eVoting System Proposal

Slides:



Advertisements
Similar presentations
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Advertisements

Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
A Pairing-Based Blind Signature
ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
PGP Overview 2004/11/30 Information-Center meeting peterkim.
1. AGENDA History. WHAT’S AN IDS? Security and Roles Types of Violations. Types of Detection Types of IDS. IDS issues. Application.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
Static Validation of a Voting ProtocolSlide 1 Static Validation of a Voting Protocol Christoffer Rosenkilde Nielsen with Esben Heltoft Andersen and Hanne.
Ballot Processing Systems February, 2005 Submission to OASIS EML TC and True Vote Maryland by David RR Webber.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
An Internet Voting System Manager Yonghua Li Kansas State University October 19, 2001 MSE Project - Phase I.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.
Chapter 21 Distributed System Security Copyright © 2008.
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
DIGITAL SIGNATURE.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
Secure, verifiable online voting 29 th June 2016.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
and File Security With GnuPG Matt Brodeur
E-Voting Application using Internal Vtoken Bowo Prasetyo Isolated e-Voting System in a Precinct Secured with Vote Sealing and Paper Audit Trail December.
The Difference Between Digital Signatures and Electronic Signatures
The Secure Sockets Layer (SSL) Protocol
Key management issues in PGP
Trust Profiling for Adaptive Trust Negotiation
Web Applications Security Cryptography 1
Online Training Course
A Practical Voting Scheme Using One Server with a Secure Coprocessor
Unit 3 Section 6.4: Internet Security
A Realistic Secure Anonymous E-voting Protocol Based on ElGamal Scheme
SSL Certificates for Secure Websites
DIGITAL SIGNATURE SERVICE
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
ThreeBallot, VAV, and Twin
E-voting …and why it’s good..
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
Secure Sockets Layer (SSL)
Basic Web-based Emissions Inventory Reporting (Web-EI)
Module 8: Securing Network Traffic by Using IPSec and Certificates
Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.
BY GAWARE S.R. DEPT.OF COMP.SCI
Using SSL – Secure Socket Layer
ISI Day – 20th Anniversary
Texas Secretary of State Elections Division
By Hyun-Chul Kim, Hong-Woo Lee, Kyung-Seok Lee, Moon-Seog Jun
X-Road as a Platform to Exchange MyData
Dawn Williams, State Director of Elections January 21, 2018
Module 8: Securing Network Traffic by Using IPSec and Certificates
The Italian Academic Community’s Electronic Voting System
Designing IIS Security (IIS – Internet Information Service)
Electronic Payment Security Technologies
Security: Integrity, Authentication, Non-repudiation
Presentation transcript:

eVoting System Proposal Michael Baswell, Chris Cabuzzi, Grant Cahill, Beaux Sharifi, Donovan Thorpe

Introduction Overview Pre-Election Election Post-Election Analysis Other Issues For the introduction, I’d like to give a quick overview of what we’ll be talking about…. - Pre-Election: Eligibility, non-repudiation, and ballot creation and validation - Election: The steps taken to ensure each vote is valid and securely accounted for - Post-Election: Auditing, intrusion detection and verification of data - Analysis: Ensure the design meets criteria of a safe and effective eVoting system - Other issues: …such as server overload and any other technical difficulties

Pre-Election Process Definitions: Validator = Authenticator Tallier = Counter Certificates Digital certificates for servers and the voters Certificates will be distributed through web page or manually (via walk-up or mail). In any case you must ensure each voter gets only one certificate. Registered voters A list of registered voters is compiled and stored on the validator. This list is used to check the credentials of users attempting to vote. This ensures only voters who are eligible and who have not voted can proceed to vote. Ballot An electronic ballot is created and digitally signed by the tallier. The tallier hands out the ballot during the election process. Certificate (both clients, possibly attribute certificate) Ballot creation Roles that can vote Must show up in person to present ID or call. to prevent multiples Definitions: Validator = Authenticator Tallier = Counter Ballot creation (signed by tallier) Both validator and tallier must have server certificates Validator has a database of eligible registered voters.

Election Process Blind Signature Voting Protocol (Source: Electronic Voting by Lorrie Cranor [3]) Step 1: Voter receives and authenticates signed official ballot. Voter fills in ballot. Voter encrypts (with a special one-time private key), blinds, and signs ballot. Voter sends encrypted, blinded, signed ballot to validator. Step 2: Validator and voter perform mutual authentication. Validator verifies that voter has not already voted. Validator authenticates voter-signed ballot. Validator marks the voter as having voted. Step 3: Validator signs the encrypted and blinded ballot and returns to voter. Step 4: Validator authenticates validator signed ballot. Voter removes blinding layer revealing encrypted ballot with validator’s signature. Voter authenticates tallier (but not vice-versa). Voter sends validator signed and encrypted ballot to tallier. Step 5: Tallier authenticates validator signed encrypted ballot. Tallier places encrypted ballot on list to be published at end of election. Tallier signs encrypted ballot and returns to voter as receipt. Step 6: Voter authenticates tallier signed encrypted ballot and saves it as a receipt. Voter can use receipt later to prove he voted. Voter sends tallier special public key used to decrypt ballot. Step 7: Tallier decrypts ballot using special public key from voter. Tallier adds vote to the tally. After the election, the tallier publishes the entire list of encrypted ballots along with corresponding keys to the public. Public can verify that their votes were counted and dispute any discrepancies. Tallier publishes final tally and announces winners.

Post-Election Process Audit Occurs during election and post-election IDS (intrusion detection system) Tripwire Auditor monitors software running and verifies hash Audit voter signatures

Post-Election Process Publish all encrypted ballots with keys Tally up votes Publish decrypted ballots Publish results Web Email

Analysis of Design Criteria from EVS2004 presentation Requirements of a secure election: Completeness: All voters are counted correctly. Soundness: A dishonest voter cannot disrupt voting Privacy: All votes must be secret Unreusability: no voter can vote twice Eligibility: no one who isn’t allowed to vote can vote Fairness: nothing must affect the voting (DDoS?) Verifiability: no one can falsify the result of voting. ADDED: Ease of Implementation Validator and Counter

Analysis

Other Issues Overloading server Too much legitimate traffic to a server can cause an overload. Distributing the load across multiple servers DNS Round Robin A traffic manager that redirects or rewrites the request A traffic shaper can be used in front or on the server A simple a quick response like "server is busy, please try again later" could be used.

Conclusion Summary Pre-Election: Ensuring the system is available to eligible voters Election: Collecting votes in the most valid and secure way Post-Election: Tallying the results and checking for tampering Analysis: Ensuring system meets a pre-defined standard Other Issues: Possibility of server overload, etc To summarize, we talked about the e-voting process, through all it’s stages. We talked about methods required to ensure the process is confidential, secure and only available to eligible voters. We also considered the possibility of technical issues such as server overload and auditing. We hope you enjoyed our presentation… don’t forget to vote!

References [1] Jujioka, A, Okamoto, T., and Ohta, K. A practical secret voting scheme for large scale elections. In Advances in Cryptology - AUSCRYPT ’92, Springer-Verlag, Berlin. 1993, pp.244-251. [2] Cranor, L. Design and Implementation of a Practical Security-Conscious Electronic Polling System. http://lorrie.cranor.org/voting/sensus/ssp/ssp.html [3] Cranor, L. Electronic Voting. http://www.acm.org/crossroads/xrds2-4/voting.html To summarize, we talked about the e-voting process, through all it’s stages. We talked about methods required to ensure the process is confidential, secure and only available to eligible voters. We also considered the possibility of technical issues such as server overload and auditing. We hope you enjoyed our presentation… don’t forget to vote!

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.