1 / 15

Threat Analysis of Cryptographic Voting Schemes

Threat Analysis of Cryptographic Voting Schemes. Peter Y A Ryan and Thea Peacock University of Newcastle. Overview. Cryptographic voting schemes. Towards a taxonomy of threats and countermeasures. Conclusions. Cryptographic Voting Schemes.

nira
Download Presentation

Threat Analysis of Cryptographic Voting Schemes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Threat Analysis of Cryptographic Voting Schemes Peter Y A Ryan and Thea Peacock University of Newcastle P Y A Ryan and Thea Peacock Prêt à Voter

  2. Overview • Cryptographic voting schemes. • Towards a taxonomy of threats and countermeasures. • Conclusions. P Y A Ryan and Thea Peacock Prêt à Voter

  3. Cryptographic Voting Schemes • Many voting systems using cryptographic techniques have been proposed recently. • Strive to provide high levels of assurance of accuracy and secrecy with minimal trust in officials, suppliers, software etc. • Verify the election not the system! • Unconditional integrity: guarantees of integrity not dependent on assumptions about adversary computational capabilities. • Voter verifiability: voters can confirm that their vote is accurately counted whilst not being able to prove to a third party which way they voted. P Y A Ryan and Thea Peacock Prêt à Voter

  4. Vulnerabilities • These schemes have excellent properties, but various vulnerabilities have been identified. • Vulnerabilities often reside in the (sometimes implicit) assumptions. Often of a socio-technical nature. • See for example Karlof et al, [7], for Chaum and Neff and Peacock and Ryan and Peacock, [5], for Prêt à Voter. • Usually straightforward countermeasures can be proposed once the vulnerability has been identified. • But need a more systematic way to identify vulnerabilities. • Here we take a stab at putting together a taxonomy of known vulnerabilities and counter-measures. P Y A Ryan and Thea Peacock Prêt à Voter

  5. Categories • Preliminary and incomplete: • Information flows • Social engineering • Implementation • Denial of service. • Collusion attacks • Coercion/vote-buying. • Psychological P Y A Ryan and Thea Peacock Prêt à Voter

  6. A Menagerie of Vulnerabilities • Need to trust Authorities for secrecy (not for accuracy). • Need to protect (pre-printed) ballot form information (chain of custody, chain voting etc.) • Need to trust the auditors (absence of collusion with the tellers). • Need to trust tellers not to leak information (aside from audit info). • Subliminal, side, kleptographic channels, “invisible” dots etc. • “Social engineering” attacks. • Undermining trust. • Enforcing information erasure. • Separation of teller modes, i.e., ensure that each ballot form is processed only once. • Need to constrain the Web Bulletin Board audits, i.e., reveal only L or R links. • Vulnerabilites in implementation of secure web bulletin boards. • Ballot stuffing. • DoS attacks. • Failures of surrounding system: electoral role, voter authentication etc. P Y A Ryan and Thea Peacock Prêt à Voter

  7. Subliminal and side channels • Many crypto schemes are potentially vulnerable to subliminal, side and kleptographic channels. • Voter’s choice is communicated in the booth to the encrypting device. Hence the device might leak information via random of semantic or side channels. • In Prèt à Voter, non-determinism is resolved before voter choices are revealed or association between ballot forms and voters is established. • And voter choice is not communicated to the device. P Y A Ryan and Thea Peacock Prêt à Voter

  8. Kleptographic channels • These occur where a crypto device may select crypto variables in such a way to leak information to a colluding party. • Prêt à Voter 2005, [3], is vulnerable: The Authority might choose seed values in such a way that a certain keyed hash of the onion value leaks information about the candidate list to a colluding entity (who shared the hash key). • Note: Authority behaviour looks innocent. • Distributed generation of ballot forms will counter this: no single entity determines the crypto variables, see [6]. P Y A Ryan and Thea Peacock Prêt à Voter

  9. Social engineering attacks • Cryptographic voting schemes frequently involve moderately complex protocols between the voters and the devices. • Opens up possibilities for a malicious device to fool the voter about the protocol sequence, e.g., turning a cut-and-choose into a choose-and-cut. • Prêt à Voter 2005 seems fairly immune due to extremely simple protocol sequence. • Established crypto protocol analysis tools and techniques may help here (need suitable, Dolev-Yao style models of potentially malicious devices) P Y A Ryan and Thea Peacock Prêt à Voter

  10. Psychological attacks • Particularly for systems employing encrypted receipts, there may be potential for psychological attacks: adversary claims (falsely but plausibly) to be able to decrypt receipts. • Difficult to counter other than be education, demonstrations etc. P Y A Ryan and Thea Peacock Prêt à Voter

  11. Ballot stuffing • Having the voters check for the appearance of their receipt on the WBB doesn’t detect ballot stuffing: in which the authorities add spurious receipts. • Counter-measures: • Check numbers of votes cast again number posted. • A Verified Encrypted Paper Audit Trial (VEPAT), [5], might help here. • Incorporate voter signatures? P Y A Ryan and Thea Peacock Prêt à Voter

  12. Denial of Service • Tricky in general. • Verified Encrypted Paper Audit Trial might help. • Re-encryption mixes help: can bin faulty mix tellers and rerun mixes and audits if necessary. P Y A Ryan and Thea Peacock Prêt à Voter

  13. Conclusions • Initial stab at constructing a taxonomy of threats and vulnerabilities for crypto voting schemes. • Much more needs to be done. • A survey of all known threats and vulnerabilities would be useful. • Complete coverage probably impossible • Formal information flow analysis techniques and tools, e.g., identifying where and when and by whom non-determinism is resolved, may help identify potential causal flows. • Protocol analysis tools may help identity social engineering attacks. • To what extent can vulnerabilities be systematically identified by analysis of a model against requirements. • Requires complete, formal requirements. • Requires a complete system model • Both are challenging, arguably impossible: • No consensus on requirements-often driven by threat analysis anyway • Complete models are impossible and need to cover human user aspects etc. P Y A Ryan and Thea Peacock Prêt à Voter

  14. References • [1] David Chaum, Secret-Ballot receipts: True Voter-Verifiable Elections, IEEE Security and Privacy Journal, 2(1): 38-47, Jan/Feb 2004. • [2] P Y A Ryan, “A Variant of the Chaum Voter-verifiable Election scheme”, WITS, 10-11 January 2005 Long Beach Ca. • [3] D Chaum, P Y A Ryan, S A Schneider, “A Practical, Voter-Verifiable Election Scheme”, Newcastle TR 880 December 2004, Proceedings ESORICS 2005, LNCS 3679. • [4] B Randell, P Y A Ryan, “Trust and Voting Technology”, NCL CS Tech Report 911, June 2005, to appear IEEE Security and Privacy Magazine. • [5] P Y A Ryan, T Peacock, “Prêt à Voter, A Systems Perspective”, NCL CS Tech Report 929, September 2005, submitted to ESORICS 2006. • [6] P Y A Ryan and Steve A Schneider, “Prêt à Voter with re-encryption mixes”, Newcastle CS TR 956, April 2006, submitted to ESORICS 2006. • [7] C. Karlof and N. Sastry and D. Wagner, "Cryptographic Voting Protocols: A Systems Perspective“, USENIX Security Symposium", LCNS 3444, pp 186-200“, Springer-Verlag 2005. P Y A Ryan and Thea Peacock Prêt à Voter

  15. Announcement Workshop On Trustworthy Elections (WOTE 2006) Robinson College, Cambridge, United Kingdom June 29 - June 30, 2006 http://www.wote2006.org P Y A Ryan and Thea Peacock Prêt à Voter

More Related