Upload
brant
View
36
Download
0
Tags:
Embed Size (px)
DESCRIPTION
An Architecture For Electronic Voting. Master Thesis Presentation Clifford Allen McCullough Department of Computer Science University of Colorado at Colorado Springs October 30, 2012. Outline. The Need for an E-Voting System Related Work US Voluntary Voting System Guidelines - PowerPoint PPT Presentation
Citation preview
An Architecture ForElectronic Voting
Master Thesis Presentation
Clifford Allen McCulloughDepartment of Computer Science
University of Colorado at Colorado SpringsOctober 30, 2012
An Architecture for Electronic Voting by Clifford Allen McCullough
2
OutlineThe Need for an E-Voting SystemRelated WorkUS Voluntary Voting System GuidelinesExisting SolutionsProposed ArchitectureA Demonstration SystemPerformance ComparisonsLessons LearnedFuture WorkSummary
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
3
I. The Need for an E-Voting SystemBusiness Board of DirectorsStudent class presidentUS citizens overseasUS military overseas
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
4
Related WorkA Survey of Internet Voting (EAC Voting
System Testing and Certification Division, 2011)
VVSG (EAC VVSG Vol I, 2010), (EAC VVSG Vol II, 2010)
A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE) (Jefferson D. D., Rubin, Simons, & Wagner, 2004)
Implementing a Paillier Threshold Cryptography Scheme as a Web Service (Wilson, 2006)
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
5
II. US Voluntary Voting System Guidelines (VVSG)SecurityAccuracyError RecoveryIntegrityVote TabulationCasting a BallotAccessibilityIndependent Verification System(EAC VVSG Vol I, 2010)
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
6
III. Existing SolutionsCommercial web-based voting
systems are available◦(MotionVoter, 2011)◦(Vote-Now)
Secure Electronic Registration and Voting Experiment (SERVE) (Jefferson D. D., Rubin, Simons, & Wagner, 2004)◦Security Peer Review Group (SPRG)
(Defense, 2007)10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
7
IV. Proposed ArchitectureDesign RequirementsGeneral SchemaThe System ArchitecturePaillier Cryptography
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
8
Design RequirementsVVSG (EAC VVSG Vol I, 2010)Information Assurance general
rules◦Minimize the attack surface◦Mitigate the vulnerabilities
A Survey of Internet Voting (EAC Voting System Testing and Certification Division, 2011)
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
9
General SchemaShould not be centralized
◦Precinct level is best◦County level is good
Greatest vulnerability are from insider attacks
Denial of serviceKeep control of the ballot, server-
centricPublish the web application
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
10
The System ArchitectureVoting-ServerVoter AuthenticationIssue PresentationVerify the BallotCasting the BallotMutual Authentication
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
11
System Diagram
10/30/2012
Pre-election1 Deploy public key2 Start servicesElection3 Login, retrieve public key4 Vote5 Cast the ballot to both Tally serversPost election6 Retrieve ballots, check, and decrypt totals (3, 5)
(1, 6)
(1, 2, 3)
(2, 5, 6)
(3, 4, 5)
Linux OSWindows OS
Linux OS
An Architecture for Electronic Voting by Clifford Allen McCullough
12
Paillier CryptographyBlock Paillier (Paillier, 1999)
◦Exponential Encrypt: Decrypt:
◦Homomorphic
◦BlindingGeneralized Paillier (Damgard &
Jurik, December 2000)
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
13
V. A Demonstration SystemA 32-bit development and
demonstration system, a.k.a IgnisA 64-bit demonstration system
on UCCS EAS Data Center Cloud, eVote resource pool, a.k.a Prometheus
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
14
Ignis 32-bit Development System
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
15
Prometheus 64-bit Demonstration System
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
16
Election PreparationGenerate public and private keys
◦Private key is stored as Shamir shared secret shares (Shamir, November, 1979)
◦Total of 7 shares, quorum of 4 officials
Deploy the public keyStart the services
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
17
Casting a BallotSeveral lines of Comma
Separated Values (CSV)One or two lines per issue
◦Precinct number may be added◦Issue number◦Check box array or write-in◦Paillier block count◦Generalized Paillier encrypted
information
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
18
Sample Ballot
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
19
Post ElectionCollect the tally information from
the redundant serversCompare redundant collections
◦Tally files should matchDecrypt using Shamir secret
shares (Shamir, November, 1979)◦Quorum of 4 officials is required◦Decrypt issue accumulations◦Individually decrypt write-ins
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
20
VI. Performance ComparisonsCryptographic MethodsCryptographic Key GenerationBlock Paillier vs. Generalized
PaillierBallot Casting
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
21
Encrypt and Decrypt Times
10/30/2012
Table 1. DES, AES, and ElGamal Methods
Table 2. Block Paillier Method
DESAES 128
AES 192
AES 256
ElGamal 128
ElGamal 256
ElGamal 512
runs / record 10,000 10,000 10,000 10,000 10 10 1032-bit Linux 81.785 7.948 9.482 11.101 0.626 0.843 1.51532-bit Windows 35.038 1.823 2.143 2.524 0.729 1.397 3.47364-bit Linux 49.343 3.970 4.761 5.562 0.307 0.368 0.52564-bit Windows 27.127 1.494 1.786 2.074 0.448 0.613 1.133
Paillier 64
Paillier 128
Paillier 256
Paillier 512
Paillier 1024
Paillier 2048
Paillier 4096
runs / record 10 10 10 10 10 10 1032-bit Linux 0.620 0.833 1.388 3.398 10.206 30.997 92.32532-bit Windows 0.710 1.261 2.951 9.247 32.041 100.295 305.87564-bit Linux 0.311 0.349 0.477 0.807 1.914 5.374 15.80964-bit Windows 0.467 0.591 0.989 2.282 7.267 24.202 76.557
An Architecture for Electronic Voting by Clifford Allen McCullough
22
Block vs Generalized Paillier Encrypt Decrypt Time
10/30/2012
Table 3. Block Paillier MethodKey Size 64 128 256 512 1024 2048 4096
32-bit Linux 0.607 0.839 1.401 3.39710.19
330.94
8 93.35132-bit Windows 0.660 1.156 2.807 8.600
29.832
94.428
288.980
64-bit Linux 0.357 0.406 0.554 0.930 2.216 6.090 17.80664-bit Windows 0.470 0.541 0.916 2.073 6.460
22.008 68.873
Table 4. Generalized Paillier Method
Key Size 64 128 256 512 1024 2048 4096block count 183 92 46 23 12 6 3
32-bit Linux310.69
9175.85
8151.76
5152.60
6175.02
6202.82
4269.46
032-bit Windows
902.606
580.257
515.191
514.770
576.426
674.665
826.454
64-bit Linux 81.945 37.679 31.461 31.181 36.355 41.627 53.74664-bit Windows
260.224
144.404
127.923
126.033
149.162
171.257
214.675
An Architecture for Electronic Voting by Clifford Allen McCullough
23
Block vs Generalized Paillier Encrypt Decrypt Time
10/30/2012
Figure 5. Block Paillier Method
Figure 6. Generalized Paillier Method
64 128 256 512 1024
2048
4096
0.0000.5001.0001.5002.0002.5003.0003.500
32-bit Windows32-bit Linux64-bit Windows64-bit Linux
Key Bit Size
Log(
Run
Tim
e)
64 128 256 512 1024
2048
4096
-1.000-0.5000.0000.5001.0001.5002.0002.5003.000
32-bit Windows32-bit Linux64-bit Windows64-bit Linux
Key Bit Size
Log(
Run
Tim
e)
An Architecture for Electronic Voting by Clifford Allen McCullough
24
Key Generation Times
10/30/2012
Table 5. DES and AES Key GenerationTable 6. ElGamal Key Generation
Table 7. Paillier Key Generation
DESAES 128
AES 192
AES 256
runs / record
10,000
10,000
10,000
10,000
32-bit Linux 0.001 0.003 0.005 0.01332-bit
Windows 0.001 0.011 0.006 0.01664-bit Linux 0.001 0.002 0.003 0.004
64-bit Windows 0.001 0.009 0.010 0.015
ElGamal 64
ElGamal 128
ElGamal 256
ElGamal 512
ElGamal
1024runs / record 10 10 10 10 10
32-bit Linux 0.028 0.157 2.21247.46
91276.6
1632-bit
Windows 0.037 0.420 7.413181.9
435886.9
79
64-bit Linux 0.013 0.078 0.63610.80
0243.51
864-bit
Windows 0.021 0.160 1.91539.72
2897.33
2
Paillier 64
Paillier
128
Paillier
256
Paillier
512
Paillier
1024
Paillier
2048
Paillier
4096runs / record 10 10 10 10 10 10 1032-bit Linux 0.001 0.001 0.010 0.067 0.501 6.870 88.310
32-bit Windows 0.001 0.003 0.015 0.164 1.860
30.291
336.214
64-bit Linux 0.000 0.001 0.004 0.016 0.127 1.356 19.34864-bit
Windows 0.002 0.002 0.005 0.049 0.499 5.455 86.321
An Architecture for Electronic Voting by Clifford Allen McCullough
25
Key Generation Times
10/30/2012
Figure 7. ElGamal Key Generation
Figure 8. Paillier Key Generation
64 128 256 512 1024-3.000-2.000-1.0000.0001.0002.0003.0004.0005.000
32-bit Windows32-bit Linux64-bit Windows64-bit Linux
Key Bit Size
Log(
Run
Tim
e)
64 128 256 512 1024
2048
4096
-4.000-3.000-2.000-1.0000.0001.0002.0003.000
32-bit Windows32-bit Linux64-bit Windows64-bit Linux
Key Bit Size
Log(
Run
Tim
e)
An Architecture for Electronic Voting by Clifford Allen McCullough
26
VII. Lessons LearnedFreeware
◦Documentation not always current◦Problems persist through several updates
Internet Forums◦Good source of information and help◦No response to difficult questions
Using Multiple Programing Languages◦Transferring data between program and DLL◦Passing values between libraries is
problematic
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
27
VIII. Future WorkRedundancySecret Share Encryption and
DecryptionError Handling and LoggingBallot GenerationBallot and Multi-lingual DatabaseQuorum Administrator Login
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
28
IX. SummaryDeveloping an Election
Assistance Commission compliant voting system is a significant undertaking
SERVE objective too much too soon
Much future work availableThe demonstration system is a
proof of concept10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
29
DemonstrationGenerate and load a keyInitialize servicesVoteCollect the tallyDecrypt the tally
10/30/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
30
References Damgard, I. B., & Jurik, M. J. (December 2000). A Generalisation, a Simplification and some
Applications of Paillier's Probabilstic Public-Key System. Basic Research in Computer Science, RS-00-45.
Defense, D. o. (2007). Expanding the Use of Electronic Voting Technology for UOCAVA Citizens. Department of Defense.
EAC Voting System Testing and Certification Division. (2011). A Survey of Internet Voting. Washington, DC 20005.
EAC VVSG Vol I. (2010). Voluntary Voting System Guidelines Volume I. Retrieved August 24, 2012, from United States Election Assistance Commission: http://www.eac.gov/testing_and_certification/voluntary_voting_system_guidelines.aspx
EAC VVSG Vol II. (2010). Voluntary System Guidelines Volume II. Retrieved August 24, 2012, from United States Election Assistance Commission: http://www.eac.gov/testing_and_certification/voluntary_voting_system_guidelines.aspx
Jefferson, D. D., Rubin, D. A., Simons, D. B., & Wagner, D. D. (2004). A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE).
Jefferson, D., Rubin, A., & Simons, B. (2007, June 13). The new report in response to the May 2007 DoD report on Voting Technologies for UOCAVA Citizens. Retrieved March 04, 2012, from http://www.servesecurityreport.org/
MotionVoter. (2011). Retrieved March 6, 2012, from http://www.motionvoter.com/ Paillier, P. (1999). Public-Key Cryptosystems Based on Composite Degree Residuosity
Clases. Advances in Cryptology - Eurocrypt '99, pp. 223-238. Shamir, A. (November, 1979). How to Share a Secret. Communications of the ACM, 612-
613. Vote-Now. (n.d.). Retrieved March 6, 2012, from https://secure.vote-now.com/
10/30/2012