+ All Categories
Home > Documents > Secure Electronic Voting

Secure Electronic Voting

Date post: 04-Jun-2018
Category:
Upload: daemongrec
View: 230 times
Download: 0 times
Share this document with a friend

of 28

Transcript
  • 8/14/2019 Secure Electronic Voting

    1/28

    SecureSecureElectronicElectronic

    VotingVotingDr. Costas LambrinoudakisDr. Costas LambrinoudakisLecturer Lecturer

    Dept. of Information and Communication Systems EngineeringDept. of Information and Communication Systems EngineeringUniversity of the AegeanUniversity of the Aegean

    GreeceGreece

    &&

    ee--Vote Project, Technical Director Vote Project, Technical Director European Commission, IST ProgramEuropean Commission, IST Program

  • 8/14/2019 Secure Electronic Voting

    2/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    2

    What is electronic voting?

    An electronic voting (e-voting) system is a votingsystem in which the election data is recorded, stored and

    processed primarily as digital information. Network Voting System Standards ,

    Voting

    Paper voting E-voting

    Paper ballots ...

    Punchcards

    Polling place

    voting

    Internet

    voting

    Precinctvoting

    Kioskvoting

    VoteHere, Inc., April 2002

  • 8/14/2019 Secure Electronic Voting

    3/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    3

    Do we need electronic voting systems? *

    Electronic voting has been considered to be anefficient and cost effective alternative / complement of the conventional voting procedureThey could lead to increased voter turnout , thussupporting democratic process .They could give elections new potential (by providing

    ballots in multiple languages, accommodating lengthy ballots, etc.) thus enhancing democratic process .They could open a new market , supporting thecommerce and the employment.

    * D. Gritzalis (Ed.), Secure Electronic Voting , Kluwer Academic Publishers, USA, January 2003.

  • 8/14/2019 Secure Electronic Voting

    4/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    4

    Opportunities for electronic voting

    Most countries believe that Internetvoting will occur within the next

    decade.Internet voting options satisfyvoters desire for convenience.

    Internet voting can satisfy therequirements of people with specialneeds.

    Several countries are willing to try Internet voting for asmall scale election (local regional).The technology is available.

  • 8/14/2019 Secure Electronic Voting

    5/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    5

    Barriers to electronic voting

    Lack of common voting systemstandards across nations.Time and difficulty of changingnational election laws.Time and cost of certifying a votingsystem.

    Security and reliability of electronic voting.Equal access to Internet voting for all socioeconomicgroups.

    The Digital Divide problem (both for electionorganisers and voters).Political risk associated with trying a new voting system.

    Need for security and election experts.

  • 8/14/2019 Secure Electronic Voting

    6/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    6

    Generic voting principles

    Only eligible persons can vote.

    No person can vote more than once.The vote is secret.

    Each (correctly cast) vote gets counted.The voters trust that their vote is counted.

    Internet Policy Institute,

    Report of the National Workshop on Internet Voting,

    March 2001

  • 8/14/2019 Secure Electronic Voting

    7/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    7

    Identifying e-Voting Requirements

    but do we really know what is the expectedfunctionality from an e-voting system ?

    to which election process does it apply(General Elections, Internal Elections, Polls .) ?

    Does it comply with the existing legalframework ?Is it secure ?Are the actors (users) of the system and theirroles clearly defined ?

  • 8/14/2019 Secure Electronic Voting

    8/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    8

    Identifying e-Voting Requirements

    An e-voting system may be specified either

    as a set of guidelines to be adopted forensuring conformance to the legislation .(State Authority point of view)

    Two approaches for .. what we need:

    or

    in terms of the problems associated with the provision of the adequate level of security(anonymity, authentication, tractability, etc.).

    (System Engineer point of view)

  • 8/14/2019 Secure Electronic Voting

    9/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    9

    Identifying e-Voting Requirements

    none of these approaches is complete!

    Legal Requirements Abstract formulations(Laws, Principles etc)

    Functional RequirementsUsability Properties

    Non-Functional RequirementsSecurity and System Properties

    (flexibility - efficiency etc)

  • 8/14/2019 Secure Electronic Voting

    10/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    10

    Identifying e-Voting Requirements

    A third approach, proposed by the e-VOTE project *:Requirements elicitation based on a Generic Voting

    Model , taking into account the :European Union legislation.Organisational details of the conventional voting processes.Opportunities offered and the constraints imposed by state-of-the-art technologies.

    Aim of the developers is to express:The legal requirements.

    The security (non-functional) requirements.The functional requirements.

    as a User Requirements Specification document thatsets specific Design Criteria .

    Consortium: Q&R (GR), Univ. of the Aegean(GR), Cryptomathic (DK), Univ. of Regensburg (D), Municipality of Amaroussion(GR), Self Governing Region of Kosice (SK)

  • 8/14/2019 Secure Electronic Voting

    11/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    11

    Design Criteria(Non-functional: Security and other System Properties)

    For an electronic voting system to comply with theFor an electronic voting system to comply with theconstitutional and legal requirements, it must exhibitconstitutional and legal requirements, it must exhibitspecificspecific security propertiessecurity properties , aiming at protecting the:, aiming at protecting the:DemocracyDemocracy : Only eligible voters are allowed to vote and

    each eligible voter can only cast a single vote.AccuracyAccuracy : The announced tally exactly matches the actual

    outcome of the election, implying that no onecan change anyone elses vote, all valid votesare included in the final tally and no invalid voteis included in the final tally.

    PrivacyPrivacy : No one should be able to determine how anyother individual voted.

    IntegrityIntegrity : Votes should not be able to be modified withoutdetection.

    VerifiabilityVerifiability : Mechanisms for auditing the election in order to

    ensure that it has been properly conducted(Universal or IndividualUniversal or Individual ).

  • 8/14/2019 Secure Electronic Voting

    12/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    12

    Design Criteria(Non-functional: Security and other System Properties)

    RobustnessRobustness : No reasonably sized coalition of voters orauthorities may disrupt the election.Protection against external threats and attacks,e.g. denial of service attacks.

    Non Non --coercibilitycoercibility : Voters should not be able to convince anyother participant on what they have voted.There is no receipt proving the content oftheir vote.

    Fairness:Fairness: Ensures that no one can learn the outcome ofthe election before the announcement of thetally.

    Verifiable ParticipationVerifiable Participation :Ensures that it is possible to find out whethera particular voter has participated in theelection by casting a ballot or not.

    TransparencyTransparency : Participants should be able to possess a

    general understanding of the entire process.

  • 8/14/2019 Secure Electronic Voting

    13/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    13

    Design Criteria(Non-functional: Security and other System Properties)

    FlexibilityFlexibility : Equipment should allow for a variety of ballotquestion formats, in various languages andadaptable to many types of election processes.

    ConvenienceConvenience : Voters should be able to cast votes withminimal equipment and skills.

    ReliabilityReliability : The system must be resistant to randomlygenerated malfunctions.

    Voter MobilityVoter Mobility : There should be no restrictions on thelocation from which a voter can cast a vote.

    EfficiencyEfficiency : Overall system performance (the complexityof the scheme becomes a crucial system

    parameter).The time needed by a voter to cast a ballot poses an upper boundary to the number ofvoters that are allowed to participate in a

    specific election ( scalabilityscalability ).

  • 8/14/2019 Secure Electronic Voting

    14/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    14

    Design Criteria(Functional Requirements)

    Support all essential services for organizingand conducting an opinion expressing process:

    PollDecision-making (e.g. Referenda)Internal election

    General election

    Depending on the specific process, the servicesmay include voter registration, vote casting,voter authentication, calculation of the votetally, verification of the election result, etc.

  • 8/14/2019 Secure Electronic Voting

    15/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    15

    Requirements for different typesof election processes

    The General Election requirements are practically asuperset of those regarding the other election processes

    General elections

    Internal elections

    Decision-making procedures(e.g. Referenda)

    Polls

  • 8/14/2019 Secure Electronic Voting

    16/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    16

    The e-VOTE System

    Provides all the necessary services for organising andconducting a voting process.

    Election Set-up ; Supports election organisers to register alleligible voters, issue authentication means, ballot generation,management and specification of voting districts etc.

    Election in Progress ; Offers an easy and user friendlyenvironment for the interaction of the voter with the systemthrough a conventional WWW browser.Election Concluded ; Automatic generation of the vote tally

    Modular and highly flexible multi-tier architecture thatsupports a wide range of voting processes (use ofelection templates)

    Its operation is independent of the geographical

    coverage of the voting process and thus the number ofvoting districts and voters.

  • 8/14/2019 Secure Electronic Voting

    17/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    17

    The e-VOTE System

    The Voting Protocol (Damgaard-Jurik) has been basedon a homomorphic encryption scheme known as the

    Generalised Paillier encryption scheme.Instead of hiding the identity of the voters, usinganonymous voting methods, the protocol hides the

    contents of the ballot itself. The ballot is submitted in atraceable manner, attached to the voter identity, so thatthe verifiability property is easily satisfied.

    The vote tally can be calculated without decrypting anyof the ballots .

    E (T 1) E (T 2) = E (T 1 T 2)

  • 8/14/2019 Secure Electronic Voting

    18/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    18

    The e-VOTE System

    The clear text vote (M j) is encrypted, and a zero-knowledge proof that the cipher-text vote is of the formM j for j in [0,..,L-1] is produced. The encrypted vote is

    the pair of the cipher text and the zero-knowledge proof.The encryption of the vote is done through a public key.

    The decryption of the result is done through a private key

    that has been secret-shared to the tally servers. The shareshave to be constructed w.r.t. a threshold value t so that noinformation about the private key leaks as long as t servers are corrupt. t+1 servers are needed for decrypting

    the result. No competing protocols using homomorphic encryption;the ordinary ElGamal is too slow for large number of

    voters and candidates.

  • 8/14/2019 Secure Electronic Voting

    19/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    19

    The e-VOTE System

    Registrationclient

    CA

    Web browser

    Webserver

    Message board

    Tallyserver

    Tallyserver

    Administrativeclient

    Voter

    PKCS#10/PKCS#7

    Decryption shares

  • 8/14/2019 Secure Electronic Voting

    20/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    20

    Is a Secure Voting Protocol Enough ??

    A lot of research effort has been spent on designingand building voting protocolsvoting protocols that can support the

    voting process, while fulfilling the securityrequirements (design criteria).

    However, not much attention has been paid in the

    administrative partadministrative part of an electronic voting systemthat supports the actors of the system to set-up theelection.

    Possible security gapssecurity gaps in the administrativeworkflow of the system may result in deterioratingthe overall security level of the system.

  • 8/14/2019 Secure Electronic Voting

    21/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    21

    Workflow

  • 8/14/2019 Secure Electronic Voting

    22/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    22

    Identified System Actors

    Actors Description

    Election OrganizersPeople responsible for organizing the election processand ensuring that it is properly conducted.

    Election Personnel People actually performing the system use-cases, underthe supervision of Election Organizers.

    Judicial Officers People responsible for monitoring the election process

    and ensuring that it is carried out in a legal way.Party Representatives People appointed by parties to monitor the election process.

    Independent ThirdParties

    People neutral from participating parties, responsiblefor monitoring the election process and for providing

    reasonable assurance with regard to the integrity of it.Voters People eligible to participate in the voting process.

    Actors participation in e voting:

  • 8/14/2019 Secure Electronic Voting

    23/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    23

    Actors participation in e-voting: Authorization and Validation

    Use cases can only be performed byauthorized actorsauthorized actors ("roles")

    An additional validation phasevalidation phase is employed

    before committing the outcome of a use caseThe validation phase is implemented through aseparate use case, namely the "Validate Action"

  • 8/14/2019 Secure Electronic Voting

    24/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    24

    Actors participation in e-voting

    Use Case ValidateAction

    Use Caseactivation

    Participating Roles

    Election

    Organizer

    Party

    Representative

    Election

    Personnel

    Voter Judicial

    Officer

    Independent

    Third Party

    AuthenticateActor

    A A A A A A

    Validate Action N/A A A A A

    Modify SystemState

    A V V

    ManageElectionDistricts

    V A

    ProvideElection

    SystemParameters

    V A V

  • 8/14/2019 Secure Electronic Voting

    25/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    25

    Actors participation in e-votingUse Case Validate

    ActionUse Caseactivation

    Participating Roles

    ElectionOrganizer

    PartyRepresentative

    ElectionPersonnel

    Voter JudicialOfficer

    IndependentThird Party

    Manage Voters V A

    ProvideAuthenticationMeans

    V A

    Manage Parties V A

    ManageCandidates

    V A

    Preview Ballots A A A

    Cast Vote A

    Tally Votes A V V V

    Verify ResultIntegrity

    A V V

    (Secure) Electronic voting:

  • 8/14/2019 Secure Electronic Voting

    26/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    26

    (Secure) Electronic voting:(instead of) Conclusions

    Description of actor roles together withclear indication of what each actor isallowed to do with the system, formulate anoperational framework operational framework that complements thetechnological security features of the system

    Rapidly emerging issue...

    Of a socio-technical nature...

    Contradicting views...Further experimentation is needed

    in the meantime, as complementary only!in the meantime, as complementary only!

  • 8/14/2019 Secure Electronic Voting

    27/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    27

    The debate is still going on...

    The shining lure of this hype-tech voting schemes is only atechnological fools gold that will create new problems far moreintractable than those they claim to solve.

    P. Newmann (SRI) (2002)

    An Internet voting system would be the first secure networkedapplication ever created in the history of computers.

    B. Schneier (Counterpane) (2002)

    At least a decade of further research and development on thesecurity of home computers is required before Internet voting fromhome should be contemplated .

    Ron Rivest (MIT) (2001)

  • 8/14/2019 Secure Electronic Voting

    28/28

    COMPSEC-2003 / Friday 31-10-2003 C. Lambrinoudakis

    Secure Electronic Voting

    28

    Something like a moto...

    Electronic voting:Electronic voting:BetweenBetween pessimism pessimism (bureaucracy)(bureaucracy)

    andand optimismoptimism (technology)(technology) we choose we choose realismrealism (democracy)(democracy) !!


Recommended