System security of POLYAS online voting software
To offer the highest integrity, availability and security in your POLYAS online election, we’ve developed complete monitoring, cutting-edge encryption and a sustained backup-concept for POLYAS CORE 2.5.0 and POLYAS CORE 3. Learn more about POLYAS security standards – your provider of legally-binding online elections.
Regular system security checks by POLYAS
The POLYAS security strategy is our central guiding principle in product development and process design. Here we consider access rights, data backups and stability of the systems.
Secure online voting: encryption
In both POLYAS CORE 2.5.0 and POLYAS CORE 3, vote submission occurs exclusively via a TLS-encrypted connection via server certificate of D-Trust GmbH. This prevents ballots from being manipulated in transmission over the internet. In POLYAS CORE 3, encryption also occurs in voters’ browsers to ensure that ballots are encrypted when created, transported and saved.
Penetration test with external auditors
Penetration tests are performed by external security auditors on the POLYAS system at least annually. Over a number of few weeks, all relevant security components are checked in different scenarios and user-rolls. Our external auditors perform unannounced tests on all components of the online voting system (vote submission system, servers) as well as our working infrastructure and the website. This is how we are able to quickly identify and eliminate potential points of weakness. A source code audit also allows us to identify security relevant weak spots.
Preventing brute-force attacks
POLYAS prevents brute-force attacks from acquiring passwords of voters and election administrators by strictly limiting the number of login attempts per time-unit and IP-address. All passwords for the POLYAS online voting system are hashed with SHA-256 algorithms which increases the effort needed to conduct attacks using the brute-force method.
Protection agains DDoS attacks
The POLYAS online voting system is distributed de-centrally on multiple separate servers. This means there is no single point of failure in the system and allows possible DDoS attacks to be quickly dealt with. Our voting system is hosted on the Open Telekom Cloud which is in the only provider with DDoS mitigation.
System availability at POLYAS
The availability of POLYAS online voting software CORE 2.2.3 and CORE 3 can be at least 98% guaranteed during the election time period. This goes for voting software and the use of all available functions in the POLYAS online voting system. This is how POLYAS ensures that the voting software is free of technical faults during the contract-period, as well as any viruses and malware that could impair its functional reliability and security.
All election data is stored across different servers. If one server is unexpectedly inaccessible, the election can be transferred to an environment with a different hosting-provider. Additionally, we make regular backups of all live elections (including votes submitted, electoral roll data) to prevent the loss of election or submitted vote data.
Learn more about the POLYAS online voting system in our FAQs
Verified system security of POLYAS online voting software
Security of the POLYAS online voting system is constantly tested and confirmed by independent, external parties.
POLYAS CORE 2.5.0 software has been successfully verified by the German Research Center for Artificial Intelligence on behalf of the German Federal Office for Information Security as complying with all requirements for online voting products under common criteria standards.
POLYAS CORE 3 has also been checked by independent partners and the German Informatics Society is our partner in developing additional audit measures, such as measures for universal and individual verification.
Do you have further questions regarding the verification of system security at POLYAS?
As election organizer, you can check that the election and vote-count ran correctly once the election has concluded. This allows you to make sure your online election with POLYAS ran securely and with integrity in every respect.