Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.

Slides:

Advertisements

Similar presentations

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Advertisements

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

A Pairing-Based Blind Signature

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Physical Unclonable Functions and Applications

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Chapter 1 – Introduction

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Public Key Algorithms …….. RAIT M. Chatterjee.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Genetically optimized face image CAPTCHA

K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

L C SL C S The Untrusted Computer Problem and Camera-Based Authentication Dwaine Clarke, Blaise Gassend, Thomas Kotwal, Matt Burnside, Marten van Dijk,

Network Topologies An introduction to Network Topologies and the Link Layer.

David Froot.  How do we transmit information and data, especially over the internet, in a way that is secure and unreadable by anyone but the sender.

Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.

Topic 22: Digital Schemes (2)

6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Collusion-Resistant Anonymous Data Collection Method Mafruz Zaman Ashrafi See-Kiong Ng Institute for Infocomm Research Singapore.

Digital Signatures, Message Digest and Authentication Week-9.

CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Payment in Identity Federations David J. Lutz Universitaet Stuttgart.

A Cost-Based Framework for Analysis of Denial of Service in Networks Author: Catherine Meadows Presenter: Ajay Mahimkar.

Internet Voting Ashok CS 395T. What is “E-voting” Thomas Edison received US patent number 90,646 for an electrographic vote recorder in Specific.

Information Integrity and Message Digests CSCI 5857: Encoding and Encryption.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

NETWORK TOPOLOGY Network topology is the study of the arrangement or mapping of the elements of a network,especially the physical.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International.

DIGITAL SIGNATURE(DS) IN VIDEO. Contents  What is Digital Signature(DS)?  General Signature Vs. Digital Signatures  How DS is Different from Encryption?

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.

Presentation transcript:

Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center

Overview Motivation Related Work Protocol Examples Analysis

Motivation The Voting Problem Traditional Approach Electronic Voting

Motivation: The Voting Problem Scenario: Alice, a human, wishes to transmit message c Є C to central tallier, Trent. Security requirements Anonymity Accuracy etc.

Motivation: Traditional Approach Paper-based systems Alice creates physical vote record and relays the vote to Trent. Disadvantages Inaccurate Expensive Advantages Simple, usable Secure (?)

Motivation: Electronic Voting Current state of electronic voting systems Systems entrust untrustworthy voting terminals, volunteers Security policy dictates isolation and physical controls Advantages Relatively inexpensive Accurate Disadvantages Fails to use public infrastructure Vulnerable to automated attacks Vulnerable to undetectable attacks

Motivation: Electronic Voting Current state of electronic voting systems Systems entrust untrustworthy voting terminals, volunteers Security policy dictates isolation and physical controls Advantages Relatively inexpensive Accurate Disadvantages Fails to use public infrastructure Vulnerable to automated attacks Vulnerable to undetectable attacks

Motivation: Electronic Voting Solution: Blind signature protocol with trustworthy hardware Direct communication with Trent – infeasible! Trustworthy voting terminals – costly! Personal tamper resistant device – yes! Problem: How can we establish a trusted path between Alice and her voting device? Direct I/O? Form factor prohibits this. Via voting terminal? No! CAPTCHA-Voting Protocol? Other schemes (Chaum, Prêt-à-Voter, KHAP) Voter performs verification and auditing steps.

Related Work Completely Automated Publicly Available Turing Tests to tell Computers and Humans Apart (CAPTCHAs) One-time random substitution

Trent Protocol: Actors Alicea human voter Trenta central tallier, trusted to perform complex, anonymous operations on Alice's behalf Malloryan untrusted voting terminal Alice Mallory

Protocol Public list of candidates C = [ c 1, c 2, …, c n ] Public, random set R = [ r 1, r 2, …, r m ] such that m ≥ n Random mapping of candidates to random elements K : C → R such that P( K(c) = r i ) = P( K(c) = r j ) for all i, j K -1 : R → C CAPTCHA transformation function T(m) such that Mallory cannot derive m from T(m), while Alice may infer m from T(m) Trent may encode K using T. This is denoted by T(K).

Protocol 1. Trent generates and sends a CAPTCHA-encrypted ballot K : C → R Trent Alice Mallory

Protocol 1. Trent generates and sends a CAPTCHA-encrypted ballot K : C → R 1.2. T(K) Trent Alice Mallory

Protocol 1. Trent generates and sends a CAPTCHA-encrypted ballot K : C → R 1.2. T(K) 1.3. T(K) Trent Alice Mallory

Protocol 2. Alice responds with the encrypted candidate K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K Trent Alice Mallory

Protocol 2. Alice responds with the encrypted candidate K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K 2.2. K(c) = r Trent Alice Mallory

Protocol 2. Alice responds with the encrypted candidate K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K 2.2. K(c) = r 2.3. r Trent Alice Mallory

Protocol 3. Trent decrypts Alice's preferred candidate K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K 2.2. K(c) = r 2.3. r 3.1. K -1 (r) = c Trent Alice Mallory

Examples Text CAPTCHA 3D Animation CAPTCHA Audio CAPTCHA

Example: Text CAPTCHA R consists of distinct regions in image. T renders mapping as image and contributes noise.

Example: 3D Animation CAPTCHA R consists of equally sized, contiguous sets of frames. T renders candidate names in animation.

Example: Audio CAPTCHA K is a similar, temporal mapping of candidates. Audio noise thwarts Mallory.

Analysis Fabricated votes Human adversaries Selective denial of service

Analysis: Fabricated Votes Fabricated vote through guessed K Mallory attempts to vote for c' through selection of arbitrary r''. If |R| = |C|, then P( K -1 (r'') = c' ) = 1 / n. If |R| > |C|, then P( K -1 (r'') = c' ) = 1 / m. Probability that K -1 (r'') is undefined: (m – n) / m Invalid vote → detected attack! Fabricated vote through cracked T Mallory increases probability that P( K -1 (r'') = c' ). Solution: Find a better CAPTCHA?

Analysis: Human Adversary Transmission of T(K) to a human collaborator Time-dependent protocol Increased likelihood of detection Architectural solutions

Analysis: Selective DoS Selective DoS: Mallory discards Alice's vote if it is likely that c ≠ c'. Mallory must learn Alice's preference. Alice and Mallory's location Alice's previous votes Solution: Single ballot Fabricated ballot Detection of selective denial of service Educated guessing

Conclusion Human interaction required – no efficient automated attacks Easy detection of large-scale attacks Comparison to traditional voting systems Future work Usability data Broader applications, using this protocol (possibly combined with KHAP) to form a trusted path

Questions?