As soon as Norway's code drop happens DemTech will be doing some analysis. From what I have heard, given that we had observers at the election in Norway, the problem came down to a single JavaScript statement being put in the wrong place in the code (initialization inside vs. outside of a loop)....
We'll be adding a snapshot of the system to our DemTech evoting systems repo this week too. https://github.com/demtech/evoting-systems
We have performed audits of several released evoting systems so far: Norway's system, Scantegrity II, The Netherland's KOA system, etc. I'm certain we'll see t...
Note that pentesting does not guarantee a secure system---it can only help raise confidence and do more accurate risk analysis, but is very subjective based upon the skill of the pentesters and the amount of time they have to do the analysis.
Sorry for being so quiet lately on all of these matte...
Allan,
Your more fundamental complaints about the social, political, and technical foundations of NemID's architecture resonate with me. I, too, think that there are fundamental problems with what we use today. In the short term, I try to objectively critically analyze what we have, make recom...
Peter, your comments on the advantages and disadvantages of relying upon third-party identification and authentication services are correct. Precisely characterizing the security profile of an authentication service that relies upon such n-factor authentications is troublesome, but generally rea...
Hello readers,
Your comments above are good ones. The solution that we are prototyping is meant to seem like a drop-in replacement for NemID but is actually quite different behind the scenes. E.g., no public interface to witness DDOS, no mandatory private key delegation, no Java on the client ...
Feel free to ask any questions you like about our R&D, development processes, methodologies, and tools, etc.
The development we do focuses on case studies to show off advanced concepts, tools, and techniques for mission-critical and safety-critical systems. Everything we do is fully Open...
Peter,
I think you missed the courses that I teach. Readers have also commented on other courses that do explore these topics, but perhaps not as aggressively as you and I would like (e.g., the Advanced Software Engineering course at ITU or the basic Software Engineering course here at DTU).
S...
Note that DemTech's response essentially says, "We think that objective trials are a good idea if you get the law in order by following these recommendations." Trials that are properly designed, strictly time limited, inexpensive, controlled, transparent can help reveal if evoting in...
I have nearly twenty years experience in running large IT projects, both in industry and academia. Suffice to say we know what we are doing on that front. Feel free to look up my LinkedIn profile for evidence.
Thanks for the coverage and comments!
The HAVA costs (estimated at over $2B USD ~= 10B dkk) are only the tip of the iceberg of total national costs in the U.S.A. Per-state estimates for the further costs of experiments, equipment, storage, maintenance, training, (re-)certification, salaries, ov...
Here is the recording:
https://c.deic.dk/p4nnxbkr1di/
Thanks for coming everyone, particularly Poul-Henning!
We had a completely full house (perhaps 200?) and another 37 watching online.
@Kim Jensen
You'll note that no where do I or DemTech suggest that evoting should be used for national elections. Instead, we ask whether or not this makes sense at all by posing a hypothesis.
The point of a scientific project is to propose a hypothesis and then objectively, rationally, test t...
Hi Joseph
Thank you for commenting here. Always easier when we can talk directly to the parties involved.
Couple of questions:
1) You say that you were involved in hacking the Dutch systems. Was that what we see in this video: https://www.youtube.com/watch?v=sSsyYKgwnVk ?
Rop Gonggrijp is...
Representatives from the government, the municipalities, and media will attend the lecture. So yes, we have the ear of the government, both via politicians and bureaucrats.
Kommentarer
the devil is in the details
Ghostery vs. DanskeBank
correctness and security evaluations of evoting systems
pentesting
reflections on technique
reflections on comments
clarification and comments
spouses
Q&A
Q&A
a part of my response to Peter (sent via email)
Re: Ivan Damgaard og hans viden
Re: Spørgsmål om ekspert uafhængighed
Re: 6 års udvikling af forskere?
Re: trillions of dkk in the U.S.A.
trillions of dkk in the U.S.A.
recording of the lecture is now available
Re: Att: Joseph Kiniry
Re: Att: Joseph Kiniry
Re: kommer der nogen fra folketinget