IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
March 17, 2011

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

Indusface helps secure India’s first online state elections

Indusface, a leading end-to-end information security organization announced that it would be assisting the State Election Commission, Government of Gujarat in securing its forthcoming online municipal elections to be held in the city of Gandhinagar, Gujarat state as part of its ongoing engagement with the government.

In past, Indusface had also successfully helped in securing the online voting system for the elections of six municipal corporations in the State of Gujarat, which were held last year.

The State Government of Gujarat created history in India by introducing the country’s first online voting system in the elections and Indusface was selected by State Election Commission (SEC) – Gujarat as an independent security advisor, auditor and a monitoring agency to help secure the online voting system by ensuring that the system satisfied four major requirements i.e. authentication, availability, confidentiality and integrity.

Authentication: The voting system can correctly identify the authenticity of a voter. All stages of voting can guarantee that a ballot is authentic. The voter is eligible to vote and only votes one time.

Availability: The voting system must be available to the voters at specified and predefined time. The online voting system must be able to resist denial of service attacks, viruses, and the likes.

Confidentiality: Only authorized officials have access to ballots. The secret ballot must be maintained and eavesdroppers must not be able to view a cast ballot.

Integrity: Only authorized officials have access to the election canvas and only the individual voter has access to their personal ballot. Ballots would not be tampered with when being transferred to the election server.

“I am extremely impressed with the quality and depth of security understanding at Indusface. They played their role of insulating the online voting system from known and unknown threats to perfection. We look forward to working together with Indusface in upcoming elections.” said K. C. Kapoor – State Election Commissioner, Gujarat.

“Securing a system which has no precedence, implemented for the first time in India and that too requiring protection of the fundamental right of a citizen was a huge responsibility that Indusface was asked to shoulder and I am extremely proud of my team to have delivered successfully and as per the set expectations and ensured secure elections for this Government of Gujarat initiative,” said Ashish Tandon, CEO – Indusface. “I also congratulate the State Government and the Election Commission on achieving this landmark milestone.”

Indusface through its team of experienced and certified information security professionals are involved in the election process right from its inception and provide its services during the following phases to the State Election Commission.

Advisory services during the requirement study and design phase:

– Registration and secure authentication of online voters to the online voting system – ensuring issues of vote theft, voter privacy etc. are addressed.

– Issues related to communication infrastructure – such as election servers getting flooded by DDOS, attackers causing routers to crash etc. leading to disenfranchisement of the system.

– Issues related to security, authentication & secrecy of the online voting system (web application, os, database, network, security devices, digital certificates, encryption, phishing and malware attacks etc.)

– Defining the process to check and eliminate possibilities of a back door in the supplied online voting system, which could potentially lead to a compromise of the elections.

– Potential insider and social engineering attacks on the voting system leading to a compromise of the elections.

Security Audit during the Development & Deployment phase:

– Conducting a thorough assessment of the online voting system from an application, network, operating system, security devices, database, people and process perspective. Security assessment was carried out based on globally accepted standards and best practices such as ISO 27001, IT Act 2000, OWASP, OSSTMM etc.

– Perform an application security audit based on CERT-In guidelines.

– Data center audit of the main and disaster recovery sites which includes high availability of the systems, physical security and monitoring, power back up, temperature control, networking, hardware, software etc.

– Security audit of the systems used by returning officers (RO). The RO’s are responsible for starting and closing elections in their respective wards as also counting of votes.

Security Monitoring Services:

– 24*7 monitoring of the online voting system against phishing, malware and DDOS attacks, security incidents and events.

Related Topics

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments