Download
1 / 13
130 likes | 271 Vues
This paper discusses the integration of trusted components, such as tamper-proof smart cards, in electronic voting systems. It explores the challenges posed by untrusted components and the complexities of verification in voting processes. The author highlights the need for a robust framework that secures the voting method while addressing potential weaknesses, including human verification difficulties. By comparing human cognitive abilities to computer limitations, the work sheds light on innovative AI applications, such as 3-D image processing, to enhance the security and integrity of electronic voting systems.
E N D
Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology andre@cc.gatech.edu
Electronic Voting • Assumptions: • There is a framework for electronic voting • All the crypto is embedded in the framework. • Smart cards, USB tokens, or any other portable tamper resistant device adds security to electronic voting. • Problem: • Would a tamper proof smart card solve all problems of electronic voting?
What is the problem? I vote for John • The devices that are used for direct I/O with a human needs to be tamper proof. • So, not only the card needs to be tamper proof …. Hommer’s Vote is for Bob • Or NOT ????
Hard AI Problems • Informally, something that humans can do easily but computers can't. • CAPTCHA -- Completely Automated Turing Test to Tell Computers and Humans Apart • Generate random message, transform it, ask human to repeat it • Transformation problem: • Subset of hard AI problems that transform a message • Example: distort text of message so that only humans can read it
KHAP: Keyed Hard AI Problems • A transformation problem that includes a shared secret key • Instances generated with different keys are distinguishable • Computers can't steal keys from messages • Formalisms (t=T(m,k) is (α, β, γ, δ, ε, ζ)-keyed transformation) • the probability that a human can extract m from t is at least α • the probability that a human with knowledge of k can correctly verify whether k was used to create t is at least β • there does not exist a computer program that runs in time ζ such that the probability of the program extracting m from t is greater than γ • there does not exist a computer program that runs in time ζ such that the probability of the program extracting k from t is greater than δ • let A be a computer program that modifies t to include m’ ≠m; there does not exist an A that runs in time ζ such that the probability of a human failing to detect the modification is greater than ε
3-D Keyed Transformation • Render text and objects in a 3-D scene to 2-D image (raytrace) • Randomize parameters (lighting, position, rotation, size, colors) • Human can read text from 2-D image • Key is appearance of objects • Human looks for particular objects in scene • Scene is hard to modify in a meaningful way (shadows, reflections, finding objects) • Provide authenticity (presence of keys) and integrity (modifications can be detected by human)
Considerations • How does a human confirm a message? • Disconnect, or not, trusted platform • When should you connect your platform? • Confirmation word • How does a low computing power device performs the transformation? • Can use (semi) trusted servers connected using an anonymizing network • Needs to worry about covert channels • What is the best transformation? • Others examples are speech and text.
Considerations • Replays and Human Professors • Time stamps • Aging • Spatial relationships • Easy to guess keys • Cute puppy dog! • May be easier to avoid
Conclusions • This is a general approach for interacting with trusted computers • Many features of electronic voting systems help the use of this approach • Easy to use • Avoid computation, memory aids: ask humans to do what they do best • Some problems are intuitive (e.g., recognizing voice)
