RIES - Rijnland Internet Election System: A Cursory Study of Published Source Code

  • Rop Gonggrijp
  • Willem-Jan Hengeveld
  • Eelco Hotting
  • Sebastian Schmidt
  • Frederik Weidemann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5767)

Abstract

The Rijnland Internet Election System (RIES) is a system designed for voting in public elections over the internet. A rather cursory scan of the source code to RIES showed a significant lack of security-awareness among the programmers which – among other things – appears to have left RIES vulnerable to near-trivial attacks. If it had not been for independent studies finding problems, RIES would have been used in the 2008 Water Board elections, possibly handling a million votes or more. While RIES was more extensively studied to find cryptographic shortcomings, our work shows that more down–to–earth secure design practices can be at least as important, and the aspects need to be examined much sooner than right before an election.

Keywords

electronic voting internet voting RIES The Netherlands 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Gonggrijp, R., Hengeveld, W.-J.: Studying the Nedap/Groenendaal ES3B voting computer, a computer security perspective. In: Proceedings of the USENIX/Accurate Electronic Voting Technology workshop (2007)Google Scholar
  2. [2]
    Ministerie van Verkeer en Waterstaat: Regeling waterschapsverkiezingen 2008. 15 mei 2008/Nr. CEND/HDJZ-2008/587, Staatscourant 23 mei 2008, nr. 97 / pag. 11 (2008), http://www.wijvertrouwenstemcomputersniet.nl/images/e/e7/SC85731.pdf
  3. [3]
    Council of Europe: Recommendation Rec. (2004) 11 of the Committee of Ministers to member states on legal, operational and technical standards for e-voting (2004), https://wcd.coe.int/ViewDoc.jsp?id=778189
  4. [4]
    Gedrojc, B., Hueck, M., Hoogstraten, H., Koek, M., Resink, S.: Rapportage Fox-IT - Advisering toelaatbaarheid internetstemvoorziening waterschappen (2008), http://www.verkeerenwaterstaat.nl/Images/20081302%20Bijlage%201%20rapport_tcm195-228336.pdf
  5. [5]
    Hubbers, E.-M., Jacobs, B., Pieters, W.: RIES - Internet Voting in Action. In: Bilof, R. (ed.) COMPSAC 2005, Proceedings of the 29th Annual International Computer Software and Applications Conference, COMPSAC 2005, July 26-28, pp. 417–424. IEEE Computer Society, Los Alamitos (2005), http://www.cs.ru.nl/~hubbers/pubs/compsac2005.pdf Google Scholar
  6. [6]
    Hubbers, E.-M., Jacobs, B.: Stemmen via internet geen probleem.Automatisering Gids #42, p.15 (October 15, 2004), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/stemmenviainternetgeenprobleem.pdf
  7. [7]
    Hubbers, E., Jacobs, B., Schoenmakers, B., Van Tilborg, H., De Weger, B.: Description and Analysis of the RIES Internet Voting System (June 24, 2008), http://www.win.tue.nl/eipsi/images/RIES_descr_anal_v1.0_June_24.pdf
  8. [8]
    Van Ekris, J.: CIBIT, Beoordeling KOA, Een beoordeling van de integriteit van ”Kiezen op Afstand” (September 11, 2008), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/eindrapportcibit.pdf
  9. [9]
    Nijmegen University - Security of Systems:?Server Audit van RIES, (July 23, 2004), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/reportkun.pdf
  10. [10]
    Jonker, H., Volkamer, M.: Compliance of RIES to the proposed e-Voting protection profile, VOTE-ID 2007 (2007)Google Scholar
  11. [11]
    Groth, J.: CryptoMathic: Review of RIES (v 0.3), Cryptomathic A/S (January 21, 2004), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/reviewofries.pdf
  12. [12]
    Kruijswijk, L.: Internetstemmen met RIES onder de loep (2006), http://www.wijvertrouwenstemcomputersniet.nl/Internetstemmen_met_RIES_onder_de_loep
  13. [13]
    Unie van Waterschappen: Aanbevelingen van de Raad van Europa, Evaluatie voorziening internetstemmen RIES, conform artikel 5 onderdeel b Regeling waterschaps-verkiezingen 2008, version 6 (June 2008), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77726/evaluatieaanbevelingenraadvaneuropa.pdf
  14. [14]
    GOVCERT.NL: Webapplicatie-scan, Kiezen op Afstand (September 1, 2006), http://www.openries.nl/aspx/download.aspx?File=/contents/pages/77743/webapplicatie-scan.pdf
  15. [15]
    Ministerie van Binnenlandse Zaken en Koninkrijksrelaties: Stemmachines, een verweesd dossier (April 17, 2007), http://www.minbzk.nl/contents/pages/86914/rapportstemmachineseenverweesddossier.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Rop Gonggrijp
    • 1
  • Willem-Jan Hengeveld
    • 1
  • Eelco Hotting
    • 1
  • Sebastian Schmidt
    • 1
  • Frederik Weidemann
    • 1
  1. 1.Wij vertrouwen stemcomputers nietAmsterdamThe Netherlands

Personalised recommendations