The Electronic ID and the Voting

Document Sample
The Electronic ID and the Voting Powered By Docstoc
					                The Electronic ID and the Voting Admission using a Cell Phone
                    Tetsuji KOBAYASHI *, Jaewook KIM * and Norifumi MACHIDA *
                                             *
                                       Nippon Institute of Technology
                           Department of Computer and Information Engineering
              Joho-Building, 4-1-1, Gakuendai, Miyashiro-machi, Saitama-ken, 345-8501 Japan

                                                                  identification system using a cell phone, the identification
                       ABSTRACT                                   data can be quickly read from the two-dimensional symbol
                                                                  scanner attached to the examiner’s terminal computer. The
   This paper proposes a personal identification method           encryption and authentication techniques can be used for the
using a cell phone to improve the function of ID cards and        security of the two-dimensional symbol [2].
also proposes the application to the electronic voting               The authors proposed a personal identification method
admission. The method is called as the electronic ID using a      using a cell phone for improving the function of ID cards,
cell phone. The personal identification data are stored in the    and the prototype was constructed and the evaluation was
server. Each user receives the data from the server on each       reported [3], [4]. There are local governments that use the
cell phone. The cell phone displays the text data (name,          electronic voting system in Japan [5]. However, the voting
affiliation, etc.), face images and a two-dimensional symbol.     admission is out of scope. The mechanism of the proposed
The examiner checks the displayed information by using the        personal identification method can be applied to the voting
examiner’s terminal computer. The mechanism uses                  admission for improving the current voting admission in the
message authentication and encryption to establish the            election of the central or local government. The electronic
security among the server, the cell phone and the examiner’s      voting admission proposed in this paper can improve the
terminal. The mechanism of the proposed electronic ID can         services for the voters and can remarkably decrease the cost
be applied to the electronic voting admission for improving       of the voting admission.
the current voting admission system in the election of the
national or local government. The proposed voting                         2 PERSONAL IDENTIFICATION
admission can improve the services for voters and decrease
the cost for voting admission remarkably.
                                                                     2.1 The Concept of the Electronic ID for
Keywords: cell phone, personal identification, security,                 Personal Identification
          two-dimensional symbol, voting admission
                                                                     The fundamental concept of the proposed personal
                 1 INTRODUCTION                                   identification method using a cell phone is summarized.
                                                                  (1) The personal identification data are stored in the database
   Personal identification is important in various information    of a server (or a computer center).
systems. Plastic cards and smart cards are used as ID             (2) Each user receives the personal identification data from
(identification) cards. In some countries including Japan,        the server on each cell phone. The time when the user
many people have color display cell phones. If a cell phone       receives the personal identification data depends on the
is used for personal identification, it is possible to show all   application. It is possible for the user to request the personal
of the identification information on the color display of the     identification data of the server. It is also possible that the
cell phone. Two-dimensional symbols are constructed by            server automatically sends the personal identification data to
means of extending the functions of barcodes [1]. A two-          the cell phone at the appropriate time decided by the
dimensional symbol has large recording capacity and error         application.
correction capability. There are various kinds of two-            (3) The cell phone displays the personal identification data
dimensional symbols. Two-dimensional symbol can be                that consist of text data (name, address, etc.) and image data
classified as a stack type and a matrix type. The stack type      (face image, etc.). The examiner checks these data.
symbol such as PDF417 is constructed by stacking multiple         (4) The cell phone additionally displays the two-dimensional
low-height barcodes. The matrix type symbol such as QR            symbol including the personal identification data. The
code is constructed to store a black or white pattern into a      purpose of the two-dimensional symbol is to read the data by
cell that corresponds to a pixel of an image. Although two-       the two-dimensional symbol scanner and automatically
dimensional symbols are used for a ticket such as an airline      process the data at the terminal computer of the examiner.
company, it has nothing to do with personal identification.       (5) The encryption and authentication techniques are used
By using the two-dimensional symbol for the personal              for the security of the two-dimensional symbol in the cell
phone. Additionally, the two-dimensional symbol can                  necessary to certify the correctness and minimize the
include the timestamp to limit the time interval for the             processing amount and the transmitted data amount.
personal identification data.                                          The solution for problem-5: The scheme to use multiple
(6) The personal identification is performed not only when           message authentication codes (or digital signatures) is
the examiner’s terminal can communicate with the server              devised.
(i.e., on-line identification), but also when the examiner’s
terminal cannot communicate with the server on account of               2.3 Proposed Method for the Electronic ID
its failure (i.e., off-line identification).
                                                                        The proposed electronic ID for personal identification
   2.2 Main Problems and Solutions                                   using a cell phone is described in detail in this chapter. Main
                                                                     elements for the proposed method are shown in Fig. 1.
   Main problems and solutions to implement the proposed             (MAC: Message Authentication Code).
concept are described as follows.
   Problem-1: The transmission data from the server to the                            [Server]
cell phone such as the ordinary compressed face image and
the personal text data cannot be encrypted in many cases                      Public basic         Two-dimensional symbol.
because most of cell phones do not have encryption and                        personal
decryption functions for email data.                                          text data.             Secret detailed
   The solution for problem-1: The authentication code is                                            personal text data.
generated for the ordinary compressed face image and the                      Ordinary
personal text data, and it is stored in the two-dimensional                   compressed
                                                                                                     Highly compressed
symbol. The data stored in the two-dimensional symbol are                     face image.
                                                                                                     face image.
encrypted. The examiner’s terminal can read the two-
dimensional symbol from the scanner and decrypt the data.                        MAC-B
                                                                                                            MAC-A
The personal text data transmitted from the server to the cell
phone without encryption are limited to the public basic                    MAC-A (copy)
personal data. The secret detailed personal data with
encryption are stored in the two-dimensional symbol.
   Problem-2: When the examiner’s terminal is unable to
communicate with the server because of failures, it should                   [Download]                      [Email or download]
perform personal authentication by only using the displayed
information of the user’s cell phone.
   The solution for problem-2: All of the data for personal                 Examiner’s terminal.
identification are stored in the two-dimensional symbol.                                                  User’s cell phone.
   Problem-3: Since the size of the two- dimensional symbol
displayed on a cell phone is small because of its display size,
the ordinary compressed face image is too large to store in                 Two-dimensional
the two-dimension symbol.                                                   symbol scanner.
   The solution for problem-3: The highly compressed face
image with high compression rate is stored in the two-
dimensional symbol.                                                       Fig. 1: Main elements for the proposed method.
   Problem-4: The personal text data can be divided into the
public basic text data (name, user ID, affiliation), and the            2.4 The Server
secret detailed text data (name, user ID, affiliation, birth date,
                                                                     (1) The examiner produces an ordinary compressed face
telephone number, address, etc.). (Note: The secret detailed
                                                                     image and a highly compressed face image by using the face
text data include the public basic text data.)
                                                                     image of the user. Each of compressed face images has each
  The solution for problem-4: The text data transmitted to
                                                                     compression rate. The user ID is embedded in the ordinary
the user's cell phone from the server by email without
                                                                     compressed face image by using digital watermarking to
enciphering are the public basic text data. Since the secret
                                                                     protect it from the intruder of the server.
detailed text data include privacy information, they are
                                                                     (2) The server obtains the public basic personal text data
enciphered and stored in the two-dimensional symbol.
                                                                     (name, user ID, and affiliation), the ordinary compressed
Problem-5: The data from the server to the examiner’s
                                                                     face image, and the data for the two-dimensional symbol.
terminal consist of the downloaded data from the server and
                                                                     The data for the two-dimensional symbol consist of the
the data obtained from the two-dimensional symbol
                                                                     following data: the highly compressed face image and the
displayed on the cell phone. These data can be categorized
                                                                     secret detailed personal text data (name, user ID, affiliation,
as the duplicated data and the non-duplicated data. It is
birth date, phone number, address, creation date, expiration         2.6 On-line Identification by the Examiner
date, and other additional data).
(3) The server creates MAC-A as the message authentication           The on-line identification is the personal identification
code (or digital signature) for the data of the two-              when the examiner’s terminal computer can communicate
dimensional symbol such as the highly compressed face             with the server. The procedure is described as follows.
image and the secret detailed personal text data.                 (1) The examiner’s terminal downloads the public basic
(4) The server creates MAC-B as the message authentication        personal text data, the secret detailed personal text data, the
code (or digital signature) for the transmission data to the      ordinary compressed face image, the highly compressed face
cell phone and the examiner’s terminal such as the public         image, the MAC-B and the copy of MAC-A. These data are
basic personal text data (name, user ID, and affiliation), the    protected by the SSL (secure sockets layer) protocol.
ordinary compressed face image, and the data for the two-         (2) The examiner’s terminal reads the two-dimensional
dimensional symbol.                                               symbol on the cell phone from the two-dimensional symbol
(5) The server encrypts the secret detailed personal text data,   scanner. The data in the two-dimensional symbol are
the highly compressed face image and MAC-A. The server            decoded and stored in the examiner’s terminal.
stores the encrypted data in the two-dimensional symbol.          (3) The examiner’s terminal verifies the MAC-B by creating
(6) The server transmits the ordinary compressed face image,      the new MAC-B’. It also verifies the copy of MAC-A
the public basic personal text data and the two-dimensional       obtained from the server and the MAC-A obtained from the
symbol, to the cell phone. These data are transmitted by          two-dimensional symbol obtained from the cell phone.
email from the server (or downloaded by the user from the         When they are correct, this procedure continues to the next.
Web browser of the cell phone).                                   (4) The examiner’s terminal verifies the MAC-A by creating
(7) Both of the encryption key and the authentication key are     the new MAC-A’ from the data in the two-dimensinal
shared between the server and the examiner’s terminal.            symbol.
  The method to verify the communication among the                (5) The examiner’s terminal displays the secret detailed
server, the cell phone and the examiner’s terminal is shown       personal text data and the ordinary compressed face image.
in Table 1.                                                       The examiner checks the correctness of the displayed data
                                                                  and the live face image of the user of the cell phone.
     Table 1: The method to verify the communication.
 Items for verification. The method for verification by              2.7 Off-line Identification by the Examiner
                         using multiple message
                         authentication codes.                       The off-line identification is necessary when the
 The correctness of the The concordance between the               examiner’s terminal cannot communicate with the server on
 two-dimensional         MAC-A in the two-dimensional             account of the failure of the server or the communication
 symbol transmitted to symbol and the MAC generated               line. The procedure for the off-line identification is
 the cell phone from     from the data in the two-                described as follows. The data in the two-dimensional
 the server.             dimensional symbol.                      symbol are obtained and decrypted. The MAC-A is verified
 The correctness of the The concordance between the               by using only the data stored in the two-dimensional symbol.
 downloaded data to      MAC-B in the downloaded data             The secret detailed personal text data and the highly
 the terminal from the and the MAC generated from the             compressed face image are displayed on the examiner’s
 server.                 downloaded data.                         terminal. The examiner checks the data, and checks the face
 The correctness         The concordance between the              image by looking at the live face. The result is recorded and
 between the             MAC-A in the two-dimensional             shall be dually verified when the examiner’s terminal is able
 downloaded data and symbol of the cell phone and the             to access the server. Although the on-line identification uses
 the displayed data on copy of MAC-A that is stored in            the ordinary compressed face image, the off-line
 the cell phone          the downloaded data.                     identification uses the highly compressed face image
                                                                  because the two-dimensional symbol has a capacity limit
                                                                  such as the maximum value is about 2,000 bytes for the
   2.5 The Cell Phone of the User                                 current cell phone and the two-dimensional symbol scanner.
(1) The cell phone of the user receives the ordinary
compressed face image, the public basic personal text data           2.8 Merits of the Electronic ID
and the two-dimensional symbol from the server.
                                                                     The proposed personal identification method using a cell
(2) The user displays and shows the public basic personal
                                                                  phone has the following merits. As the face image displayed
text data, the ordinary compressed face image, and the two-
                                                                  on the cell phone is large enough in comparison with the
dimensional symbol on the cell phone according to the
                                                                  photograph size of the ordinary plastic ID card, the precision
guidance of the examiner.
                                                                  increases when the examiner compares the displayed face
                                                                  image to the live face. As the personal identification data can
be directly read from the two-dimensional symbol scanner,        specified voting place. [Problem-C]: Since each staff at the
the data can be automatically processed by the examiner’s        voting place compares manually the name of the admission
terminal. The cost to produce ID cards is decreased because      ticket to the thick list of voters, a voter may sometimes have
no ID card is used. By using the two-dimensional symbol for      a long waiting time. [Problem-D]: Since the number of
the ID system using a cell phone, the forgery becomes            voters is very large, the cost for printing and mailing the
difficult and the time for checking the contents of the ID       voting admission tickets is huge in each election.
data is reduced. The attacks and counter measures with
regard to the proposed electronic ID are shown in Table 2.          3.2 The Electronic Voting Admission
      Table 2: The attacks and counter measures with               We propose the electronic voting admission by email
                regard to the proposed electronic ID.            using a cell phone that coexists with the current voting
         Attacks                Counter measures against the     admission ticket by postal mail.
                                attacks
 The attacker may access        This attack can be defended      (1) Overview
 the fraudulent Web site        when the correct Web site           If a voter wishes to receive an electronic voting admission
 created by the attacker, and attaches the authentication        ticket with the cell phone, the voter registers the email
 the attacker may display       code for the data in the         address to the election administration committee of the
 the fake data on the display two-dimensional symbol.            national or local government depending on the kind of
 of the cell phone.                                              election in advance. The server transmits the basic text data
                                                                 for voting (voting kind, voting date, voting place, voter’s
    The attacker displays the     Since the face image is
                                                                 name), the simple map of the voting place, and the two-
 two-dimensional symbol         displayed on the cell phone,
                                                                 dimensional symbol that includes the detailed text data for
 that is illegally obtained     the checking person can
                                                                 voting (voter’s name, address, voting place, and the message
 from the correct person’s      compare the face image to
                                                                 authentication code (or digital signature)), to the cell phone
 cell phone, or copied from     the live face.
                                                                 of the voter. The voter shows the two-dimensional symbol
 the display.
                                                                 displayed on the cell phone to the staff at the voting place.
   The intruder for the            It is very difficult to
                                                                 The terminal computer reads the two-dimensional symbol
 server modifies the            intrude the secure server,
                                                                 displayed on the cell phone from the two-dimensional
 personal identification data   to modify the personal
                                                                 symbol scanner, and checks the correctness of the voter
 in the database of the         identification data, and
                                                                 based on the data obtained from the two-dimensional symbol
 server.                        to generate the two-
                                                                 and the pre-downloaded data from the server. Since the
                                dimensional symbol.
                                                                 check of the facial photograph of each voter is not performed
                                                                 at the present election, the check of each face image is the
                                                                 optional function. The displayed text data of the voter on the
                                                                 cell phone are minimized such as the voter’s name and the
                                                                 voting place, and the detailed voter’s text data are encrypted
3 THE ELECTRONIC VOTING ADMISSION
                                                                 and stored in the two-dimensional symbol. The display of
                                                                 the electronic voting admission ticket of the voter’s cell
   3.1 Problems of the Voting Admission                          phone is shown in Fig. 2. The feature of the electronic
                                                                 voting admission ticket is shown in Table 3. This table
   The proposed identification method can be applied to          compares the basic personal identification method described
various applications. This paper proposes a voting admission     in section 2 to the electronic voting admission.
method for the elections of national or local governments. A
set of voting admission tickets for each voter is mailed to
each household that consists of one or more voters in the
elections of Japan. Each voter goes to each specified voting
place with the voting admission ticket, and the voter receives
a ballot sheet to cast a vote in exchange for the voting
admission ticket at the specified voting place. However,
there are following problems in the current voting admission
system. [Problem-A]: Since the admission ticket is mailed
earlier than the day of election, there are voters who may                                                 Two-dimensional
lose the voting admission ticket. [Problem-B]: Since two or       The basic text       The map of the
                                                                                                           symbol including
more voting places are printed on the voting admission ticket    data of the voter.     voting place.
                                                                                                            the voter’s data.
and one of them is specified for each voter (the purpose is to        Fig. 2: The electronic voting admission ticket.
decrease the printing cost), there is a voter who mistakes the
   Table 3: The feature of the electronic admission ticket.
      Methods     The basic personal The electronic                 Server of the election administration committee.
                  identification          voting admission.          ·The list of voters.
  Items           method.                                            ·The data of the electronic voting admission.
 Off-line         Possible.               Possible.
 identification.                                                 [Pre-download]                    [Email]
 On-line          Possible.               None.
 identification.                                                                                  ·The basic data for voting.
                                                                 List of voters.
                                                                                                  ·Simple map.
 Identification Possible.                Option.                                                   ·Two-dimensional symbol.
 by face image.
                                                                 [Voting place]
 The data          The basic text data   The basic text
 included in       for personal          data for the voting
 the email to      identification,       admission, the            Terminal
 the cell phone.   and the two-          simple map of the         computer.
                   dimensional           voting place,
                   symbol.               and the                                             Voter’s cell phone.
                                         two-dimensional             Scanner.
                                         symbol.
 The data          The basic text data   The basic text            Fig. 3: The concept of the electronic voting admission.
 stored in the     for identification,   data for the voting
 two-              the detailed text     admission, the
 dimensional       data for              detailed text data
 symbol.           identification,       for the voting        (2) The Security
                   and the highly        admission, and the      The attacks and countermeasures against the voting
                   compressed face       data of the voting    admission schemes are shown in Table 4.
                   image.                place.
                                                                          Table 4: Attacks and countermeasures
 The               Real-time             Pre-download.
                                                                                   against the voting admission.
 downloading       download or
 scheme from       pre-download.                                     Methods The electronic             The present voting
 the server to                                                                   voting admission by admission by postal
 the terminal.                                                  Attacks          email using a cell     mail.
 The download      The basic text data   The list of voters     or errors        phone.
 data from the     for identification,   for each voting        The erratic      The email address      The erratic delivery
 server to the     the detailed text     place.                 delivery.        should be managed may occur because
 terminal of       data for                                                      precisely.             of the mailman’s
 the voting        identification,                                                                      mistake.
 place.            and the ordinary                             The attacker This case does not         The attacker may
                   compressed face                              steals the       occur.                 steal the voting
                   image.                                       voting                                  admission ticket
                                                                admission                               from the mailbox.
                                                                ticket.
   Accordingly, the problem-A is resolved by storing the        The attacker This case can be           This case can be
email for the electronic admission in the cell phone. The       votes more       detected at the        detected at the
problem-B is resolved by describing only one place in the       than one time. voting place.            voting place.
map of the voting place. The problem-C is resolved by
storing the list of voters in the terminal computer, and by     The attacker       The other person          The other person
checking the correspondence between the data of the voting      gives a true       can vote when the         can vote when the
admission ticket and the list of voters in the terminal         or fake            personal                  personal
computer. The concept of the electronic voting admission is     voting             identification at the     identification at the
shown in Fig. 3.                                                admission          voting place is           voting place is
                                                                ticket to the      incomplete.               incomplete.
                                                                other person.      (The face check is        (The face check is
                                                                                   desirable.)               desirable.)
(3) Cost                                                            more years old) is about 100,910,000. Therefore, when all
  In order to investigate the Problem-D, let us discuss about       voters use the electronic voting admission tickets,
the cost for the voting admission. The comparison of the              the decreasing cost for one election
voting admission tickets is shown in Table 5.                            = 100,910,000 (voters) · 31.155 (JPY / voter)
                                                                         = JPY 3,143,851,050 ≈ US$ 31,438,510.
     Table 5: The comparison of voting admission tickets.
      Methods          The electronic         The voting               As for the electronic voting admission, the printing cost
                       voting admission       admission             and the postal mail cost are zero. Therefore, the total cost for
 Items                 by email using the     by postal             voting admission becomes remarkably decreases when the
                       cell phone.            mail.                 number of voters that use the electronic voting admission
                                                                    increases. The increasing cost is discussed as follows. The
 The server for the    Necessary.             Necessary.
                                                                    email data consists of the small text data, the small line-
 voting management.
                                                                    drawing map and the two-dimensional symbol. When the
 To print the voting   None.                  Necessary.
                                                                    optional face image is used for authentication, it can be
 admission tickets.
                                                                    downloaded from the server. Therefore, the amount of data
 To distribute the     Email.                 Postal                of the electronic voting admission ticket that are transmitted
 voting admission                             mail.                 from the server to the cell phone is small. For example, the
 tickets.                                                           amount of data of the electronic voting admission
 The terminal          Necessary.             None.                 transmitted from the server to the cell phone is calculated as
 computer for                                                       follows based on the prototype. The detailed text data of the
 checking each voter                                                voting admission such as the voter name, the voter address,
 in each voting place.                                              the voter’s birth date, and the voting place are 61 bytes, the
 The number of staff       Relatively small.        Relatively      size of the map is 526 bytes and the size of the two-
 to check the voting                                large.          dimensional symbol is 550 bytes, the total data amount is
 admission ticket.                                                  1,137 bytes, and these data needs 8.8 packets. The payment
 The voter’s payment       A little payment         None.           for 8.8 packets is very small although it depends on each
 for the voting            occurs when the                          cellular phone company, (e.g., about JPY 1.0 (about
 admission.                voter receives the                       US$ 0.01) for a cellular company).
                           email.
 The time and              Necessary.               Necessary.                         4 CONCLUSION
 transportation
 expenses for the                                                     An electronic ID system for personal identification using a
 voter.                                                             cell phone has been proposed. The two-dimensional symbol
                                                                    scanner can quickly read the electronic ID data, and the
                                                                    security of the electronic ID data is improved. The
   According to the election administration committee in the
                                                                    mechanism of the proposed personal identification method
certain large city in Japan,, the expense of the voting             can be applied to the electronic voting admission for
admission tickets for the national election of the House of
                                                                    improving the services and decreasing the cost of the present
Councilors in July 2004 is as follows. The total printing cost      voting admission in the election of national or local
for voting admission tickets is about JPY 4,700,000 (about
                                                                    governments.
US$ 47,000, when US$ 1.00 is assumed to be JPY 100
(Japanese yen)). The total mailing cost for voting admission
tickets is about JPY 21,500,000 (about US$ 215,000). The
                                                                                         REFERENCES
number of voters in the day of election is 840,947. (The            [1] http://www.aimglobal.org/
number of households is 435,795 in the data of November             [2] B. Schneier, Applied cryptography, Second Edition, John
2004.) Therefore, we obtain the following result.                   Willey & Sons, Inc., (1996).
   The printing and mailing cost of the current voting              [3] J. Kim and T. Kobayashi: Personal identification using a
   admission ticket per voter                                       cell phone and the security, Proceedings of the 2004
           = (4,700,000+21,500,000) / 840,947 (JPY / voter)         Symposium on Cryptography and Information Security
           ≈ 31.155 (JPY / voter) ≈ 0.31155 (US$ / voter).          (SCIS2005), pp. 915-920, IEICE, Japan, (Jan. 2004),.
Although the cost depends on each election region, it is            [4] N. Machida, J. Kim, and T. Kobayashi: An Electronic ID
appropriate to refer the result because the city is a typical big   System using a Cell Phone and Its Evaluation, Proceedings
city in Japan. Let us consider the effect for all over Japan.       of the Second IASTED International Conference on
According to the data of the Ministry of Internal Affairs and       Communication, and Computer Networks (CCN2004), USA,
Communications, the population of Japan in the year of 2000         IASTED, ACTA press, pp. 275-280, (Nov. 2004).
is about 126,140,000 and the total number of voters (20 or          [5] http://www.evis-j.com/

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:24
posted:3/10/2010
language:English
pages:6