The BSI-certificate under Common Criteria for online voting
In 2016 certification for online elections was first awarded in Germany through the Federal Office for Information Security (BSI). POLYAS CORE 2.2.3. was thus the very first voting software that met the requirements of the protection profile under international Common Criteria.
Underpinning certification is the protection profile BSI-CC-PP-0037-2008 which outlines the system requirements that need to be met by online election systems. The functionality and trustworthiness of POLYAS online voting software has also been evaluated by the German Research Center for Artificial Intelligence (DFKI).
Online election security requirements
The basic security requirements for online voting products are guided by general democratic principles (free, equal, secret, general and direct). Accordingly, online elections carried out with POLYAS CORE 2.2.3 are secure under BSI requirements and meet the high security standards demanded by democratic elections.
POLYAS CORE 2.2.3 also satisfies the following requirements:
- Submitted votes can in no way be traced back to the identity of voters.
- Voters cannot provide proof to third parties of how they voted.
- Eligible voters must first be reliably identified and authenticated before casting their votes, ensuring only registered persons in the electoral roll can vote.
- Voters can only participate in the election once.
- Votes cannot be changed, deleted or amended as they are transmitted through the network.
- Submitted votes in the ballot box cannot be retrospectively changed, deleted or amended.
- Interim election results cannot be calculated.
On 15 March 2016 POLYAS CORE software received the security certificate BSI-DSZ-CC-0862-2016. That means: by complying with all procedures, certified online elections are now possible though POLYAS CORE 2.2.3.
Results of certification
The evaluation is documented in the certification report and includes all component system functions as well as the system architecture in its entirety.
The following statements about the POLYAS CORE 2.2.3 voting system were made in the certification report:
- The online voting system records all relevant security events for each system component in separate log files. The election committee can view these records in an understandable and readable form.
- Data integrity breaches trigger security warnings which are recorded and sent to the election committee by email.
- The list of eligible voters (electoral roll), which knows the identity of voters, and the ballot box, which saves submitted votes, are separate entities.
- Communication between voters and the ballot box is encrypted so that only actual voters have access. Votes themselves are also encrypted and saved with a random value.
- In the course of vote counting and archiving the election, a checksum is generated and used as protection against manipulation.