Remote E-Voting System

Similar documents
APPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1

BCA III Network security and Cryptography Examination-2016 Model Paper 1

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

CS 161 Computer Security

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

1.264 Lecture 28. Cryptography: Asymmetric keys

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Overview. SSL Cryptography Overview CHAPTER 1

Encryption. INST 346, Section 0201 April 3, 2018

Cryptographic hash functions and MACs

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

SSL/TLS. How to send your credit card number securely over the internet

L13. Reviews. Rocky K. C. Chang, April 10, 2015

UNIT - IV Cryptographic Hash Function 31.1

CS 161 Computer Security

More crypto and security

Crypto Background & Concepts SGX Software Attestation

Data Integrity. Modified by: Dr. Ramzi Saifan

Secure Multiparty Computation

(2½ hours) Total Marks: 75

Security. Communication security. System Security

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Lecture 9: Public-Key Cryptography CS /05/2018

CSE484 Final Study Guide

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Security: Cryptography

A new secure and practical electronic voting protocol without revealing voters identity

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

Securing Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh

CS 161 Computer Security

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Public Key Algorithms

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

David Wetherall, with some slides from Radia Perlman s security lectures.

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Chapter 9 Public Key Cryptography. WANG YANG

Study Guide for the Final Exam

PROTECTING CONVERSATIONS

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Security and Anonymity

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Pretty Good Privacy (PGP)

What did we talk about last time? Public key cryptography A little number theory

Network Security Chapter 8

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Summary on Crypto Primitives and Protocols

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Cryptographic Systems

Refresher: Applied Cryptography

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

Crypto meets Web Security: Certificates and SSL/TLS

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Security Handshake Pitfalls

Lecture 1 Applied Cryptography (Part 1)

CSE 127: Computer Security Cryptography. Kirill Levchenko

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:


CS3235 Seventh set of lecture slides

Cryptography (Overview)

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Distributed-Application Security

CSC/ECE 774 Advanced Network Security

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptography MIS

Cryptography and Network Security Chapter 14

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

===============================================================================

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Message authentication

Verteilte Systeme (Distributed Systems)

Kurose & Ross, Chapters (5 th ed.)

Introduction to Cryptography. Ramki Thurimella

CS 425 / ECE 428 Distributed Systems Fall 2017

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

CS 161 Computer Security

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

Alice in Cyber world

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

HOST Authentication Overview ECE 525

Message Authentication Codes and Cryptographic Hash Functions

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Solutions to exam in Cryptography December 17, 2013

Transcription:

Remote E-Voting System Crypto2-Spring 2013 Benjamin Kaiser Jacob Shedd Jeremy White

Phases Initialization Registration Voting Verifying Activities Trusted Authority (TA) distributes 4 keys to Registrar, Notary, Vote Server, and Verifier. TA uses Shamir secret sharing scheme with k,n = 3,4. TA publishes public key as voting public key (vpk). Voter goes to Registrar and presents drivers license, passport, birth certificate, etc to obtain public and private keys (pk, sk), using Paillier scheme. Registrar publishes pk Voter chooses vote v and has it signed by the notary, then sends in ciphervote and signed ciphervote Vote server actively tallys ciphervote homomorphically After Voting phase, ciphervotes and sum(ciphervotes) are sent to verifier. Verifier collects k or n shared secrets to build private key, then uses it to decrypt votes and verify results. Verifier then publishes plaintext votes, along with ciphervotes. Voters can verify their vote was tallied correctly by looking up their votes by their ciphervote, and may also verify entire summation of votes.

Conceptual Model (E-voting minus transport layer security) Trusted Authority Generates voting public key and voting secret key, vpk, vsk vsk is split k,n ways using Shamir Secret Sharing with k=3,n=4 n shares are distributed to Registrar, Notary, Vote Server, and Verifier 1 Authenticates people in-person by means of drivers license, passport, etc.. Generates public/private keys for voter: pk, sk Publishes pk 2 Registrar Verifier Receive S i,c i for i=0 v, and c_total Receive shared keys from k of n parties Decrypt and publish S,c,v,c_total 4 Decide vote, v Encrypt vote with Paillier and voting public key: c=e(v,vpk) Blind ciphervote with RSA: c = c*r e mod n, where r is a random number and e,n are the public key of the Notary Connect to Notary Receive random bits b from Notary Send E(b,sk), c to Notary Voting Ends ------------------------- Voter has personal verification in published votes by check c <-> v 3a Voter Notary Vote Server Generate random bits b, and send to Voter Receive b signed by Voter Notary decrypts bits with Voter public key Checks if Voter has already committed vote. Receive blinded ciphervote c Send back signed blinded ciphervote, s Receive S,c Check c=d(s,npk) Record S,c Tally homomorphically c_total Voting Ends ------------------------- Publish S i,c i for i=0 v 3b 3c

Secure Channel Client generates 1024-bit AES key in CBC mode Encrypts key using server s RSA public key, sends across channel. Server decrypts using private key, then AES key is used as a session key for future communications. Different session keys are used for registrar/notary communications.

Security Properties* Achieved Eligibility: Only eligible voters can cast votes Privacy: No coalition of participants can gain information about a voter s vote Individual Verifiability: Each eligible voter can verify their vote was really counted Fairness: No participant can gain knowledge about the tally before the counting stage Robustness: Faulty behavior of certain sized coalition of participatnts can be tolerated. Receipt-freeness, incoercibility: No voter can prove to another how they voted. Untappable channel: Channel between parties is confidential. Not Achieved Untraceable anonymous channel: Messages on channel cannot be traced to sender. Untappable anonymous channel: Channel guaranteeing both anonymity and confidentiality. *http://people.ksp.sk/~zuzka/elevote.pdf

Attacks Single Party Rogue Voter (Rog): forges vote from client Balancing Party:Defense Notary: verifies authentication

Attacks Single Party Eaves Dropper (Eve) reveals vote on channel sends fake votes replays legitimate votes Gains information from packet transfer Flips bits Balancing Party: Defense Voter, Vote Server, Notary: Channels use AES- CBC Voter, Vote Server, Notary: Channel uses RSA private keys for authentication Vote Server, Published Results: Doubled up votes will share same signatures and ciphertext, easily caught. Voter, Vote Server, Notary: Channel uses cryptograhically strong padding Voter, Vote Server, Notary: Channel uses AES- CBC, CBC guarantees integrity

Attacks Single Party Voter (Vin) votes twice votes for fake candidate claims vote is wrong Balancing Party: Defense Notary: won t sign second vote Verifier: discard invalid vote??registrar, Notary, Vote Server??:

Attacks Single Party Vote Server (Mal) inserts fake, unsigned votes discards legitimate, signed votes inserts votes for registered voters that did not vote Balancing Party: Defense Notary: invalidates unsigned votes Notary: raises suspicion, signed votes were not sent in Voter: complains vote was not counted decrypts votes early Registrar, Notary, Verifier: need 3 out of 4 shares to create voting secret key to decrypt vote

Purpose of the Registrar Each voter needs to, of course, register with the Registrar. When you show up at the Registrar they would check your identification and have you set up a password while they set up the software for you Later on, now that your software is active, you can log on using the password you provided.

The software would then be the one to generate your public/private key pair and publish your public key. We had the key generated in the Registrar simulating the software generating your key You are prompted twice in a row for your password since there is no wait time between interacting with the Registrar and then signing on to the voting software

Purpose of the Notary Each voter who has registered with the Registrar can sign on to their voting software and create a legitimate vote. They then send a blinded copy to the Notary for a signature. The Notary validates the signature with the voter s key, to make sure that they are valid, then signs their blinded vote.

Possible attack on Hash Protocol In the protocol we received, the message packet that is sent to the server from the voter once the connection has been established is: m = E(sign(hash(voter info, including vote, and including nonces))) Part of the verification to make sure the server hasn t tampered with the vote is posting the signed hash.

This would lead to a potential attack were the server could go through and generate a list of nonces coupled with the vote for the candidate they want to win until they get a hash collision. They can then post the signed hash they received with their corresponding vote. The reason this attack was un-successful was because along side this message was also sent another signed copy of the message which the server would only be able to spoof if they got the voters private key.

Crypto2 Attacks

Transport-level Security The transport level security is very strong. RSA-2048 encrypts the handshake, which is when a 256-bit AES session key is established. Messages are given nonces and padding, then hashed with SHA-512 and encrypted with that session key.

Server.py

Paillier.py

SIS - insecurity SIS is used as the registrar in this protocol, which means it maintains the valid voter list. A lot of trust is placed in SIS, as it stores a full list of public keys and their associated voters. Since public keys are published along with votes after voting, if SIS was compromised, all votes could be linked to the voters. SIS has extremely poor single-factor authentication based on student RIN and a six-digit PIN. RINs can be easily phished and PINs can be reset to the user s birthday: mmddyy, also easily phished or publicly accessed.

Client.py Voting candidate is secured on client side Python client.py 3000 Custom = 512 Pyt hon tally.py

Anonymity No anonymous channel Public keys<->votes<->ip address

Pycrypto RSA Encrypt() Attention: this function performs the plain, primitive RSA encryption (textbook). In real applications, you always need to use proper cryptographic padding, and you should not directly encrypt data with this method. Failure to do so may lead to security vulnerabilities. It is recommended to use modules Crypto.Cipher.PKCS1_OAEP or Crypto.Cipher.PKCS1_v1_5 instead.

Deterministic Textbook RSA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback