e voting protocol electing a university president n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
E-voting protocol ----electing a University President PowerPoint Presentation
Download Presentation
E-voting protocol ----electing a University President

Loading in 2 Seconds...

play fullscreen
1 / 73

E-voting protocol ----electing a University President - PowerPoint PPT Presentation


  • 177 Views
  • Uploaded on

E-voting protocol ----electing a University President. lucyh36@gmail.com July 13 id , 2011. Resource. Person D. Chaum ( mixnet in 1981 ) J. Benaloh (casting protocol in 1994) Ben Adida (Helios) Paper Internet voting, security and privacy Helios: web-based open audit voting(2009)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'E-voting protocol ----electing a University President' - goro


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
resource
Resource
  • Person
    • D. Chaum (mixnet in 1981)
    • J. Benaloh (casting protocol in 1994)
    • Ben Adida (Helios)
  • Paper
    • Internet voting, security and privacy
    • Helios: web-based open audit voting(2009)
    • Helios: electing a University President using Open-Audit voting: Analysis of real-world use of Helios(2010)
    • Secure electing voting—a framework(E2E)
    • Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example
  • Advances in Cryptographic Voting Systems, MIT, 2006

http://ben.adida.net/presentations/

roadmap
Roadmap
  • Problem and background
    • Internet Voting, Security and Privacy
    • Voting Security Overview
  • Helios(2008-v1.0,2009-v2.0,2011-v3.1+)
    • Web-based open-audit voting
    • Electing an University President(March,2009)
    • How to install Helios v3.1 in my own server
    • Attack and Defense
  • A possible end
internet voting security and privacy
Internet voting, Security and Privacy
  • Law
  • Security
    • Client
      • Bug and OS(网页挂马攻击, PKI证书欺骗)
    • Server
      • Database(phishing 假冒投票网站)
    • Network (redirect)
      • DNS(DNS poisoning)
      • BGP(路由欺骗)
      • Route(放大攻击,IP欺骗,DHCP安全协议问题 , SYN洪泛,UDP洪泛,TCPRST攻击,TCP会话劫持, 路由欺骗)
  • Privacy
background
Background
  • E-voting history
    • Greece
    • Paper ballots
    • Voting machine
    • Internet and real world voting(March, 2009)
      • ?US president(Bush), Diebold, 2000 (Kohno-Stubblefield-Rubin-Wallach)
      • Helios2.0: web-based open audit voting system
voting security overview
Voting Security Overview

黄蓉心仪:郭靖

欧阳锋(A Coercer):欧阳克

helios open audit e voting system
Helios: open-audit e-voting system
  • Problem
    • How to get a result by voting?
    • Chain of custody
    • Low-coercion (胁迫性)
  • Technical concept
    • MixNet (Server, protect the relationship by crypt)
    • Benaloh casting protocol(audit back-end counting)
      • Moving the black box
    • Zero-knowledge proof
      • Verify operations on encrypted data
problem
Problem

黄蓉选:黄药师

郭靖选:洪七公

欧阳克选:欧阳锋

helios 2 0
Helios 2.0
  • Hardware and software
    • Linux, MS, MacOS
    • Web browser(Safari2/3, Firefox 2.0/3.0, IE6/7/8, Chrom1.0)+JavaScript (Client)
    • Free/open source software stack(v2.0), python(Django web toolkit for python) Postgre SQL database
    • PHP(v3.1 server)
  • http://heliosvoting .org (registered by facebook or google)
  • Zero-Knowledge Proof
  • MixNet
  • Benaloh Casting
from helios 1 0 to 2 0
From Helios 1.0 to 2.0

http://code.google.com/appengine/

slide31

The voting website was successfully tested on Linux, Mac OSX and Windows with the

Firefox 2 and 3, Internet Explorer 6, 7 and 8, Safari 2 and 3, and Chrome 1 web browsers.

helios attacks and defense
Helios--Attacks and Defense
  • Estehgari-Desmedt, August 2010
    • http://www.cs.ucl.ac.uk/staff/y.desmedt/slides/Hacking-Helios2.pdf
    • http://www.usenix.org/event/evtwote10/tech/full0papers/Estehgari.pdf
  • Wikströn and Smyth-Cortier, December 2010
    • http://www.di.ens.fr/cryptoSeminaire.html/#Attacking_ballot_secrecy_in_Heli
helios how to install 1
Helios: how to install(1)
  • How to install Helios v3.1 in my own server
slide65
回顾金庸原著与83版华山论剑
  • 第一局
    • 洪七公、黄药师、郭靖
    • 郭靖胜出
  • 第二局
    • 欧阳锋、洪七公+黄药师+郭靖
    • 欧阳锋胜出
  • 结局
    • 黄蓉给欧阳锋设的局
    • 一个哲学问题 : “我 是 谁”
slide66
候选人的竞选宣言
  • 洪七公(计算机系主任)
    • 大学教育
  • 黄药师(数学系主任 )
    • 学科建设
  • 欧阳锋(化学系主任)
    • 千万别出事
slide67
投票系统使用前的对决
  • 黄蓉(计算机系网络安全博士)
    • 准备了一批基于硬件虚拟化的机器供有意使用官方机器的投票者使用
      • 去掉原有硬盘、关掉无线与远程控制功能
      • 修补漏洞与软件更新
    • 多个物理独立的服务器分别完成注册、发票与计票工作
    • 投票系统上线测试一个月
      • 食堂门前、教室BBS、电梯间内广发宣传册
    • 学习相关法律文件,检查隐私权保护及密钥使用权限
slide68
投票系统使用前的宣传工作
  • 校园内宣传选举时间及系统使用演示视频
    • 午饭时间(食堂内电视)
    • 教室墙壁张贴打印版
    • 论坛BBS公开源代码
  • 注册时间可选且可试用测试投票系统
  • 投票时间机动可选
slide69
投票系统使用前的对决
  • 欧阳克在软件测试与投票人注册时可访问系统间隙的工作
    • 邮箱、URL挂马
    • 办公软件(文档编辑)漏洞挂马
    • cookie
    • 网页挂马
    • 利用自动更新功能于后台分版分步下载恶意软件
    • 篡改投票内容(引入另一链接)
    • 改变候选人的竞选宣言的链接
slide70
故事接龙之投票网站攻与防
  • 华筝(来自M大的交流学生)/梅超风(计算机系研究生)
    • 伪装成victim/HoneyPot诱出攻击者
    • 跟踪IP地址找到攻击机来源并入侵到攻击者机器中
    • 利用自动更新系统收集rootkit代码数据并转交郭靖(程序比特位对齐技术已获专利)
  • 郭靖的防御(网络管理员)
    • 购置并学习使用网络流量实时监控协议分析仪
    • 依据攻击代码,修改程序
    • 投票系统正式上线前一天晚上完成代码优化工作
slide71
投票系统上线前的准备工作
  • A set of secured client machines for voters who wished to use an official voting machine
    • 供投票者使用的开放实验室机房(基于ZEN的虚拟机系统)
    • 紧急调用具有干净系统的备用机器(客户端)
  • Implemented its own, high-speed, offline tallier and verifier
  • 密钥产生过程(专家现场监督与断网专用机)
slide72
故事接龙之投票网站攻与防
  • 候选人
    • 洪七公、黄药师、欧阳锋
  • 投票人
    • 全校教师、学生、工作人员、技术人员
  • 黄蓉的纠结
    • 弃权?
    • 一人一票?东邪?洪七公
    • 一人三票:郭靖、东邪、洪七公(下一步工作)
slide73
T 大校长选举
  • 遴选什么样的校长
    • 一流的教育家
      • 个人成就
      • 门下桃李(黄蓉、郭靖)
      • 同辈
        • 南帝、东邪、老顽童
        • 西毒