Towards Robustly Secure Electronic Voting Systems by phv84830

VIEWS: 6 PAGES: 27

									      Towards Robustly Secure
      Electronic Voting Systems
               Kapali Viswanathan
                  HQ of SETS
         Nungambakkam, Chennai, TN, India
The 2nd Annual IIT Kanpur Hacker's Workshop 2005
                  (IITKHACK05)
                 March 4-5, 2005
              IIT Kanpur, UP, India
                  March 4, 2005
              Strategy and Synergy for Security




                        Overview

 •   Entities in voting systems
 •   Security properties for fair voting
 •   Manual or electronic voting?
 •   Cryptography and secure e-voting
 •   Indian e-voting exercise: prospects




              Strategy and Synergy for Security




                                                   1
      Entities in Voting Systems

     Entities & Their Requirements




           Strategy and Synergy for Security




       Entities in a Voting System

• Vote: A binary or non-binary entry
• Ballot: A collection of votes
• Voter: Requires confidentiality service
  for the voter-ballot relationship
• Election authorities: Require the
  procedures to be followed



           Strategy and Synergy for Security




                                               2
       Entities in a Voting System

• Ballot Box: Collects ballots from
  (authorised) voters
• Ballot accumulator: Classifies and
  accumulates legal ballots in a pre-
  determined manner
• Monitor: Monitors the behaviour of
  every other entity for compliance with
  pre-define voting system rules

           Strategy and Synergy for Security




Security Properties for Fair Systems

  What to expect of secure (e-)voting
              systems?



           Strategy and Synergy for Security




                                               3
              Basic Properties

• Hannu Nurmi, Arto Salomaa, and Lila
  Santean. Secrecy ballot elections in
  computer networks. Computers &
  Security, 10:553-560, 1991.
• (BP1 - Authorisation) Only
  authorised voters may vote.
• (BP2 - Uniqueness) No authorised
  voter may cast more than one valid
  vote.

           Strategy and Synergy for Security




              Basic Properties
• (BP3 - Confidentiality) No entity may be
  able to determine the voting strategy of
  authorised voters.
• (BP4 - Integrity) Nobody may be able to
  duplicate or modify accepted votes without
  being detected.
• (BP5 – Receipt-freeness) Voters must not
  be able to accurately prove their voting
  strategy after their participation in the
  election


           Strategy and Synergy for Security




                                               4
           Advanced Properties

• (AP1 - Computerisation) The voting
  process may take place over a
  computer network
• (AP2 – Verification of Counting)
  Every authorised voter may be able to
  verify that his/her vote has been
  accounted for in the final tally



           Strategy and Synergy for Security




           Advanced Properties

• (AP3 – Change of Ballot) Authorised
  voters may change their ballot within a
  specified period of time.
• (AP4 – Revalidation of Individual
  Ballot) Upon discovering unaccounted
  vote in the final tally, authorised voters
  may be able to prove to the voting
  authority without jeopardizing ballot
  secrecy

           Strategy and Synergy for Security




                                               5
   Exploring the basic security of manual
               voting systems
• BP1 – Every voter is (weakly)
  authenticated and authorised using a
  voters list
• BP2 – Before voting, every voter is
  marked with an “indelible” ink and the
  voters list is updated to register such
  acts of marking suitably and linkably



            Strategy and Synergy for Security




   Exploring the basic security of manual
               voting systems
• BP3 – Confidentiality is provided by the
  following measures
  – Voters should verify that there are no
    unique serial numbers on their ballot
    papers that can be used for tracing
  – a physically enclosed space is provided for
    voters to register their votes in the ballot
  – the ballot is dropped into a ballot box by
    the voter without revealing its content to
    any other entity
                            The ballot box is trusted!
            Strategy and Synergy for Security




                                                         6
   Exploring the basic security of manual
               voting systems
• BP4 – The ballot box is sealed by Election
  Authorities and you trust that
  – Only the election authorities can seal the ballot
    box properly before distribution
  – The election authorities would accept only those
    ballot boxes that are properly sealed for counting
• BP5 – Voters are allowed one-by-one into the
  voting booth, they are restricted from
  carrying any optical registration equipment,
  and ballots with votes marked shall not enter
  or leave the voting booth for a specified
  period of time
             Strategy and Synergy for Security




     Manual or Electronic Voting?

           To see or not to see..




             Strategy and Synergy for Security




                                                         7
              Manual voting systems
• Advantages
  – Tried and tested
  – Human verification possible
• Disadvantages
  – Counting process is, practically, not reliably repeatable
  – The number of entities that the voters must trust for
    proper accounting of votes is larger
  – Contributes to the destruction of lots of trees (papers)
    especially in India
  – Voting process becomes a costly and messy affair


                 Strategy and Synergy for Security




            Electronic voting systems

  • Advantages
    – Uses more re-usable components, thereby less
      costly
    – Less messy, if proper user interface is provided
    – Counting process can be performed quickly
    – In theory, it may be possible to provide
      end(voter)-to-end(vote accumulator) integrity so
      that the users need to trust lesser number of
      entities for accounting of votes
    – Counting process is reliably repeatable


                 Strategy and Synergy for Security




                                                                8
        Electronic voting systems

• Disadvantages
  – Less tried and less tested
  – Humans cannot see or feel bits!
  – Needs an enormous amount of audit trail
    to determine the source of a bug, if it
    were to be detected on the first hand!
  – Care must be taken to ensure that the
    audit trail does not compromise any voting
    security property

           Strategy and Synergy for Security




    Electronic voting systems (Paradox)

  “You can’t trust code that you did not
    totally create yourself. (Especially
    code from companies that employ
    people like me.) No amount of
    source-level verification or scrutiny
    will protect you from using untrusted
    code.”
                          -- Ken Thompson, 1984


           Strategy and Synergy for Security




                                                  9
 Cryptography and Secure E-Voting

       Engendering trust in e-voting..




              Strategy and Synergy for Security




     Basic assumption device assumption

• You have a “trusted” electronic buddy
• The buddy could be called “Trusted Computing
  Base”
• He keeps your secret as secrets
• He does not even trust you to have your secrets!
• Has high behavioural integrity (He says “no
  downloadable code please!”)
• You trust him because you trust (?) another
  unknown(!) group of buddies probably called ECIL,
  BEL, Nokia, LG, Samsung, Sony, Intel, or Microsoft!




              Strategy and Synergy for Security




                                                        10
          Basic Services of Cryptography

   • Cryptography provides us only with two basic
     services, namely
      – Confidentiality: Only authorised entities can read
        a message
      – Integrity: Only authorised entities could have
        written a checksum for a message
   • Confidentiality service is purely a belief or
     assumption (unverifiable)
   • Integrity service is purely a diagnostic or
     verification tool

                   Strategy and Synergy for Security




                         Confidentiality
                                                       What is the
                                                       information that
 Sender                                                is being sent
         Key                                           (copied)?
                                  Encrypt
   Information


                                     Ciphertext


Receiver (authorised entity)
                                                          Unauthorised
           Information                Decrypt             entity
                                     Key

                   Strategy and Synergy for Security




                                                                          11
                             Authenticity
               Sender (Authorised
               entity)
                                       Information + Checksum
Information     Generate
                Checksum                     Receiver             Key
                Key
                                                 Verify
                                                 Checksum
           Information + checksum


                                     Yes                          No
Unauthorised entity        (Accept information)           (Reject Information)

                      Strategy and Synergy for Security




           Cryptographic language (something
               that we do not understand
                      completely)
 • Cryptology is a language with the following
   operations
     – Confidentiality
     – Integrity
     – Pseudorandom Bit Generator
 • And the following (auxiliary) operands/outputs
     –   Keys
     –   Messages
     –   Ciphertext
     –   Checksums

                      Strategy and Synergy for Security




                                                                                 12
    Cryptology and Secure E-voting

• Using a suitable cryptology language
• Get the best description to realise the
  basic (and advanced) goals of secure e-
  voting




           Strategy and Synergy for Security




    Properties to mechanisms mapping

• BP1 – Authorisation: authentication
  mechanisms and access control
• BP2 – Uniqueness: message
  authentication, blind signatures, group
  signatures, receipts or trails
• BP3 – Confidentiality: Encryption and
  mix-networks


           Strategy and Synergy for Security




                                               13
    Properties to mechanisms mapping

• BP4 – Integrity: Message
  Authentication Codes, Manipulation
  Detection Codes, Digital Signatures,
  Blind Signatures, or Group Signatures
• BP5 – Receipt-freeness: Deniable
  encryption, oblivious transfer
• We shall not go into the mapping of
  advanced properties to mechanisms

            Strategy and Synergy for Security




   Robustly Secure E-Voting in a nutshell

• Voting system is a special
  communication system for transmitting
  information tuples of the form (Voter
  ID, Ballot)
• Conceptually, robustly secure voting
  would have one of the three formats
  – Integ(Conf( VoterID, Ballot ))
  – Integ(Conf(VoterID), Ballot)
  – Integ(VoterID, Conf(Ballot))


            Strategy and Synergy for Security




                                                14
      Robustly Secure E-Voting in a nutshell

• Integ(Conf( VoterID, Ballot )): Manual
  authentication, trusted and confidential Electronic
  Voting
• Integ(Conf(VoterID), Ballot): Electronic
  authentication with anonymity and trusted
  electronic voting without confidentiality for vote
• Integ(VoterID, Conf(Ballot)): Electronic
  authentication without anonymity and trusted and
  confidential voting


               Strategy and Synergy for Security




            Popular Cryptology Tools

  • Homomorphic encryption (Josh
    Benaloh, Microsoft research, PhD
    thesis)
  • Mix networks (David Chaum)
  • Threshold Cryptography (Yvo Desmedt)
  • Blind signature (David Chaum)



               Strategy and Synergy for Security




                                                        15
          Homomorphic Encrytion and E-voting

    • Let Ek(.) be an encryption algorithm using a
      given key K
    • Let v1 and v2 be two votes that must be
      ultimately be added
    • Let Ek(v1) and Ek(v2) be corresponding
      encrypted votes
    • Then, Ek(v1) ⊗Ek(v2) =Ek(v1⊕v2)
    • That is, you multiply the ciphertexts to get
      another ciphertext which represents the
      added plaintext

                       Strategy and Synergy for Security




                             Mix networks
               s1,c1                          d1
Sender 1                                                               ml+1
               s2,c2                          d2
 Sender 2                                                              ml+2
                           Mix Server 1             Mix Server 2
                                              d3
               s3,c3       (Key k1, π)              (Key k2, π’)       ml+3
 Sender 3
                                              d4
                                                                       ml+4
               s4,c4
  Sender 4
• ci = Ek1(Ek2(mi)) for i = 1, 2, 3, 4
•dj = Ek2(mj) for j = 1, 2, 3, 4 s.t. j = π(i) and π(.) is a permutation
•ml+n = ml+π’(j) for l, n = 1,2, 3, 4 s.t. n = π’(j) and π’(.) is a permutation
                       Strategy and Synergy for Security




                                                                                  16
            Mix networks and voting

• Provide anonymity
• Integ(Conf(VoterID), Ballot)
• Election officials (mix servers) are trusted
  to perform their decryption and
  permutation (mixing) operations properly
• There are also schemes that verify if the
  mix servers have indeed decrypted properly
  without jeopardizing the mixing operation!

               Strategy and Synergy for Security




            Threshold cryptography

  • Private key x is shared among n decrypting
    entities such that any t (t≤n) of them can
    decrypt a given ciphertext without revealing
    their respective secret shares
  • Use to realise a t-out-of-n mix network in
    order to improve the reliability and mixing
    operation of the mix network
  • Order of decryption would not affect the
    compound decryption operation


               Strategy and Synergy for Security




                                                   17
             Blind Signatures

• How to get a signature on a message
  from a signer without showing the
  message?
• When Verify(Unblind(Sign(Blind(m))
• Is same as
  Verify(Sign(Unblind(Blind(m))




          Strategy and Synergy for Security




Indian e-voting exercise: prospects

   Disadvantages vis-à-vis R&D and
        business prospects…..



          Strategy and Synergy for Security




                                              18
              Present voting machine

  • All entered votes are stored as plaintext
  • Every voting machine provides its tally
  • Therefore the confidentiality of
    individual votes is guarantee through
    aggregation
  • Tally of all machines is the tally of a
    constituency
  • Tally of all constituencies is the tally…..

                Strategy and Synergy for Security




             Present voting machines
• Advantages
  – Simple design
  – Simple logic leads to simple verification and validation
    exercises
• Disadvantages
  – The design specifications are not public
  – Does it have security through obscurity?
  – Are we trusting the manufacturers of the voting
    machine along with the Election Commission?
  – Voters do not know precisely what they voted nor can
    they verify!

                Strategy and Synergy for Security




                                                               19
         Present Voting Machines
• The trust that an Indian Voter placed on the
  manual voting system was less
• Indian voters must now trust ECIL and BEL
  to guarantee that their vote was registered
  properly
• Election officials must now trust ECIL and
  BEL to guarantee fair elections!!!!!
• Independent observers (monitors) cannot
  gain objective confidence that every vote
  was registered and counted properly


            Strategy and Synergy for Security




         Present Voting Machines

• (Singularity) If only one voter uses the
  present voting machine, it does not
  provide any security
• The policy of use of present voting
  machines does not provide the voters
  with the choice of casting dummy
  votes!!
• Can we do better than the current
  design? I definitely think so….

            Strategy and Synergy for Security




                                                 20
 Summary and (lack of) conclusions

    How nature loves the incomplete. She
     knows: if she drew a conclusion it
              would finish her
         - Christopher Fry (1950)


           Strategy and Synergy for Security




                 Observations

• Secure e-voting can be achieved if we
  guarantee some form of confidentiality
  service to the votes (encrypt the votes)
• Robust e-voting can be achieved by
  verifying the data integrity of the votes
  stored in the voting machine (use
  Message Authentication Codes,
  Manipulation Detection Codes, or
  Digital Signatures)

           Strategy and Synergy for Security




                                               21
                       Summary
• Providing confidentiality to the data (vote)
  allows for identifying the voter (lack of
  anonymity)
• Providing confidentiality to the identity of the
  voter (anonymity) allows for plaintext
  recover of individual votes
• Providing confidentiality services results in
  security
• Using well designed and implemented
  integrity systems provides robust security


             Strategy and Synergy for Security




                       Summary

• Integrity is in two levels
   – Integrity of the votes
   – Integrity due to binding every vote with an
     authorised voter, who indeed voted




             Strategy and Synergy for Security




                                                     22
                    Conclusions

• The lower the trust required to achieve a
  particular security goal, higher is the degree
  of security realised
• The number of entities I need to trust in
  order to believe that a voting system is fair
  must be as small as possible
• Use of technology expands the web of trust
• Cryptology and robust key management may
  allow us to reduce the web of trust


             Strategy and Synergy for Security




             Strategy and Synergy for Security




                                                   23
     Towards Robustly Secure
     Electronic Voting Systems
                  (Auxiliary Slides)
              Kapali Viswanathan
                 HQ of SETS
        Nungambakkam, Chennai, TN, India
The 2nd Annual IIT Kanpur Hacker's Workshop 2005
                  (IITKHACK05)
                 March 4-5, 2005
              IIT Kanpur, UP, India
                  March 4, 2005
             Strategy and Synergy for Security




       Concrete example (Homomorphic
                 encryption)
• Let g and h be two generators of a prime
  order subgroup
• Such that computing discrete logarithms and
  solving the representation problem is
  moderately easy
• Let v1,v2 {0,1}
• Let r1,r2 be suitably chosen random
  numbers

             Strategy and Synergy for Security




                                                   24
          Concrete example (Homomorphic
                    encryption)
•   Encryption of votes would be
•   c1 = gv1 hr1 and c2=gv2hr2
•   So that c3 = c1c2 = gv1+v2 hr1+r2
•   Find representation of c3 to determine
  v1+v2
• In order to prevent everybody from finding
  the representation of individual votes
  encrypt the votes using homomorphic
  encryption

               Strategy and Synergy for Security




          Concrete example (Homomorphic
                    encryption)
• That is: Ek(c1)Ek(c2)=Ek(c1c2)
• Plain old ElGamal and RSA encryption
  algorithms have this property
• Election Officials who have the key k are
  trusted not to decrypt to get c1 or c2
• Election officials recover c1c2 and solve the
  representation problem to find the tally
• Integ(VoterID, Conf(Ballot))

               Strategy and Synergy for Security




                                                   25
       Concrete example (Threshold
              Cryptography)
• 2-out-of-2 decryption
• Ordering is not important
• Let g be a generator of a prime order
  subgroup where Decisional Diffie-Hellman
  problem is difficult
• Let x1 and x2 be two independently
  chosen private keys


           Strategy and Synergy for Security




       Concrete example (Threshold
              Cryptography)
• y=gx1x2 is the public key corresponding to
  x1 and x2
• El Gamal Encryption of message m under
  y using random number r is
• A=myr and B=gr
• Decryption: m = A/((B)xi)xj where i ≠ j
  and i,j ∈ {1,2}
• Works because: Bxixj = gr.xixj = yr

           Strategy and Synergy for Security




                                               26
      Concrete example (Blind signature)

• Let (e,n) be the RSA public key of the
  signer and d the private key
• Let m be the message to be signed
• Blind operation using secret random
  number r : c=m re mod n
• Signature: s’ = cd mod n = md red mod n
• Unblind: s = s’/r mod n = md mod n
• Verify: se = m mod n

            Strategy and Synergy for Security




                                                27

								
To top