Providing Trusted Paths Using Untrusted Components

# Providing Trusted Paths Using Untrusted Components

## Providing Trusted Paths Using Untrusted Components

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
##### Presentation Transcript

1. Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology andre@cc.gatech.edu

2. Electronic Voting • Assumptions: • There is a framework for electronic voting • All the crypto is embedded in the framework. • Smart cards, USB tokens, or any other portable tamper resistant device adds security to electronic voting. • Problem: • Would a tamper proof smart card solve all problems of electronic voting?

3. Do You Know to Whom are you Voting ?

4. What is the problem? I vote for John • The devices that are used for direct I/O with a human needs to be tamper proof. • So, not only the card needs to be tamper proof …. Hommer’s Vote is for Bob • Or NOT ????

5. Hard AI Problems • Informally, something that humans can do easily but computers can't. • CAPTCHA -- Completely Automated Turing Test to Tell Computers and Humans Apart • Generate random message, transform it, ask human to repeat it • Transformation problem: • Subset of hard AI problems that transform a message • Example: distort text of message so that only humans can read it

6. KHAP: Keyed Hard AI Problems • A transformation problem that includes a shared secret key • Instances generated with different keys are distinguishable • Computers can't steal keys from messages • Formalisms (t=T(m,k) is (α, β, γ, δ, ε, ζ)-keyed transformation) • the probability that a human can extract m from t is at least α • the probability that a human with knowledge of k can correctly verify whether k was used to create t is at least β • there does not exist a computer program that runs in time ζ such that the probability of the program extracting m from t is greater than γ • there does not exist a computer program that runs in time ζ such that the probability of the program extracting k from t is greater than δ • let A be a computer program that modifies t to include m’ ≠m; there does not exist an A that runs in time ζ such that the probability of a human failing to detect the modification is greater than ε

7. Protocol

8. 3-D Keyed Transformation • Render text and objects in a 3-D scene to 2-D image (raytrace) • Randomize parameters (lighting, position, rotation, size, colors) • Human can read text from 2-D image • Key is appearance of objects • Human looks for particular objects in scene • Scene is hard to modify in a meaningful way (shadows, reflections, finding objects) • Provide authenticity (presence of keys) and integrity (modifications can be detected by human)

9. E-Voting using 3-D Images

10. E-Voting using 3-D Images

11. Considerations • How does a human confirm a message? • Disconnect, or not, trusted platform • When should you connect your platform? • Confirmation word • How does a low computing power device performs the transformation? • Can use (semi) trusted servers connected using an anonymizing network • Needs to worry about covert channels • What is the best transformation? • Others examples are speech and text.

12. Considerations • Replays and Human Professors • Time stamps • Aging • Spatial relationships • Easy to guess keys • Cute puppy dog! • May be easier to avoid

13. Conclusions • This is a general approach for interacting with trusted computers • Many features of electronic voting systems help the use of this approach • Easy to use • Avoid computation, memory aids: ask humans to do what they do best • Some problems are intuitive (e.g., recognizing voice)