Presentation is loading. Please wait.

Presentation is loading. Please wait.

Static Validation of a Voting ProtocolSlide 1 Static Validation of a Voting Protocol Christoffer Rosenkilde Nielsen with Esben Heltoft Andersen and Hanne.

Published byAudra Harvey Modified over 9 years ago

Similar presentations

Presentation on theme: "Static Validation of a Voting ProtocolSlide 1 Static Validation of a Voting Protocol Christoffer Rosenkilde Nielsen with Esben Heltoft Andersen and Hanne."— Presentation transcript:

1 Static Validation of a Voting ProtocolSlide 1 Static Validation of a Voting Protocol Christoffer Rosenkilde Nielsen with Esben Heltoft Andersen and Hanne Riis Nielson Language-Based Technologies, Safe and Secure IT-Systems, Informatics and Mathematical Modelling, Technical University of Denmark

2 Static Validation of a Voting ProtocolSlide 2 Electronic Voting Protocols Convenient and inexpensive. Several cryptographic approaches. Introduces new ways to disrupt or falsify votings. Must upheld the security properties of the classical paper vote. Need for provably correct systems.

3 Static Validation of a Voting ProtocolSlide 3 Security Properties Verifiability: Voters can verify that their votes have been counted. Accuracy: 1.No votes can be altered 2.Validated votes count in the final tally 3.Invalid votes cannot be counted in the final tally. Democracy: 1.Only eligible voters can vote 2.Eligible voters can only vote once. Fairness: No early results from the voting can be obtained. Privacy: Voters and their votes cannot be linked together.

4 Static Validation of a Voting ProtocolSlide 4 Case Study: FOO92 2 34 5 Voter AdminCounter 1 2. A → V : sign A (blind b (commit r (v))) 3. (V) → C : sign A (commit r (v)) 4. C → : l, sign A (commit r (v)) 5. (V) → C : l, r 1. V → A : V, sign V (blind b (commit r (v))) 1. unblind b (blind b (msg)) = msg 2. unblind b (sign s (blind b (msg))) = sign s (msg) Blinding:

5 Static Validation of a Voting ProtocolSlide 5 Framework Protocol Narration LySa Annotations Analysis OK Not OK?

6 Static Validation of a Voting ProtocolSlide 6 LySa-Calculus A process calculus in the π -calculus tradition. The original LySa incorporates the usual cryptographic operations; symmetric and asymmetric encryption. Messages sent on Ether. An extension to the LySa-calculus with the blinding construct was needed in order to analyse the FOO92 protocol. All encryptions/decryptions are annotated with a destination/origin Protocol Narration LySa Annotations Analysis OK Not OK?

7 Static Validation of a Voting ProtocolSlide 7 LySa-Calculus Protocol Narration LySa Annotations Analysis OK Not OK?

8 Static Validation of a Voting ProtocolSlide 8 FOO92 in LySa Protocol Narration LySa Annotations Analysis OK Not OK? 2. A → V: sign A (blind b (commit r (v))) 4. C → : l, sign A (commit r (v)) 5. (V) → C: l, r 1. V → A: V, sign V (blind b (commit r (v))) 3. (V) → C: sign A (commit r (v))

9 Static Validation of a Voting ProtocolSlide 9 Analysis Control flow analysis to safely approximate the behavior of the protocol. Dolev-Yao attacker. LySaTool: An automated tool for verifying security properties of protocols written in the LySa-calculus. Reports any possible violation to the destination/origin annotations. Protocol Narration LySa Annotations Analysis OK Not OK?

10 Static Validation of a Voting ProtocolSlide 10 Security Properties Verifiability: Voters can verify that their votes have been counted. Accuracy: 1.No votes can be altered 2.Validated votes count in the final tally 3.Invalid votes cannot be counted in the final tally. Democracy: 1.Only eligible voters can vote 2.Eligible voters can only vote once. Fairness: No early results from the voting can be obtained. Privacy: Voters and their votes cannot be linked together. Protocol Narration LySa Annotations Analysis OK Not OK?

11 Static Validation of a Voting ProtocolSlide 11 Results: Verifiability The voters can independently verify that their vote has been counted correctly. Problem: The publication can originate from the attacker. Solution: The counter signs the publication. 1. V → A : V, sign V (blind b (commit r (v))) 2. A → V : sign A (blind b (commit r (v))) 3. (V) → C : sign A (commit r (v)) 4. C → : l, sign A (commit r (v)) 5. (V) → C : l, r Protocol Narration LySa Annotations Analysis OK Not OK?

12 Static Validation of a Voting ProtocolSlide 12 Results: Accuracy (2) Invalid votes are not counted in the final tally. Problem: Blinded ballots can be accepted as valid ballots. Solution: Distinguishing between committed values and blinded values. 1. V → A : V, sign V (blind b (commit r (v))) 2. A → V : sign A (blind b (commit r (v))) 3. (V) → C : sign A (commit r (v)) 4. C → : l, sign A (commit r (v)) 5. (V) → C : l, r Protocol Narration LySa Annotations Analysis OK Not OK?

13 Static Validation of a Voting ProtocolSlide 13 Results: Accuracy (1 and 3) (1) It is not possible for a vote to be altered (3) All validated votes must count in the final tally. Result: Accuracy (1): Perfect cryptography, voter checks his vote in message 2. Accuracy (3): The counter must receive as many votes as the administrator has signed. 1. V → A : V, sign V (blind b (commit r (v))) 2. A → V : sign A (blind b (commit r (v))) 3. (V) → C : sign A (commit r (v)) 4. C → : l, sign A (commit r (v)) 5. (V) → C : l, r Protocol Narration LySa Annotations Analysis OK Not OK?

14 Static Validation of a Voting ProtocolSlide 14 Results: Democracy (1) Only eligible voters can vote and (2) they can only vote once. Result: Democracy (1): The administrator only signs ballots that originates from eligible voters. Democracy (2): Any eligible voter can only have one ballot validated and the counter will not accept the same ballot twice. 1. V → A : V, sign V (blind b (commit r (v))) 2. A → V : sign A (blind b (commit r (v))) 3. (V) → C : sign A (commit r (v)) 4. C → : l, sign A (commit r (v)) 5. (V) → C : l, r Protocol Narration LySa Annotations Analysis OK Not OK?

15 Static Validation of a Voting ProtocolSlide 15 Results: Fairness No early results from the voting can be obtained. Result: The attacker cannot learn the votes before the opening phase. 1. V → A : V, sign V (blind b (commit r (v))) 2. A → V : sign A (blind b (commit r (v))) 3. (V) → C : sign A (commit r (v)) 4. C → : l, sign A (commit r (v)) 5. (V) → C : l, r Protocol Narration LySa Annotations Analysis OK Not OK?

16 Static Validation of a Voting ProtocolSlide 16 Summary Previous work has shown that LySa can analyse protocols for confidentiality and authentication. Voting protocols has different properties: 1.Verifyability 2.Accuracy 3.Democracy 4.Fairness 5.Privacy Using the extended LySa we sucessfully validated four of these properties for FOO92. Framework also applies to other voting protocols: Sensus, E-Vox.

17 Static Validation of a Voting ProtocolSlide 17 Related Work [FOO92] A. Fujioka, T. Okamoto and K. Ohta, A Practical Secret Voting Scheme for Large Scale Elections, (AUSCRYPT '92) [CC96] L. F. Cranor and R. K. Cytron, Design and Implementation of a Practical Security-Conscious Electronic Polling System, (WUCS-96-02) [BBDNN04] C. Bodei, M. Buchholtz, P. Degano, H. Riis Nielson and F. Nielson, Static Validation of Security Protocols, (JCS’04) [KR05] S. Kremer and M. D. Ryan, Analysis of an Electronic Voting Protocol in the Applied Pi Calculus, (ESOP'05)

18 Static Validation of a Voting ProtocolSlide 18 Assumptions Perfect Cryptography; Bit-committed votes are unique; The administrator only signs one vote for each eligible voter; The counter is a trusted party; The counter must have received all votes before publishing; The number of votes counted by the counter equals the number of votes signed by the administrator; and All the commitment keys must be received by the counter. Protocol Narration LySa Annotations Analysis OK Not OK?

Download ppt "Static Validation of a Voting ProtocolSlide 1 Static Validation of a Voting Protocol Christoffer Rosenkilde Nielsen with Esben Heltoft Andersen and Hanne."

Similar presentations

Administrative Procedures for Provisional Voting Amy Strange NC State Board of Elections March 14, 2006.

Administrative Procedures for Provisional Voting Amy Strange NC State Board of Elections March 14, 2006.
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.

Analysis of an Internet Voting Protocol Dale Neal Garrett Smith.
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.

Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
GSM BASED VOTING MACHINE Project Guide: Mr. Gulshan Dubey Lecturer ECE Department Project Team: Himanshu Rewal Vikas Anand Abhishek Bose Sunil Kumar Vikas.

GSM BASED VOTING MACHINE Project Guide: Mr. Gulshan Dubey Lecturer ECE Department Project Team: Himanshu Rewal Vikas Anand Abhishek Bose Sunil Kumar Vikas.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Ronald L. Rivest MIT Laboratory for Computer Science

Ronald L. Rivest MIT Laboratory for Computer Science
10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.

10/25/20061 Threshold Paillier Encryption Web Service A Master’s Project Proposal by Brett Wilson.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Similar presentations

Ads by Google