and Affiliations

  1. Computer Science Department, University of Twente, PO Box 217, 7500 AE, Enschede, The Netherlands

    André van Cleeff, Trajce Dimkov, Wolter Pieters & Roel Wieringa

Authors
  1. André van Cleeff
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Trajce Dimkov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wolter Pieters
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roel Wieringa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to André van Cleeff .

Editor information

Editors and Affiliations

  1. , Convergence Security, Kyoung-gi University, Iui-dong San 94-6, Suwon, Gyeonggi-do, 443-760, Korea, Republic of (South Korea)

    Kuinam J. Kim

  2. , Computer Science, Sungkyunkwan University, Cheonchoen-dong, Jangan-gu 300, Suwon, Gyeonggi-do, 110-745, Korea, Republic of (South Korea)

    Seong Jin Ahn

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer Science+Business Media B.V.

About this paper

Cite this paper

van Cleeff, A., Dimkov, T., Pieters, W., Wieringa, R. (2012). Realizing Security Requirements with Physical Properties: A Case Study on Paper Voting. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-2911-7_5

  • Published:

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-2910-0

  • Online ISBN: 978-94-007-2911-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation