Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff...
-
Upload
maurice-froggatt -
Category
Documents
-
view
217 -
download
0
Transcript of Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff...
![Page 1: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/1.jpg)
Defeating Malicious Terminals in an Electronic Voting System
Daniel Hanley
Andre dos Santos
Jeff King
Georgia Tech Information Security Center
![Page 2: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/2.jpg)
Overview
MotivationRelated WorkProtocolExamplesAnalysis
![Page 3: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/3.jpg)
Motivation
The Voting Problem
Traditional Approach
Electronic Voting
![Page 4: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/4.jpg)
Motivation: The Voting Problem
Scenario: Alice, a human, wishes to transmit message c Є C to central tallier, Trent.
Security requirements Anonymity Accuracy etc.
![Page 5: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/5.jpg)
Motivation: Traditional Approach
Paper-based systems
Alice creates physical vote record and relays the vote to Trent.
Disadvantages
Inaccurate Expensive
Advantages
Simple, usable Secure (?)
![Page 6: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/6.jpg)
Motivation: Electronic Voting
Current state of electronic voting systems
Systems entrust untrustworthy voting terminals, volunteers
Security policy dictates isolation and physical controls
Advantages
Relatively inexpensive
Accurate
Disadvantages
Fails to use public infrastructure
Vulnerable to automated attacks
Vulnerable to undetectable attacks
![Page 7: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/7.jpg)
Motivation: Electronic Voting
Current state of electronic voting systems
Systems entrust untrustworthy voting terminals, volunteers
Security policy dictates isolation and physical controls
Advantages
Relatively inexpensive
Accurate
Disadvantages
Fails to use public infrastructure
Vulnerable to automated attacks
Vulnerable to undetectable attacks
![Page 8: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/8.jpg)
Motivation: Electronic Voting
Solution: Blind signature protocol with trustworthy hardware
Direct communication with Trent – infeasible!
Trustworthy voting terminals – costly!
Personal tamper resistant device – yes!
Problem: How can we establish a trusted path between Alice and her voting device?
Direct I/O? Form factor prohibits this.
Via voting terminal? No!
CAPTCHA-Voting Protocol?
Other schemes (Chaum, Prêt-à-Voter, KHAP)
Voter performs verification and auditing steps.
![Page 9: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/9.jpg)
Related Work
Completely Automated Publicly Available Turing Tests to tell Computers and Humans Apart (CAPTCHAs)
One-time random substitution
![Page 10: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/10.jpg)
Trent
Protocol: Actors
Alice a human voter
Trent a central tallier, trusted to perform complex, anonymous operations on
Alice's behalf
Mallory an untrusted voting terminal
Alice Mallory
![Page 11: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/11.jpg)
Protocol
Public list of candidates C = [ c1 , c2 , … , cn ]
Public, random set R = [ r1 , r2 , … , rm ] such that m ≥ n
Random mapping of candidates to random elements K : C → R such that
P( K(c) = ri ) = P( K(c) = rj ) for all i, j
K-1 : R → C
CAPTCHA transformation function T(m) such that Mallory cannot derive m from T(m), while Alice may infer m from T(m)
Trent may encode K using T. This is denoted by T(K).
![Page 12: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/12.jpg)
Protocol
1. Trent generates and sends a CAPTCHA-encrypted ballot.
1.1. K : C → RTrent
Alice
Mallory
![Page 13: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/13.jpg)
Protocol
1. Trent generates and sends a CAPTCHA-encrypted ballot.
1.1. K : C → R1.2. T(K)
TrentAlice
Mallory
![Page 14: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/14.jpg)
Protocol
1. Trent generates and sends a CAPTCHA-encrypted ballot.
1.1. K : C → R1.2. T(K)
1.3. T(K)
TrentAlice
Mallory
![Page 15: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/15.jpg)
Protocol
2. Alice responds with the encrypted candidate.
1.1. K : C → R1.2. T(K)
1.3. T(K)
2.1. T -1( T(K) ) = K
TrentAlice
Mallory
![Page 16: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/16.jpg)
Protocol
2. Alice responds with the encrypted candidate.
1.1. K : C → R1.2. T(K)
1.3. T(K)
2.1. T -1( T(K) ) = K2.2. K(c) = r
TrentAlice
Mallory
![Page 17: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/17.jpg)
Protocol
2. Alice responds with the encrypted candidate.
1.1. K : C → R1.2. T(K)
1.3. T(K)
2.1. T -1( T(K) ) = K2.2. K(c) = r
2.3. r
TrentAlice
Mallory
![Page 18: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/18.jpg)
Protocol
3. Trent decrypts Alice's preferred candidate.
1.1. K : C → R1.2. T(K)
1.3. T(K)
2.1. T -1( T(K) ) = K2.2. K(c) = r
2.3. r
3.1. K -1(r) = c
TrentAlice
Mallory
![Page 19: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/19.jpg)
Examples
Text CAPTCHA
3D Animation CAPTCHA
Audio CAPTCHA
![Page 20: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/20.jpg)
Example: Text CAPTCHA
R consists of distinct regions in image.
T renders mapping as image and contributes noise.
![Page 21: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/21.jpg)
Example: 3D Animation CAPTCHA
R consists of equally sized, contiguous sets of frames.
T renders candidate names in animation.
![Page 22: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/22.jpg)
Example: Audio CAPTCHA
K is a similar, temporal mapping of candidates.
Audio noise thwarts Mallory.
![Page 23: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/23.jpg)
Analysis
Fabricated votes
Human adversaries
Selective denial of service
![Page 24: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/24.jpg)
Analysis: Fabricated Votes
Fabricated vote through guessed K
Mallory attempts to vote for c' through selection of arbitrary r''.
If |R| = |C|, then P( K-1(r'') = c' ) = 1 / n. If |R| > |C|, then P( K-1(r'') = c' ) = 1 / m.
Probability that K-1(r'') is undefined: (m – n) / m Invalid vote → detected attack!
Fabricated vote through cracked T
Mallory increases probability that P( K-1(r'') = c' ). Solution: Find a better CAPTCHA?
![Page 25: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/25.jpg)
Analysis: Human Adversary
Transmission of T(K) to a human collaborator
Time-dependent protocol
Increased likelihood of detection
Architectural solutions
![Page 26: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/26.jpg)
Analysis: Selective DoS
Selective DoS: Mallory discards Alice's vote if it is likely that c ≠ c'.
Mallory must learn Alice's preference.
Alice and Mallory's location Alice's previous votes
Solution: Single ballot Fabricated ballot
Detection of selective denial of service
Educated guessing
![Page 27: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/27.jpg)
Conclusion
Human interaction required – no efficient automated attacks
Easy detection of large-scale attacks
Comparison to traditional voting systems
Future work Usability data Broader applications, using this protocol
(possibly combined with KHAP) to form a trusted path
![Page 28: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/28.jpg)
Questions?
![Page 29: Defeating Malicious Terminals in an Electronic Voting System Daniel Hanley Andre dos Santos Jeff King Georgia Tech Information Security Center.](https://reader034.fdocuments.net/reader034/viewer/2022051622/56649c935503460f9494eee6/html5/thumbnails/29.jpg)
Questions?