-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathissues
More file actions
executable file
·67 lines (42 loc) · 2.91 KB
/
Copy pathissues
File metadata and controls
executable file
·67 lines (42 loc) · 2.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# GitHub Issues
https://github.com/colinwirt/sec-soft-sys-a3/issues
1. SHA-256 MAC / hash of each vote to prevent modification
Integrity: each vote cast shall include the polling client instance id, a serial number
from the polling client, timestamp, vote contents and a SHA-256 hash of all the content.
Integrity checks will be performed on 100% of votes before result computation occurs.
2. Encryption of voter name and address to protect PII in the electoral roll
encrypt DB field contents
https://github.com/colinwirt/sec-soft-sys-a3/issues/53
3. The encrypted and sign HMAC audit log (outside the DBMS such as an audit.log file) should record all voting transactions,
with a timestamp of nanoseconds, be kept for 10 years, and be verified by the annual legal audit.
It cannot be tampered with.
Non-repudiation / Integrity: All edits to the CMS by AEC Delegates shall be logged with user,
timestamp, edit details, and HMAC SHA-256 row hash, with logs reviewed by auditors within 24 hours of any change.
https://github.com/colinwirt/sec-soft-sys-a3/issues/10
5. Colin - Implement WAF in Docker configuration with API request rate-limiting
application proxy
apply rate-limiting, 10 requests per minute, for example
https://github.com/colinwirt/sec-soft-sys-a3/issues/7
6. Integrity: Access control roles shall restrict AEC Delegates to modifying
candidates only within their assigned geographic area, enforced by multiple layers of role checks on every edit.
https://github.com/colinwirt/sec-soft-sys-a3/issues/4
7. (Word #9) Voting outside Australia
Implement Geo-filtering based on IP
allow specific origin IP addresses which may be AEC-approved VPNs
https://github.com/colinwirt/sec-soft-sys-a3/issues/3
8. Implement MFA for all accounts including Voters
Support one-time codes via SMS or email (e.g., integrate with Twilio).
Support authenticator app TOTP (Time-based One-Time Password), which is easy to implement in Python.
Optionally support Passkeys (FIDO2/WebAuthn) where devices and browsers allow.
9. Eligibility Verification and One Vote per Person
The system shall ensure that each eligible voter can cast only one ballot.
Duplicate voting attempts must be automatically detected and rejected by the vote casting subsystem.
10. Disaster Recovery and Data Backup
The system shall back up all critical election data (votes, logs, configurations) to secure off-site storage every hour.
Full system recovery must be possible within two hours to maintain election continuity.
11. Non-repudiation of Results
Final election results shall be digitally signed with the Election Commission’s private key before publication.
Any recipient can verify authenticity using the Commission’s public key.
12. Secure Session Management (zayn)
All user sessions (voter and staff) shall use signed, short-lived tokens (e.g., JWT).
Sessions must automatically expire after 15 minutes of inactivity to prevent misuse.