Strasbourg – How to create trust-1 © G. Skagestein November 2006 How to create trust in electronic voting over an untrusted platform A possible solution.

Slides:



Advertisements
Similar presentations
1 Henrik Nore, Project Manager E-vote2011project Norway COE workshop observation - Oslo
Advertisements

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Prepared by :  Zain Al Ardah.  Renan Atrash. Supervisor :  Haya Sammaneh.
ETen E-Poll ID – Strasbourg COE meeting November, 2006 Slide 1 E-TEN E-POLL Project Electronic Polling System for Remote Operation Strasbourg.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Digital Signatures. Anononymity and the Internet.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Estonia 2005 the first practice of Internet voting Epp Maaten Councillor of the Elections Department Chancellery of the Riigikogu Strasbourg, 23 November.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Internet voting in Estonia Epp Maaten Councillor of the Elections Department Chancellery of the Riigikogu.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
Central Electoral Commission of The Republic of Lithuania THE LITHUANIAN CONCEPT OF VOTING VIA INTERNET FOR ELECTIONS AND REFERENDA Approved by the Seimas.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
An Internet Voting System Manager Yonghua Li Kansas State University October 19, 2001 MSE Project - Phase I.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.
1 The Evolution of Internet Voting By Ka Ling Cheung.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.
1 The report on the scope of e-voting in elections Marianne Riise, senior adviser Strasbourg 23 and 24 November 2006 The Ministry of Local Government and.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices (Part B)
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
Evaluation of an E-Voting Device based on a Common Criteria Protection Profile Roland Vogt, DFKI GmbH Dr. Sönke Maseberg, datenschutz nord GmbH 8th ICCC,
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Secure, verifiable online voting 29 th June 2016.
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
E-Voting Application using Internal Vtoken Bowo Prasetyo Isolated e-Voting System in a Precinct Secured with Vote Sealing and Paper Audit Trail December.
The Secure Sockets Layer (SSL) Protocol
Key management issues in PGP
Web Applications Security Cryptography 1
Computer Communication & Networks
e-Health Platform End 2 End encryption
Fundamental Concepts in Security and its Application Cloud Computing
eVoting System Proposal
Enabling Technology1: Cryptography
Lecture 4 - Cryptography
The Secure Sockets Layer (SSL) Protocol
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
The Italian Academic Community’s Electronic Voting System
Presentation transcript:

Strasbourg – How to create trust-1 © G. Skagestein November 2006 How to create trust in electronic voting over an untrusted platform A possible solution and its implications with regard to the Recommendation Gerhard Skagestein University of Oslo Development in the field of e-voting Council of Europe Strasbourg November 2006

Bregenz-2 © G. Skagestein November 2006 Strasbourg – How to create trust-2 The background  In 2004, the Norwegian Ministry of Local Government and Regional Development appointed a working group for giving recommendations on the future of electronic elections in the country.  The results were published in January 2006, see the report Electronic voting – challenges and possibilities – see http//:  This presentation discusses one important topic in the report, namely how to achieve trust in e-voting over an insecure system like a home PC connected to Internet.

Bregenz-3 © G. Skagestein November 2006 Strasbourg – How to create trust-3 e-voting i Norway?  No political decision on we should have e-voting at all  … and if e-voting, should it then be only in supervised environments  … or also in unsupervised environments (so-called remote voting)?  Public comments indicate skepticism against e-voting in unsupervised environments

Bregenz-4 © G. Skagestein November 2006 Strasbourg – How to create trust-4 Some basic principles The working committee maintains that  Traditional paper voting should coexist with e-voting  e-voting should be available only during the advanced voting period (called phase 1))  i.e.: No e-voting on Election Day (called phase 2)  Same technological solution for e-voting in both supervised and unsupervised environments oSame program –> same user interface, same operational procedures, same security measures, less amount of programming code to maintain, test and certify oi.e. a technical solution must be feasible in unsupervised environments, even though it may be used only in supervised environments

Bregenz-5 © G. Skagestein November 2006 Strasbourg – How to create trust-5 e-voting in supervised environments Datanett Datanet Voter Ballot- receiving server Ballots Voting client Supervised environment, trusted system Verifi- cation log

Bregenz-6 © G. Skagestein November 2006 Strasbourg – How to create trust-6 e-voting in unsupervised environments  How can we achieve the voters trust in the complete system when a part of it is not trustworthy?  How can we establish a trustworthy Verification log? Datanett Datanet Voter Ballot- receiving server Ballots Voting client Unsupervised environment, partly untrusted system, voter has no possibility for immediate inspection of the verification log Verifi- cation log Untrusted system

Bregenz-7 © G. Skagestein November 2006 Strasbourg – How to create trust-7 Some observations…  If you have something that you do not completely trust, you compensate by trying to build in security into the levels above  Why do we trust Internet banking? owe can check the statement of account oif something goes wrong, the bank takes the blame (usually).

Bregenz-8 © G. Skagestein November 2006 Strasbourg – How to create trust-8 Possible e-voting solutions  Redundancy: Let the voter send several ballots, possible through different channels, and let the system compare notes oCumbersome for the voter oThe voter may still feel insecure  Feedback control: Let the voter inspect the ballot as it is registered in the trusted part of the system (analogous to checking the statement of account in Internet banking)

Bregenz-9 © G. Skagestein November 2006 Strasbourg – How to create trust-9 Feedback through another channel Datanett Datanet Voter Ballot- receiving server Ballots Voting client Verifi- cation log Untrusted systems  But what about the secrecy of the vote? (The Recommendation, Standard 17) Ballot- inspecting server SMS-nett SMS-net Trusted system

Bregenz-10 © G. Skagestein November 2006 Strasbourg – How to create trust-10 Multiple casting of ballots Datanett Datanet Voter Ballot- receiving server Ballots Voting client Verifi- cation log Untrusted systems  Voter is allowed to send several ballots – only the last one is regarded as the e-vote  Voter may override any e-vote by a traditional paper ballot on Election day Ballot- inspecting server SMS-nett SMS-net Vote- extracting server Votes Run only when election is closed

Bregenz-11 © G. Skagestein November 2006 Strasbourg – How to create trust-11 On Election Day…  … the Election officials will have access to an updated Voter register, where the e-voters have been marked  When an e-voter shows up in the polling station, the Election official will send an ”annul-ballot”-message to the e-voting system before allowing the voter to vote by traditional means (i.e. anonymous paper ballot in a supervised environment)

Bregenz-12 © G. Skagestein November 2006 Strasbourg – How to create trust-12 Several ballots from the same voter?  Why? oAlleviates the ”family-voting” problem oAlleviates the vote-buying/selling problem oMaintains a certain level of secrecy – even when ballot-inspection is possible …because nobody can know whether the current ballot will be the final one oTechnically, it comes next to free – as a side effect of the mechanism to ensure only one valid vote from each voter  Why not? oMay reduce the solemnity of voting oMust maintain the connection between the voter and the ballot until the end of the election (increased risk of loss of secrecy)

Bregenz-13 © G. Skagestein November 2006 Strasbourg – How to create trust-13 What about the secrecy of the vote? Wouldn’t this solution increase the risk for disclosing the secret vote to other people? Yes, but  the ballot-inspection server should authenticate the voter just as thoroughly as the ballot-receiving server  with the session key (see later), the ballot can only be inspected, not modified  it is the responsibility of the voter to keep the session key unavailable to other people  if the ballot is disclosed, there is no way to know whether this is the final ballot and the vote to be counted

Bregenz-14 © G. Skagestein November 2006 Strasbourg – How to create trust-14 The technical solution  The technical solution builds upon the principle of hybrid cryptography

Bregenz-15 © G. Skagestein November 2006 Strasbourg – How to create trust-15 The hybrid crypto principle  Symmetric cryptography: The same key is used for encryption and decryption of the message  Asymmetric cryptography: One key of a key pair is used for encryption, the other key of the key pair for decryption of the message  Hybrid cryptography: The message is encrypted symmetrically by a randomly selected session key, which is then encrypted asymmetrically. To decrypt, the session key is decrypted asymmetrically, then the message is decrypted symmetrically with the session key.

Bregenz-16 © G. Skagestein November 2006 Strasbourg – How to create trust-16 The session key  Hybrid crypto with a session key is traditionally used for efficiency reasons  In this solution, we use the session key also to allow the voter to inspect his registered ballot  To be able to inspect the ballot, the voting client must keep the session key  For inspecting the ballot through other channels, the session key must be transferable to the client on the other channels

Bregenz-17 © G. Skagestein November 2006 Strasbourg – How to create trust-17 Encrypted ballot Ballot Encrypting with the session key Digital signing with voter’s private key Digitally signed, encrypted ballot Ballot database Electronic voting with ballot-inspection Encrypting with the public key of election event Removing outer envelope with voters public key Decrypting ballot with the session key Ballot (as registered) Vote counting G. Skagestein et. al: How to create trust in electronic voting over an untrusted platform. In Krimmer, R. (Ed.): Electronic Voting 2006, GI Lecture Notes in Informatics, P-86, Bonn, Election event key pair Voter’s key pair Session key

Bregenz-18 © G. Skagestein November 2006 Strasbourg – How to create trust-18 Envelope opening Ballot database Vote extraction Encrypted anonymous e-votes Verification of digital signature with voters public key List of e-voters to be marked in the voter register Decrypting the session key with the private key of the election event e-votes to be counted Decrypting the votes with the session keys Votes Voter register

Bregenz-19 © G. Skagestein November 2006 Strasbourg – How to create trust-19 Datanett Datanet SMS-nett Ballots Ballot- storage server Voter register Ballot- inspection server Ballot- annulling server Election official Voter register Ballot forms Voting client Voter SMS-net Fire- wall annul-ballot message annuling (”red”) envelope Ballot- receiving server Untrusted system Architecture of the e-voting system to the vote-counting system annul Verifi- cation log

Bregenz-20 © G. Skagestein November 2006 Strasbourg – How to create trust-20 Election is closed – time to count Valid-vote extracting server constituency Vote-counting server Security module Integration of ballot files Electronic ballot box Private key of election event Electronic votes list Voter register Checked voter register From the e-voting system in case of distributed storage of ballots Ballots annul

Bregenz-21 © G. Skagestein November 2006 Strasbourg – How to create trust-21 Identification and authentication of the voter  Identification and authentication of the voter should be done by a generally available PKI-system (citizen identity card) ocheaper that a special purpose election credential othe voter will not be tempted to sell it  The e-vote may be connected to the voters real identity, or to a derived pseudo-identity othe working committee recommends using the real identity, since this makes the annulment of e-votes on Election Day easier if the voter wants to cast a paper ballot

Bregenz-22 © G. Skagestein November 2006 Strasbourg – How to create trust-22 Basic Design Principles  e-voting is allowed in phase 1 only  Repeated casting of e-ballots is allowed – last ballot counts (The Recommendation Standard 5?)  The e-voter is allowed to inspect his e-ballot as it is registered (The Recommendation Standard 17?)  Traditional voting with paper ballots in supervised environments on Election Day (phase 2) is maintained  Any paper ballot takes precedence over the e-ballot

Bregenz-23 © G. Skagestein November 2006 Strasbourg – How to create trust-23 Summary  We have shown that by relaxing the requirement for an absolute secrecy of the vote, the vote as registered may be inspected by the voter  This possibility for inspection gives the voter trust in the untrusted part of the system  The loss of secrecy is compensated by the possibility to revote, even by traditional means on Election Day  The Election Day should be kept free of any kind of e-voting  The coexistence of e-voting and traditional paper ballot voting makes a soft transition possible  The solution complies with the intentions of the Recommendation, although not always with its wording.  Some rewording in the Recommendation?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.