Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Master's Thesis |
| Scope | Discipline-based scholarship |
| Title | Identity Management in a Decentralized Remote Electronic Voting System |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2021 |
| Abstract Text | Remote Electronic Voting (REV) systems introduce new challenges that do not exist in the in-person or postal voting process. The right of ballot secrecy poses one of its core challenges. Identity verification is closely coupled with the voters' privacy and plays a crucial role in REV systems. However, the digital identities that are used for most online services today, do not respect data protection. Most applications outsource identity management to third parties such as Google and Facebook, allowing them to track their users across many other services. The convenience of only having one account for most online interactions comes at a price in the form of privacy intrusion. The problem is that users do not own their digital identity but Identity Providers (IdPs) are responsible for issuing, storing and verifying credentials. As a consequence of having a single entity in charge of all three duties, IdPs aggregate vast amount of sensitive data and become a popular target with cyber criminals. Another challenge for a digital identity is that many credential are issued in the form of physical documents. Analyzing, evaluating and verifying the security features of physical credentials in the digital world results in a probabilistic outcome. Thus, physical credentials are considered non-native to the web and require slow, expensive and error-prone verification methods. Self-Sovereign Identity (SSI) is a form of digital identity that allows users to regain control by maintaining the credentials and selectively disclose them with trusted entities without the need of a Trusted Third Party (TTP) and without a cumbersome certificate verifi cation process. This thesis focuses on Identity Management (IdM) systems of REV applications and conducts a security analysis on Provotum's authentication and authorization process. The result of the audit discloses several vulnerabilities in terms of privacy and security due to the trusted role of the IdP and the usage of email addresses as identifiers. An SSI-based authentication and authorization system is designed and implemented addressing the privacy and security concerns. The new design radically changes the processes of credentials issuance, storage and disclosure which is crucial for providing privacy to voters. Instead of using a prede fined list of eligible identifiers from an internal IdM system, an election is configured such that voters can only participate if the necessary credentials are presented. The digital certificates used in the new architecture are cryptographically linked to Decentralized Identifi er (DID) which are maintained on a public permissionless ledger. The combination of self-certifying, ledger-based identi ers and credentials that can selectively be disclosed and veri ed by anyone without the need of a TTP, guarantees a higher degree of privacy and security by design. |
| PDF File |
Download
|
| Export |
BibTeX
|