Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-voting DITSCAP Project

Published byAnita Bundgaard Modified over 6 years ago

Similar presentations

Presentation on theme: "E-voting DITSCAP Project"— Presentation transcript:

1 E-voting DITSCAP Project
Team: Samarpita Hurkute Kunal Bele Shin Nam Saroj Patil Chuck Short Rajshri Vispute Boeing Mentor POC: Ismael Rodriguez UCCS Faculty POC: Edward Chow

2 DITSCAP Overview DITSCAP – DoD Information Technology Security Certification and Accreditation Process Purpose Implements policies, assigns responsibilities, and prescribes procedures for Certification and Accreditation (C&A) of IT Creates a process for security C&A of unclassified and classified IT 9/19/2018 DITSCAP

3 What is the DITSCAP? It is a process for certifying that a given system is safe to operate (security-wise) in its given environment. A process that ensures systems maintain their accreditation throughout their lifecycle. 9/19/2018 DITSCAP

4 Who has to follow DITSCAP?
All DoD owned or controlled information systems that receive, process, store, display, or transmit DoD information regardless of classification or sensitivity. 9/19/2018 DITSCAP

5 What are the benefits of the DITSCAP?
Ensures security vulnerabilities are addressed to the level deemed acceptable by the Designated Approving Authority (DAA). Certification effort can be scaled to fit the size and complexity of the system. Adaptable for any computer environment or mission. Helps identify security solutions that are achievable. 9/19/2018 DITSCAP

6 DITSCAP Phases Phase 1 – Definition Phase 2 – Verification
Understand the mission,environment and system architechture Identify threats Gauge Level of effort Identify the DAA Phase 2 – Verification Verfiy compliance of the system with security related requirements Phase 3 – Validation Evaluate the system and determine residual risks Phase 4 – Post accreditation Monitor the system to preserve the residual risk 9/19/2018 DITSCAP

7 SSAA Overview SSAA – System Security Authorization Agreement
It is a document required by the DITSCAP What it does Defines operating environment of the system Identifies the “system” Defines risk and countermeasures Documents agreement among all parties involved in the system 9/19/2018 DITSCAP

8 SSAA Overview Consists of main document and appendices
Main document covers: Mission Description and System Identification Environment Description System Architectural Description System Security Requirements Organizations and Resources DITSCAP Plan The appendices are used to provide supplement information to the above six sections. 9/19/2018 DITSCAP

9 SSAA Contents System description along with functional diagrams
Highlights sensitivity of data processed System architecture diagram with firewall Physical security of the E-voting system Threats to the E-voting system Mitigations Applied Data flow diagram Data security requirements 9/19/2018 DITSCAP

10 Project Overview Using the E-voting system to walk through the DITSCAP process/requirements to include penetration testing, threat/vulnerability assessment, and document SSAA which is to be approved by Boeing POC. 9/19/2018 DITSCAP

11 Secure E-Voting Adapted from Brett’s viewgraphs http://cs. uccs
Secure electronic voting Why? 2000 Florida Presidential election Increase participation/election visibility Extensive research into developing technologies to allow secure electronic voting Current methods are vulnerable Diebold voting machine security Princeton hacks Kohno et al. software security analysis 9/19/2018 DITSCAP

12 Secure E-Voting Adapted from Brett’s viewgraphs http://cs. uccs
E-voting Requirements Privacy/Anonymity, Completeness, Soundness, Un-reusability, Eligibility, Fairness Robustness, Universal Verifiability, Receipt-Freeness, Incoercibility 9/19/2018 DITSCAP

13 Related Work Brett’s Master project report @ http://cs. uccs
Basis for Implementation Sharing Decryption in the context of Voting or Lotteries (Fouque, Poupard, Stern, Financial Cryptography 2000) Closely related research A Generalization of Paillier’s Public Key Cryptosystem with Applications to Electronic Voting (Damgard, Jurik, Nielson, Aarhus University, Dept. of Computer Science) Uses of Paillier Cryptography Electronic Voting Anonymous Mix Nets (due to self-blinding property) Electronic Auctions Electronic Lotteries Need to provide short context and related work. 9/19/2018 DITSCAP

14 PTC Cryptography Techniques Adapted from Brett’s viewgraphs http://cs
Paillier Cryptography Trapdoor Discrete Logarithm Scheme Important Properties Homomorphic (multiply encrypt votes = encrypt(sum(vote))!) E(M1 + M2) = E(M1) x E(M2), E(k x M) = E(M)k Self-blinding Re-encryption with a different r doesn’t change M 9/19/2018 DITSCAP

15 PTC Cryptography Techniques Adapted from Brett’s viewgraphs http://cs
Threshold Encryption Public key encryption as usual Distribute secret key “shares” among i participants Decryption can only be accomplished if a threshold number t of the i participants cooperate “Need at least one from each democratic and republican party representatives, and one election official presence to decrypt” No information about m can be obtained with less than t participants cooperating 9/19/2018 DITSCAP

16 PTC Based E-voting Prototype Adapted from Brett’s viewgraphs http://cs
E-voting allows single-choice ballots Election administrator creates election parameters with the help of PTC encryption The administrator submits election parameters to PTCVotingService (Web Services) Voters load election parameters and cast encrypted votes The homomorphic properties of the PTC enable the tally to be done without decrypting the vote.  protect the privacy of voter. To decrypt the tally, require at least t (threshold) out of N key shared holders to participate to generate the key for decryption. 9/19/2018 DITSCAP

17

18 9/19/2018 DITSCAP

19 Security Technical Implementation Guide (STIGs)
Configuration standards for DOD Information Assurance (IA) and IA-enabled devices/systems Contains instructions or procedures to verify compliance to a baseline level of security 9/19/2018 DITSCAP

20 Security Technical Implementation Guide (STIGs)
Security (CAT) Codes – A measure to assess the systems security related standing CAT I Immediate access to the attacker,bypass firewall CAT II Potential information to the intruder to gain access CAT III Potential information gained could lead to compromise CAT IV No direct or indirect access to high value information 9/19/2018 DITSCAP

21 Application Security Requirements STIG
Defines a set of recommended security requirements that are common to all software applications Used as a first step to designing security into applications to reduce application vulnerabilities. Lists the potential vulnerabilities of the application systems Design and development related vulnerabilities Misconfiguration and administration related vulnerabilities Necessary non-secure standards 9/19/2018 DITSCAP

22 Network Infrastructure STIG
Inbound access list – filter packets before they enter the router Outbound traffic – filtering rules to be applied to outbound traffic with an illegitimate address Firewalls – necessary to minimize threat and protect the enclave Intrusion detection system – detect unauthorized or malicious traffic 9/19/2018 DITSCAP

23 Database STIG Product Updates System and Data Backup Access
Transaction auditing Roles and Permissions 9/19/2018 DITSCAP

24 Secure Remote Computing STIG
Provides technical security policies and requirements to provide secure remote access to users in DOD. Discusses remote user environment and network site architecture Guide for securing DOD assets within a remote access environment Provides suggestions for redundancy and survivability 9/19/2018 DITSCAP

25 Minimal Security Activity Checklist
Main sections include System Architecture Analysis Software, Hardware, and Firmware Design Analysis Network Connection Rule Compliance Analysis Integrity Analysis of Integrated Products Life-Cycle Management Analysis Vulnerability Assessment Security Test and Evaluation 9/19/2018 DITSCAP

26 Minimal Security Activity Checklist
Penetration Testing TEMPEST and RED/BLACK Verification COMSEC Compliance Validation System Management Analysis Site Accreditation Survey Contingency Plan Evaluation Risk Management Review 9/19/2018 DITSCAP

27 Threat Model - STRIDE Spoofing – The identity of the voter cannot be trusted Tampering – The vote for Candidate A could be assigned to Candidate B or vice versa Repudiation – No authorized identification of parties involved in the E-voting process. Information Disclosure – Disclosing the tally count Denial of service – Making the E-voting system unavailable to its intended users Elevation of privilege – gaining system privileges through malicious means Another option would be to discuss the various standards that influence evoting machine requirements. Another option would be to discuss the various standards that influence evoting machine requirements. 9/19/2018 DITSCAP

28 Threat Scenarios Breaking encryption – tampering with the public and private keys Allocating observation with data The database is not “READ ONLY” – can be used for SQL injection The Electronic Ballot Casting Device – a ‘Trojan horse’ on the voting terminal. The Voting Protocol – sniffing on the network. The Electoral Server – depending on the applied voting protocol, the election servers are a vulnerability point Other Anonymity Threats – the Voter Audit Trail could also be used to link a voter to their vote. 9/19/2018 DITSCAP

29 Vulnerabilities-Mitigations
Threat Security Code Scenario How does it affect Mitigation Spoofing CAT II CAT III Voter form user interface, Access control of database objects, Access control of applications host. Integrity, Access Control, Accountability Personalization methods, passwords Cryptographic or hardware token Eg.Memory Card, Smart Card, Common Access Card (CAC) Tampering CAT I, Physical access Confidentiality, Firewall,Intrusion Detection Systems 9/19/2018 DITSCAP

30 Vulnerabilities-Mitigations
Threat Security Code Scenario How does it affect Mitigation Repudiation CAT I CAT II Voter form user interface, Trojan Horse, Packet Sniffing, SQL Injection, Internet Integrity, Confidentiality, Access Control, Accountability Firewall,PKI SNORT, Virus checker, Log security related events Information Disclosure CAT IV Voter Audit Trail, Weak key DS-40 bit Confidentiality Firewall, Key size larger than 1024, password protection 9/19/2018 DITSCAP

31 Vulnerabilities-Mitigations
Threat Security Code Scenario How does it affect Mitigation Denial of Service CAT III Botnet, Stacheldraht, Excess requests, Forced reset, ICMP exploits, Availability Alternative Routing, Secure Collective Network Defense Elevation of privilege CAT II Gaining Administrator password Confidentiality Data Integrity, Accountability X.509 certificates 9/19/2018 DITSCAP

32 Residual Risks Natural and man made threat
Eg.fire, flooding, water, wind,electrical disturbances External or internal threat agents Eg.espionage services, terrorists, Shared Passwords Accidental human action which compromises the system Human negligence 9/19/2018 DITSCAP

33 Future Work Separate web services and UI for Administrator, Voters, and Key Share Owners. Encrypted UI connections using HTTPS. Administrator, Voter, and Key Share Owner identity verification using both X.509 certificates and username/password. Additional firewall layer with IDS for certificate generation, application functionality, data storage, and tabulation of election results. Encrypted Web service to Web Service interface for inner firewall traversal. 9/19/2018 DITSCAP

34 Future Work 9/19/2018 DITSCAP

35 Lessons Learned Problems faced :
Not sure what could be the vulnerabilities of the system The DITSCAP was a big confusing concept CONOPS was something complicated at first sight How we solved them : The DITSCAP Application Manual provided easy reference to each section in the SSAA Complexities solved by Izzy and Dr. Chow STIGS was a great help Vulnerability-Mitigation Mapping Learned the basics of Paillier Threshold Cryptography The security issues surrounding E-voting systems 9/19/2018 DITSCAP

36 Conclusion DITSCAP Overview SSAA Overview Project Overview
Secure E-voting System Threats and Mitigations Future Work Project information can be found at 9/19/2018 DITSCAP

37 References Brett Wilson, UCCS, Implementing a Paillier Threshold Cryptography Scheme as a Web Service. 9/19/2018 DITSCAP

Download ppt "E-voting DITSCAP Project"

Similar presentations

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.

Database Security Policies and Procedures and Implementation for the Disaster Management Communication System Presented By: Radostina Georgieva Master.
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Access Control Methodologies

Access Control Methodologies
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1/11/2007 bswilson/eVote-PTCWS 1 Paillier Threshold Cryptography Web Service by Brett Wilson.

1/11/2007 bswilson/eVote-PTCWS 1 Paillier Threshold Cryptography Web Service by Brett Wilson.
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.

10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.

CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.

1/11/2007 bswilson/eVote-PTCWS 1 Enhancing PTC based Secure E-Voting System (note: modification of Brett Wilson’s Paillier Threshold Cryptography Web Service.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Similar presentations

Ads by Google