threat analysis of cryptographic voting schemes
Download
Skip this Video
Download Presentation
Threat Analysis of Cryptographic Voting Schemes

Loading in 2 Seconds...

play fullscreen
1 / 15

Threat Analysis of Cryptographic Voting Schemes - PowerPoint PPT Presentation


  • 131 Views
  • Uploaded on

Threat Analysis of Cryptographic Voting Schemes. Peter Y A Ryan and Thea Peacock University of Newcastle. Overview. Cryptographic voting schemes. Towards a taxonomy of threats and countermeasures. Conclusions. Cryptographic Voting Schemes.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Threat Analysis of Cryptographic Voting Schemes' - nira


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
threat analysis of cryptographic voting schemes

Threat Analysis of Cryptographic Voting Schemes

Peter Y A Ryan and Thea Peacock

University of Newcastle

P Y A Ryan and Thea Peacock

Prêt à Voter

overview
Overview
  • Cryptographic voting schemes.
  • Towards a taxonomy of threats and countermeasures.
  • Conclusions.

P Y A Ryan and Thea Peacock

Prêt à Voter

cryptographic voting schemes
Cryptographic Voting Schemes
  • Many voting systems using cryptographic techniques have been proposed recently.
  • Strive to provide high levels of assurance of accuracy and secrecy with minimal trust in officials, suppliers, software etc.
  • Verify the election not the system!
  • Unconditional integrity: guarantees of integrity not dependent on assumptions about adversary computational capabilities.
  • Voter verifiability: voters can confirm that their vote is accurately counted whilst not being able to prove to a third party which way they voted.

P Y A Ryan and Thea Peacock

Prêt à Voter

vulnerabilities
Vulnerabilities
  • These schemes have excellent properties, but various vulnerabilities have been identified.
  • Vulnerabilities often reside in the (sometimes implicit) assumptions. Often of a socio-technical nature.
  • See for example Karlof et al, [7], for Chaum and Neff and Peacock and Ryan and Peacock, [5], for Prêt à Voter.
  • Usually straightforward countermeasures can be proposed once the vulnerability has been identified.
  • But need a more systematic way to identify vulnerabilities.
  • Here we take a stab at putting together a taxonomy of known vulnerabilities and counter-measures.

P Y A Ryan and Thea Peacock

Prêt à Voter

categories
Categories
  • Preliminary and incomplete:
    • Information flows
    • Social engineering
    • Implementation
    • Denial of service.
    • Collusion attacks
    • Coercion/vote-buying.
    • Psychological

P Y A Ryan and Thea Peacock

Prêt à Voter

a menagerie of vulnerabilities
A Menagerie of Vulnerabilities
  • Need to trust Authorities for secrecy (not for accuracy).
  • Need to protect (pre-printed) ballot form information (chain of custody, chain voting etc.)
  • Need to trust the auditors (absence of collusion with the tellers).
  • Need to trust tellers not to leak information (aside from audit info).
  • Subliminal, side, kleptographic channels, “invisible” dots etc.
  • “Social engineering” attacks.
  • Undermining trust.
  • Enforcing information erasure.
  • Separation of teller modes, i.e., ensure that each ballot form is processed only once.
  • Need to constrain the Web Bulletin Board audits, i.e., reveal only L or R links.
  • Vulnerabilites in implementation of secure web bulletin boards.
  • Ballot stuffing.
  • DoS attacks.
  • Failures of surrounding system: electoral role, voter authentication etc.

P Y A Ryan and Thea Peacock

Prêt à Voter

subliminal and side channels
Subliminal and side channels
  • Many crypto schemes are potentially vulnerable to subliminal, side and kleptographic channels.
  • Voter’s choice is communicated in the booth to the encrypting device. Hence the device might leak information via random of semantic or side channels.
  • In Prèt à Voter, non-determinism is resolved before voter choices are revealed or association between ballot forms and voters is established.
  • And voter choice is not communicated to the device.

P Y A Ryan and Thea Peacock

Prêt à Voter

kleptographic channels
Kleptographic channels
  • These occur where a crypto device may select crypto variables in such a way to leak information to a colluding party.
  • Prêt à Voter 2005, [3], is vulnerable: The Authority might choose seed values in such a way that a certain keyed hash of the onion value leaks information about the candidate list to a colluding entity (who shared the hash key).
  • Note: Authority behaviour looks innocent.
  • Distributed generation of ballot forms will counter this: no single entity determines the crypto variables, see [6].

P Y A Ryan and Thea Peacock

Prêt à Voter

social engineering attacks
Social engineering attacks
  • Cryptographic voting schemes frequently involve moderately complex protocols between the voters and the devices.
  • Opens up possibilities for a malicious device to fool the voter about the protocol sequence, e.g., turning a cut-and-choose into a choose-and-cut.
  • Prêt à Voter 2005 seems fairly immune due to extremely simple protocol sequence.
  • Established crypto protocol analysis tools and techniques may help here (need suitable, Dolev-Yao style models of potentially malicious devices)

P Y A Ryan and Thea Peacock

Prêt à Voter

psychological attacks
Psychological attacks
  • Particularly for systems employing encrypted receipts, there may be potential for psychological attacks: adversary claims (falsely but plausibly) to be able to decrypt receipts.
  • Difficult to counter other than be education, demonstrations etc.

P Y A Ryan and Thea Peacock

Prêt à Voter

ballot stuffing
Ballot stuffing
  • Having the voters check for the appearance of their receipt on the WBB doesn’t detect ballot stuffing: in which the authorities add spurious receipts.
  • Counter-measures:
    • Check numbers of votes cast again number posted.
    • A Verified Encrypted Paper Audit Trial (VEPAT), [5], might help here.
    • Incorporate voter signatures?

P Y A Ryan and Thea Peacock

Prêt à Voter

denial of service
Denial of Service
  • Tricky in general.
  • Verified Encrypted Paper Audit Trial might help.
  • Re-encryption mixes help: can bin faulty mix tellers and rerun mixes and audits if necessary.

P Y A Ryan and Thea Peacock

Prêt à Voter

conclusions
Conclusions
  • Initial stab at constructing a taxonomy of threats and vulnerabilities for crypto voting schemes.
  • Much more needs to be done.
  • A survey of all known threats and vulnerabilities would be useful.
  • Complete coverage probably impossible
  • Formal information flow analysis techniques and tools, e.g., identifying where and when and by whom non-determinism is resolved, may help identify potential causal flows.
  • Protocol analysis tools may help identity social engineering attacks.
  • To what extent can vulnerabilities be systematically identified by analysis of a model against requirements.
    • Requires complete, formal requirements.
    • Requires a complete system model
  • Both are challenging, arguably impossible:
    • No consensus on requirements-often driven by threat analysis anyway
    • Complete models are impossible and need to cover human user aspects etc.

P Y A Ryan and Thea Peacock

Prêt à Voter

references
References
  • [1] David Chaum, Secret-Ballot receipts: True Voter-Verifiable Elections, IEEE Security and Privacy Journal, 2(1): 38-47, Jan/Feb 2004.
  • [2] P Y A Ryan, “A Variant of the Chaum Voter-verifiable Election scheme”, WITS, 10-11 January 2005 Long Beach Ca.
  • [3] D Chaum, P Y A Ryan, S A Schneider, “A Practical, Voter-Verifiable Election Scheme”, Newcastle TR 880 December 2004, Proceedings ESORICS 2005, LNCS 3679.
  • [4] B Randell, P Y A Ryan, “Trust and Voting Technology”, NCL CS Tech Report 911, June 2005, to appear IEEE Security and Privacy Magazine.
  • [5] P Y A Ryan, T Peacock, “Prêt à Voter, A Systems Perspective”, NCL CS Tech Report 929, September 2005, submitted to ESORICS 2006.
  • [6] P Y A Ryan and Steve A Schneider, “Prêt à Voter with re-encryption mixes”, Newcastle CS TR 956, April 2006, submitted to ESORICS 2006.
  • [7] C. Karlof and N. Sastry and D. Wagner, "Cryptographic Voting Protocols: A Systems Perspective“, USENIX Security Symposium", LCNS 3444, pp 186-200“, Springer-Verlag 2005.

P Y A Ryan and Thea Peacock

Prêt à Voter

announcement
Announcement

Workshop On Trustworthy Elections

(WOTE 2006)

Robinson College, Cambridge, United Kingdom

June 29 - June 30, 2006

http://www.wote2006.org

P Y A Ryan and Thea Peacock

Prêt à Voter

ad