Figure 1 depicts a general e-Voting scenario. The polling station consists of Authentication and Registration Server (ARS) and Counting Server (CS) which are connected with ballot boxes as well as registration and voter status computers. Internet voters are also able to vote by directly connecting to the ARS using a VPN. The Central Election Commission server holds all voter data including fingerprint data. Under this proposed approach the fingerprint data are pre-recorded during registration of the national ID card (or passport). The proposed model uses these fingerprint data for voter authentication. Each polling station receives from the CEC their respective voting list, which also contains the fingerprint data. The Counting Server has a X.509 digital certificate and its associated private key is generated and stored in a smart card. The Counting Server’s public and private keys are each 2048 bits long. The private key never leaves the smart card and access to it is protected by a Personal Identification Number (PIN). 

The key security requirements for the e-Voting system are confidentiality and integrity of the votes, and availability of the e-Voting system.

Using the CORAS approach of risk analysis, you will be required to identify and model applicable risks using Asset, Threat, Risk, Treatment, and Treatment Overview diagrams. Please ensure the following deliverables are met in your submission:

1. Set the scope and focus.

2. Describe the target (goals of analysis, target in use, business or organisation views of the target).

3. Understand assets and parties with their respective relationships (asset diagram).

4. High-level analysis of a list of unwanted incidents, threats, vulnerabilities, and threat scenarios.

5. Ranked list of assets, scale of risks, risk function and risk evaluation metrics.

6. Risk identification and estimation using the threat diagram.

7. Risk evaluation using risk diagram, including acceptable risks for further evaluation for treatment.

8. Risk treatment using treatment diagram. 

Hint: See Lab 7 for a tutorial on the CORAS methodology.

Reference:

[1] Blerim Rexha, Ramadan Dervishi, and Vehbi Neziri. 2011. Increasing the trustworthiness of e-voting systems using smart cards and digital certificates: Kosovo case. In Proceedings of the 10th WSEAS international conference on E-Activities (E-ACTIVITIES'11). World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, Wisconsin, USA, 208–212.