Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.

Slides:

Advertisements

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Advertisements

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Akshat Sharma Samarth Shah

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

A Pairing-Based Blind Signature

Class Name List of responsibilitiesList of collaborations Layout.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Nym: An anonymous, secure, peer-to-peer instant messenger By Seth Cooper, Adam Hoel, Elliott Hoel, Jeff Holschuh, and Hilde Schmitt.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Homework #5 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.

Security Management.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

Practical Byzantine Fault Tolerance

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

CCNA4 v3 Module 6 v3 CCNA 4 Module 6 JEOPARDY K. Martin.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Security March 9, Security What is security?  Techniques that control access to use a shared resource  Uses of shared resource must be authorized.

BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.

Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

1 Objectives Discuss File Services in Windows Server 2008 Install the Distributed File System in Windows Server 2008 Discuss and create shared file resources.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

KERBEROS SYSTEM Kumar Madugula.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Information Systems Design and Development Security Precautions Computing Science.

1 Example security systems n Kerberos n Secure shell.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Secure HTTP (HTTPS) Pat Morin COMP 2405.

WEP & WPA Mandy Kershishnik.

Understand Networking Services

Tutorial on Creating Certificates SSH Kerberos

Printer Admin Print Job Manager

eVoting System Proposal

The Secure Sockets Layer (SSL) Protocol

Allocating IP Addressing by Using Dynamic Host Configuration Protocol

Install AD Certificate Services

Presentation transcript:

Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson

Overview Assumptions / Introduction Detailed layout of the system Security

Assumptions The computer has a static IP address and is powered “on” all the time. The user has administrative privileges to the computer. The IT department has one unused server also with a static IP address.

What we’re planning to do We’re going to make all the faculty machines part of an overlay network. The machines communicate with each other and randomly select (3-4 computers) to act as counters. When someone casts a vote, the encrypted data is sent counters and tallied. We’ll use PKI to securely communicate the between the different counters. When the election is over the counters broadcast the information to the other machines in the network.

What inspired this design Byzantine fault tolerance – this idea is used in failsafe systems (such as aircraft) where there is redundancy to make sure the decision is correct. We have three or four hidden and random counters which are sent data. If one of them miscounts or is compromised, the other counters in the cluster will help validate the vote.

Adding to the Voting Cluster 1. System admin adds the user’s credentials to the server. 2. Software is installed in the faculty’s member’s computer and the computer sends the server its public key. 3. The server replies back with a signed certificate using the client’s public key. 4. A signed message is sent to all the computers in the network a new computer is added to the cluster and updates them with new computer’s certificate.

Adding a machine to the cluster (cont.) The system will have a server that will be responsible for adding other machines to the voting cluster, plus providing CA services. The server will be pre-configured with a list of legitimate IP addresses that can join the cluster. Once the service starts on the client side, it sends a request (including IP, machine name, MAC, …) to the server to add itself. The server checks the IP (or maybe the MAC) against the allowed list, and records other information.

Certificates distribution The next step the client should do is to generate a public/private key pair. We provide the server’s public key integrated (hard-coded) in the client software. So, the client will use the server’s PK to encrypt his/her PK, and then send it to the server. The server decrypts it using its private key, generates a certificate, and broadcast it to all joined machines so each machine can sign a ballot and authenticate other machines.

Voting Process 1.Ballot Creation Distribute Ballot Randomly select counters 2.User Votes Submit completed vote to counters Generate receipt

Voting Process 3.Counting Votes 4.Recount Votes May occurs if discrepancy Collect printed receipts Heartbeat / NTP Tally results

Security PKI –This evoting system makes heavy use of PKI, inasmuch as every member of the cluster has their own private key, they also have the public key for every other member of the cluster. This allows all the nodes to communicate with each other securely. –By securely, we mean that every voter is able to know that the message they received came from whom it was supposed to come from, and they can rest assured that only they were able to read the message destined for them.

Security Encryption –Encryption is used primarily at two levels in this system Message level –All messages are signed and encrypted. This includes messages related to joining the cluster, and messages related to voting. Log level –All votes are stored in an encrypted form in a file that can be retrieved in case of catastrophic failure. Votes are kept in a hash form to ensure that the voter who casts a vote remains anonymous.

Security Distributed Voting –The distributed nature of this system has its own security benefits. Vote tampering –Since the vote counters are chosen at random from within the cluster, it would be difficult to find and attack a vote counter.