1 / 30

Secure Remote Electronic Voting

Secure Remote Electronic Voting. CSE-681 Fall 2006 David Foster and Laura Stapleton. Motivation. Current absentee ballot system requires a physical visit to the voting district authorities and one mailing or three mailings between voter and voting district authorities for every election

azalia-myers
Télécharger la présentation

Secure Remote Electronic Voting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Remote Electronic Voting CSE-681 Fall 2006 David Foster and Laura Stapleton

  2. Motivation • Current absentee ballot system requires a physical visit to the voting district authorities and one mailing or three mailings between voter and voting district authorities for every election • Increase voter turnout of overseas military and citizens, disabled voters, out-of-state college students, younger citizens, traveling businessmen, etc. • Increase confidence of election correctness by providing feedback to voters

  3. Characteristics of a Secure Voting System • Completeness • Soundness • Privacy • Unreusability • Eligibility • Fairness • Verifiability

  4. Threats to a Voting System • Insider Attacks • Denial of Service • Vote Buying / Vote Coercion • Virus

  5. Cryptographic Functions • Hash • Digital Signature • Blind Signature • Verifiable Mixing • Blind Commitment

  6. Hash h = H(k1, H(k2, M) • Used to ensure integrity of M • Computationally infeasible to find a different values of M, k1, or k2 that yield the same hash output h • k1 and k2 are random numbers to increase the strength of the resulting hash

  7. Digital Signature • Provides authentication and integrity • Using RSA, signature C of H(M) using secret key d by C = H(M)d mod n • Verify C by public key e by H(M) = Ce mod n • H(M) is hash of message M

  8. Blind Signature • Allows trusted authority to sign data that it can not see • Encrypt message using random number k and trusted authority’s public key e by B = Mke mod n • Authority signs with private key d by S = Mdk mod n • Blind signature extracted with k by C = (S / k) mod n = Md mod n

  9. Verifiable Mixing • Shuffle a list of encrypted data and pass it on to a second authority • Second authority has no way to construct original order • Any party can confirm all the original, unmodified data is present in the shuffled data, and no extra data was added • No one but the shuffler has access to original list

  10. Blind Commitment • Prove to an authority that data has been created and fixed without supplying the data itself • Data owner creates two random keys and calculates the hash h = H(k1 || k2 || M) • Data owner sends k2 and h to authority for safe keeping • Data owner sends k1 and M when data must be revealed and verified

  11. Existing Systems • Traditional (PCOS) • Direct Record Electronic (DRE) • Absentee • VoteHere VHTi • SERVE • EVOX with Multiple Administrators

  12. Traditional (PCOS) • Precinct Counted Optical Scan • Voter fills in circles on paper ballot • Takes completed ballot to optical scanner in a sleeve • Voter inserts paper ballot into scanner • Optical scanner records are transported to central district for processing

  13. Direct Record Electronic • Ballot stored electronically, no paper ballot used • Often use touch screens or push buttons • Paper records may be printed internally during or after an election, but are not subject to voter verification • Results usually reported on an electronic memory module or via modem

  14. Absentee • Registration requires a physical visit to the voting authority or a two-way mailing. • Ballot and return envelopes are mailed prior to election. • Voter completes ballot, encases it in an inner envelope, then mails it to the voting authority in an outer envelope up to the Saturday before Election Day. • Voting officials open the outer envelope, shuffle inner envelopes, then remove and process ballots.

  15. EVOX with Multiple Administrators • Extension of EVOX system • Reduces threat of insider attacks • More than half of the available Administrators must validate each voter • Commissioner • Manager Administrators Anonymizer Tallying • Server • Voter Voter Voter

  16. VoteHere VHTi • DRE system • Creates paper receipt for voter after casting the ballot • Voter may verify that his/her ballot was correctly received by officials • Anyone can verify correct tabulation of results

  17. Al 0,4 Bob 3,5 Clive 2,2 Dan 4,1 Al 4 5 2 1 3 0 No Bob No 2 0 4 5 1 3 Yes Clive 2 2 2 2 2 2 No Dan 5 2 4 3 1 0 VoteHere Receipt Example Choose columns for non-selections Blinded and committed ballot Unblind and decode results Choose column for selection Generate receipt 0 1 2 3 4 5

  18. SERVE • Secure Electronic Registration and Voting Experiment intended for trials in 2004 election • Developed as part of Federal Voting and Assistance Program (FVAP) • Ruled too insecure by Security Peer Review Group • Used Internet for transmissions and heavy use of public key cryptography

  19. Proposed System • Commissioner • Manager Administrators Anonymizer Tallying • Server • Modem Pool • Voter Voter Voter • SERVE’s cryptography • EVOX with Multiple Administrators’ structure • VoteHere’s public audit mechanisms • Bootable CD and modem pool for increased security

  20. Registration • Similar to absentee registration • Propose allowing voters to establish a window for remote voting

  21. Bootable CD • Self-contained, minimal operating system and ballot information • Private key and unique voter ID mailed with CD • Mailed to voters several weeks ahead of time • Voter may use CD to vote up until the Saturday before Election Day

  22. Modem Pool • Provides bridge between voting PCs and servers • Compared to Internet, more resistant to • Spoofing • DoS • Eavesdropping

  23. Administrators • Maintains list of voter IDs, voter public keys, and optionally ballot type information (district, party, etc.) • Each administrator receives a message for the blind commitment of the voter’s ballot EKAi+(V, EKV-(H(k1,i || k2,i || B), k2,i)) • Commits and returns ticket to voter EKV-(EKT+(EKAi-(H(k1,i || k2,i || B), k2,i, D)))

  24. Manager • Signs list of administrators a voter used to validate the ballot • Does not know which administrators were used • Only signs one list per voter ID • Voter sends EKM+(V, EV-( H(A||k1,1||…||k1,n))) • Returned ticket is EV+(EKM-(H(A||k1,1||…||k1,n)))

  25. Anonymizer • Voter sends completed ballot, verification tickets, and keys to unblind data EKANON+(V, EKV-(B, EKT+(EKM-(H(A || k1,1 || … || k1,n)), EKT+(EKA1-(H(k1,1 || k2,1 || B), k2,1, D)), ..., EKT+(EKAn-(H(k1,n || k2,n || B), k2,n, D)), kB, k1,1, ... k1,n, A))))

  26. Anonymizer • Anonymizer uses the list of voter IDs and public keys to decrypt the message. • It creates a list of voter IDs and partially unblinded ballots (B) for publication on the web. • It creates a list of B’s and the tallying server tickets, shuffles via verifiable mixing, and moves the list to the tallying server.

  27. Tallying Server • Ballot data from Anonymizer has the form B, EKT+(EKM-(H(A || k1,1 || … || k1,n)), EKT+(EKA1-(H(k1,1 || k2,1 || B), k2,1, D)), ..., EKT+(EKAn-(H(k1,n || k2,n || B), k2,n, D)), kB, k1,1, ... k1,n, A))) • All information present is protected by the tallying server’s public key, and no information about the specific voter is needed to decrypt, unblind, or verify data.

  28. Tallying Server • Tallying server uses Administrator keys and supplies data to confirm the following: • More than half of the Administrators signed the ballot. • The Manager signed a list that matches the Administrator tickets submitted. • The voter submitted the appropriate type of ballot. • The allowed number of selections for each question was not exceeded. • Unblinded ballots are converted to strings of “yes” or “no” and published to the web for public viewing.

  29. Implementation • Initially target overseas military and citizens (est. 6,000,000) • Create option for domestic voters • System scales linearly as number of voters increases

  30. Conclusion • Reduces number of communication steps between voting authorities and voters prior to the election • Increases voting availability to several demographics • Provides a more secure system than the prior systems • Allows more voters to confirm accuracy of election process, generating confidence in the system

More Related