Add to collection(s) Add to saved
  1. Math
  2. Applied Mathematics

evs

advertisement 
Electronic Voting System
Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin
Dan S. Wallach IEEE Symp. On Security and Privacy 2004
VoteHere System Analysis, Philip Edward Varner’s thesis
Advances in Cryptographic Voting Systems, Ben Adida MIT
Ph.D. Disseration 9/2006
Diebold System Analysis
Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin
Dan S. Wallach IEEE Symp. On Security and Privacy 2004
Present a security analysis of the source code of a paper less
electronic voting system (Diebold).
Show this voting system far below even the most minimal security
standards applicable in other context. (strong words)
Problems include:
unauthorized privilege escalation,
incorrect use of cryptography,
vulnerabilities to network threats, and
poor software development processes.
They demonstrate that
Voter can cast unlimited votes without being detected
Insider Attacks:
Modify the votes
Violate voter privacy by matching vote with voters.
Better solution: EVS with “voter-verifiable audit trail” (print a paper
ballot that can be read and verified by voters.
EVS
10/11/2006
chow
2
VoteHere System Analysis
Philip Edward Varner’s thesis.
Some companies claimed online voting technical
problems are solved, only political/sociological
ones remained.
Analyze VoteHere system, include attrack tree
analysis/attacker models; abuse cases
EVS
10/11/2006
chow
3
Related Literature
Public Key Cryptography
Homomorphic Encryption
Zero Knowledge Proofs (Shamir How to share a
Secret, CACM 79 paper).
Cryptographic Voting Protocol
EVS
10/11/2006
chow
4
FOO92 Voting Scheme
Requirements of a secure election:
Completeness: All voters are counted correctly.
Soundness: A dishonest voter cannot disrupt voting
Privacy: All votes must be secret
Unreusability: no voter can vote twice
Eligibility: no one who isn’t allowed to vote can vote
Fairness: nothing must affect the voting (DDoS?)
Verifiability: no one can falsify the result of voting.
Validator and Counter
EVS
10/11/2006
chow
5
EAS College Voting System
Can we trust EAS IT?
For some non-critical, non-sensitive voting, vote
integrity/convenient can be enforced with just EAS IT.
Can we trust 3rd party server(s) to issue the
votes, authenticate voters, and collect votes?
Possibility of using campus IT servers, or other EAS
lab servers.
Should we separate voter authentication system
(VAS) with vote counting system (VCS)?
How to ensure the VAS does not talk to VCS?
Assume open source, how to ensure code is not
tempered during the voting period?
EVS
10/11/2006
chow
6
Voting
Ancient Greece: any politician got 6000 male
landowner votes was exiled for 10 years!
13th century Medieval Venice introduce approval
voting (thumb up/down)
US 1st election were viva-voce: voters sworn in
and called out their preferences.
Early 1800s paper ballots were
introduced/generally produced (pre-printed) by
political parties, called “party tickets”
1858 Australia introduced secret ballot, printed
by state, distributed to eligible voters, voted in
isolated booth.
EVS
10/11/2006
chow
7
DRE: Direct Recording by Electronic
PC type equipment running special purpose
voting software.
Lack tamper-proof audit-trail.
Bugs or malicious code may produce erroneous
results/undetected.
VVPAT: Mercuri 1992 proposed Voter-Verified
Paper Audit Trail. Print out a receipt visible to the
voter behind the glass (not taken with voter!);
voter gets to confirm or cancel her vote.
VVPAT first time significant used in US: 11/2006
with 5 states expected to implement it.
http://vote.nist.gov/032906VVPAT-jpw.pdf page 3
EVS
10/11/2006
chow
8
What Makes Voting So Hard?
Verifiability vs. Secrecy
Alice/Adrienne: two voter
Carl, a coercer wishes to influence Alice to vote
Red.
How to let Alice obtain enough info to personally
verify her vote was indeed recorded as Blue; but
not so much info that she could convince Carl
(selling vote).
No incentive for Carl to pay for votes.
Adversarial model for Airplane/ATM are less
demanding than for a federal election.
EVS
10/11/2006
chow
9
Failure Detection/Recovery Process
Those for Banks/Airplane failure are well
understood.
It is not clear failures in election can always be
detected.
Recovery often expensive or even impossible.
EVS
10/11/2006
chow
10
Incentive
Influencing the outcome of a federal US election
worth a lot of money.
2004 presidential campaign budget reaches $1B.
EVS
10/11/2006
chow
11
End-to-End Voting
EVS
10/11/2006
chow
Figure 1-3: End-to-End
Voting - only two
checkpoints are
required.
(1) The receipt
obtained from a
voter’s interaction
with the voting
machine is
compared against
the bulletin board
and checked by the
voter for
correctness.
(2) (2) Any observer
checks that only
eligible voters cast
ballots and that all
tallying actions
displayed on the
bulletin board are
12
valid.
End-to-End Verifiability (E2EV)
Rather than completely auditing a voting
machine’s code and ensuring that the voting
machine is truly running the code in question,
end-to-end voting verification checks the voting
machine’s output only.
Rather than maintain a strict chain-of-custody
record of all ballot boxes, end-to-end voting
checks tally correctness using mathematical
proofs.
Thus, the physical chain of custody is replaced
by a mathematical proof of end-to-end behavior.
Instead of verifying the voting equipment, end-toend voting verifies thechow
voting results.
EVS
13
10/11/2006
Advantage of E2EV
One need not be privileged to verify the election
Any one can check the inputs/outputs against the
mathematical proofs.
Cryptography makes end-to-end voting
verification possible.
Encryption  provide ballot secrecy
Zero-knowledge proofs  provide public auditing
of the tallying process
EVS
10/11/2006
chow
14
Bulletin Board of Votes
Cryptographic voting protocols revolve around a
central, digital bulletin board.
All messages posted to the bulletin board are
authenticated.
Any data written to the bulletin board cannot be
erased or tampered with.
Can be attacked by DDoS but there are known
solutions.
Name and ID# of voters are posted in
plaintexteligibilty
Voter’s name+encrypt(voter’s ballot) postedno
observer can tell whatchow
the voter chose.
EVS
15
10/11/2006
Casting and Tallying Processes
Casting process let Alice prepare her encrypted
vote and cast it to the bulletin board.
Tally process aggregates the encrypted votes
and produce a decrypted tally, with proofs of
correctness of this process posted to the bulletin
board for all observers to see.
Classical voting scheme performs complete/blind
hand-off (drop in a box).
Here cryptographic voting performs a controlled
hand-off:
Individual can trace vote’s entry into the system.
Any observer can verify the processing of these
encrypted votes into anchow
aggregated, decrypted tally.
EVS
10/11/2006
16
Cryptographic Voting
EVS
10/11/2006
chow
17
Secret Voter Receipt
To avoid vote selling/coercing, all current cryptographic
voting schemes require that voters physically appear at a
private, controlled polling location: it is the only known
way to establish a truly private interaction that prevents
voter coercion.
Zero
Knowledge
Proof
Neff’s
MarkPlege
EVS
10/11/2006
chow
18
Tallying the Ballots
The secret key for decryption is shared among a
number of election officials.
Two major techniques:
1. Homomorphic encryption: aggregation under the
covers of encryption; only aggregate tally needs
decryption.
2. Digital version of “shaking the ballot box”:
shuffled/scrambled multiple times by multiple
parties, dissociated from voter ID, then
decrypted
EVS
10/11/2006
chow
19
Randomize Threshold Public-Key Encryption
All cryptographic voting systems use randomized
threshold public-key encryption.
The public-key property ensures that anyone can
encrypt using a public key. The thresholddecryption property ensures that only a quorum
of the trustees (more than the “threshold”), each
with his own share of the secret key, can decrypt.
 Shamir’s how to share a secret.
In addition, using randomized encryption, a
single plaintext, e.g. Blue, can be encrypted in
many possible ways, depending on the choice of
a randomization value selected at encryption
time.  avoid cipher attack
EVS
chow
20
10/11/2006
Tallying under the Covers of Encryption
Using a special form of randomized public-key encryption
called homomorphic public-key encryption, it is possible
to combine two encryptions into a third encryption of a
value related to the original two, i.e. the sum.
For example, using only the public key, it is possible to
take an encryption of x and an encryption of y and obtain
an encryption of x + y, all without ever learning x or y or x
+ y.
First proposed by Benaloh, vote are encrypted either 0
(Blue) or 1 (Red)
In addition, a zero-knowledge proof is typically required
for each submitted vote, in order to ensure that each vote
is truly the encryption of 0 or 1, and not, for example,
1000. Otherwise, a malicious voter could easily throw off
the count by a large amount
with a single ballot.
EVS
chow
21
10/11/2006
Homomorphic public-key encryption
The entire homomorphic operation is publicly
verifiable by any observer, who can simply recompute it on his own using only the public key.
Unfortunately, homomorphic voting does not
support write-in votes well: the encrypted
homomorphic counters must be assigned to
candidates before the election begins.
EVS
10/11/2006
chow
22
Shaking the Virtual Ballot Box
A different form of tallying is achievable using a mixnet, as first
described by Chaum [39]
In a mixnet, a sequence of mix servers, each one usually operated
by a different political party, takes all encrypted votes on the bulletin
board, shuffles and rerandomizes them according to an order and a
set of randomization values kept secret, and posts the resulting set
of ciphertexts back to the bulletin board.
The next mix server then performs a similar operation, and so on
until the last mix server.
Then, all trustees cooperate to decrypt the individual resulting
encryptions, which have, by now, been dissociated from their
corresponding voter identity.
Each mix server must provide a zero-knowledge proof that it
performed correct mixing, never removing, introducing, or changing
the underlying votes.
EVS
10/11/2006
chow
23
Mixnet vs. Homomorphic
Mixnet is more difficult to operate the reencryption and shuffle processes must be
executed on a trusted computing base, keeping
the details of the shuffle secret from all others.
Two important advantages of Mixnet:
1.
2.
the complete set of ballots is preserved for election
auditing
free-form ballots, including write-ins, are supported.
EVS
10/11/2006
chow
24
Related documents
Political Participation
Political Participation
Note guides - private.watertown.k12.sd.us
Note guides - private.watertown.k12.sd.us
Chapter 8: Political Participation
Chapter 8: Political Participation
Name Hour ____ Date ______ Ch. 19 Voting Section 1 (pp564
Name Hour ____ Date ______ Ch. 19 Voting Section 1 (pp564
March on Washington for Jobs and Freedom
March on Washington for Jobs and Freedom
US Government Chapter 5-6-7 Test Study Guide Be sure to study
US Government Chapter 5-6-7 Test Study Guide Be sure to study
ch 8 review sheet participation
ch 8 review sheet participation
Download
advertisement