Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.

Published byEmil Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of."— Presentation transcript:

1 Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of the 14 th Usenix Security Symposium held in Baltimore on July 31st-August 5 th, 2005 Presenter: Rick Carback 11-16-05

2 Overview Selection Criteria Motivation Results New and Significant Goals of Secure Voting Systems Neff’s Protocol Attacks and Mitigations Subliminal Channels Human Unreliability Denial of Service Secure Voting Protocol Implementation Future Work Conclusions

3 Paper Selection Criteria Chris Karloff and Naveen Sastry are both 5 th year graduate students. David Wagner DIMACS Special Focus on Security Organizing committee member ACM CCS 2004 Program committee member USENIX Security 2006 Program committee member IEEE Security & Privacy 2006 Program committee member

4 Motivation Chose protocols by Neff and Chaum because they are revolutionary Viewed Neff and Chaum protocols as part of a complete voting system What are the weaknesses of these schemes in complete systems if implemented? Can these ideas work in the real world?

5 Results

6 New and Significant Enumerates E-Voting goals Analysis of Cryptographic Protocols in the larger systems context Exposes weaknesses in implementation of cryptographic protocols Provides countermeasures for these weaknesses Identified new challenges and open problems in electronic voting systems.

7 Goals of Secure Voting Systems Cast-as-Intended Counted-as-Cast Verifiability One voter, One vote Coercion Resistance Privacy

8 Neff’s Scheme Distributed Key Generation Protocol (Similar to Chaum's Scheme) DRE constructs a VC, a matrix of BMPs. Each row represents one candidate. BMPs are all (0, 0) or (1, 1) for the chosen candidate and (0, 1) or (1, 0) for the others.

9 Neff’s Scheme (cont.) DRE picks a pledge bit for each BMP for the chosen candidate, voter can verify by picking a side for each one. OVC is created with this information. Voter checks that challenge is correct on bulletin board.

10 Vote Here Receipts

11 Vote Here Bulletin Board

12 Subliminal channels Arises when DRE is free to chose the random values that are used. All randomized encryption schemes can contain subliminal channels. (Goldwasser, 1984) Through special selection of a random number r, the DRE can encode the sizeof(r) bits. Can hide a bit by repeatedly choosing a random number until you get what you want. Expected work is O(2 x ) to encrypt x bits.

13 Random Subliminal Channel Attack Neff's scheme makes extensive use of randomness. Each BMP has one side of it revealing the random parameter used in that side of the pair. If the DRE chooses the same random parameter for both sides it will always be revealed in the ballot. The random parameter is guaranteed to be revealed, allowing a number of bits equal to the size of the parameter to be sent subliminally for each BMP.

14 Avoiding Random Subliminal Attacks Change protocol so that it does not require randomness Very tricky Random tapes Trusted Hardware

15 Semantic Subliminal Channels Voters are unlikely to detect subtle changes (fonts, pixel, etc) Can use simple policy, no computational complexity Apparent only after decryption, not on the bulletin board

16 Mitigating Semantic Channels Unambiguous formats for ballots and all ballots tested for conformance Bad ballots cannot be posted on the bulletin board But this may violate other policies!

17 Human Unreliability Protocol security hinges on DRE not knowing how the voter will make future decisions Interactions must happen in a particular order Voter may not notice deviations in protocol Voter must monitor DRE output Most people don’t care People often make mistakes How does a voter prove the machine is wrong?

18 Message Reordering

19 Message Reordering (cont.)

20

21 Human Unreliability (cont.) Discarded Receipts DRE Generates Invalid Signature Voter cannot prove if the receipt was forged Printing incorrect DRE Machine ID Ignoring voter input Valid receipt, but not what voter chose

22 Mitigating Human Unreliability Parallel Testing Voter Education It should not be so hard to use a voting machine Shredders for receipts Verify Signature at voting station Needs another set of trusted software/hardware Preprinted Machine IDs

23 Denial of Service Malicious DREs can delete, alter, or stuff ballots Detectable, but still effective Malicious Tallying/Bulleting Board software Could delete keys, ballots, etc. Could be selective Target polling stations favoring undesired candidate

24 DoS Mitigation Strategies Revote Costly Voter Verified Paper Audit Trail Not secure

25 Implementing Secure Voting Systems Bulletin Board Required Properties? What Architecture? BSN Assignment User Friendly Interfaces Tallying Software Specification

26 Future Work Cryptographic protocols that prevent subliminal channels Mix-net security models Definition for security in the voting setting Humans as protocol participants Can we educate without discouraging participation and hurting trust?

27 Conclusions Every attack discussed requires malicious software (DRE/bulletin board/tallying) Is this better than what we currently have? What about non-malicious problems? Connectivity? Hardware failure?

28 References Votehere.com “Cryptographic Voting Protocols: A Systems Perspective”, Chris Karlof, Naveen Sastry, David Wagner

Download ppt "Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of."

Similar presentations

An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems.

An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems.
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Electronic Voting Systems

Electronic Voting Systems
Pretty Good Democracy James Heather, University of Surrey

Pretty Good Democracy James Heather, University of Surrey
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.

Vote privacy: models and cryptographic underpinnings Bogdan Warinschi University of Bristol 1.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.

Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)

Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.

Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.

Similar presentations

Ads by Google