CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.

Slides:



Advertisements
Similar presentations
© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Advertisements

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Course final project: Online voting system design report
IUT– Network Security Course 1 Network Security Firewalls.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.
Advanced Network Security – Firewall Implementation and Design Term: January 2005 Dana Epp COMP.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
HIPAA Security Standards What’s happening in your office?
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Paillier Threshold Encryption WebService by Brett Wilson.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Ballot Processing Systems February, 2005 Submission to OASIS EML TC and True Vote Maryland by David RR Webber.
An Architecture For Electronic Voting Master Thesis Presentation Clifford Allen McCullough Department of Computer Science University of Colorado at Colorado.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
C &A CS Unit 2: C&A Process Overview using DITSCAP Jocelyne Farah Clinton Campbell.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
An Architecture For Electronic Voting Master Thesis Presentation Clifford Allen McCullough Department of Computer Science University of Colorado at Colorado.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
IS Network and Telecommunications Risks Chapter Six.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
CANVAS REPORT/rvispute 16/4/2016 CANVAS Report for CTF Event at USAFA on 4/25/2007 Subject :Penetration Tools for Front Range Pen Test Exercise By Rajshri.
Module 6: Designing Security for Network Hosts
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Module 11: Designing Security for Network Perimeters.
Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Firewall C. Edward Chow CS691 – Chapter 26.3 of Matt Bishop Linux Iptables Tutorial by Oskar Andreasson.
Chapter 1: Security Governance Through Principles and Policies
Module 7: Designing Security for Accounts and Services.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Linux Firewall Iptables.
© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”
Module 5: Designing Physical Security for Network Resources
Network Address Translation (NAT)
ECE 544: Middlebox lab Abhigyan Sharma.
Secure Software Confidentiality Integrity Data Security Authentication
Network Address Translation (NAT)
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Electronic voting – safe or not?
E-voting DITSCAP Project
Security in Networking
CANVAS Report for CTF Event at USAFA on 4/25/2007
IS4550 Security Policies and Implementation
eVoting System Proposal
Data Security in Local Networks using Distributed Firewalls
Securing Windows 7 Lesson 10.
The Italian Academic Community’s Electronic Voting System
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam Saroj Patil Saroj Patil Chuck Short Chuck Short Rajshri Vispute Rajshri Vispute

CS 591DITSCAP2 DITSCAP Overview  DITSCAP – DoD Information Technology Security Certification and Accreditation Process  Purpose –Implements policy, assigns responsibilities, and prescribes procedures for Certification and Accreditation (C&A) of IT –Creates a process for security C&A of unclassified and classified IT

CS 591DITSCAP3 SSAA Overview  SSAA – System Security Authorization Agreement –It is a document required by the DITSCAP  What it does –Defines operating environment of the system –Identifies the “system” –Defines risk and countermeasure –Documents agreement among all parties involved in the system

CS 591DITSCAP4 Project Overview  Using the E-voting system to walk through the DITSCAP process/requirements to include penetration testing, threat/vulnerability assessment, and document SSAA which is to be approved by Boeing POC.

CS 591DITSCAP5 E-voting System E-voting allows single-choice ballotsE-voting allows single-choice ballots Election administrator creates election parameters with the help of PTC encryptionElection administrator creates election parameters with the help of PTC encryption The administrator submits election parameters to VotingServiceThe administrator submits election parameters to VotingService Voters load election parameters and cast encrypted votesVoters load election parameters and cast encrypted votes The homomorphic properties of the PTC enable the product to be decrypted to reveal the sum total of all votesThe homomorphic properties of the PTC enable the product to be decrypted to reveal the sum total of all votes

CS 591DITSCAP6

CS 591DITSCAP7

CS 591DITSCAP8 Threat Model  Spoofing – The identity of the voter cannot be trusted  Tampering – The vote for Candidate A could be assigned to Candidate B or vice versa  Repudiation – No authorized identification of parties involved in the E-voting process.  Information Disclosure – Disclosing the tally count  Denial of service – Making the E-voting system unavailable to its intended users  Elevation of privilege – gaining system privileges thru malicious means

CS 591DITSCAP9 Threat Scenarios  Breaking encryption – tampering with the public and private keys  Allocating observation with data  Physical access – can be used for SQL injection  The Electronic Ballot Casting Device: a ‘Trojan horse’ on the voting terminal.  The Voting Protocol – sniffing on the network.  The Electoral Server – depending on the applied voting protocol, the election servers are a vulnerability point  Other Anonymity Threats – the Voter Audit Trail could also be used to link a voter to their vote.

CS 591DITSCAP10 Preliminary Defenses  Configure firewall –iptables rules iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -p icmp -i eth0 -d j DNAT --to-destination iptables -t nat -A PREROUTING -p tcp -i eth0 -d dport j DNAT --to-destination iptables -A INPUT -p tcp --dport 25 -j DROP iptables -A FORWARD -p tcp --dport 25 -j DROP

CS 591DITSCAP11 Vulnerability Analysis  Nessus scan  nmap scan  Metasploit

CS 591DITSCAP12 ThreatMitigation Voter form user interface Modify interface to accommodate CAC card Administrator interface Modify interface to include X.509 certificate Paillier certificate creation Modify interface to include X.509 certificate Paillier key size too small Support Paillier key size larger than 1024 RDP protocol Use TLS/SSL certificate Open ports Close unnecessary listening ports

CS 591DITSCAP13 SSAA Contents System description along with functional diagramsSystem description along with functional diagrams Highlights sensitivity of data processedHighlights sensitivity of data processed System architecture diagram with firewallSystem architecture diagram with firewall Physical security of the E-voting systemPhysical security of the E-voting system Threats to the E-voting systemThreats to the E-voting system Data flow diagramData flow diagram Data security requirementsData security requirements

CS 591DITSCAP14 Future Work

CS 591DITSCAP15 Lessons Learned  How to make the system more secure  What is involved in creating an SSAA document  What is Concept of Operations (CONOPS)  Learned the basics of Paillier Threshold Cryptography  The security issues surrounding E-voting systems

CS 591DITSCAP16 References  Brett Wilson, UCCS, Implementing a Paillier Threshold Cryptography Scheme as a Web Service.     plication_Manual.pdf plication_Manual.pdf plication_Manual.pdf  nce.doc nce.doc nce.doc

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.