An Electronic Voting System Based On Blind Signature Protocol

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "An Electronic Voting System Based On Blind Signature Protocol"

Transcription

1 CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer Science Department s: Abstract This paper presents e-vote, an electronic voting system solution for the process of governmental elections. The proposed solution ensures the accuracy, the privacy, the verifiability, the convenience, and the democracy of the electoral process. The application is based on open standards in order to achieve the transparency required for such a voting system. Because of this requirement, the solution uses the service oriented architecture paradigm and the cryptographic blind signature protocol. Keywords: electronic voting, blind signature, service oriented architecture. 1. Introduction Simultaneously achieving security and privacy in electronic polls is a problem that must be solved if electronic systems are to be used for serious large-scale governmental elections. As new technologies emerge which address these concerns, electronic voting is likely to become increasingly appealing as an alternative to the traditional paper ballots method. Electronic elections have the potential of being cheaper and less time consuming to administer than conventional elections. Eventually electronic voting may be a viable solution to increasing voter participation and maximizing security by decreasing the number of frauds in governmental elections. However, if not carefully designed, electronic voting systems can be easily compromised, thus corrupting results or violating voters' privacy. Based on the description of a viable electronic voting system by Cranor, L.F. and Cytron, R.K. in [1] we adopted the following objectives: The system must be accurate: (1) it is not possible for a vote to be altered, (2) it is not possible for a validated vote to be eliminated from the final tally, and (3) it is not possible for an invalid vote to be counted in the final tally. In the most accurate systems the final vote tally must be perfect, either because no inaccuracies can be introduced or because all inaccuracies introduced can be detected and corrected. Partially accurate systems can detect but not necessarily correct inaccuracies. The system must be democratic: (1) it permits only eligible voters to vote and (2) it ensures that each eligible voter can vote only once. The system must be private: (1) neither election authorities nor anyone else can link any ballot to the voter who cast it and (2) no voter can prove that he or she voted in a particular way. The second privacy factor is important for the prevention of vote buying and extortion. Voters can only sell their votes if they are able to prove to the buyer that they actually voted according to the buyer's wishes. The system must be verifiable: anyone can independently verify that all votes have been counted correctly. A weaker definition of verifiability used by some authors allows that a system is verifiable if it allows voters to verify their own votes and correct any mistakes they might find without sacrificing privacy. Less verifiable systems might allow mistakes to be pointed out -- but not corrected -- or might allow verification of the process by party

2 MARIUS ION, IONUT POSEA AN ELECTRONIC VOTING SYSTEM BASED ON BLIND SIGNATURE PROTOCOL representatives but not by individual voters. Traditional voting systems generally only allow for minimal verification by party representatives. The system must be convenient: it allows voters to cast their votes quickly, in one session, and with minimal equipment or special skills. The paper presents in section 2 a critical analysis on existing solutions and related work. In the third section we present the cryptographic voting protocol and the architecture of the proposed solution. The final section presents the conclusions of the paper and future work related topics. 2. Related Work In [2], Cranor L.F. presents a simple electronic voting protocol designed to meet the necessary requirements as follows: Figure 1: A Simple Electronic Voting Protocol [2] This protocol, illustrated in Figure 1, would require the voter to submit to an electronic validator an electronic ballot with a voter identification number attached. The validator would use the identification number to check the voter off on a list of registered voters. Then the validator would strip off the identification number and send the ballot to an electronic tallier. The tallier would record the votes and add them to the election tally. This protocol has several major problems: voters could stuff the ballot box by using other voters' identification numbers; second, voters cannot really be sure that the validator program does not violate their privacy; third, there is no way to ensure that the validator does not alter ballots before sending them to the tallier or manufacture ballots that were never actually submitted by voters; fourth, there is no way to ensure that the tallier accurately records the votes [2]. Nurmi, Salomaa, and Santean [3] proposed an improved approach called "Two Agency Protocol," shown in Figure 2. Figure 2: The Two Agency Protocol [3] The electronic validator distributes a secret identification tag to each voter and then sends the tallier a list of all identification tags, with no record of the corresponding voters. Each voter sends the tallier his or her identification tag and an encrypted file containing a copy of the tag and the voted ballot. At this point the tallier can make sure the identification tag is valid, but the program has no way of examining the contents of the ballot. The tallier publishes the encrypted file, and the voter responds by sending the tallier the key necessary to decrypt it. When the election is over, the tallier publishes a list of all voted ballots and the corresponding encrypted files. At this point the voters can confirm that their votes were counted properly. Any voter who finds an error can protest by submitting the encrypted file

3 CSMR - COMPUTER SCIENCE MASTER RESEARCH, VOL. 1, NO. 1 (2011) and decryption key again. Because the encrypted file was published earlier, the tallier cannot deny having received it. This protocol is certainly an improvement, but it still has several problems: it does not protect voters' privacy if the tallier and validator collude and it does not solve the privacy problem completely because that would require voter to vote inside a voting booth [1]. Furthermore, the mechanism that allows voters to verify that their votes were counted correctly also allows them to prove that they voted in a particular way and the accuracy property is not completely satisfied because the tallier may cast votes for all the voters who have been assigned tags but do not exercise their right to vote. Another cryptographic voting protocol was proposed by Fujioka, A, Okamoto, T., and Ohta, K. in [4], shown in Figure 3. This protocol is based on blind signature scheme which is a class of digital signatures that allows documents to be signed without revealing its contents [5]. In this protocol, the voter prepares a voted ballot, encrypts it with a secret key, and blinds it. The voter then signs the ballot and sends it to the validator. The validator verifies that the signature belongs to a registered voter who has not yet voted. If the ballot is valid, the validator signs the ballot and returns it to the voter. The voter removes the blinding encryption layer, revealing an encrypted ballot signed by the validator. The voter then sends the resultant signed encrypted ballot to the tallier. The tallier checks the signature on the encrypted ballot. If the ballot is valid, the tallier places it on a list that is published after all voters vote. After the list has been published, voters verify that their ballots are on the list and send the tallier the decryption keys necessary to open their ballots. The tallier uses these keys to decrypt the ballots and add the votes to the election tally. After the election the tallier publishes the decryption keys along with the encrypted ballots so that voters may independently verify the election results. Figure 3: The Fujikota, Okamoto and Ohta Protocol [4] This protocol solves the issue raised by the colluding between the validator and the tallier. Unfortunately, it still has the same problems as the previous protocol: the validator could submit votes for the voters that haven t voted in their names and it also does not completely satisfy the verifiability property because the result of the elections cannot be verified by any interested party. 3. The e-vote Solution 3.1. The Cryptographic Voting Protocol The cryptographic voting protocol we proposed in this paper is based on blind signature protocol with several improvements. In our solution we started from the hypothesis that we have a secure authentication method which in this case is represented by an RSA key pair

4 MARIUS ION, IONUT POSEA AN ELECTRONIC VOTING SYSTEM BASED ON BLIND SIGNATURE PROTOCOL which was issued by a certified authority to each voter. Other authentications methods could be based on an ID card, biometric cards, etc. Another characteristic of the system is that the voter needs to exercise his voting right from a certified voting machine thus preventing vote selling or extortion. Figure 4: The evote Protocol First the voter prepares a voted ballot, and blinds it. This prepared package is sent afterwards using SSL secured channel to the validator entity. The validator verifies whether the voter is registered and has not yet voted and decides if the ballot is valid or not. The verification is done using the information extracted from the X509 certificate used for SSL communication for an accurate decision. In this way the validator can decide based on data extracted from a governmental database such a police or DMV database. If the ballot is valid, the tallier signs in blind the ballot and returns it to the voter through the SSL secured channel. The next step is that the voter removes the blinding factor, revealing a ballot signed by the validator. The voter then sends the resultant signed ballot to the tallier. The tallier checks the signature on the ballot and if the ballot is valid, the tallier records the vote. Otherwise, it signals an attempted fraud. In order to protect the voting process from fraud by replaying the messages containing the ballot to the tallier, we introduced a hash of the voter s public key which prevents the intruder from repeating a valid vote signed by the validator. The tallier will reject ballots which have the same hash number and have been received in the past. Using hash for the public key solves the problem above and also enforces the system privacy criterion by keeping the identity of the voter anonymous. One of the most important features is that we use SSL secure channels for communications between the voting entities and this ensures a new layer of security in the solution. Furthermore, this solution eliminates the need for the last three steps in the Fujioka, Okamoto, and Ohta [4] protocol. Because of this no voter can prove that he or she voted in a certain manner thus avoiding vote selling or extortion. Also the voter benefit because this method is more convenient since they don t need to return to the election booth in order to submit the private keys after the end of the elections. A major drawback of purely electronic voting systems is that they don t provide a physical audit record that can be used for verifying the vote count. Because these machines record votes internally, in computer software, vote fraud may be difficult to detect. Also this weakens the system accuracy and verifiability characteristics. These problems can be solved using the Mercuri method [6], in which a paper vote is recorded inside a glass or clear plastic container after the voter indicates their vote. The voter is instructed to verify that the paper record correctly indicates their vote. They then finalize their vote by pressing a button or pulling a lever, and the paper record is stored. At no point is there an opportunity for the voter to remove the paper record from the voting area, since to do so would allow for there to be a receipt which could be used to coerce the voter into voting for a candidate or to allow selling of votes The Architecture of the Solution The most important characteristic of the model is that is open source, a feature which greatly increases the confidence of the voters in the fairness of the electoral process. Another characteristic of the proposed solution is that the model is based on a client-server architecture based on socket communication.

5 CSMR - COMPUTER SCIENCE MASTER RESEARCH, VOL. 1, NO. 1 (2011) The system is made up of three types of entities: the tallier, the validator and several voters which communicate over Secure Sockets Layer channels The Voter Entity The voter entity is deployed on the voting machine and performs the authentication of the voter, constructs a valid ballot from the option of the voter, and communicates with the validator and with the tallier over a secure channel. The person that votes must authenticate in the system using their own keystore which contains the RSA key pair issued by a certified authority The Validator Entity The validator entity performs a check to verify the eligibility of a voter and replies with the signed ballot vote with his private RSA key. This ensures that the ballot is not after-wards altered by any entity and that it belongs to a valid voter. The voter is authenticated using the data from the X509 certificate used for SSL communication. The decision of the eligibility is made based on the information extracted from a governmental database such as the police or DMV database, and the own records of the validator, which are stored in a local mysql repository The Tallier Entity The tallier entity determines the authenticity of the ballot and counts the votes. A message is authentic if: a) it is signed by the validator and b) if the hash associated with the ballot is unique. If the tallier detects an invalid message it will signal a fraud attempt and rejects the vote. The list of partial votes is kept in a mysql repository. All communications between entities are made using SSL technology based on the RSA key pair assigned by a certified authority. This increases the security of the system and dramatically decreases the chances of a successfully foreign intrusion into the voting process. 4. Conclusions and Further Work This solution addresses the sensitive election process and respects the basic principles for fair elections. It enforces the requirements of a correct electronic polling system described in the electronic voting literature [1]: accuracy, democracy, privacy, verifiability and convenience. The solution could be further improved by migrating to a distributed architecture without single points of failure and performance bottlenecks. This could be done by having multiple tallier entities, one for each voting section, multiple validator entities which coordinate when taking decisions as well as multiple voting booths. The validator entities could be organized in a structure similar to the DNS tree structure, i.e. each validator is an authority on a designated geographical area. This will greatly improve the ability of the system to handle multiple requests simultaneously thus allowing the solution to be deployed for large-scale elections. 5. Acknowledgments We would like to thank Sl.Dr.Ing. Florin Pop who coordinated the realization of this project. References [1] Cranor, L.F. and Cytron, R.K. Design and Implementation of a Security-Conscious Electronic Polling System. Washington University Computer Science Technical Report WUCS February 1996.

6 MARIUS ION, IONUT POSEA AN ELECTRONIC VOTING SYSTEM BASED ON BLIND SIGNATURE PROTOCOL [2] Cranor, L. F. Electronic voting: computerized polls may save money, protect privacy. Crossroads 2, 4 (Apr. 1996), [3] Nurmi, H., Salomaa, A., and Santean, L. Secret ballot elections in computer networks. Computers and Security, 36, 10 (1991), pp [4] Fujioka, A, Okamoto, T., and Ohta, K. A practical secret voting scheme for large scale elections. In Advances in Cryptology - AUSCRYPT '92, Springer-Verlag, Berlin. 1993, pp [5] Chaum, D. Blind signatures for untraceable payments. In Proceedings of Crypto 82, Plenum Press, New York. 1983, pp [6] Rebecca T Mercuri, "Electronic vote tabulation checks and balances" (January 1, 2001). Dissertations available from ProQuest.

Electronic Voting Protocol Analysis with the Inductive Method

Electronic Voting Protocol Analysis with the Inductive Method Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification

More information

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Efficient construction of vote-tags to allow open objection to the tally in electronic elections Information Processing Letters 75 (2000) 211 215 Efficient construction of vote-tags to allow open objection to the tally in electronic elections Andreu Riera a,,joseprifà b, Joan Borrell b a isoco, Intelligent

More information

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract)

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract) Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract) Orhan Cetinkaya Institute of Applied Mathematics, METU, Ankara, Turkey e113754@metu.edu.tr Abstract Electronic voting

More information

E-Democracy and e-voting

E-Democracy and e-voting E-Democracy and e-voting How to make them secure and transparent August 2013 Jordi Puiggali CSO and SVP R&D Jordi.puiggali@scytl.com Index Introduction e-democracy Security and Transparency in e-voting

More information

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles. Introduction. Since 2001 T-Systems made research on secure online voting systems

More information

Verification and Validation Issues in Electronic Voting

Verification and Validation Issues in Electronic Voting Verification and Validation Issues in Electronic Voting Orhan Cetinkaya 1, and Deniz Cetinkaya 2 1 Institute of Applied Mathematics, METU, Ankara, Turkey 2 Computer Engineering, METU, Ankara, Turkey e113754@metu.edu.tr

More information

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract) A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract) Zhe Xia University of Surrey z.xia@surrey.ac.uk Steve Schneider University of Surrey s.schneider@surrey.ac.uk May 25, 2006 Abstract

More information

Cryptography: Authentication, Blind Signatures, and Digital Cash

Cryptography: Authentication, Blind Signatures, and Digital Cash Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,

More information

Mobile implementation and formal verification of an e-voting system

Mobile implementation and formal verification of an e-voting system Mobile implementation and formal verification of an e-voting system Stefano Campanelli, Alessandro Falleni, Fabio Martinelli, Marinella Petrocchi, Anna Vaccarelli IIT CNR, Via G. Moruzzi 1, 56124 Pisa,

More information

Secure Electronic Voting

Secure Electronic Voting 7 th Computer Security Incidents Response Teams Workshop Syros,, Greece, September 2002 Secure Electronic Voting New trends, new threats... Prof.. Dr. Dimitris Gritzalis Dept. of Informatics Athens University

More information

The Design of Web Based Secure Internet Voting System for Corporate Election

The Design of Web Based Secure Internet Voting System for Corporate Election The Design of Web Based Secure Internet Voting System for Corporate Election Jagdish B. Chakole 1, P. R. Pardhi 2 \ 1 Deptt. of Computer Science & Engineering, R.C.O.E.M., Nagpur, Maharashtra (India) 2

More information

VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

More information

http://www.cisjournal.org Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1

http://www.cisjournal.org Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1 Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1 Eliver Pérez Villegas, 2 Gina Gallegos-García, 3 Gualberto Aguilar Torres, 4 Héctor Flores Gutiérrez 1, 4 Universidad

More information

e-voting Requirements and Implementation

e-voting Requirements and Implementation e-voting Requirements and Implementation Rachid Anane 1, Richard Freeland 2 and Georgios Theodoropoulos 2 1 Computer and Network Systems, Coventry University, UK. r.anane@coventry.ac.uk 2 School of Computer

More information

An Anonymous Endorsement System

An Anonymous Endorsement System JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 18, 107-114 (2002) Short Paper An Anonymous Endorsement System Department of Electrical Engineering National Taiwan University Taipei, 106 Taiwan E-mail:

More information

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S. 72 Int. J. Electronic Governance, Vol. 3, No. 1, 2010 Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol Vahid Jahandideh and Amir S. Mortazavi Department

More information

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS

CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and

More information

Requirements for common data formats and standards for e-voting. The OASIS View

Requirements for common data formats and standards for e-voting. The OASIS View An OASIS White Paper Requirements for common data formats and standards for e-voting The OASIS View Submitted for NIST Workshop on a Common Data Format for Electronic Voting Systems Abstract Voting is

More information

Security in Electronic Payment Systems

Security in Electronic Payment Systems Security in Electronic Payment Systems Jan L. Camenisch, Jean-Marc Piveteau, Markus A. Stadler Institute for Theoretical Computer Science, ETH Zurich, CH-8092 Zurich e-mail: {camenisch, stadler}@inf.ethz.ch

More information

GI-Edition. Electronic Voting 2006. Proceedings. Lecture Notes in Informatics P-86. Robert Krimmer (Ed.)

GI-Edition. Electronic Voting 2006. Proceedings. Lecture Notes in Informatics P-86. Robert Krimmer (Ed.) GI, the Gesellschaft für Informatik, publishes this series in order to make available to a broad public recent findings in informatics (i.e. computer science and information systems) to document conferences

More information

E-voting System: Specification and Design Document

E-voting System: Specification and Design Document 1 E-voting System: Specification and Design Document March 6, 2003 Jamie Brown Domari Dickinson Carl Steinebach Jeff Zhang 2 Introduction During the 2000 General Elections, America realized that our election

More information

An Implementation of Secure Online Voting System

An Implementation of Secure Online Voting System An Implementation of Secure Online Voting System Prof. Anisaara Nadaph 1, Rakhi Bondre 2, Ashmita Katiyar 3, Durgesh Goswami 4, Tushar Naidu 5 1 Pune University, Trinity college of Eng. And res., anisaaranadaph@gmail.com

More information

Volume I, Appendix C Table of Contents

Volume I, Appendix C Table of Contents Appendix C for Voting Officials (Informative) Volume I, Appendix C Table of Contents C Appendix for Voting Officials.... 1 C.1 for Human Factors.... 1 C.2 for Security... 4 i May 9, 2005 Appendix C for

More information

Online Voting for Better Government State IT Management Initiative

Online Voting for Better Government State IT Management Initiative Nomination: Marshall University s On-line Voting for Better Government Online Voting for Better Government State IT Management Initiative Nomination Form May 23, 2003 extension to deadline granted. Title

More information

A Survey of Current Secret-Ballot Systems David Chaum

A Survey of Current Secret-Ballot Systems David Chaum A Survey of Current Secret-Ballot Systems David Chaum WOTE ANALYSIS Outline Models, Taxonomy of Tools, Key Technologies, Paradigms, Composition, etc SYSTEMS Mainstream US deployed (with comparison) New/proposed

More information

Internet voting solution

Internet voting solution i-vote: heart of e-democracy Internet voting i-voting allows voters to participate in an election over the Internet using their PC or notebook. i-voting is used as an additional voting method to better

More information

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia Electronic Voting Committee General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia Document: IVXV-ÜK-0.98 Date: 23 May 2016 Tallinn 2016 Annotation This paper

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Understanding Digital Certificates and Secure Sockets Layer (SSL) Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Testimony of Edward W. Felten Professor of Computer Science and Public Affairs, Princeton University

Testimony of Edward W. Felten Professor of Computer Science and Public Affairs, Princeton University Testimony of Edward W. Felten Professor of Computer Science and Public Affairs, Princeton University United States House of Representatives, Committee on House Administration Subcommittee on Elections

More information

closed primary A primary in which only party members can vote to choose that party's candidates.

closed primary A primary in which only party members can vote to choose that party's candidates. Australian ballot A secret ballot that is prepared, distributed, and counted by government officials at public expense; used by all states in the United States since 1888. campaign strategy The comprehensive

More information

Table of Contents. Click on heading to navigate directly to that section. Introduction... 3

Table of Contents. Click on heading to navigate directly to that section. Introduction... 3 Election Guide Table of Contents Click on heading to navigate directly to that section. Introduction... 3 Part One: Pre-Election Set-Up... 3 Step 1: Logging into Your Simply Voting User Account... 3 Step

More information

Computer Security. Draft Exam with Answers. 2009.

Computer Security. Draft Exam with Answers. 2009. Computer Security Draft Exam with Answers. 2009. Please note that the questions written here are a draft of the final exam. There may be typos in the questions that were corrected in the final version

More information

An Approach to Enhance in Group Signature Scheme with Anonymous Revocation

An Approach to Enhance in Group Signature Scheme with Anonymous Revocation An Approach to Enhance in Group Signature Scheme with Anonymous Revocation Thu Thu Mon Oo, and Win Htay Abstract This paper concerns with the group signature scheme. In this scheme, anyone who can access

More information

A Secure and Efficient Voter-Controlled Anonymous Election Scheme

A Secure and Efficient Voter-Controlled Anonymous Election Scheme A Secure and Efficient Voter-Controlled Anonymous Election Scheme Thomas E. Carroll Dept. of Computer Science Wayne State University 5143 Cass Avenue, Detroit, MI 48202. tec@cs.wayne.edu Daniel Grosu Dept.

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

A Secure Anonymous E-Voting System based on Discrete Logarithm Problem

A Secure Anonymous E-Voting System based on Discrete Logarithm Problem Appl. Math. Inf. Sci. 8, No. 5, 2571-2578 (2014) 2571 Applied Mathematics & Information Sciences An International Journal http://dx.doi.org/10.12785/amis/080556 A Secure Anonymous E-Voting System based

More information

International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 2, Special Issue (NCRTIT 2015), January 2015.

International Journal of Advance Foundation and Research in Computer (IJAFRC) Volume 2, Special Issue (NCRTIT 2015), January 2015. Android Based E-Voting. Harshad Velapure, Saurabh Rai, Saransh Sharma, Preetam Naiknavre, Pranali Jadhav, Kalyan Bamane Department of Information Technology, D. Y. Patil College of Engineering, Akurdi,

More information

A Survey on Untransferable Anonymous Credentials

A Survey on Untransferable Anonymous Credentials A Survey on Untransferable Anonymous Credentials extended abstract Sebastian Pape Databases and Interactive Systems Research Group, University of Kassel Abstract. There are at least two principal approaches

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

The Role of Digital Signature Cards in Electronic Voting

The Role of Digital Signature Cards in Electronic Voting The Role of Digital Signature Cards in Electronic Voting Robert Kofler, Robert Krimmer, Alexander Prosser, Martin-Karl Unger WU Vienna University of Economics and Business Administration Department of

More information

An electronic scheme for the Farnel paper-based voting protocol

An electronic scheme for the Farnel paper-based voting protocol An electronic scheme for the Farnel paper-based voting protocol R. Araújo 1, R. Custódio 2, A. Wiesmaier 1, and. akagi 3 1 echnische Universität Darmstadt, Germany 2 George Washington University, USA 3

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Voting with confidence

Voting with confidence Voting with confidence Report of the Election Process Advisory Commission Summary, Conclusions and Recommendations 27 September 2007 Summary The Commission considers that the election process in the Netherlands

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon 1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Secret Ballot Elections in Computer Networks

Secret Ballot Elections in Computer Networks Secret Ballot Elections in Computer Networks Hannu Nurmi Department of Political Science University of Turku SF-20500 Turku Finland Arto Salomaa Academy of Finland and Department of Mathematics University

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

Verifiability and Other Technical Requirements for Online Voting Systems

Verifiability and Other Technical Requirements for Online Voting Systems Verifiability and Other Technical Requirements for Online Voting Systems Niels Meißner, Volker Hartmann, Dieter Richter Department of Metrological Information Technology Physikalisch-Technische Bundesanstalt

More information

Statement of Daniel D. Castro Senior Analyst. Information Technology and Innovation Foundation

Statement of Daniel D. Castro Senior Analyst. Information Technology and Innovation Foundation Statement of Daniel D. Castro Senior Analyst Information Technology and Innovation Foundation The Importance of Functional Standards to Promote Innovation in Voting System Technology U.S. Election Assistance

More information

SSL A discussion of the Secure Socket Layer

SSL A discussion of the Secure Socket Layer www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

More information

Speaker s Commission on Digital Democracy Consultation on Electronic Voting

Speaker s Commission on Digital Democracy Consultation on Electronic Voting UKCRC/2014/4 Speaker s Commission on Digital Democracy Consultation on Electronic Voting UKCRC Response The UK Computing Research Committee (UKCRC), an Expert Panel of the British Computer Society (BCS),

More information

Elements of Security

Elements of Security Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 15, 2015 Slideset 8: 1 Some Poetry Mary had a little key (It s all she could export)

More information

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What

More information

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005 Payment Systems for E-Commerce Shengyu Jin 4/27/2005 Reference Papers 1. Research on electronic payment model,2004 2. An analysis and comparison of different types of electronic payment systems 2001 3.

More information

Electronic Cash Payment Protocols and Systems

Electronic Cash Payment Protocols and Systems Electronic Cash Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University email: jerrygao@email.sjsu.edu URL: http://www.engr.sjsu.edu/gaojerry May, 2000 Presentation Outline - Overview

More information

Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing

Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 11 No: 05 41 Efficient Integrity Checking Technique for Securing Client Data in Cloud Computing Abstract-- It has been widely observed

More information

Internet Programming. Security

Internet Programming. Security Internet Programming Security Introduction Security Issues in Internet Applications A distributed application can run inside a LAN Only a few users have access to the application Network infrastructures

More information

Vinodu George 1 and M P Sebastian 2. vinodu.george@gmail.com. sebasmp@nitc.ac.in

Vinodu George 1 and M P Sebastian 2. vinodu.george@gmail.com. sebasmp@nitc.ac.in Vinodu George 1 and M P Sebastian 2 1 LBS College of Engineering, Kasaragod, Kerala, India vinodu.george@gmail.com 2 National Institute of Technology, Calicut, Kerala, India sebasmp@nitc.ac.in ABSTRACT

More information

A Secure RFID Ticket System For Public Transport

A Secure RFID Ticket System For Public Transport A Secure RFID Ticket System For Public Transport Kun Peng and Feng Bao Institute for Infocomm Research, Singapore Abstract. A secure RFID ticket system for public transport is proposed in this paper. It

More information

STATEMENT ON ELECTION PROCESS QUALITY ISSUES American Society for Quality December 14, 2000

STATEMENT ON ELECTION PROCESS QUALITY ISSUES American Society for Quality December 14, 2000 STATEMENT ON ELECTION PROCESS QUALITY ISSUES American Society for Quality December 14, 2000 With a presidential election just behind us, the true impact of elections process errors and the importance of

More information

Securing your Online Data Transfer with SSL

Securing your Online Data Transfer with SSL Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does

More information

Remote (Internet) Voting in Digital India

Remote (Internet) Voting in Digital India Remote (Internet) Voting in Digital India Ideas for today and tomorrow National Conference on Remote Voting (NCRV) 2015 20-21 st July 2015 @IITM, Meghdoot, Pune The fundamental challenge in public voting

More information

E-Voting System Security Optimization

E-Voting System Security Optimization E-Voting System Security Optimization Barbara Ondrisek Vienna University of Technology barbara.ondrisek@gmx.net Abstract Security of e-voting systems does not only depend on the voting protocol 1 or the

More information

A Study on Secure Electronic Medical DB System in Hospital Environment

A Study on Secure Electronic Medical DB System in Hospital Environment A Study on Secure Electronic Medical DB System in Hospital Environment Yvette E. Gelogo 1 and Sungwon Park 2 * 1 Catholic University of Daegu, Daegu, Korea 2 Department of Nursing, Hannam University, 133

More information

Caption: ES&S AutoMark Ballot Marking Device (BMD)

Caption: ES&S AutoMark Ballot Marking Device (BMD) VOTING WITH A BALLOT MARKING DEVICE IN NEW YORK CITY You can now choose to use an accessible voting machine called a Ballot Marking Device (BMD). A BMD makes it possible for many voters with disabilities

More information

Election Activity Watchers Colorado law & regulations

Election Activity Watchers Colorado law & regulations Election Activity Watchers Colorado law & regulations Activity Statute or Rule Allows: Definition of Watcher 1-1-104(51) "Watcher" means an eligible elector other than a candidate on the ballot who has

More information

Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.

More information

Design and Implementation of a Secure Online Lottery System

Design and Implementation of a Secure Online Lottery System Design and Implementation of a Secure Online Lottery System Pramote Kuacharoen Department of Computer Science, Graduate School of Applied Statistics National Institute of Development Administration 118

More information

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,

More information

An Introduction to Cryptography and Digital Signatures

An Introduction to Cryptography and Digital Signatures An Introduction to Cryptography and Digital Signatures Author: Ian Curry March 2001 Version 2.0 Copyright 2001-2003 Entrust. All rights reserved. Cryptography The concept of securing messages through

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Le vote électronique : un défi pour la vérification formelle

Le vote électronique : un défi pour la vérification formelle Le vote électronique : un défi pour la vérification formelle Steve Kremer Loria, Inria Nancy 1 / 17 Electronic voting Elections are a security-sensitive process which is the cornerstone of modern democracy

More information

Authentication is not Authorization?! And what is a "digital signature" anyway?

Authentication is not Authorization?! And what is a digital signature anyway? Authentication is not Authorization?! And what is a "digital signature" anyway? Prepared by R. David Vernon Revised 12/01 Introduction REV 1A As part of the IT Architecture Initiative, the Office of Information

More information

Comments on the Report e-voting Security Study Written by the Communications-Electronics Security Group

Comments on the Report e-voting Security Study Written by the Communications-Electronics Security Group Comments on the Report e-voting Security Study Written by the Communications-Electronics Security Group Andreu Riera CEO Scytl Online World Security, S.A. Barcelona, Spain 28 August 2002 Table of Contents

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting Denis Butin 1 / 37 2 / 37 Introduction Network communication sensitive: banking, private correspondence,

More information

Internet voting feasibility study

Internet voting feasibility study Internet voting feasibility study A summary Table of contents Introduction... 2 System functionality... 3 System requirements... 5 Information security... 6 Additional requirements concerning information

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Learning Objectives. attacks. 2. Describe the common security practices of businesses of

Learning Objectives. attacks. 2. Describe the common security practices of businesses of E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Controller of Certification Authorities of Mauritius

Controller of Certification Authorities of Mauritius Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

On Coercion-Resistant Electronic Elections

On Coercion-Resistant Electronic Elections On Coercion-Resistant Electronic Elections with Linear Work Stefan G. Weber, Roberto Araújo, Johannes Buchmann Darmstadt University of Technology Department of Computer Science Hochschulstrasse 10, 64289

More information

Oracle WebCenter Content

Oracle WebCenter Content Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was

More information

Security Requirements for Internet Voting Systems. Outline

Security Requirements for Internet Voting Systems. Outline Security Requirements for Internet Voting Systems Presented By: Ed Rodriguez ACSAC 01 December 13, 2001 2001, Booz Allen & Hamilton Inc. Outline What is Internet Voting? Why is Internet Voting Different?

More information

Data Integrity Check using Hash Functions in Cloud environment

Data Integrity Check using Hash Functions in Cloud environment Data Integrity Check using Hash Functions in Cloud environment Selman Haxhijaha 1, Gazmend Bajrami 1, Fisnik Prekazi 1 1 Faculty of Computer Science and Engineering, University for Business and Tecnology

More information

Colorado Secretary of State Election Rules [8 CCR 1505-1]

Colorado Secretary of State Election Rules [8 CCR 1505-1] Rule 7. Elections Conducted by the County Clerk and Recorder 7.1 Mail ballot plans 7.1.1 The county clerk must submit a mail ballot plan to the Secretary of State by email no later than 90 days before

More information

Monitoring Data Integrity while using TPA in Cloud Environment

Monitoring Data Integrity while using TPA in Cloud Environment Monitoring Data Integrity while using TPA in Cloud Environment Jaspreet Kaur, Jasmeet Singh Abstract Cloud Computing is the arising technology that delivers software, platform and infrastructure as a service

More information

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption Partitioning Data and Domain Integrity Checking for Storage - Improving Cloud Storage Security Using Data Partitioning Technique Santosh Jogade *, Ravi Sharma, Prof. Rajani Kadam Department Of Computer

More information

What is an SSL Certificate?

What is an SSL Certificate? Security is of the utmost importance when doing business on the Web. Your customers want to know that their information is protected when crossing data lines. A Thawte SSL Web Server Certificate or SuperCert

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/

APWG. (n.d.). Unifying the global response to cybecrime. Retrieved from http://www.antiphishing.org/ DB1 Phishing attacks, usually implemented through HTML enabled e-mails, are becoming more common and more sophisticated. As a network manager, how would you go about protecting your users from a phishing

More information