Presentation is loading. Please wait.

Presentation is loading. Please wait.

Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.

Published byMaurice Froggatt Modified over 9 years ago

Similar presentations

Presentation on theme: "Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center."— Presentation transcript:

1 Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center

2 Overview Motivation Related Work Protocol Examples Analysis

3 Motivation The Voting Problem Traditional Approach Electronic Voting

4 Motivation: The Voting Problem Scenario: Alice, a human, wishes to transmit message c Є C to central tallier, Trent. Security requirements Anonymity Accuracy etc.

5 Motivation: Traditional Approach Paper-based systems Alice creates physical vote record and relays the vote to Trent. Disadvantages Inaccurate Expensive Advantages Simple, usable Secure (?)

6 Motivation: Electronic Voting Current state of electronic voting systems Systems entrust untrustworthy voting terminals, volunteers Security policy dictates isolation and physical controls Advantages Relatively inexpensive Accurate Disadvantages Fails to use public infrastructure Vulnerable to automated attacks Vulnerable to undetectable attacks

7 Motivation: Electronic Voting Current state of electronic voting systems Systems entrust untrustworthy voting terminals, volunteers Security policy dictates isolation and physical controls Advantages Relatively inexpensive Accurate Disadvantages Fails to use public infrastructure Vulnerable to automated attacks Vulnerable to undetectable attacks

8 Motivation: Electronic Voting Solution: Blind signature protocol with trustworthy hardware Direct communication with Trent – infeasible! Trustworthy voting terminals – costly! Personal tamper resistant device – yes! Problem: How can we establish a trusted path between Alice and her voting device? Direct I/O? Form factor prohibits this. Via voting terminal? No! CAPTCHA-Voting Protocol? Other schemes (Chaum, Prêt-à-Voter, KHAP) Voter performs verification and auditing steps.

9 Related Work Completely Automated Publicly Available Turing Tests to tell Computers and Humans Apart (CAPTCHAs) One-time random substitution

10 Trent Protocol: Actors Alicea human voter Trenta central tallier, trusted to perform complex, anonymous operations on Alice's behalf Malloryan untrusted voting terminal Alice Mallory

11 Protocol Public list of candidates C = [ c 1, c 2, …, c n ] Public, random set R = [ r 1, r 2, …, r m ] such that m ≥ n Random mapping of candidates to random elements K : C → R such that P( K(c) = r i ) = P( K(c) = r j ) for all i, j K -1 : R → C CAPTCHA transformation function T(m) such that Mallory cannot derive m from T(m), while Alice may infer m from T(m) Trent may encode K using T. This is denoted by T(K).

12 Protocol 1. Trent generates and sends a CAPTCHA-encrypted ballot. 1.1. K : C → R Trent Alice Mallory

13 Protocol 1. Trent generates and sends a CAPTCHA-encrypted ballot. 1.1. K : C → R 1.2. T(K) Trent Alice Mallory

14 Protocol 1. Trent generates and sends a CAPTCHA-encrypted ballot. 1.1. K : C → R 1.2. T(K) 1.3. T(K) Trent Alice Mallory

15 Protocol 2. Alice responds with the encrypted candidate. 1.1. K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K Trent Alice Mallory

16 Protocol 2. Alice responds with the encrypted candidate. 1.1. K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K 2.2. K(c) = r Trent Alice Mallory

17 Protocol 2. Alice responds with the encrypted candidate. 1.1. K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K 2.2. K(c) = r 2.3. r Trent Alice Mallory

18 Protocol 3. Trent decrypts Alice's preferred candidate. 1.1. K : C → R 1.2. T(K) 1.3. T(K) 2.1. T -1 ( T(K) ) = K 2.2. K(c) = r 2.3. r 3.1. K -1 (r) = c Trent Alice Mallory

19 Examples Text CAPTCHA 3D Animation CAPTCHA Audio CAPTCHA

20 Example: Text CAPTCHA R consists of distinct regions in image. T renders mapping as image and contributes noise.

21 Example: 3D Animation CAPTCHA R consists of equally sized, contiguous sets of frames. T renders candidate names in animation.

22 Example: Audio CAPTCHA K is a similar, temporal mapping of candidates. Audio noise thwarts Mallory.

23 Analysis Fabricated votes Human adversaries Selective denial of service

24 Analysis: Fabricated Votes Fabricated vote through guessed K Mallory attempts to vote for c' through selection of arbitrary r''. If |R| = |C|, then P( K -1 (r'') = c' ) = 1 / n. If |R| > |C|, then P( K -1 (r'') = c' ) = 1 / m. Probability that K -1 (r'') is undefined: (m – n) / m Invalid vote → detected attack! Fabricated vote through cracked T Mallory increases probability that P( K -1 (r'') = c' ). Solution: Find a better CAPTCHA?

25 Analysis: Human Adversary Transmission of T(K) to a human collaborator Time-dependent protocol Increased likelihood of detection Architectural solutions

26 Analysis: Selective DoS Selective DoS: Mallory discards Alice's vote if it is likely that c ≠ c'. Mallory must learn Alice's preference. Alice and Mallory's location Alice's previous votes Solution: Single ballot Fabricated ballot Detection of selective denial of service Educated guessing

27 Conclusion Human interaction required – no efficient automated attacks Easy detection of large-scale attacks Comparison to traditional voting systems Future work Usability data Broader applications, using this protocol (possibly combined with KHAP) to form a trusted path

28 Questions?

29

Download ppt "Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center."

Similar presentations

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)

Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Chapter 1 – Introduction

Chapter 1 – Introduction
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Quantum Cryptography Qingqing Yuan. Outline No-Cloning Theorem BB84 Cryptography Protocol Quantum Digital Signature.

Similar presentations

Ads by Google