====== Security ======

===== Current situation =====

:!: **WARNING**: currently, there is absolutely **NO** security in demexp (as of versions 0.6/0.8)!

Why? Because before securing things, we need to have an absolute clear view of things to secure (i.e. requirements). Is is not currently possible without precise knowledge of the delegation subsystem.

===== In the future =====

We want to provide reasonable proofs that our users can trust demexp to keep there vote secret and to do proper voting algorithm.

==== Security requirements ====

A [[http://thread.gmane.org/gmane.politics.organizations.demexp.devel/105/focus=105|first attempt at defining security requirements]].


====== Bibliography ======


===== Voting protocol =====

  * A very interesting paper on a low tech voting protocol //without any use of cryptography//! Unfortunatly unsuitable for Condorcet method. And several weaknesses are underlined in the paper. http://theory.lcs.mit.edu/~rivest/Rivest-TheThreeBallotVotingSystem.pdf And other weaknesses have been found: http://www.cs.princeton.edu/~appel/papers/DefeatingThreeBallot.pdf

  * http://hal.archives-ouvertes.fr/hal-00142440 //On privacy and anonymity in electronic and non electronic voting: the ballot-as-signature attack// A very interesting paper where the ballot of complex voting schemes (like ranking in Condorcet voting) is used as a **signature** to identify the voter and thus void voter anonymity. Some counter-measures are proposed.

===== Random generation =====

  * [[http://www.pinkas.net/PAPERS/gpr06.pdf|Paper by Z. Gutterman, B. Pinkas and T. Reinman [PDF] on potential weaknesses in the Linux random number generator]].

===== Programming with security in mind =====

  * [[http://www.dwheeler.com/secure-programs/|Secure Programming for Linux and Unix HOWTO -- Creating Secure Software]]