26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 1 Towards a Dependability Case for the Chaum Voting Scheme Peter Y A Ryan University of.

Slides:

Advertisements

Similar presentations

Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.

Advertisements

Electronic Voting Systems

Prêt à Voter A brief (heavily biased) history of verifiable voting Bertinoro 2010P Y A Ryan Prêt à Voter1 Peter Y A Ryan University of Luxembourg.

Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.

Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)

ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.

On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.

Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)

Overview of IS Controls, Auditing, and Security Fall 2005.

1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.

Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.

Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.

Frontiers of Electronic Elections Milan, 16 September 2005 P Y A Ryan Prêt à Voter 1 Beyond Prêt à Voter Peter Y A Ryan.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Edinburgh 12 June 2008 P Y A Ryan Prêt à Voter 1 Trust and Security in Voting Systems Peter Y A Ryan Newcastle University.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Intrusion Detection Systems and Practices

Ben Hosp, Nils Janson, Phillipe Moore, John Rowe, Rahul Simha, Jonathan Stanton, Poorvi Vora {bhosp, simha, jstanton, Dept. of Computer.

Software Quality Control Methods. Introduction Quality control methods have received a world wide surge of interest within the past couple of decades.

Kickoff Meeting „E-Voting Seminar“

Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.

Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.

Basic Business Statistics, 10e © 2006 Prentice-Hall, Inc. Chap 9-1 Chapter 9 Fundamentals of Hypothesis Testing: One-Sample Tests Basic Business Statistics.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Computer Security: Principles and Practice

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.

Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.

Business Statistics, A First Course (4e) © 2006 Prentice-Hall, Inc. Chap 9-1 Chapter 9 Fundamentals of Hypothesis Testing: One-Sample Tests Business Statistics,

Certification of e-voting systems Mirosław Kutyłowski, Poland.

1 Validation & Verification Chapter VALIDATION & VERIFICATION Very Difficult Very Important Conceptually distinct, but performed simultaneously.

Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.

TOWARDS OPEN VOTE VERIFICATION METHOD IN E-VOTING Ali Fawzi Najm Al-Shammari17’th July2012 Sec Vote 2012.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

A Privacy-Preserving Interdomain Audit Framework Adam J. Lee Parisa Tabriz Nikita Borisov University of Illinois, Urbana-Champaign WPES 2006.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

S7: Audit Planning. Session Objectives To explain the need for planning To explain the need for planning To outline the essential elements of planning.

Audit Planning. Session Objectives To explain the need for planning To outline the essential elements of planning process To finalise the audit approach.

Secret Ballot Receipts True Voter-Verifiable Elections Richard Carback Kevin Fisher Sandi Lwin CMSC 691v April 3, 2005.

6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.

SEMINAR TOPIC ON GLOBAL WIRELESS E-VOTING

Andreas Steffen, , LinuxTag2009.ppt 1 LinuxTag 2009 Berlin Verifiable E-Voting with Open Source Prof. Dr. Andreas Steffen Hochschule für Technik.

System Analysis and Design

Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.

Software Testing and Maintenance 1 Code Review  Introduction  How to Conduct Code Review  Practical Tips  Tool Support  Summary.

A remote voting system based on Prêt à Voter coded by David Lundin Johannes Clos.

VVSG: Usability, Accessibility, Privacy 1 VVSG, Part 1, Chapter 3 Usability, Accessibility, and Privacy December 6, 2007 Dr. Sharon Laskowski

How and what to observe in e-enabled elections Presentation by Mats Lindberg, Election Adviser, Organisation for Security and Co-operation in Europe (OSCE)

Focus Groups Experiences with Prêt à Voter Steve Schneider, University of Surrey 3 September 2010 TexPoint fonts used in EMF. Read the TexPoint manual.

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

WHY THE vvpat has failed

Design Principles and Common Security Related Programming Problems

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Role Of Network IDS in Network Perimeter Defense.

Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall Statistics for Business and Economics 8 th Edition Chapter 9 Hypothesis Testing: Single.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Week#3 Software Quality Engineering.

Ronald L. Rivest MIT NASEM Future of Voting Meeting June 12, 2017

ThreeBallot, VAV, and Twin

Audit Thoughts Ronald L. Rivest MIT CSAIL Audit Working Meeting

Ronald L. Rivest MIT NASEM Future of Voting December 7, 2017

ISI Day – 20th Anniversary

Chapter Nine Part 1 (Sections 9.1 & 9.2) Hypothesis Testing

OMGT LECTURE 10: Elements of Hypothesis Testing

Presentation transcript:

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 1 Towards a Dependability Case for the Chaum Voting Scheme Peter Y A Ryan University of Newcastle With Jeremy Bryans, Bev Littlewood, Lorenzo Strigini, Peter Ayton,….

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 2 Background Security strand of DIRC project: Dependability Interdisciplinary Research Collaboration (dirc.org.uk). Design and evaluation of computer-based systems for dependability. Socio-technical approach. E-voting, and the Chaum scheme is particular a nice example of such a system with secrecy and integrity requirements. Full dependability case will need to encompass the surrounding socio-technical system and detail the assumptions etc.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 3 Design Philosophy Many e-voting schemes call for heavily trust in the technical components. Little or no monitoring. The Chaum scheme by contrast shifts the dependence away from the technical components to the vigilance of the users: voters, officials, auditors etc. The probability of undetected corruption of votes is negligible. Dependability by the people for the people.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 4 Socio-technical aspects Consequently, the surrounding system, procedures and behaviour of humans are critical. Error handling and recovery strategies need to be carefully designed and evaluated. Hence, need to examine the socio-technical failure modes and counter-measures. Errors need to be diagnosed and thresholds for triggering the recovery strategies established. Careful trade-off needed between: –aborting elections too easily. –Allowing the possibility of significant, undetected corruption.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 5 Chaum Key ingredient: provide an encrypted ballot receipt that allows the voter to check that their vote is included in the tally whilst not revealing the vote. The challenge is to provide high assurance that the ballot will be decrypted correctly. Uses a cut and choose protocol plus a robust anonymising mix. Shows that, up to certain probabilistic and computational limits, voter-verifiability and ballot secrecy can be simultaneously achieved.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 6 Chaum in a nutshell Vote encoded in two parts, each separately (pseudo-) random noise. Voter gets choice between the components and gets to run well-formedness checks on retained part. Booth passes a copy of the receipt along with nested decryption information (“Russian dolls”) to a series of tellers. Tellers perform an anonymising mix on the batch of receipts, striping off layers of encryption at each stage. Random audits performed on the tellers. In principle: if all checks are performed assiduously, the chance of p votes being corrupted undetected falls off as 1/2 p.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 7 Anne casts a vote Anne registers and logs on in the booth. Anne makes her voting choice. Anne’s choice is represented by matching symbols on two layers/strips. If the Anne now confirms the choice, the booth now prints the encrypted “Russian dolls”. Assuming that these cryptographic commitments match, Anne signals “okay” and is now invited to choose to retain either the upper or lower strip. “To retain” and the appropriate seed information is now printed on the chosen part. “To destroy” on the reject strip. She leaves the booth, surrenders the strip and witnesses its destruction and runs a well-formedness check on the retained part. Finally she should check that her ballot is correctly posted on the web.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 8 Socio-technical vulnerabilities Booth prints incorrect vote and voter fails to notice. Voter choice between layers/strips is highly predictable or coercible. Small proportion of voters perform the checks. Voters tend to fail to notify erroneous checks. Notifications are not properly diagnosed, collated and/or acted upon. Voter may flag false errors. Note: this is not verifiable by a 3 rd party.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 9 “Are you sure that you want to destroy the lower layer?” It is essential that booth not be able to predict or coerce the voter’s choice of layer/strip. But ~80% of people asked to “randomly” choose heads or tails choose heads. Correlation with second choice also high. What proportion of voters would notice if the booth “lied” about their choice? Should a second try be allowed if voter flags error? Or even a third? Might be voter error. Putting all these together could result in a highly predicatable or coersable choice and so weaken the scheme.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 10 Counter-measures Aid voter’s randomness, e.g., coin in a perspex cylinder. Use a different, e.g. mechanical technique to mark the layer or strip for destruction. Perform well-formedness checks (tricky without compromising vote secrecy) immediately after first error report by voter to help detect corrupt booth. Establish suitable error diagnosis and recovery strategies.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 11 Teller errors Similarly need to define error-handling and recovery strategies for the teller audits. E.g., set thresholds for alerts-need to counter under the radar collusion attacks by tellers.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 12 Public Trust Not enough for the system to be dependable, it must also be seen to be dependable. The scheme is complex and difficult to understand. To what extent could “the average voter” understand the scheme and believe the claims? To what extent would assurances of experts suffice? How easy would it be to undermine public confidence (e.g., “Andrey’s attack”)?

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 13 Trials Plan to perform a number of trails at DIRC sites. Possible questions to address: –Do people understand the procedures and checks okay? –Do they understand the encoding of the vote (especially if we use the Prêt à Voter version)? –How diligent are they in performing the various checks, reporting problems? –Do they understand what they are supposed to do when an error occurs (e.g., a check fails)? –How easily can they be fooled or coerced about their choice of layer/strip? –To what extent do they understand the rationale behind the checks? –To what extent do they need to understand the rationale in order to perform the checks with reasonable diligence? –To what extent would they trust the scheme (as compared to pen and paper, DRE etc?) (for accuracy and for privacy)? –Do they regard the voter verification as a valuable feature?

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 14 Conclusions The Chaum scheme minimises dependence on technical components. For the accuracy requirement, no trust (dependence) need to placed in the components. The checks mean that an election can be verified as opposed to the election system. Technical (mathematical) core appears robust. The surrounding socio-technical mechanisms (error handling, recovery strategies, thresholds,…) need to be carefully designed and evaluated. Public understanding and trust is likely to be an obstacle to uptake.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 15 Future work Formal analysis of the scheme (and variants). Construct full risk analysis/dependability case: –Elucidation of the goals and requirements; technical, social, political, legal, economic… –Investigate social threats. –Specify and evaluate error handling and recovery strategies. –Conduct full risk analysis. To what extent is fairness and absence of bias achieved? Investigate how public trust could be established, maintained (undermined). Investigate mental models. Conduct trails.

26 May 2004 DIMACS P Y A Ryan Dependability of the Chaum Scheme 16 Further information Various Newcastle tech reports: –CS-TR-809 (gives full details of the original scheme) –“A simplified version of the Chaum e-voting scheme” (presents a pedagogic, simplified version) –FAST 2003 E-voting Workshop at DSN, Florence end June 2004.