1 / 13

Providing Trusted Paths Using Untrusted Components

Providing Trusted Paths Using Untrusted Components. Andre L. M. dos Santos Georgia Institute of Technology andre@cc.gatech.edu. Electronic Voting. Assumptions: There is a framework for electronic voting All the crypto is embedded in the framework.

hellerb
Télécharger la présentation

Providing Trusted Paths Using Untrusted Components

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology andre@cc.gatech.edu

  2. Electronic Voting • Assumptions: • There is a framework for electronic voting • All the crypto is embedded in the framework. • Smart cards, USB tokens, or any other portable tamper resistant device adds security to electronic voting. • Problem: • Would a tamper proof smart card solve all problems of electronic voting?

  3. Do You Know to Whom are you Voting ?

  4. What is the problem? I vote for John • The devices that are used for direct I/O with a human needs to be tamper proof. • So, not only the card needs to be tamper proof …. Hommer’s Vote is for Bob • Or NOT ????

  5. Hard AI Problems • Informally, something that humans can do easily but computers can't. • CAPTCHA -- Completely Automated Turing Test to Tell Computers and Humans Apart • Generate random message, transform it, ask human to repeat it • Transformation problem: • Subset of hard AI problems that transform a message • Example: distort text of message so that only humans can read it

  6. KHAP: Keyed Hard AI Problems • A transformation problem that includes a shared secret key • Instances generated with different keys are distinguishable • Computers can't steal keys from messages • Formalisms (t=T(m,k) is (α, β, γ, δ, ε, ζ)-keyed transformation) • the probability that a human can extract m from t is at least α • the probability that a human with knowledge of k can correctly verify whether k was used to create t is at least β • there does not exist a computer program that runs in time ζ such that the probability of the program extracting m from t is greater than γ • there does not exist a computer program that runs in time ζ such that the probability of the program extracting k from t is greater than δ • let A be a computer program that modifies t to include m’ ≠m; there does not exist an A that runs in time ζ such that the probability of a human failing to detect the modification is greater than ε

  7. Protocol

  8. 3-D Keyed Transformation • Render text and objects in a 3-D scene to 2-D image (raytrace) • Randomize parameters (lighting, position, rotation, size, colors) • Human can read text from 2-D image • Key is appearance of objects • Human looks for particular objects in scene • Scene is hard to modify in a meaningful way (shadows, reflections, finding objects) • Provide authenticity (presence of keys) and integrity (modifications can be detected by human)

  9. E-Voting using 3-D Images

  10. E-Voting using 3-D Images

  11. Considerations • How does a human confirm a message? • Disconnect, or not, trusted platform • When should you connect your platform? • Confirmation word • How does a low computing power device performs the transformation? • Can use (semi) trusted servers connected using an anonymizing network • Needs to worry about covert channels • What is the best transformation? • Others examples are speech and text.

  12. Considerations • Replays and Human Professors • Time stamps • Aging • Spatial relationships • Easy to guess keys • Cute puppy dog! • May be easier to avoid

  13. Conclusions • This is a general approach for interacting with trusted computers • Many features of electronic voting systems help the use of this approach • Easy to use • Avoid computation, memory aids: ask humans to do what they do best • Some problems are intuitive (e.g., recognizing voice)

More Related