VoteID 2011 Internet Voting System with Cast as Intended Verification

Similar documents
E-Democracy and e-voting

Paillier Threshold Encryption Toolbox

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Advanced Cryptography

Electronic Voting Protocol Analysis with the Inductive Method

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

IT Networks & Security CERT Luncheon Series: Cryptography

Verifiable Voting Systems

Cryptography: Authentication, Blind Signatures, and Digital Cash

An Electronic Voting System Based On Blind Signature Protocol

Tradeoffs for Internet Voting Options

CS 758: Cryptography / Network Security

Chapter 10. Network Security

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

CSCE 465 Computer & Network Security

CRYPTOGRAPHY IN NETWORK SECURITY

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

On Coercion-Resistant Electronic Elections

Computer Security. Draft Exam with Answers

Comparison of e-voting schemes: Estonian and Norwegian solutions

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Two Factor Zero Knowledge Proof Authentication System

Elements of Applied Cryptography Public key encryption

Cryptographic Voting Protocols: A Systems Perspective

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

Analyzing the Security Schemes of Various Cloud Storage Services

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Client Server Registration Protocol

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Implementation of Electronic Voting System in Mobile Phones with Android Operating System 1

Authentication requirement Authentication function MAC Hash function Security of

Principles of Network Security

Secure Computation Martin Beck

Overview. SSL Cryptography Overview CHAPTER 1

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

Internet Voting Protocols with Everlasting Privacy

Secure File Transfer Using USB

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Information Security

Cryptography and Network Security Chapter 9

Public Key (asymmetric) Cryptography

Reusable Anonymous Return Channels

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography and Key Management Basics

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

CIS 5371 Cryptography. 8. Encryption --

SSL A discussion of the Secure Socket Layer

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

CSE/EE 461 Lecture 23

Overview of Public-Key Cryptography

Chapter 17. Transport-Level Security

SENSE Security overview 2014

Table of Contents. Bibliografische Informationen digitalisiert durch

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Introduction to Cryptography

Chapter 7: Network security

Recommendation for Cryptographic Key Generation

Message Authentication Codes

Applied Cryptography Public Key Algorithms

Using etoken for SSL Web Authentication. SSL V3.0 Overview

The Design of Web Based Secure Internet Voting System for Corporate Election

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Analysis of an internet voting protocol

Software Tool for Implementing RSA Algorithm

Message authentication and. digital signatures

A Secure RFID Ticket System For Public Transport

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Protection Profile for Clients

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Savitribai Phule Pune University

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

SECURITY IN NETWORKS

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Network Security. HIT Shimrit Tzur-David

Authentication in WLAN

The Mathematics of the RSA Public-Key Cryptosystem

INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

Introduction. Digital Signature

Cryptography & Network Security

Privacy & Security of Mobile Cloud Computing (MCC)

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Chapter 16: Authentication in Distributed System

Network Security Protocols

Associate Prof. Dr. Victor Onomza Waziri

An Efficient data storage security algorithm using RSA Algorithm

What is network security?

Kleptography: The unbearable lightness of being mistrustful

Transcription:

VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com

Index Introduction Proposal Security Conclusions 2.

Introduction Client computers could be compromised by malicious software that could manipulate the voting options before being encrypted. The introduction of cast as intended mechanisms could allow voter to detect any manipulation of her vote before being cast This presentation describes Scytl s cast as intended initial proposal for the evalg 2011 project. This proposal was modified to meet specific usability and performance requirements proposed during the evalg 2011 project [1] [1] Kristian Gjøsteen. Analysis of an internet voting protocol. Cryptology eprint Archive, Report 2010/380, 2010. http://eprint.iacr.org/ 3.

Previous Work Two main approaches Pollsterless or code voting Voting Card per voter with two codes: Candidate codes: used to select a specific candidate. Return codes: used to verify that the server properly registered the selection Vote encryption challenge (Helios) Application shows the secret random parameters used to encrypt the vote. Voter uses the random parameters to verify if the encrypted vote contains her voter intent. Verified votes are discarded 4.

Previous Work Analysis Pollsterless or code voting: Pros: Comparing codes in a sheet is intuitive and can be done without any support tool. Cons: Casting votes by entering codes is not usable and error prone. Vote encryption challenge: Pros: Friendly click & select interface for casting votes. Cons: Independent voter verifiability process is less usable and cannot be done by humans means: requires an external tool. 5.

Previous Work New proposal objectives Combine the usability features of both proposals: Implement an usable verification process based on the same return codes concept of pollsterless systems. Uses a click & select scheme for vote casting instead of sending candidate codes 6.

Index Introduction Proposal Security Conclusions 7.

Voting Client (VC): Component executed in the voting terminal that implements the cryptographic processes in the client side Vote Collector Server (VCS): Stores the accepted votes in the Ballot Box Contributes in the operations that generate a deterministic value used for obtaining the Return Codes Return Code Generator (RCG): Generates the Return Codes from the deterministic value generated by the VC and the RCG Generates the voting receipt Voting Card: It contains a unique Voting Card Identifier (VCID) and the Verification Code for each candidate/option The VCID contributes on generating the Return Codes of the vote content VC, VCS and RCG are executed in different environments managed by different actors. Voting Card is provided through a non electronic channel to voters. 8. Proposal Components

Proposal Voting Card Vote Card ID Return code voting option

Proposal Probabilistic and deterministic encryption Voting option VCS and VCID contributes to this encryption Probabilistic encryption Zero Knowledge Proof of plaintext equivalence RCG can verify the proof Voting option Deterministic encryption Outer layer can be removed by RCG Probabilistic encryption 11.

Cryptographic protocol Initial settings Participants of the voting process: voter V, voting client VC, voting server VCS, validation server RCG. Asymmetric encryption: ElGamal. Election parameters: p is a safe prime (p=2q+1 where q is also prime). g is a generator of Gq, a q-order subgroup of Zp*. Key pairs: Election: private key x e, public key h e. RCG: private key x rcg, public key h rcg. Symmetric keys RCG: secret key K rcg. VCS: secret key K vcs. VCID: secret key specific of each voting card 12.

1. Vote preparation for vote casting: The voter (V) chooses her selections (v), and the Voting Client (VC) encrypts them using the ElGamal cryptosystem and a random exponent (r). A ZKP of plaintext independence (proof 1 ) is also generated. V -> VC: VC:, 2. Vote preparation for verification (I): The voter selections are encrypted again, using the ElGamal cryptosystem and a fixed exponent obtained from two values (a,d) calculated using the Voting Card Identifier (VCID) and the selections made by the voter: Fixed exponent generated in the Voting Client. VC: 13. Fixed exponent generated by the VCS. VC -> VCS: VCS -> VC: C: Cryptographic protocol Vote preparation (i) These values could be hidden from VCS and potential observers by using a blind signature

Cryptographic protocol Vote preparation (ii) 2. Vote preparation for verification (II): Generation of a ZKP of plaintext equivalence, showing that both encryptions have the same voting option encrypted C: relates: Both ciphertexts have the same v encrypted C proves knowledge of the equivalent encryption exponent Re-encryption of the deterministic cipher text in order to prevent VCS from trying a brute-force attack over the value a or an observer from knowing about a voter voting twice the same option: C: 14.

Cryptographic protocol Vote Casting 3. Vote Casting: Both cipher texts and proofs are digitally signed in the Voting Client and sent to the VCS: VC -> VCS: VCS verifies the ZKP of cipher text independence and the voter digital signature before forwarding the message to the RCG. VCS -> RCG: 15.

Cryptographic protocol Return Code Generation (i) 4. Vote verification at RCG: RCG verifies the ZKP of cipher text independence and the voter digital signature. RCG decrypts the second cipher text to obtain the deterministic encryption value generated in the Voting Client. RCG: RCG can then verify the ZKP of plaintext equivalence to ensure both cipher texts contain the same encrypted voting options. 16.

Cryptographic protocol Return Code Generation (ii) 5. Return Code generation: RCG generates the Return Code from the deterministic cipher text using its secret key and sends it back to the voter by an alternative channel (e.g. by SMS). RCG -> V: The voter can check that the Return Code value matches that assigned to her selection in the Voting Card. 6. Sending Voting Receipt: RCG generates a Voting Receipt as a confirmation for the VCS that the operations have been successful, so that the VCS stores the vote in the Ballot Box. RCG -> VCS: 17.

Cryptographic protocol Vote Storage 7. Storing the vote and sending confirmation: VCS receives the Voting Receipt and verifies the digital signature. VCS publishes the Voting Receipt in a Bulletin Board, stores the vote in the Ballot Box and forwards the receipt to the Voting Client, which shows it to the voter. VCS -> Bulletin Board: VCS -> BB: Store VCS -> VC: VC -> V: The voter verifies that the vote has been stored in the Ballot Box by comparing her Voting Receipt with the contents of the Bulletin Board. 18.

Index Introduction Proposal Security Conclusions 20.

Security Analysis Risk Analysis (i) Return Code compromise: Risks: Manipulation of a vote: Requires compromise also VC and RCG Voter privacy compromise: Requires compromise also RCG Mitigations: Return codes are sent through a different channel from the voting one VC and RCG are not connected Return Code sheets are not originally linked to voters Voters can use different Return Code sheets (if multiple voting is allowed) VC compromise: Risks: Voter privacy compromise: VC could capture the voter intent Manipulation of a vote: Requires compromise also return codes and RCG Mitigations: Multiple voting VC and RCG are not connected Voters can use different Return Code sheets (if multiple voting is allowed) The hash of the ballot box votes are published in a bulletin board 21.

Security Analysis Risk Analysis (ii) VCS compromise : Risks: Manipulation of a vote: Requires compromise also VC, RCG and Return Codes Voter privacy compromise: Requires compromise RCG and perform brute force attack Mitigations: Return codes are sent to voter through a different channel Deterministic encryption value has a length of 2048bits obtained using a KDF from a random 80 bits seed RCG compromise: Risks: Voter privacy compromise: Requires compromise Return Codes sheets Manipulation of a vote: Requires compromise also Return Codes and VC Mitigations: Multiple voting VC and RCG are not connected Voters can use different Return Code sheets (if multiple voting is allowed) The hash of the ballot box votes are published in a Bulletin Board 22.

Index Introduction Proposal Security Conclusions 23.

Conclusions The proposal implements a voter verifiability approach with the usability of pollsterless approach but without requiring candidate codes for casting votes (i.e., better usability and accessibility) The proposal is not vulnerable to a single component compromise The main risk of the proposal is the strength of the VCID to prevent attackers with access to the VCS and RCG keys from compromising the privacy of a vote using a brute force attack. 24.

25.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information