E-voting DITSCAP Project

Slides:



Advertisements
Similar presentations
Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Advertisements

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Access Control Methodologies
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security Controls – What Works
Security+ Guide to Network Security Fundamentals
1/11/2007 bswilson/eVote-PTCWS 1 Paillier Threshold Cryptography Web Service by Brett Wilson.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework
C &A CS Unit 2: C&A Process Overview using DITSCAP Jocelyne Farah Clinton Campbell.
Information Systems Security Computer System Life Cycle Security.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
Module 6: Designing Security for Network Hosts
Module 11: Designing Security for Network Perimeters.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
IS3220 Information Technology Infrastructure Security
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Information Management System Ali Saeed Khan 29 th April, 2016.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
CS457 Introduction to Information Security Systems
Threat Modeling for Cloud Computing
Critical Security Controls
CMIT100 Chapter 15 - Information.
Secure Software Confidentiality Integrity Data Security Authentication
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Security in Networking
Certification and Accreditation
IS4550 Security Policies and Implementation
ISI Day – 20th Anniversary
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
eVoting System Proposal
How to Mitigate the Consequences What are the Countermeasures?
Intrusion Detection system
IS4680 Security Auditing for Compliance
The Italian Academic Community’s Electronic Voting System
Operating System Concepts
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

E-voting DITSCAP Project Team: Samarpita Hurkute Kunal Bele Shin Nam Saroj Patil Chuck Short Rajshri Vispute Boeing Mentor POC: Ismael Rodriguez UCCS Faculty POC: Edward Chow

DITSCAP Overview DITSCAP – DoD Information Technology Security Certification and Accreditation Process Purpose Implements policies, assigns responsibilities, and prescribes procedures for Certification and Accreditation (C&A) of IT Creates a process for security C&A of unclassified and classified IT 9/19/2018 DITSCAP

What is the DITSCAP? It is a process for certifying that a given system is safe to operate (security-wise) in its given environment. A process that ensures systems maintain their accreditation throughout their lifecycle. 9/19/2018 DITSCAP

Who has to follow DITSCAP? All DoD owned or controlled information systems that receive, process, store, display, or transmit DoD information regardless of classification or sensitivity. 9/19/2018 DITSCAP

What are the benefits of the DITSCAP? Ensures security vulnerabilities are addressed to the level deemed acceptable by the Designated Approving Authority (DAA). Certification effort can be scaled to fit the size and complexity of the system. Adaptable for any computer environment or mission. Helps identify security solutions that are achievable. 9/19/2018 DITSCAP

DITSCAP Phases Phase 1 – Definition Phase 2 – Verification Understand the mission,environment and system architechture Identify threats Gauge Level of effort Identify the DAA Phase 2 – Verification Verfiy compliance of the system with security related requirements Phase 3 – Validation Evaluate the system and determine residual risks Phase 4 – Post accreditation Monitor the system to preserve the residual risk 9/19/2018 DITSCAP

SSAA Overview SSAA – System Security Authorization Agreement It is a document required by the DITSCAP What it does Defines operating environment of the system Identifies the “system” Defines risk and countermeasures Documents agreement among all parties involved in the system 9/19/2018 DITSCAP

SSAA Overview Consists of main document and appendices Main document covers: Mission Description and System Identification Environment Description System Architectural Description System Security Requirements Organizations and Resources DITSCAP Plan The appendices are used to provide supplement information to the above six sections. 9/19/2018 DITSCAP

SSAA Contents System description along with functional diagrams Highlights sensitivity of data processed System architecture diagram with firewall Physical security of the E-voting system Threats to the E-voting system Mitigations Applied Data flow diagram Data security requirements 9/19/2018 DITSCAP

Project Overview Using the E-voting system to walk through the DITSCAP process/requirements to include penetration testing, threat/vulnerability assessment, and document SSAA which is to be approved by Boeing POC. 9/19/2018 DITSCAP

Secure E-Voting Adapted from Brett’s viewgraphs http://cs. uccs Secure electronic voting Why? 2000 Florida Presidential election Increase participation/election visibility Extensive research into developing technologies to allow secure electronic voting Current methods are vulnerable Diebold voting machine security Princeton hacks Kohno et al. software security analysis 9/19/2018 DITSCAP

Secure E-Voting Adapted from Brett’s viewgraphs http://cs. uccs E-voting Requirements Privacy/Anonymity, Completeness, Soundness, Un-reusability, Eligibility, Fairness Robustness, Universal Verifiability, Receipt-Freeness, Incoercibility 9/19/2018 DITSCAP

Related Work Brett’s Master project report @ http://cs. uccs Basis for Implementation Sharing Decryption in the context of Voting or Lotteries (Fouque, Poupard, Stern, Financial Cryptography 2000) Closely related research A Generalization of Paillier’s Public Key Cryptosystem with Applications to Electronic Voting (Damgard, Jurik, Nielson, Aarhus University, Dept. of Computer Science) Uses of Paillier Cryptography Electronic Voting Anonymous Mix Nets (due to self-blinding property) Electronic Auctions Electronic Lotteries Need to provide short context and related work. 9/19/2018 DITSCAP

PTC Cryptography Techniques Adapted from Brett’s viewgraphs http://cs Paillier Cryptography Trapdoor Discrete Logarithm Scheme Important Properties Homomorphic (multiply encrypt votes = encrypt(sum(vote))!) E(M1 + M2) = E(M1) x E(M2), E(k x M) = E(M)k Self-blinding Re-encryption with a different r doesn’t change M 9/19/2018 DITSCAP

PTC Cryptography Techniques Adapted from Brett’s viewgraphs http://cs Threshold Encryption Public key encryption as usual Distribute secret key “shares” among i participants Decryption can only be accomplished if a threshold number t of the i participants cooperate “Need at least one from each democratic and republican party representatives, and one election official presence to decrypt” No information about m can be obtained with less than t participants cooperating 9/19/2018 DITSCAP

PTC Based E-voting Prototype Adapted from Brett’s viewgraphs http://cs E-voting allows single-choice ballots Election administrator creates election parameters with the help of PTC encryption The administrator submits election parameters to PTCVotingService (Web Services) Voters load election parameters and cast encrypted votes The homomorphic properties of the PTC enable the tally to be done without decrypting the vote.  protect the privacy of voter. To decrypt the tally, require at least t (threshold) out of N key shared holders to participate to generate the key for decryption. 9/19/2018 DITSCAP

9/19/2018 DITSCAP

Security Technical Implementation Guide (STIGs) Configuration standards for DOD Information Assurance (IA) and IA-enabled devices/systems Contains instructions or procedures to verify compliance to a baseline level of security 9/19/2018 DITSCAP

Security Technical Implementation Guide (STIGs) Security (CAT) Codes – A measure to assess the systems security related standing CAT I Immediate access to the attacker,bypass firewall CAT II Potential information to the intruder to gain access CAT III Potential information gained could lead to compromise CAT IV No direct or indirect access to high value information 9/19/2018 DITSCAP

Application Security Requirements STIG Defines a set of recommended security requirements that are common to all software applications Used as a first step to designing security into applications to reduce application vulnerabilities. Lists the potential vulnerabilities of the application systems Design and development related vulnerabilities Misconfiguration and administration related vulnerabilities Necessary non-secure standards 9/19/2018 DITSCAP

Network Infrastructure STIG Inbound access list – filter packets before they enter the router Outbound traffic – filtering rules to be applied to outbound traffic with an illegitimate address Firewalls – necessary to minimize threat and protect the enclave Intrusion detection system – detect unauthorized or malicious traffic 9/19/2018 DITSCAP

Database STIG Product Updates System and Data Backup Access Transaction auditing Roles and Permissions 9/19/2018 DITSCAP

Secure Remote Computing STIG Provides technical security policies and requirements to provide secure remote access to users in DOD. Discusses remote user environment and network site architecture Guide for securing DOD assets within a remote access environment Provides suggestions for redundancy and survivability 9/19/2018 DITSCAP

Minimal Security Activity Checklist Main sections include System Architecture Analysis Software, Hardware, and Firmware Design Analysis Network Connection Rule Compliance Analysis Integrity Analysis of Integrated Products Life-Cycle Management Analysis Vulnerability Assessment Security Test and Evaluation 9/19/2018 DITSCAP

Minimal Security Activity Checklist Penetration Testing TEMPEST and RED/BLACK Verification COMSEC Compliance Validation System Management Analysis Site Accreditation Survey Contingency Plan Evaluation Risk Management Review 9/19/2018 DITSCAP

Threat Model - STRIDE Spoofing – The identity of the voter cannot be trusted Tampering – The vote for Candidate A could be assigned to Candidate B or vice versa Repudiation – No authorized identification of parties involved in the E-voting process. Information Disclosure – Disclosing the tally count Denial of service – Making the E-voting system unavailable to its intended users Elevation of privilege – gaining system privileges through malicious means Another option would be to discuss the various standards that influence evoting machine requirements. Another option would be to discuss the various standards that influence evoting machine requirements. 9/19/2018 DITSCAP

Threat Scenarios Breaking encryption – tampering with the public and private keys Allocating observation with data The database is not “READ ONLY” – can be used for SQL injection The Electronic Ballot Casting Device – a ‘Trojan horse’ on the voting terminal. The Voting Protocol – sniffing on the network. The Electoral Server – depending on the applied voting protocol, the election servers are a vulnerability point Other Anonymity Threats – the Voter Audit Trail could also be used to link a voter to their vote. 9/19/2018 DITSCAP

Vulnerabilities-Mitigations Threat Security Code Scenario How does it affect Mitigation Spoofing CAT II CAT III Voter form user interface, Access control of database objects, Access control of applications host. Integrity, Access Control, Accountability Personalization methods, passwords Cryptographic or hardware token Eg.Memory Card, Smart Card, Common Access Card (CAC) Tampering CAT I, Physical access Confidentiality, Firewall,Intrusion Detection Systems 9/19/2018 DITSCAP

Vulnerabilities-Mitigations Threat Security Code Scenario How does it affect Mitigation Repudiation CAT I CAT II Voter form user interface, Trojan Horse, Packet Sniffing, SQL Injection, Internet Integrity, Confidentiality, Access Control, Accountability Firewall,PKI SNORT, Virus checker, Log security related events Information Disclosure CAT IV Voter Audit Trail, Weak key DS-40 bit Confidentiality Firewall, Key size larger than 1024, password protection 9/19/2018 DITSCAP

Vulnerabilities-Mitigations Threat Security Code Scenario How does it affect Mitigation Denial of Service CAT III Botnet, Stacheldraht, Excess requests, Forced reset, ICMP exploits, Availability Alternative Routing, Secure Collective Network Defense Elevation of privilege CAT II Gaining Administrator password Confidentiality Data Integrity, Accountability X.509 certificates 9/19/2018 DITSCAP

Residual Risks Natural and man made threat Eg.fire, flooding, water, wind,electrical disturbances External or internal threat agents Eg.espionage services, terrorists, Shared Passwords Accidental human action which compromises the system Human negligence 9/19/2018 DITSCAP

Future Work Separate web services and UI for Administrator, Voters, and Key Share Owners. Encrypted UI connections using HTTPS. Administrator, Voter, and Key Share Owner identity verification using both X.509 certificates and username/password. Additional firewall layer with IDS for certificate generation, application functionality, data storage, and tabulation of election results. Encrypted Web service to Web Service interface for inner firewall traversal. 9/19/2018 DITSCAP

Future Work 9/19/2018 DITSCAP

Lessons Learned Problems faced : Not sure what could be the vulnerabilities of the system The DITSCAP was a big confusing concept CONOPS was something complicated at first sight How we solved them : The DITSCAP Application Manual provided easy reference to each section in the SSAA Complexities solved by Izzy and Dr. Chow STIGS was a great help Vulnerability-Mitigation Mapping Learned the basics of Paillier Threshold Cryptography The security issues surrounding E-voting systems 9/19/2018 DITSCAP

Conclusion DITSCAP Overview SSAA Overview Project Overview Secure E-voting System Threats and Mitigations Future Work Project information can be found at http://viva.uccs.edu/ditscap/ 9/19/2018 DITSCAP

References Brett Wilson, UCCS, Implementing a Paillier Threshold Cryptography Scheme as a Web Service. http://www.nswc.navy.mil/ISSEC/COURSES/Ditscap.ppt http://www.i-assure.com/ http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP.pdf http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP_Application_Manual.pdf http://viva.uccs.edu/ditscap/index.php/Image:SSAA_Guidance.doc http://iase.disa.mil/stigs/stig/database-stig-v7r2.pdf http://iase.disa.mil/stigs/stig/network-stig-v6r4.pdf http://iase.disa.mil/stigs/stig/src-stig-v1r2.pdf http://iase.disa.mil/stigs/stig/applicationsecurityrequirements.pdf 9/19/2018 DITSCAP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.