1 / 28

Cryptographic Voting Protocols: A Systems Perspective

Cryptographic Voting Protocols: A Systems Perspective. By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of the 14 th Usenix Security Symposium held in Baltimore on July 31st-August 5 th , 2005 Presenter: Rick Carback 11-16-05. Selection Criteria

zody
Télécharger la présentation

Cryptographic Voting Protocols: A Systems Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of the 14th Usenix Security Symposium held in Baltimore on July 31st-August 5th, 2005 Presenter: Rick Carback 11-16-05

  2. Selection Criteria Motivation Results New and Significant Goals of Secure Voting Systems Neff’s Protocol Attacks and Mitigations Subliminal Channels Human Unreliability Denial of Service Secure Voting Protocol Implementation Future Work Conclusions Overview

  3. Paper Selection Criteria • Chris Karloff and Naveen Sastry are both 5th year graduate students. • David Wagner • DIMACS Special Focus on Security Organizing committee member • ACM CCS 2004 Program committee member • USENIX Security 2006 Program committee member • IEEE Security & Privacy 2006 Program committee member

  4. Motivation • Chose protocols by Neff and Chaum because they are revolutionary • Viewed Neff and Chaum protocols as part of a complete voting system • What are the weaknesses of these schemes in complete systems if implemented? • Can these ideas work in the real world?

  5. Results

  6. New and Significant • Enumerates E-Voting goals • Analysis of Cryptographic Protocols in the larger systems context • Exposes weaknesses in implementation of cryptographic protocols • Provides countermeasures for these weaknesses • Identified new challenges and open problems in electronic voting systems.

  7. Goals of Secure Voting Systems • Cast-as-Intended • Counted-as-Cast • Verifiability • One voter, One vote • Coercion Resistance • Privacy

  8. Neff’s Scheme • Distributed Key Generation Protocol (Similar to Chaum's Scheme) • DRE constructs a VC, a matrix of BMPs. Each row represents one candidate. • BMPs are all (0, 0) or (1, 1) for the chosen candidate and (0, 1) or (1, 0) for the others.

  9. Neff’s Scheme (cont.) • DRE picks a pledge bit for each BMP for the chosen candidate, voter can verify by picking a side for each one. • OVC is created with this information. • Voter checks that challenge is correct on bulletin board.

  10. Vote Here Receipts

  11. Vote Here Bulletin Board

  12. Subliminal channels • Arises when DRE is free to chose the random values that are used. • All randomized encryption schemes can contain subliminal channels. (Goldwasser, 1984) • Through special selection of a random number r, the DRE can encode the sizeof(r) bits. • Can hide a bit by repeatedly choosing a random number until you get what you want. • Expected work is O(2x) to encrypt x bits.

  13. Random Subliminal Channel Attack • Neff's scheme makes extensive use of randomness. • Each BMP has one side of it revealing the random parameter used in that side of the pair. • If the DRE chooses the same random parameter for both sides it will always be revealed in the ballot. • The random parameter is guaranteed to be revealed, allowing a number of bits equal to the size of the parameter to be sent subliminally for each BMP.

  14. Avoiding Random Subliminal Attacks • Change protocol so that it does not require randomness • Very tricky • Random tapes • Trusted Hardware

  15. Semantic Subliminal Channels • Voters are unlikely to detect subtle changes (fonts, pixel, etc) • Can use simple policy, no computational complexity • Apparent only after decryption, not on the bulletin board

  16. Mitigating Semantic Channels • Unambiguous formats for ballots and all ballots tested for conformance • Bad ballots cannot be posted on the bulletin board • But this may violate other policies!

  17. Human Unreliability • Protocol security hinges on DRE not knowing how the voter will make future decisions • Interactions must happen in a particular order • Voter may not notice deviations in protocol • Voter must monitor DRE output • Most people don’t care • People often make mistakes • How does a voter prove the machine is wrong?

  18. Message Reordering

  19. Message Reordering (cont.)

  20. Message Reordering (cont.)

  21. Human Unreliability (cont.) • Discarded Receipts • DRE Generates Invalid Signature • Voter cannot prove if the receipt was forged • Printing incorrect DRE Machine ID • Ignoring voter input • Valid receipt, but not what voter chose

  22. Mitigating Human Unreliability • Parallel Testing • Voter Education • It should not be so hard to use a voting machine • Shredders for receipts • Verify Signature at voting station • Needs another set of trusted software/hardware • Preprinted Machine IDs

  23. Denial of Service • Malicious DREs can delete, alter, or stuff ballots • Detectable, but still effective • Malicious Tallying/Bulleting Board software • Could delete keys, ballots, etc. • Could be selective • Target polling stations favoring undesired candidate

  24. DoS Mitigation Strategies • Revote • Costly • Voter Verified Paper Audit Trail • Not secure

  25. Implementing Secure Voting Systems • Bulletin Board • Required Properties? What Architecture? • BSN Assignment • User Friendly Interfaces • Tallying Software Specification

  26. Future Work • Cryptographic protocols that prevent subliminal channels • Mix-net security models • Definition for security in the voting setting • Humans as protocol participants • Can we educate without discouraging participation and hurting trust?

  27. Conclusions • Every attack discussed requires malicious software (DRE/bulletin board/tallying) • Is this better than what we currently have? • What about non-malicious problems? • Connectivity? • Hardware failure?

  28. References • Votehere.com • “Cryptographic Voting Protocols: A Systems Perspective”, Chris Karlof, Naveen Sastry, David Wagner

More Related