An Electronic Voting System Based On Blind Signature Protocol

Transcription

1 CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer Science Department s: marius.ion85@gmail.com ionutz.posea@gmail.com Abstract This paper presents e-vote, an electronic voting system solution for the process of governmental elections. The proposed solution ensures the accuracy, the privacy, the verifiability, the convenience, and the democracy of the electoral process. The application is based on open standards in order to achieve the transparency required for such a voting system. Because of this requirement, the solution uses the service oriented architecture paradigm and the cryptographic blind signature protocol. Keywords: electronic voting, blind signature, service oriented architecture. 1. Introduction Simultaneously achieving security and privacy in electronic polls is a problem that must be solved if electronic systems are to be used for serious large-scale governmental elections. As new technologies emerge which address these concerns, electronic voting is likely to become increasingly appealing as an alternative to the traditional paper ballots method. Electronic elections have the potential of being cheaper and less time consuming to administer than conventional elections. Eventually electronic voting may be a viable solution to increasing voter participation and maximizing security by decreasing the number of frauds in governmental elections. However, if not carefully designed, electronic voting systems can be easily compromised, thus corrupting results or violating voters' privacy. Based on the description of a viable electronic voting system by Cranor, L.F. and Cytron, R.K. in [1] we adopted the following objectives: The system must be accurate: (1) it is not possible for a vote to be altered, (2) it is not possible for a validated vote to be eliminated from the final tally, and (3) it is not possible for an invalid vote to be counted in the final tally. In the most accurate systems the final vote tally must be perfect, either because no inaccuracies can be introduced or because all inaccuracies introduced can be detected and corrected. Partially accurate systems can detect but not necessarily correct inaccuracies. The system must be democratic: (1) it permits only eligible voters to vote and (2) it ensures that each eligible voter can vote only once. The system must be private: (1) neither election authorities nor anyone else can link any ballot to the voter who cast it and (2) no voter can prove that he or she voted in a particular way. The second privacy factor is important for the prevention of vote buying and extortion. Voters can only sell their votes if they are able to prove to the buyer that they actually voted according to the buyer's wishes. The system must be verifiable: anyone can independently verify that all votes have been counted correctly. A weaker definition of verifiability used by some authors allows that a system is verifiable if it allows voters to verify their own votes and correct any mistakes they might find without sacrificing privacy. Less verifiable systems might allow mistakes to be pointed out -- but not corrected -- or might allow verification of the process by party

2 MARIUS ION, IONUT POSEA AN ELECTRONIC VOTING SYSTEM BASED ON BLIND SIGNATURE PROTOCOL representatives but not by individual voters. Traditional voting systems generally only allow for minimal verification by party representatives. The system must be convenient: it allows voters to cast their votes quickly, in one session, and with minimal equipment or special skills. The paper presents in section 2 a critical analysis on existing solutions and related work. In the third section we present the cryptographic voting protocol and the architecture of the proposed solution. The final section presents the conclusions of the paper and future work related topics. 2. Related Work In [2], Cranor L.F. presents a simple electronic voting protocol designed to meet the necessary requirements as follows: Figure 1: A Simple Electronic Voting Protocol [2] This protocol, illustrated in Figure 1, would require the voter to submit to an electronic validator an electronic ballot with a voter identification number attached. The validator would use the identification number to check the voter off on a list of registered voters. Then the validator would strip off the identification number and send the ballot to an electronic tallier. The tallier would record the votes and add them to the election tally. This protocol has several major problems: voters could stuff the ballot box by using other voters' identification numbers; second, voters cannot really be sure that the validator program does not violate their privacy; third, there is no way to ensure that the validator does not alter ballots before sending them to the tallier or manufacture ballots that were never actually submitted by voters; fourth, there is no way to ensure that the tallier accurately records the votes [2]. Nurmi, Salomaa, and Santean [3] proposed an improved approach called "Two Agency Protocol," shown in Figure 2. Figure 2: The Two Agency Protocol [3] The electronic validator distributes a secret identification tag to each voter and then sends the tallier a list of all identification tags, with no record of the corresponding voters. Each voter sends the tallier his or her identification tag and an encrypted file containing a copy of the tag and the voted ballot. At this point the tallier can make sure the identification tag is valid, but the program has no way of examining the contents of the ballot. The tallier publishes the encrypted file, and the voter responds by sending the tallier the key necessary to decrypt it. When the election is over, the tallier publishes a list of all voted ballots and the corresponding encrypted files. At this point the voters can confirm that their votes were counted properly. Any voter who finds an error can protest by submitting the encrypted file

3 CSMR - COMPUTER SCIENCE MASTER RESEARCH, VOL. 1, NO. 1 (2011) and decryption key again. Because the encrypted file was published earlier, the tallier cannot deny having received it. This protocol is certainly an improvement, but it still has several problems: it does not protect voters' privacy if the tallier and validator collude and it does not solve the privacy problem completely because that would require voter to vote inside a voting booth [1]. Furthermore, the mechanism that allows voters to verify that their votes were counted correctly also allows them to prove that they voted in a particular way and the accuracy property is not completely satisfied because the tallier may cast votes for all the voters who have been assigned tags but do not exercise their right to vote. Another cryptographic voting protocol was proposed by Fujioka, A, Okamoto, T., and Ohta, K. in [4], shown in Figure 3. This protocol is based on blind signature scheme which is a class of digital signatures that allows documents to be signed without revealing its contents [5]. In this protocol, the voter prepares a voted ballot, encrypts it with a secret key, and blinds it. The voter then signs the ballot and sends it to the validator. The validator verifies that the signature belongs to a registered voter who has not yet voted. If the ballot is valid, the validator signs the ballot and returns it to the voter. The voter removes the blinding encryption layer, revealing an encrypted ballot signed by the validator. The voter then sends the resultant signed encrypted ballot to the tallier. The tallier checks the signature on the encrypted ballot. If the ballot is valid, the tallier places it on a list that is published after all voters vote. After the list has been published, voters verify that their ballots are on the list and send the tallier the decryption keys necessary to open their ballots. The tallier uses these keys to decrypt the ballots and add the votes to the election tally. After the election the tallier publishes the decryption keys along with the encrypted ballots so that voters may independently verify the election results. Figure 3: The Fujikota, Okamoto and Ohta Protocol [4] This protocol solves the issue raised by the colluding between the validator and the tallier. Unfortunately, it still has the same problems as the previous protocol: the validator could submit votes for the voters that haven t voted in their names and it also does not completely satisfy the verifiability property because the result of the elections cannot be verified by any interested party. 3. The e-vote Solution 3.1. The Cryptographic Voting Protocol The cryptographic voting protocol we proposed in this paper is based on blind signature protocol with several improvements. In our solution we started from the hypothesis that we have a secure authentication method which in this case is represented by an RSA key pair

4 MARIUS ION, IONUT POSEA AN ELECTRONIC VOTING SYSTEM BASED ON BLIND SIGNATURE PROTOCOL which was issued by a certified authority to each voter. Other authentications methods could be based on an ID card, biometric cards, etc. Another characteristic of the system is that the voter needs to exercise his voting right from a certified voting machine thus preventing vote selling or extortion. Figure 4: The evote Protocol First the voter prepares a voted ballot, and blinds it. This prepared package is sent afterwards using SSL secured channel to the validator entity. The validator verifies whether the voter is registered and has not yet voted and decides if the ballot is valid or not. The verification is done using the information extracted from the X509 certificate used for SSL communication for an accurate decision. In this way the validator can decide based on data extracted from a governmental database such a police or DMV database. If the ballot is valid, the tallier signs in blind the ballot and returns it to the voter through the SSL secured channel. The next step is that the voter removes the blinding factor, revealing a ballot signed by the validator. The voter then sends the resultant signed ballot to the tallier. The tallier checks the signature on the ballot and if the ballot is valid, the tallier records the vote. Otherwise, it signals an attempted fraud. In order to protect the voting process from fraud by replaying the messages containing the ballot to the tallier, we introduced a hash of the voter s public key which prevents the intruder from repeating a valid vote signed by the validator. The tallier will reject ballots which have the same hash number and have been received in the past. Using hash for the public key solves the problem above and also enforces the system privacy criterion by keeping the identity of the voter anonymous. One of the most important features is that we use SSL secure channels for communications between the voting entities and this ensures a new layer of security in the solution. Furthermore, this solution eliminates the need for the last three steps in the Fujioka, Okamoto, and Ohta [4] protocol. Because of this no voter can prove that he or she voted in a certain manner thus avoiding vote selling or extortion. Also the voter benefit because this method is more convenient since they don t need to return to the election booth in order to submit the private keys after the end of the elections. A major drawback of purely electronic voting systems is that they don t provide a physical audit record that can be used for verifying the vote count. Because these machines record votes internally, in computer software, vote fraud may be difficult to detect. Also this weakens the system accuracy and verifiability characteristics. These problems can be solved using the Mercuri method [6], in which a paper vote is recorded inside a glass or clear plastic container after the voter indicates their vote. The voter is instructed to verify that the paper record correctly indicates their vote. They then finalize their vote by pressing a button or pulling a lever, and the paper record is stored. At no point is there an opportunity for the voter to remove the paper record from the voting area, since to do so would allow for there to be a receipt which could be used to coerce the voter into voting for a candidate or to allow selling of votes The Architecture of the Solution The most important characteristic of the model is that is open source, a feature which greatly increases the confidence of the voters in the fairness of the electoral process. Another characteristic of the proposed solution is that the model is based on a client-server architecture based on socket communication.

5 CSMR - COMPUTER SCIENCE MASTER RESEARCH, VOL. 1, NO. 1 (2011) The system is made up of three types of entities: the tallier, the validator and several voters which communicate over Secure Sockets Layer channels The Voter Entity The voter entity is deployed on the voting machine and performs the authentication of the voter, constructs a valid ballot from the option of the voter, and communicates with the validator and with the tallier over a secure channel. The person that votes must authenticate in the system using their own keystore which contains the RSA key pair issued by a certified authority The Validator Entity The validator entity performs a check to verify the eligibility of a voter and replies with the signed ballot vote with his private RSA key. This ensures that the ballot is not after-wards altered by any entity and that it belongs to a valid voter. The voter is authenticated using the data from the X509 certificate used for SSL communication. The decision of the eligibility is made based on the information extracted from a governmental database such as the police or DMV database, and the own records of the validator, which are stored in a local mysql repository The Tallier Entity The tallier entity determines the authenticity of the ballot and counts the votes. A message is authentic if: a) it is signed by the validator and b) if the hash associated with the ballot is unique. If the tallier detects an invalid message it will signal a fraud attempt and rejects the vote. The list of partial votes is kept in a mysql repository. All communications between entities are made using SSL technology based on the RSA key pair assigned by a certified authority. This increases the security of the system and dramatically decreases the chances of a successfully foreign intrusion into the voting process. 4. Conclusions and Further Work This solution addresses the sensitive election process and respects the basic principles for fair elections. It enforces the requirements of a correct electronic polling system described in the electronic voting literature [1]: accuracy, democracy, privacy, verifiability and convenience. The solution could be further improved by migrating to a distributed architecture without single points of failure and performance bottlenecks. This could be done by having multiple tallier entities, one for each voting section, multiple validator entities which coordinate when taking decisions as well as multiple voting booths. The validator entities could be organized in a structure similar to the DNS tree structure, i.e. each validator is an authority on a designated geographical area. This will greatly improve the ability of the system to handle multiple requests simultaneously thus allowing the solution to be deployed for large-scale elections. 5. Acknowledgments We would like to thank Sl.Dr.Ing. Florin Pop who coordinated the realization of this project. References [1] Cranor, L.F. and Cytron, R.K. Design and Implementation of a Security-Conscious Electronic Polling System. Washington University Computer Science Technical Report WUCS February 1996.

6 MARIUS ION, IONUT POSEA AN ELECTRONIC VOTING SYSTEM BASED ON BLIND SIGNATURE PROTOCOL [2] Cranor, L. F. Electronic voting: computerized polls may save money, protect privacy. Crossroads 2, 4 (Apr. 1996), [3] Nurmi, H., Salomaa, A., and Santean, L. Secret ballot elections in computer networks. Computers and Security, 36, 10 (1991), pp [4] Fujioka, A, Okamoto, T., and Ohta, K. A practical secret voting scheme for large scale elections. In Advances in Cryptology - AUSCRYPT '92, Springer-Verlag, Berlin. 1993, pp [5] Chaum, D. Blind signatures for untraceable payments. In Proceedings of Crypto 82, Plenum Press, New York. 1983, pp [6] Rebecca T Mercuri, "Electronic vote tabulation checks and balances" (January 1, 2001). Dissertations available from ProQuest.