Applying mese processes to improve online e voting prototype system with ptc web services
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Applying MESE processes to Improve Online E-Voting Prototype System with PTC Web Services PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on
  • Presentation posted in: General

Applying MESE processes to Improve Online E-Voting Prototype System with PTC Web Services. Master Project Defense Hakan Evecek. Outline of the Talk. Introduction Document overview prepared for this project. Related Work Paillier Threshold Cryptography (PTC) PTC Web Services

Download Presentation

Applying MESE processes to Improve Online E-Voting Prototype System with PTC Web Services

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Applying mese processes to improve online e voting prototype system with ptc web services

Applying MESE processestoImproveOnline E-Voting Prototype System with PTC Web Services

Master Project Defense

Hakan Evecek

Hakan Evecek/SE2Evote


Outline of the talk

Outline of the Talk

  • Introduction

  • Document overview prepared for this project.

  • Related Work

  • Paillier Threshold Cryptography (PTC)

  • PTC Web Services

  • Suggested Improvement

    • Encryption/Decryption Optimization

    • User Interface

  • Online E-Voting System

  • Future Directions

  • Conclusion

Hakan Evecek/SE2Evote


Introduction

Introduction

  • General idea behind Electronic Voting:

    • Similar to the manual voting - only much faster and cheaper, however

      • Is the voter confident with the process?

      • Can Administrators monitoring verify that one vote is recorded for each voter?

      • How trustable the tally process?

      • Is it socially acceptable?

  • Many countries are looking for E-Voting solutions.

  • In other words, what are the e-voting requirements:

Hakan Evecek/SE2Evote


E voting requirements

E-Voting Requirements

  • Basic requirements for electronic voting

    • Privacy – All votes should be kept secret

    • Completeness – All valid votes should be counted correctly

    • Soundness – Any invalid vote should not be counted

    • Unreusability – No voter can vote twice

    • Eligibility – Only authorized voters can cast a vote

    • Fairness – Nothing can affect the voting

Hakan Evecek/SE2Evote


E voting requirements1

E-Voting Requirements

  • Extended Requirements for electronic voting

    • Robustness – faulty behavior of any reasonably sized coalition of participants can be tolerated. In other words, the system must be able to tolerate to certain faulty conditions and must be able to manage these situations.

    • Universal Verifiability – any party can verify the result of the voting

    • Receipt-freeness – Voters are unable to prove the content of his/her vote

    • Incoercibility – Voter cannot be coerced into casting a particular vote by a coercer.

Hakan Evecek/SE2Evote


The categorization of voting system

The categorization of voting system

Hakan Evecek/SE2Evote


Mese processes applied for online e voting system

MESE Processes Applied for Online E-Voting System

Project Proposal and Plan

Software Requirements Document (SRS)

Software Design Specification (SDS)

Testing Document

Defects List

Project Report

Hakan Evecek/SE2Evote


Related work

Related Work

  • Other Techniques Used In E-voting Protocols

    • A Secure and Optimally Efficient Multi-Authority Election Scheme (Cramer, Gennaro, Schoenmakers)

      • Receipt-free: protocols where vote-buying or coercing is not possible because voters cannot prove to others how they voted.

    • Non-Interactive Zero Knowledge Proofs

      • Proof does not require interaction

      • Proof does not reveal any other information

        • Prove vote is valid without revealing content of vote

        • Prove two encryptions encrypt the same message without revealing message

Hakan Evecek/SE2Evote


Cryptographic techniques implemented by bret wilson

Cryptographic Techniques Implemented by Bret Wilson

  • Paillier CryptoSystem [15]

    • Trapdoor Discrete Logarithm Scheme

    • c = gMrn mod n2

      • n is an RSA modulus (modulus of 2 safe primes)

        • Safe prime - p = 2q + 1 where q is also prime

      • g is an integer of order nα mod n2

      • r is a random number in Zn*

    • M = L(cλ(n) mod n2)/L(gλ(n) mod n2) mod n

    • L(u) = (u-1)/n, λ(n)=lcm((p-1)(q-1))

    • Important Properties

      • Probabilistic (randomness of E(M))

      • Homomorphic

        • E(M1 + M2) = E(M1) x E(M2), E(k x M) = E(M)k

      • Self-blinding

        • D(E(M) rn mod n2 )= m

Hakan Evecek/SE2Evote


Cryptographic techniques implemented

Cryptographic Techniques Implemented

  • Threshold Encryption [15]

    • Public key encryption as usual

    • Distribute secret key “shares” among i participants

    • Decryption can only be accomplished if a threshold number t of the i participants cooperate

      • No information about m can be obtained with less than t participants cooperating

  • Shamir Secret Sharing

    • Lagrange Interpolation formula

    • f(X) = Σti=0 aiXi

    • a0 is secret, ai are random, f(X) are “secret shares”

      • X is share index (1 to number of servers)

    • If enough f(X) available it is possible to recover a0

Hakan Evecek/SE2Evote


Applying mese processes to improve online e voting prototype system with ptc web services

Hakan Evecek/SE2Evote


Applying mese processes to improve online e voting prototype system with ptc web services

Hakan Evecek/SE2Evote


User login page

User Login Page

Assumed that users has registered previously and has secure login credentials provided.

Admin Users

Voters

Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)

Hakan Evecek/SE2Evote


Admin page

Admin Page

Election Creation

Encryption/Decryption

Tally Vote

Generate Safe Prime Numbers

Ballot Creation

Hakan Evecek/SE2Evote


Voter page

Voter Page

  • Voter can access to the elections and complete the voting process.

  • Automatically loads the voting page.

    • Allows vote, then doesn’t allow user to vote again

Hakan Evecek/SE2Evote


Database schema

Database Schema

Hakan Evecek/SE2Evote


Suggested key generation encryption decryption optimization

Suggested Key Generation, Encryption/Decryption Optimization

  • Safe Prime Numbers Pre-Computation Process.

  • Chinese Remainder Theorem to calculate p,q separately and then multiply for n.

  • Paillier Scheme Pre-Computation for decryption.

Hakan Evecek/SE2Evote


Results

Results

  • 128 bit Encryption

  • 256 bit Encryption

Hakan Evecek/SE2Evote


Lessons learned

Lessons Learned

  • Add problems encountered and how you solve them.

  • Mistakes made and how you discovered them.

  • Tell story.

Hakan Evecek/SE2Evote


Future direction

Future Direction

  • Implement the suggested CRT improvement into the code.

  • Implement constant value pre-computation for decryption process.

  • Fix XML solution in the code.

  • Add more web application security protocols and processes.

  • Implement registration and voter identity verification process.

    • Authenticity of election parameters/ballots not currently guaranteed

      • Implement signing of election parameters/ballots by admin

Hakan Evecek/SE2Evote


Conclusion

Conclusion

  • Summarize/itemize what you have achieved.

Hakan Evecek/SE2Evote


References

References

[1] http://cris.joongbu.ac.kr/publication/evoting_implementation-APIEMS2004.pdf

Implementation issues in a secure e-voting schemes, Riza Aditya, Byoungcheon Lee, Colin Boyd and Ed Dawson.

[3] http://www.cs.virginia.edu/~pev5b/writing/academic/thesis/thesis.html

Vote Early, Vote Often, and VoteHere: A Security Analysis of VoteHere, Philip E. Varner, May 11, 2001.

[5] http://www.trustycom.fr/pdf/FoPoSt00.pdf P. Fouque, G. Poupard, J.Stern, Sharing Decryption in the Context of Voting or Lotteries, Financial Cryptography 2000 Proceedings.

[6] http://www.captcha.net/ , the Official CAPTCHA web site.

[7] http://www.vote.caltech.edu/reports/alv-nag_loyola.pdf R. Michael Alvarez, Jonathan Nagler, The Likely consequences of Internet Voting for Political Representations.

[10] I. Damgard, M. Jurik, J. Nielson, A Generalization of Paillier’s Public-Key System with Applications to Electronic Voting, Aarhus University, Dept. of Computer Science.

[15] B. Wilson, C. E. Chow, Paillier Threshold Cryptography Web Service User’s Guide, University of Colorado – Colorado Springs Master’s Project, 2006.

[16]http://www.cs.rit.edu:8080/ms/static/spr/2005/4/kar1141/report.pdf , Progress on Probabilistic Encryption Schemes, Kert Richardson, July 2006.

[17] http://www.cs.umd.edu/~jkatz/THESES/staub.pdf.gz An Analysis of Chaum’s voter-verifiable election scheme, Julie Ann Staub, 2005

[18] http://www.brics.dk/RS/00/45/BRICS-RS-00-45.pdf Ivan Damgard and Mads J. Jurik, A Generalization, a Simplification and Some Applications of Paillier’s Probabilistic Public-Key System, PKC 2001.

[19] http://www.cryptovirology.com/cryptovfiles/newbook/Chapter4.pdf Implementing Perfect Questionable Encryptions, Adam L. Young and Moti M. Yung.

[20] http://www.rsa.com/rsalabs/cryptobytes/CryptoBytes_January_2002_final.pdf CryptoBytes, Dan Boneh, Hovav Shacham, Spring 2002.

[21] http://www.gemplus.com/smart/rd/publications/pdf/Pai99pai.pdf Public-Key CryptoSystems Based on Composite Degree Residuosity Classes, Pascal Paillier, 1999

[22] http://en.wikipedia.org/wiki/Paillier_cryptosystem , Paillier Crytosystem from Wikipedia, the free encyclopedia.

Hakan Evecek/SE2Evote


  • Login