Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues Facing Online Voting Systems Joe Hernandez MEIA CS-6910 Dr. Chow.

Similar presentations


Presentation on theme: "Security Issues Facing Online Voting Systems Joe Hernandez MEIA CS-6910 Dr. Chow."— Presentation transcript:

1 Security Issues Facing Online Voting Systems Joe Hernandez MEIA CS-6910 Dr. Chow

2 Overview Security of Remote Online Voting [1] Two Case Studies Troubles faced by each election Cryptographic Foundations Blind Ballot using Public Key Cryptography (PKC) Voting Protocol using PKC Blind Ballot using Public Key Infrastructure (PKI) Modified Voting Protocol using PKI Technology Risks Facing Online Voting Election Risk & Security Suggested security measures for online voting July 25, 2011Jhernandez/Online Voting System 2

3 Paper Review The Security of Remote Online Voting [1] Paper Discusses two cases of Internet Voting Arizona Democratic Party Election in 2000 Student Council Elections @ University of Virginia The internet will solve typical voting problems Eliminate “Hanging Chad” Speed up counting process Eliminate lengthy recounts Increase voter turnout Guarantee the intent of the voter (simplify voting) July 25, 2011Jhernandez/Online Voting System 3

4 Case Studies 2000 Arizona Democratic Primary First major use of internet voting A legally binding political election Considered a “Private” election Not subject to voting standards Contracted out to election.com Vendor claimed success (financial motivation) Many things went wrong!! July 25, 2011Jhernandez/Online Voting System 4

5 What went wrong? Failed to heed warnings from Tech Experts Voters forgot, lost, received wrong PIN #’s Violated “Secret Ballot” by assigning PINs Minority access to internet/computers Computer/Browser compatibility issues Site down for an hour on election day No customer service / limited help desk support Multiple lawsuits filed Violated 1965 Voting Rights Act Belief security was “Airtight” Used proprietary encryption algorithm July 25, 2011Jhernandez/Online Voting System 5

6 Case Study University of Virginia Student Council Elections Small, simple, successful Paper ballots not effective Ease of Internet access among campus population Minimal hardware/software necessary Ease of authentication with a small population Similar problems to Arizona Election July 25, 2011Jhernandez/Online Voting System 6

7 What went wrong here? Believed in community of “Trust” Servers crashed within minutes of the election Student information was publically available Making it easy to hijack someone's vote Votes were not encrypted in transmission Students restricted from voting Based on department Overseas students could not vote Based on “Class Status” determined by credit hours Alphabetical ordering of candidates Student’s on top appeared to be favored Fundamental tradeoff between security and convenience July 25, 2011Jhernandez/Online Voting System 7

8 Cryptographic Foundations Online voting depends upon Public Key Cryptography Diffe-Hellman public key exchange 1976 Changed cryptography forever Allows for two people to generate a secret key RSA allowed for use of two keys (Public & Private) RSA also allows for digital signature of messages PKC used for Authentication and Confidentiality Makes (theoretical) online voting possible Can be used to generate “Blind Ballots” Blind Ballots – Voters right to keep vote private July 25, 2011Jhernandez/Online Voting System 8

9 Blind Ballot using PKC Message (M) M * r Blinding Factor (r) E KR (M*r) Blinded Doc (M * r) Notary’s Signature (K R ) Signed Blinded Doc E KR (M*r) Divide by Blinding Factor (r) E KR (M*r) Signed Message E KR (M) Is something wrong with this method July 25, 2011Jhernandez/Online Voting System 9

10 Is message/vote truly blinded? Voter received a PIN During Registration PIN Blinded Ballot And PIN Sent to Validator PIN Database Registration Server Validates Voters Pin Signs Ballot & Sends back to Voter Blinded Ballot Signed by Validator Voter removes blinding And passes signed ballot To tallier anonymously* E KR (M*r) + PINE KV (E KR (M*r)) E KV (M) Validated Vote tallied July 25, 2011Jhernandez/Online Voting System 10

11 Modified Blind Ballot using PKI Message (M) E EPK (M) Election Public Key (EPK) E PK (M) + PIN Encrypted Vote E PK (M) (Blinded) Voters PIN From Registration Process (E VPK ((E EPK (M) + PIN)) Validators Public Key (VPK) Vote blinded from Validator Confidentiality and Integrity Provided between voter and Validator July 25, 2011Jhernandez/Online Voting System 11

12 Modified Voting Protocol Encrypted Blinded Ballot With PIN PIN Database Decrypts & Validates Vote, Removes PIN Signs Ballot with Private Key Sends to Voter Database Blinded Ballot Signed by Validator (E VPK ((E EPK (M) + PIN)) Validated Votes tallied (Must have Election Private Key) Vote Database Voting Database Signed Blinded Ballot Entered Into Database (E VPRK (E EPK (M))) Is PIN Valid July 25, 2011Jhernandez/Online Voting System 12

13 Comparison of elections Arizona Election Large scale election Traditional methods-Status Quo Legally binding Internet not available to everyone Lawsuits filled Some voters could not vote Large target audience (State) Authorization req. Registration Large political target for hackers Undisclosed funds spent Security a major concern Trust a major issue!! Considered a failure University of Virginia Small scale election Traditional methods to costly Not legally binding Everyone had internet access No legal requirements Voters unable to vote Small targeted group (Campus) Authorization via Registration Small target for hackers (No gain) Managed in house by IT Dep. Trade security for convenience Trust within community!! Considered a success July 25, 2011Jhernandez/Online Voting System 13

14 Technology Risks for Online Voting Security Risks associated with Online Voting Internet is still a very insecure medium Spyware, Malicious Code, Botnets, Hackers, Oh My!!! Spam – Bogus e-mails or links to Bogus Voter Websites Poorly developed applications Distribute / Denial of Service Attacks (DOS / DDOS) Physical attacks possible Insider threat, intentional or unintentional Rarely a brute force attack against crypto algorithms July 25, 2011Jhernandez/Online Voting System 14

15 Election Risk & Security Election Risk / Criticality of Outcome Security Measures $$$$ $ Student Council Election University Official State/National Committee State/Federal Official Presidential Election CIA Triad Low Moderate High Off The Hook City Public Official 12 34 July 25, 2011Jhernandez/Online Voting System 15

16 Trust in technology/internet Technology & Internet is part of our culture Ease of Internet Access Online Banking Online Sales – Amazon etc. Use of ATMs 290,000 ATMs in US – 1999 14.9 Billion Transactions - 1998 Debit/Credit Cards Airline Tickets on you Cell phone – Approved by the TSA! http://www.google.com/publicdata?ds=wb-wdi&met_y=it_net_user_p2&idim=country:USA&dl=en&hl=en&q=internet+usage+statistics July 25, 2011Jhernandez/Online Voting System 16

17 Zone 1 - Security Things to consider Keep it simple! Utilize SSL Establish Secure Web Site/Server Enforce strong username & passwords Keep systems patched and anti virus/spyware current Apply applicable STIGs from DISA or NSA Eliminate unnecessary applications/software (harden system) Use available tools to scan for vulnerabilities before election Backup your website and your data (daily) keep data secure Limit your exposure - open website during voting hours only Possible use of a firewall or host system at a secure site if $$ allow $ - LowCIA - LowLegal - None July 25, 2011Jhernandez/Online Voting System 17

18 Zone 2 - Security Things to consider Zone 1 security requirements Firewall / DMZ Host base Intrusion Detection System Public Key Cryptography Authentication, Authorization, Accountability (AAA) Redundant systems Alternate / Backup site Internal review/certification (NIST 800-53 / Low-Moderate)NIST 800-53 Consider Web Site Security (OWASP Top 10) Requires individual registration issuing of PIN #s $$ - ModerateCIA - ModerateLegal - Possible July 25, 2011Jhernandez/Online Voting System 18

19 Web App Security Risks The OWASP Top 10 Web Application Security Risks for 2010: A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards July 25, 2011Jhernandez/Online Voting System 19

20 Zone 3 - Security Things to consider Zone 2 security requirements Independent registration system Enhanced firewalls Deep Packet Inspection Intrusion Detection / Prevention Systems VPNs End-to-End Encryption (PKC/PKI) Cryptographic Authentication for Officials Penetration testing Independent certification/Review (NIST 800-53 / Moderate-High)NIST 800-53 Functional and Compatibility Testing Legal review – Ensure compliance with applicable laws $$$ - HighCIA - HighLegal – State/Federal DMZ July 25, 2011Jhernandez/Online Voting System 20

21 Zone 4 - Security Things to consider Zone 3 security requirements Multiple Independent Operating Locations High Availability & Redundancy Distributed across the Enterprise DOS/DDOS Detection/Reaction, and Redirection of Authorized Traffic Multiple Linked Online Intrusion Detection / Prevention Systems Enterprise monitoring /Management (networks/servers/databases...) Private/Dedicated encrypted networks compliant with FIPS 140-2 Heavy use of PKI & End-to-End Encryption Multiple Independent certifications/Reviews (NIST 800-53 / High)NIST 800-53 Federal/States Legal review – Ensure compliance with applicable laws $$$$ - Very HighCIA – High + AAALegal – Federal/State July 25, 2011Jhernandez/Online Voting System 21

22 Conclusion Issues facing Online Voting are enormous Internet continues to be insecure medium Insecurity is across the board-clients, applications, networks… Insecurity seems to be increasing Trust across the community is lacking Issues range from Technical to Administrative through Legal Problems persist, new ones arise, old ones are not fixed Small scale voting seems to be far more successful Cryptographic techniques exist to support Online Voting Further research into multiple online voting areas still needed July 25, 2011Jhernandez/Online Voting System 22

23 Sources [1] The Security of Remote Online Voting - Thesis  Daniel Rubin, School of Engineering and Applied Science University of Virginia July 25, 2011Jhernandez/Online Voting System 23


Download ppt "Security Issues Facing Online Voting Systems Joe Hernandez MEIA CS-6910 Dr. Chow."

Similar presentations


Ads by Google