1 / 22

Code Voting

Code Voting. A simple way to prevent automatic vote manipulation at voter’s computer Rui Joaquim – Carlos Ribeiro IPL / INESC-ID. Introduction (1/2). Electronic voting Pros: Voter’s mobility, faster vote count. Prevents frauds, saves money and trees. Cons:

shiela
Download Presentation

Code Voting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Code Voting A simple way to prevent automatic vote manipulation at voter’s computer Rui Joaquim – Carlos Ribeiro IPL / INESC-ID

  2. Introduction (1/2) • Electronic voting • Pros: • Voter’s mobility, faster vote count. • Prevents frauds, saves money and trees. • Cons: • Our democracies in the hands of voting machine vendors. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  3. Introduction (2/2) • To avoid being in the hands of voting machine vendors, researchers suggest: • Open software/hardware. • Use of paper audit trails to confirm the machine results. • Use of cryptographic protocols that prevent vote manipulation and protect voter’s privacy. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  4. Motivation • How to extend electronic voting to Internet voting in a secure way? • The voter’s PC is in an uncontrolled environment. • The voter’s PC can be manipulated, therefore the voter’s vote can also be manipulated. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  5. Related work • Use a hybrid system where the voter gets a list of candidate codes before the election [UK02] • Problems: the candidate codes must be delivered before the election and no cryptographic protocols can be used because the vote is translated at server side. • Use randomized encrypted ballots [KZ06] • Problems: the voters must deal directly with cipher texts and it requires a secure external channel. • Use trusted computing technology [VASS06] • Problems: revocation of tampered TPMs, not yet a mature technology. • Use of special hardware (little voting machine) adapted to the voter’s PC [ZCR07] • Problems: special hardware. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  6. Our goals • Prevent vote manipulation at the voter’s PC, i.e. create a secure and human usable channel between the voter and a trusted component of the voting system. • Additionally: • Rely only on standard or near to standard devices (USB interface or smartcard reader) • Allow the use of cryptographic protocols to prevent vote manipulation at server side Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  7. Main idea • Use a common “standard trusted device”, i.e. a smartcard, as the trusted component at the client side. • Use the smartcard to execute the cryptographic steps of the voting protocol. • Create a secure and human usable channel to communicate with the smartcard using the untrusted voter’s PC. • Adapting the concept of candidate codes to run locally between the voter and the smartcard. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  8. Provide secure voter’s authentication. • Translates the candidate code on the Code Card to a concrete vote and encrypts it. • The Code Card has the candidate codes and confirmation codes that assure to the voter that every thing is right with the voting protocol. • Untrusted voter’s PC that mediate the interaction between the voter, the election server and the Voter Card. Voter Card • Election server(s) that collect the votes and perform the vote count. Code Card Architecture components overview Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  9. Code Card Code Card Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  10. Voting procedure (1/4) • First the application running on the voter’s PC (APP) displays the ballot to the voter. Election for the Most Important Figure in Security A - Alice B - Bob C - Eavesdropper D - Attacker Enter your option code: Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  11. Voting procedure (2/4) • The voter chooses her favorite candidate using the corresponding code on her Code Card. Election for the Most Important Figure in Security A - Alice B - Bob C - Eavesdropper D - Attacker Enter your option code: WL764 Code Card Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  12. Voting procedure (3/4) • Then the voter confirms her choice with the confirmation code. Election for the Most Important Figure in Security A - Alice B - Bob C - Eavesdropper D - Attacker Selected option code: WL764 Insert vote confirmation code: AW39F8BV Code Card Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  13. Voting procedure (4/4) • Finally, the Voter Card translates the candidate code to a concrete vote on the chosen candidate, encrypts the vote and sends it to the election server and confirms the delivery with the “confirmed vote delivery code”. Election for the Most Important Figure in Security A - Alice B - Bob C - Eavesdropper D - Attacker Selected option code: WL764 Vote confirmation code: AW39F8BV Confirmed vote delivery code: 6HKG2Q75 Code Card Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  14. Evaluation • Goals achieved • The client application running on the voter’s PC cannot manipulate the vote because it does not know the codes on the Code Card. • Simple solution (usable by common voters). • Requires only a smartcard reader. • Allow the use of cryptographic protocols to prevent vote manipulation at server side. • Improved anonymity • APP never knows the vote nor who is the voter Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  15. Code Card Future work • Large candidate lists • Redesign the concept of the Code Card to allow the easy use of Code Voting solution on elections with large candidate lists. • Simultaneous elections • Prevent blind votes by APP in the case of simultaneous elections. • Code Card reuse • It is possible to link the confirmation codes from one election to another, therefore this may allow the cast of blind votes on the second and subsequent elections. • Possible solutions: allow the voter to generate a new Code Card or use a new concept for the Code Card codes. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  16. Code Card II Code Card Election for the Most Important Figure in Security 18747 - Alice 39448 - Bob 23745 - Eavesdropper 83653 - Attacker Enter your option code: VNTMU Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  17. References • [UK02] UK’s National Technical Authority for Information Assurance: e-Voting Security Study. http://www.ictparliament.org/CDTunisi/ict\_compendium/paesi/uk/uk54.pdf. July 2002. • [KZ06] Kutylowski, Zagorski: Coercion-Free Internet Voting with Receipts. Workshop on e-Voting and e-Govrnment in the UK. February 2006. • [VASS06] Volkamer, Alkassar, Sadeghi, Schulz: Enabling the Application of the Open Systems like PCs for Online Voting. In FEE 06. September 2006. • [ZCR07] Zúquete, Costa, Romao: An Intrusion-tolerante Voting Client System. 1st Workshop on Recent Advances on Intrusion-Tolerant Systems. 2007 Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  18. The end • Questions? Rui Joaquim rjoaquim@cc.isel.ipl.pt Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  19. Extra timeElection preparation • Voter registration • Voter gets her Vote Card (VC) and the corresponding Code Card (CC). • Voter Card has the voter private key and the election’s authority (EA) public key. • Key generation (re-encryption mix net) • The mix servers jointly generate a shared election’s key and get it signed by the election’s authority. • The bulletin board (BB) generates its own key and get it signed by the election’s authority. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  20. Voting protocol sketch (1/3) 1 - Voter unlocks her Voter Card. V -> APP -> VC: PIN VC -> APP: OK message 2 – Voter authenticates to the Bulletin Board and gets the ballot. APP -> BB: Ballot request BB -> APP -> VC: Cert(BBK)EA , r1 VC -> APP -> BB: {Vid , r2, Sign(r1,r2)VK }BBK BB -> APP: Ballot, {Eid , EK, Sign(Eid , EK )EAK , r2}VK Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  21. Voting protocol sketch (2/3) 3 - Voter chose the candidate using the Code Voting protocol. V -> APP: secret candidate code (SCC), confirmation code (CoC) APP -> VC: SCC, CoC, {Eid , EK, Sign(Eid , EK)EAK , r2}VK 4 – The Voter Card confirms the message received from the Bulletin Board and the voting codes. Then, it translates the vote, encrypts it and sends it to the Bulletin Board. VC -> APP -> BB:{Eid, {vote}EK, Sign(Eid , {vote}EK )VK , Vid}BBK 5 – The Bulletin Board Confirms the vote. BB -> APP -> VC: {Sign(h(Sign(Eid , {vote}EK )VK ))BBK}VK Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

  22. Voting protocol sketch (3/3) 4 - The Voter Card confirms the receipt and issues the confirmed vote delivery code. VC -> APP: Confirmed vote delivery code 5 - The mix servers mix the votes and issue proofs of correct behavior. 6 – A quorum of mix servers decipher the votes, issue proofs of correct behavior and perform the vote count. Dagstuhl - Frontiers of Electronic Voting 29.07.07 - 03.08.07

More Related