1. CS 591 DITSCAP1 E-voting DITSCAP Project UCCS POC: Edward Chow Boeing POC: Izzy Rodriguez Team: Samarpita Hurkute Kunal Bele Kunal Bele Shin Nam Shin Nam Saroj Patil Saroj Patil Chuck Short Chuck Short Rajshri Vispute Rajshri Vispute

2. CS 591DITSCAP2 DITSCAP Overview  DITSCAP – DoD Information Technology Security Certification and Accreditation Process  Purpose –Implements policy, assigns responsibilities, and prescribes procedures for Certification and Accreditation (C&A) of IT –Creates a process for security C&A of unclassified and classified IT

3. CS 591DITSCAP3 SSAA Overview  SSAA – System Security Authorization Agreement –It is a document required by the DITSCAP  What it does –Defines operating environment of the system –Identifies the “system” –Defines risk and countermeasure –Documents agreement among all parties involved in the system

4. CS 591DITSCAP4 Project Overview  Using the E-voting system to walk through the DITSCAP process/requirements to include penetration testing, threat/vulnerability assessment, and document SSAA which is to be approved by Boeing POC.

5. CS 591DITSCAP5 E-voting System E-voting allows single-choice ballotsE-voting allows single-choice ballots Election administrator creates election parameters with the help of PTC encryptionElection administrator creates election parameters with the help of PTC encryption The administrator submits election parameters to VotingServiceThe administrator submits election parameters to VotingService Voters load election parameters and cast encrypted votesVoters load election parameters and cast encrypted votes The homomorphic properties of the PTC enable the product to be decrypted to reveal the sum total of all votesThe homomorphic properties of the PTC enable the product to be decrypted to reveal the sum total of all votes

6. CS 591DITSCAP6

7. CS 591DITSCAP7

8. CS 591DITSCAP8 Threat Model  Spoofing – The identity of the voter cannot be trusted  Tampering – The vote for Candidate A could be assigned to Candidate B or vice versa  Repudiation – No authorized identification of parties involved in the E-voting process.  Information Disclosure – Disclosing the tally count  Denial of service – Making the E-voting system unavailable to its intended users  Elevation of privilege – gaining system privileges thru malicious means

9. CS 591DITSCAP9 Threat Scenarios  Breaking encryption – tampering with the public and private keys  Allocating observation with data  Physical access – can be used for SQL injection  The Electronic Ballot Casting Device: a ‘Trojan horse’ on the voting terminal.  The Voting Protocol – sniffing on the network.  The Electoral Server – depending on the applied voting protocol, the election servers are a vulnerability point  Other Anonymity Threats – the Voter Audit Trail could also be used to link a voter to their vote.

10. CS 591DITSCAP10 Preliminary Defenses  Configure firewall –iptables rules iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A PREROUTING -p icmp -i eth0 -d 128.198.60.139 -j DNAT --to-destination 10.0.0.2 iptables -t nat -A PREROUTING -p tcp -i eth0 -d 128.198.60.139 --dport 3389 -j DNAT --to-destination 10.0.0.2 iptables -A INPUT -p tcp --dport 25 -j DROP iptables -A FORWARD -p tcp --dport 25 -j DROP

11. CS 591DITSCAP11 Vulnerability Analysis  Nessus scan  nmap scan  Metasploit

12. CS 591DITSCAP12 ThreatMitigation Voter form user interface Modify interface to accommodate CAC card Administrator interface Modify interface to include X.509 certificate Paillier certificate creation Modify interface to include X.509 certificate Paillier key size too small Support Paillier key size larger than 1024 RDP protocol Use TLS/SSL certificate Open ports Close unnecessary listening ports

13. CS 591DITSCAP13 SSAA Contents System description along with functional diagramsSystem description along with functional diagrams Highlights sensitivity of data processedHighlights sensitivity of data processed System architecture diagram with firewallSystem architecture diagram with firewall Physical security of the E-voting systemPhysical security of the E-voting system Threats to the E-voting systemThreats to the E-voting system Data flow diagramData flow diagram Data security requirementsData security requirements

14. CS 591DITSCAP14 Future Work

15. CS 591DITSCAP15 Lessons Learned  How to make the system more secure  What is involved in creating an SSAA document  What is Concept of Operations (CONOPS)  Learned the basics of Paillier Threshold Cryptography  The security issues surrounding E-voting systems

16. CS 591DITSCAP16 References  Brett Wilson, UCCS, Implementing a Paillier Threshold Cryptography Scheme as a Web Service.  http://www.nswc.navy.mil/ISSEC/COURSES/Ditscap.ppt http://www.nswc.navy.mil/ISSEC/COURSES/Ditscap.ppt  http://www.i-assure.com/ http://www.i-assure.com/  http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP.pdf http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP.pdf  http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP_Ap plication_Manual.pdf http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP_Ap plication_Manual.pdf http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP_Ap plication_Manual.pdf  http://viva.uccs.edu/ditscap/index.php/Image:SSAA_Guida nce.doc http://viva.uccs.edu/ditscap/index.php/Image:SSAA_Guida nce.doc http://viva.uccs.edu/ditscap/index.php/Image:SSAA_Guida nce.doc