Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Topics in Security

Published byCandice Walters Modified over 6 years ago

Similar presentations

Presentation on theme: "Advanced Topics in Security"— Presentation transcript:

1 Advanced Topics in Security
Lecture ID: ET-IDA -044 Section-B: Lecture 6 Secured Voting V-2 Prof. Wael Adi Institute for Computer and Network Engineering Technical University of Braunschweig Braunschweig, Germany Technische Universitaet Braunschweig

2 Outlines Introduction, Background Electronic Voting Objectives
Cryphtography in Electronic Voting Research Direction Conclusion

3 Background Voting plays an important role to the society
Manual voting has limitation (scalability, efficiency, cost, accuracy) Voting technology tends to follow the latest technology trends. Complicated security requirements (voter – vote relationship) Contemporary application of cryptography

4 registration authority
Traditional Voting ballot box ballot vote voter news / bulletin board teller registration authority monitor

5 Disadvantages of traditional voting
Scalability Complex for large number of voter Spans across large geographical region (hard to manage consistently) Efficiency - storage and processing time, space Administration cost Accuracy - verifiability, human errors, abnormally vote -> Move towards automated (electronic) means

6 Requirements for Electronic voting
Voting with the help of machinery Electronic voting must be as similar as possible to regular voting, compliant with election legislation and principles, and be at least as secure as traditional voting

7 Examples of Electronic Voting
Offline voting - machine readable (create, read) ballot - vote counting systems Online voting - telephone voting - Direct Recording Electronic (DRE) - Internet voting

8 Security requirements
Voter authorisation only authorised voter may vote Vote privacy individual voter-vote relationship is private Voting integrity the system must at least be able to detect tampering Verifiable anyone can verify the whole process discreetly

9 Conflicts in security requirements
Voter authorisation only authorised voter may vote and not revealing any individual strategy Vote privacy individual voter-vote relationship is private and compute/counting the vote Voting integrity the system must at least be able to detect tampering and not revealing the owner of the vote Verifiable anyone can verify the whole process discreetly and still protecting the “voter - vote” relationship (Voter should not be able to prove his vote to others)

10 “Voter – Vote” relationship
Authorised voter Vote Secrecy voter_id vote voter_id Confidential (vote) Confidential (voter_id) vote

11 Cryptographic primitives Involved [1]
Zero knowledge Homomorphic Encryption ballot box ballot vote Mix net voter news / bulletin board teller Blind Signature registration authority Threshold Cryptography monitor

12 Cryptographic primitives [2]
Zero Knowledge: vote verification Homomorphic Encryption: hide individual vote Threshold Cryptography: distribution of trust Blind signatures: voter authorisation, pseudonym Mixed Network: physical layer secrecy

13 Authentication Request I am A, and this is the proof
Zero Knowledge Proofs Prover A Verifier Who are you ? Authentication Request I am A, and this is the proof A proof is called a Zero Knowledge proof if: Prover reveals no secrets (whatever) to the verifier !

14 Zero Knowledge [2] Fiat – Shamir Proof of Identity Protocol (1986)
m = p1p2 p1p2 are secrets which no body should know m : RSA type modulus ya = xa2 in Zm (mod m) xa = secret key of A Prover A Verifier S = r2 r : a unit in Z*m I am user A, S b random b = 1 or 0 b If t2 = S.yab then A is authentic t = r.xab t Probability of a successful attack after k trials = 2 -k

15 Omura Proof of Identity Protocol (1986)
Zero Knowledge [3] Omura Proof of Identity Protocol (1986) α is a primitive element in GF(p) ya public key of A α Xa = ya Prover A Verifier Who are you ? , R k random R = αk R I am A, RXa RXa Check RXa = yak = αk.Xa RXa = αk.Xa It is not Zero Knowledge proof if the verifier cheat

16 Homomorphic Encryption
(s) Homomorphic Encryption An Encryption function E(M) is said to be homomorphic if : E(M1)E(M2) = E(M1 + M2) Two candidates example : For v voters 1 Sum > v/2 Sum < v/2

17 Homomorphic Encryption [2]
ElGamal Crypto – System (1985) α primitive element in GF(p) y = αx Voter Teller Secret key x X X M C = M.αx.R M αR Z = yR = αx.R Z-1 = (αR)-x

18 Homomorphic Encryption ElGamal Crypto – System Setup (1985)
Teller: α primitive element in GF(p) Teller secret key = x, Public key y = αx ( Ci = Mi Zi) n voters 1 ( C1 C2 · · Cn , h1 h2 · · hn ) X X X (M1 · · Mn · Z1 · · Zn , h1 · · hn) (C1, h1) (Ci, hi) (Cn, hn) Mi = αvi Mn = αvn M1 = αv1 X ( αv1+…+vn · αx(R1+…+Rn) , αR1+…+Rn ) X X Encryption of αVs = α v1+v2+..+vn Problem : getting the sum of the votes Vs. Solution by search to get the discrete log as Vs is not cryptographically huge! Z1 = yR1 = αx.R1 Zi = yRi = αx.Ri Zn = yRn = αx.Rn h1 = αR1 hi = αRi hn = αRn

19 Threshold Cryptography
Decryption requires a number of parties exceeding a threshold to cooperate in the decryption protocol. Encryption uses a public key Private key is shared among the participating parties. (t,n) Threshold scheme Divide private key K into n mapped shared s1s2...sn Any t or more si pieces makes K easily to compute Any t-1 or less si leaves K completely undetermined

20 Threshold Cryptography [2]
Shamir’s Threshold scheme A polynomial y = f(x) of degree (t-1) can only be uniquely defined by at least t points (xi,yi) with distinct xi. y y = ax2 + bx + c (xi,yi) 2 points or less can not determine the curve Any three points can determine the curve x

21 Blind Signature The content of the message is disguised (blind) before it is signed. User A User B M B

22 Blind Signature Cryptographic scheme
Blinding Factor ( )e Open directory Authority Public key e All arithmetic modulo m m = p q (RSA Modulus) Private key d d.e = 1 mod φ(m) re r User B User A Private key d ( )d M M B r-1 r Md = x Signed Message: bank does not know the signed contests!

23 Mix net A multiparty computation and communication protocol
David Chaum A multiparty computation and communication protocol A large number of input messages to get shuffled into a random order Every party becomes confident that a shuffling was performed No party has any idea what the shuffle-permutation was

24 Decryption & Shuffling
Mix net [2] Decryption & Shuffling Server M1 M2 M3 C1 M2 M3 M1 C2 C3 Encrypted vote Plain vote

25 E(PK1,E(PK2,(…,E(PKt,Mi)…)))
Mix net [3] Encryption E(PKt-1,E(PKt,Mi)) PKt-1 E(PKt,Mi) PKt Mi PK1 E(PK1,E(PK2,(…,E(PKt,Mi)…))) t servers S Sj(PKj,SKj) Ci,0 =

26 Mix net [4] Decryption Sj(PKj,SKj) Ci,j-1 Ci,j

27 Mix net [5] Permutation Sj(PKj,SKj)

28 Mix net [6] full system C…,t C0,0 C…,j-1 C…,j Ci,0 Cn,0 S1
Sj : (PKj, SKj) St Ci,0 = E(PK1 , E(PK2 , … E(PKt, Mi)………)) Ci,t = Mi

29 Current situation Traditional voting Direct Recording Electronic (DRE)
Research into electronic voting schemes Early usage of electronic voting Internet voting trial

30 Current research concenstration
Voter registration and pre-voting Vote collection Vote tabulation Post-election auditing Threat mitigation Usability Accessibility

31 Some current researche
Punch scan system – David Chaum – Cryptographic paper ballots : Prêt à voter - Peter Ryan of Newcastle University, Scratch&Vote – Ben Adida, Ronald Rivest of MIT Voter verification without employing cryptography : Three Ballots System – Ronald Rivest of MIT Voting protocol based on Farnel protocol – TU Darmstardt, Trindade University Divisible Voting Scheme : each voter casts multivotes - Natsuki Ischida , Shin’ichiro Matsuo and Wakaha Ogata

32 Evoting reference sites
Verified Voting Foundation Accurate Caltech/MIT voting technology project International Association for Cryptologic Research USENIX – The Advanced Computing Systems Association

33 Issues Complexities in current e-voting schemes
Security drawbacks on existing schemes How secure is secure enough Applicability, ease of use, voter education Trust

34 Things to do Identify requirements for electronic voting
Analyse existing schemes Improve current protocol designs Voting system validation Prototype and testing of the design

35 Conclusion Voting plays an important role in the society
Trends move toward electronic voting Importance of security Applying cryptography to electronic voting Need of a secure and trustable voting scheme

36 Annex

37 Homomorphic Encryption [4]
Pailier Crypto – System (1999) Public key : (k, α) Private key : (ʎ,µ) k = p.q p,q are primes α is an element from Z* ʎ= lcm(p-1,q-1) µ= (L(αʎmod k2))-1 (mod k) L(u) = (u-1)/k for u≡1(mod k) Ø(k2) = n Ø(k) Voter m is the vote k2 Choose x from Zk* C= αm. xn (mod k2) Teller m=L(Cʎ mod k2).µ (mod k)

38 Homomorphic Encryption [5]
Pailier Crypto – System (1999) Public key : (k, α) Private key : (ʎ,µ) E(m1)..E(mi)..E(mn) = αm1.x1k.. αmi.xik.. αmn.xnk = (αm1.+.mi.+.mn)(x1..xi..xn)k = E(m1+..+mi+..+mn) X X X E(m1)= αm1.x1k E(mi)= αmi.xik E(mn)= αmn.xnk

Download ppt "Advanced Topics in Security"

Similar presentations

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Electronic Voting Presented by Ben Riva Based on presentations and papers of: Schoenmakers, Benaloh, Fiat, Adida, Reynolds, Ryan and Chaum.

Electronic Voting Presented by Ben Riva Based on presentations and papers of: Schoenmakers, Benaloh, Fiat, Adida, Reynolds, Ryan and Chaum.
Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,

Cryptographic Techniques Instructor: Jerry Gao Ph.D. San Jose State University URL: May,
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.

10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Kickoff Meeting „E-Voting Seminar“

Kickoff Meeting „E-Voting Seminar“
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.

1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
PRESENTED BY CHRIS ANDERSON JULY 29, 2009 Using Zero Knowledge Proofs to Validate Electronic Votes.

PRESENTED BY CHRIS ANDERSON JULY 29, 2009 Using Zero Knowledge Proofs to Validate Electronic Votes.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Topic 22: Digital Schemes (2)

Topic 22: Digital Schemes (2)
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.

6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.

Similar presentations

Ads by Google