Nathanael Paul CRyptography Applications Bistro February 3, 2004.

Slides:



Advertisements
Similar presentations
Trusting the Vote Ben Adida - Cryptography and Information Security Group MIT Computer Science and Artificial.
Advertisements

I Think I Voted. E-voting vs. Democracy Prof. David L. Dill Department of Computer Science Stanford University
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.
Internet Voting Technology and policy issues. Selective History of Voting (US) early 1800’s: public oral voting at County Hall 1800’s: free-form, non-secret.
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Pretty Good Voting (PGV) Christian Bell, Jason Duell, Amir Kamil Computer Security CS 261 Fall 2004.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.
Internet Voting Technology and policy issues David Wagner UC Berkeley.
Internet Voting David Jefferson Compaq Systems Research Center 130 Lytton Ave. Palo Alto, CA 94301
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Kickoff Meeting „E-Voting Seminar“
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Electronic Voting Linh Nguyen. Electronic Voting  Voting Technologies  The Florida 2000 Election  Direct Recording Electronic Devices (DREs)‏ - Diebold.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Web server security Dr Jim Briggs WEBP security1.
Computer Security and Penetration Testing
Voting Naked: A Feasible Election System or Just a Recurring Nightmare Presented by: Danita McRae Daniel Bramell.
Internet Voting. What is Internet Voting? Internet voting is: an election process whereby people can cast their votes over the Internet, most likely through.
Guide to the Voting Action Planner Voting is the way we elect government officials, pass laws and decide on issues…
Ballot Processing Systems February, 2005 Submission to OASIS EML TC and True Vote Maryland by David RR Webber.
Instant Messaging Security Flaws By: Shadow404 Southern Poly University.
Requirements for Electronic and Internet Voting Systems in Public Elections David Jefferson Compaq Systems Research Center Palo Alto, CA
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 
© 2007 Cisco Systems, Inc. All rights reserved.Cisco PublicNew CCNA Jianxin Tang IT 1 V4.0 Ch9. Fundamental Security.
Web Security Chapter 6. Learning Objectives Understand SSL/TLS protocols and their implementation on the Internet Understand HTTPS protocol as it relates.
25 October Elections and Voting. Punch Card Machine Punch cards stacked here Punched here.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Final Introduction ---- Web Security, DDoS, others
Electronic Voting Ronald L. Rivest MIT Laboratory for Computer Science.
Digital Democracy: A look at Voting Machines Presented by Justin Dugger April 2003.
1 The Evolution of Internet Voting By Ka Ling Cheung.
Masked Ballot Voting for Receipt-Free Online Elections Sam Heinith, David Humphrey, and Maggie Watkins.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
A remote voting system based on Prêt à Voter coded by David Lundin Johannes Clos.
Module 2 – User Safety Privacy Attacks on end users Browser vulnerabilities.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
Internet Voting Ashok CS 395T. What is “E-voting” Thomas Edison received US patent number 90,646 for an electrographic vote recorder in Specific.
Political Process 3.6 Politics and Government. E- voting Electronic voting systems for electorates have been in use since the 1960s when punched card.
E-voting Bringing the voting process to the technology age.
Virginia State Military Electronic Absentee Voting.
Reporting Abstract Requirements and Procedures. New Reporting Requirement Official Abstract of Votes New form to be completed and submitted to the Secretary.
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
Computer Security By Duncan Hall.
The Administration of Elections Extent of Federal control Elections need to be free, honest, and accurate Most election law in the U.S. is State Law.
Secure Remote Electronic Voting CSE-681 Fall 2006 David Foster and Laura Stapleton Laura StapletonLaura Stapleton.
7 th Grade Civics Miss Smith *pgs  Must be 18 years old by a set date before the next election  Voter registration protects your vote  No.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Introduction to Network Security. Acknowledgements.
E-Government, E-Voting, and the Future Jordan Weiler.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.
EVoting 23 October 2006.
How do Elections Work? Section 2 (pages ).
Electronic voting – safe or not?
Security.
The Italian Academic Community’s Electronic Voting System
Presentation transcript:

Nathanael Paul CRyptography Applications Bistro February 3, 2004

Electronic Voting Convenient Supposed to increase voter turnout Quicker counts Handicapped/disabled “I wonder where the votes go once you touch the screen and if it's possible to mess with the vote.” Carol Jacobson, Berkeley, CA

Threats Vote Coercion Vote Selling Vote Solicitation Online Registration Voter Privacy Could have a scrawny teenage script kiddy but now a foreign government

Rubin’s “Security Considerations for Remote Electronic Voting over the Internet” Hosts are assumed to be Windows using IE/Netscape Internet connection using TCP/IP Attack the endpoints (user, servers) or communications

Attacking the host Malicious payloads –Proxy settings Javascript or Java applets – –BackOrifice PCAnywhere, open source –Chernobyl virus Activate on certain day Modified bios

Get the code on their machine MyDoom instant messenger, file sharing –Windows Media Player (Java vulnerability) AOL Microsoft Office code

DoS/DDoS attacks Attack servers –Public key encryption –Regular expression attacks Ping of death DoS attacks on individual applications –Java (exploit system code)

Social Engineering SSL –Average user checking a certificate –Even if it’s bad, will some just proceed anyways? Spoofing –Web site –Poisoning DNS cache

What is needed? Trusted path between user and election server –Malicious code should not have a way to interfere with normal operation.

Allow citizens outside of the country to vote in an easy manner Should be at least as secure as current absentee voting ballot designs SSL connection to a central server Local Election Official (LEO) precinct computer downloads registration/ballots from central server

SERVE design Server Voter LEO precinct computer Ballots

Some Security Considerations Attack central server, LEO server, host machine, communications (DNS) Privacy –LEO’s can view entire precinct’s votes –Central server could view everyone’s votes Windows only ActiveX and Java used for central server and user –75 flaws in Java from according to CVE (not all are actual entries)

DoS/DDoS in SERVE Central server provides a single point of attack LEO Election spans longer period of time (month) DDoS excess of 150 Gbps –E-commerce sites with 10 Gbps link

Measuring it all up Vote Coercion –Impossible to detect Vote Selling –Buyers outside of US? Vote Solicitation –AOL and Pop-ups will go crazy Online Registration –Man-in-the-middle Voter Privacy –Not possible with this scheme

Proposed Alternatives Remote ballot printer recommended with the voter mailing in the printed ballot Chaum’s SureVote scheme with voter- verifiable receipts using Visual Cryptography VoteHere (covered by Richard) with a threshold cryptography scheme

Additional Reading IEEE Security & Privacy, Jan/Feb 2004 special issue on E-voting SureVote, VoteHere DRE schemes David Dill’s “The fact that 50 votes were cast in Florida using VOI, and that a change of 269 votes in the official tally of that state would have resulted in Al Gore becoming President.” SERVE report, Jan. 21, 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.