Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Voting © Copyright 2004, Credentica Inc. All Rights Reserved. Dr. Stefan Brands Credentica & McGill School of Computer Science June 8, 2004.

Similar presentations


Presentation on theme: "Electronic Voting © Copyright 2004, Credentica Inc. All Rights Reserved. Dr. Stefan Brands Credentica & McGill School of Computer Science June 8, 2004."— Presentation transcript:

1 Electronic Voting © Copyright 2004, Credentica Inc. All Rights Reserved. Dr. Stefan Brands Credentica & McGill School of Computer Science June 8, 2004 Presented to: EA Open House 2004, Ontario

2 2 © Copyright 2004, Credentica Inc. All Rights Reserved Content Part I Basics Part II Analysis of e-voting solutions Part III Recommendations Appendix “It's not the people who vote that count, it's the people who count the votes” - Attributed to Joseph Stalin

3 3 © Copyright 2004, Credentica Inc. All Rights Reserved Part I Basics

4 4 © Copyright 2004, Credentica Inc. All Rights Reserved Traditional voting (“Australian secret ballot”) Step 1: Registration Verification of eligibility & one ballot per voter Get paper ballot (by mail or at local precinct) Step 2: Supervised voting at local precinct Enter private voting booth (for vote anonymity/secrecy) Indicate vote from possible choices Insert filled-out ballot in envelope Deposit envelope in ballot box (in public view) No voter receipts (to prevent vote coercion & vote buying) Step 3: Vote counting (tallying) Transport & counting observed by election officials Audit check (statistical/random) & recounting ability Non-electronic “improvements” Punch cards, lever machines, optical scans

5 5 © Copyright 2004, Credentica Inc. All Rights Reserved Shortcomings of traditional voting Expensive & slow Tallying is error-prone Double-counting, loss, unreadability – Also for non-electronic “improvements” … Voters must show up in person Low voter turn-out, especially among younger people Tallying subject to fraud (verifiability relies on trustworthy & zealous election officials) Impersonation at registration Counterfeit ballots Insider fraud: – Ballot box stuffing – Over-vote framing (results in vote rejection) – Ballot discarding – Ballot spoiling – Issue multiple ballots to same person Source: cnn.com

6 6 © Copyright 2004, Credentica Inc. All Rights Reserved Electronic voting (“e-voting”) Votes are recorded electronically (“e-ballots”) Evolution (?): Replace booth by special computer Direct-recording electronic (DRE) machine – ATM-like machine (“kiosk”), touch-screen machine (most popular) Retain legacy system in all other respects – Including almost all efficiency drawbacks Step up: Computers send ballots over Internet for tallying Link encryption & authentication (SSL) Revolution: Voter has personal computing device (“i-voting”) PC, laptop, PDA, smart phone, … Potential for major benefits for all … – “vote in your pajamas”, cost cutting, … … If we can make it secure! Source: seattlepi.nwsource.com/dayart/ /cartoon gif

7 7 © Copyright 2004, Credentica Inc. All Rights Reserved Security requirements for e-voting All the “standard” security considerations Server authentication, line encryption, … Denial-Of-Service attacks – 01/25/2003: DOS attack on i-voting at NDP convention in Toronto Voting-specific considerations Voter eligibility & one vote per voter Vote integrity (reject invalid ballots) Central parties cannot insert extra ballots Verifiability of vote counting (from post-published data) – Individual verifiability or perhaps even “universal” verifiability Receipt-freeness (voter cannot prove how he voted) – To prevent vote buying, vote transfer, and vote coercion Absolute anonymity/secrecy of vote casting

8 8 © Copyright 2004, Credentica Inc. All Rights Reserved Part II Analysis of e-voting solutions

9 9 © Copyright 2004, Credentica Inc. All Rights Reserved DRE machines – an incremental step (?) Invented in 70’s, for use at supervised poll-sites Similar to lever machines, but with electronic recording No computerization on voter’s side Most security problems as in legacy paper system – Human prevention of vote buying, vote coercion, impersonation, … Anonymity same as in legacy paper system Main problem: oversight of counting process?? DRE is a black-box machine – Equipment malfunction (many reported for popular DRE machines) – Software bugs (many reported for popular DRE machines) – Backdoors in software Mass-scale attack is much more easy – Corrupt election workers, software developers, hackers, insiders,... Election compromise may be completely undetectable

10 10 © Copyright 2004, Credentica Inc. All Rights Reserved Proposals by others to improve DRE voting Parallel paper system as backup DRE prints a paper ballot/receipt listing voter’s choice(s) Voter verifies ballot/receipt and “drops” it in a ballot box – Voter cannot keep receipt to prevent vote coercion & buying Used for recounting & random/statistical auditing Still a weak solution, only works if major discrepancies – No guarantee that what is printed is what is recorded Parallel metering/verification devices Devices must be trusted & DRE recording still black-box Crypto to provide individual voter verifiability Voter gets paper receipt print-out to take home – Crypto ensures receipt does not prove how voter voted – Voter can verify over Internet that his vote was counted

11 11 © Copyright 2004, Credentica Inc. All Rights Reserved I-voting – a more revolutionary step Technology to address all security requirements Standard IT security considerations Voting-specific considerations Absolute anonymity/secrecy of vote casting I-voting approaches to anonymity/secrecy #1: Trusted server – No voting secrecy – all trust placed in third party #2: Secure multi-party computations – Achieve any privacy goal without reliance on trusted server – Theoretical construction – completely impractical for e-voting #3: Special-purpose cryptographic protocols – Twenty years of academic research by cryptographers The only acceptable approach is #3 – But the choice of crypto protocols matters greatly!

12 12 © Copyright 2004, Credentica Inc. All Rights Reserved Special-purpose cryptographic protocols Approach 1: Crypto ensures vote secrecy Voter may be identifiable at voting time Voter encrypts vote & sends to public “bulletin board” Distribute decryption ability among talliers – (Threshold) secret-sharing techniques Approach 2: Crypto ensures voter anonymity Requires voter anonymity at two levels: – Data transport level Independent problem (mix-nets, use a public machine, proxies, …) – Protocol level Data flow itself must not reveal voter’s identity Achieved through sophisticated “blinding” techniques Only Approach 2 offers true anonymity/secrecy! See next slides for explanation

13 13 © Copyright 2004, Credentica Inc. All Rights Reserved Approach 1: Crypto ensures vote secrecy Registration: uses standard authentication Vote casting: Split vote into n encrypted shares for n sub-talliers – Use (threshold) secret-sharing techniques One share per sub-tallier, encrypted under its public key Use homomorphic encryption: E (M 1 +M 2 ) = E(M 1 ) + E(M 2 ) Probabilistic encryption to avoid correlation attacks Add “signed proof” that sum of shares is valid vote Counting: Sub-talliers accumulate shares into (encrypted) sub-tallies – Exploits homomorphic encryption property Accumulate encrypted sub-tallies into encrypted end-tally – Again exploiting homomorphic encryption property Decrypt result Publish final tally with signed proof-of-correctness

14 14 © Copyright 2004, Credentica Inc. All Rights Reserved Drawbacks of Approach 1 “Smoke-and-mirrors” vote anonymity/secrecy Essentially a trusted-party solution with distributed power – Must trust imposed set of central servers not to collude No free choice of servers (in contrast to, e.g., “mixes”) Servers relied on for conflicting security & privacy interests Votes only computationally hidden, not unconditionally – Backdoors in encryption function almost impossible to detect Enables central party to decrypt fast for special parameter choice – Retroactive vote tracing (e.g., 10 years later): Better algorithms Faster computers Quantum computing High workload for multi-choice voting Complex/expensive to go beyond “yes”/”no” voting Receipt-freeness requires untappable channel

15 15 © Copyright 2004, Credentica Inc. All Rights Reserved Approach 1: a variation Variation: Decrypt each vote individually and do tallying Encrypted e-ballots are sent through “shuffling” network – Each shuffling server re-encrypts & permutes incoming messages – Destroys correspondence between incoming and outgoing list Each server adds a proof of proper e-ballot processing – Otherwise no security against corrupted shuffling servers Drawbacks: Same regarding (lack of) voting secrecy Same regarding receipt-freeness Workload for shuffling servers is extremely high Poor scalability

16 16 © Copyright 2004, Credentica Inc. All Rights Reserved Approach 2: Crypto ensures voter anonymity Basic scheme: Step 1: Registration – Obtain blinded e-ballot – Voter authentication (voter eligibility & one e-ballot per voter) Step 2: Voting – Authenticate recipient – Send encrypted e-ballot to receiver over anonymous channel Use e-ballot secret key to sign choice of candidate Step 3: Auditability (individual post-election verifiability) – Check that your e-ballot is included in signed public list Can reverse step 2 and 3 State-of-the-art: e-ballots are Digital Credentials See previous presentation for details on Digital Credentials

17 17 © Copyright 2004, Credentica Inc. All Rights Reserved Using Digital Credentials as e-ballots Can mimic traditional paper-based voting Directly encode candidates choices in e-ballot Voter selective discloses candidate of choice – Can efficiently support any voting “logic” Vote-choice blocking when published on list Voter can lie about his vote yet can verify vote inclusion Can use in combination with threshold crypto For e-ballot issuing, vote casting, and counting Automated dispute resolution (“return” protocol) Cheap tamper-resistant smartcards for voters No trust required in smartcard Prevent coercion, vote buying, and ballot transfer – Can also embed lending disincentive into e-ballot Managed security, vote delegation, etcetera

18 18 © Copyright 2004, Credentica Inc. All Rights Reserved E-voting using Digital Credentials (animation) Voting Server Note: Credentica has developed a fully functional showcase on a mobile device Registration E-ballot with embedded candidate list Absolute voter secrecy Disclosure of selected candidate John D. Voter

19 19 © Copyright 2004, Credentica Inc. All Rights Reserved Unique benefits True voting secrecy No reliance on central parties Transport layer anonymity provided independently High multi-party security Crypto protections for first line of defense Tamper-resistant client chips for added security Arbitrarily distribute tallying power among multiple parties Voter need only rely on own client device to Be ensured of voting secrecy (at protocol level) Verify that his vote was included in the final tally – Can even use 2D bar-code print-out representation of e-ballot Superb scaling Any number of candidates, any voting logic Off-line distributed verifiers and talliers Note: “universal” verifiability seems impossible to reconcile with anonymity

20 20 © Copyright 2004, Credentica Inc. All Rights Reserved Part III Recommendations

21 21 © Copyright 2004, Credentica Inc. All Rights Reserved Recommendations Beware of DRE machines they are true black-boxes that enable undetectable mass-scale election fraud by a few insiders Prepare for a switch to i-voting Only way to add individual voter verification capability Voter need only trust own device software & hardware – For anonymity, security, and tally-inclusion, in spite of black boxes Beware of poorly designed i-voting systems Example of insecure system with no voting secrecy: – 10/11/2003, east-Ontario municipal i-voting with registrants Voter PIN & password sent by mail Vote submitted by voter’s browser over SSL link Secure systems meet all voting-specific requirements! – Voting security is chiefly an (e-)auditing problem!

22 22 © Copyright 2004, Credentica Inc. All Rights Reserved Recommendations (continued) Use i-voting systems that: Provide genuine voting anonymity/secrecy Allow individual voter verifiability using any & many devices Allow a highly distributed server architecture – Cryptographically distribute power to corrupt the tallying process Involve a tamper-resistant chip for the voter – With good design, malicious chips cannot corrupt voting process! Use certified open-source software Where to start with i-voting Poll-site & absentee i-voting NOT: general unsupervised voting – Vote coercion, vote buying, … – Today: too much buggy software Proceed with utmost caution! Source: seattlepi.nwsource.com/dayart/ /cartoon gif


Download ppt "Electronic Voting © Copyright 2004, Credentica Inc. All Rights Reserved. Dr. Stefan Brands Credentica & McGill School of Computer Science June 8, 2004."

Similar presentations


Ads by Google