Recommendation ITU-T X.1406 (07/2021) Security threats to online voting systems using distributed ledger technology
Summary
History
FOREWORD
Table of Contents
Introduction
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Model and security considerations of online voting systems using DLT
     6.1 Model of online voting systems using DLT
     6.2 Security considerations of online voting systems using DLT
          6.2.1 Data confidentiality
          6.2.2 Verifiability
          6.2.3 Robustness
          6.2.4 Receipt-free status
          6.2.5 Correctness
          6.2.6 Integrity
          6.2.7 Uniqueness
          6.2.8 Voter authentication
          6.2.9 Coercion resistance
          6.2.10 Zero trust status
7 Security threats in the online voting process
     7.1 Threats to data confidentiality
          7.1.1 Disclosure of PII of a voter during transmission
          7.1.2 Disclosure of vote information and audit log during transmission
          7.1.3 Disclosure of voters list from database
          7.1.4 Disclosure of vote information and audit logs from a database on a DLN
     7.2 Threats to data integrity
          7.2.1 Tampering with a ballot paper during transmission
          7.2.2 Tampering with vote information and audit log during transmission
          7.2.3 Tampering with vote information and its audit log in a database on a DLN
          7.2.4 Tampering with a database voters list
     7.3 Threats to service availability
          7.3.1 Reduced service continuity of a DLN
          7.3.2 Reduced service continuity of nodes on DLN
          7.3.3 Reduced service continuity of voting
     7.4 Unauthorized access to an information system
          7.4.1 Unauthorized access to a voters list in a database
          7.4.2 Unauthorized access to a voting server
          7.4.3 Unauthorized access to nodes on a DLN
     7.5 Malicious behaviour
          7.5.1 Repudiation of ballot generation by an election administrator
          7.5.2 Multiple voting by a voter
          7.5.3 Repudiation of voting by a voter
          7.5.4 Casting a vote under coercion
          7.5.5 Infection with malware
          7.5.6 Fraudulent voting
          7.5.7 Bribery attack
          7.5.8 Randomization attack
          7.5.9 Forced-abstention attack
          7.5.10 Collusion attack
Appendix I  Use cases of online voting systems using distributed ledger technology
     I.1 Use case in the Republic of Korea
     I.2 Use case in Turkey [b-PR_TR]
     I.3 Use case in the United Kingdom [b-PR_UK]
Bibliography
<\pre>