Slide 1OverviewPaper ReviewCase StudiesWhat went wrong?Case StudyWhat went wrong here?Cryptographic FoundationsBlind Ballot using PKCIs message/vote truly blinded?Modified Blind Ballot using PKIModified Voting ProtocolComparison of electionsTechnology Risks for Online VotingElection Risk & SecurityTrust in technology/internetZone 1 - SecurityZone 2 - SecurityWeb App Security RisksZone 3 - SecurityZone 4 - SecurityConclusionSourcesSecurity Issues Facing Online Voting SystemsJoe HernandezMEIA CS-6910Dr. ChowOverviewSecurity of Remote Online Voting [1]Two Case StudiesTroubles faced by each electionCryptographic FoundationsBlind Ballot using Public Key Cryptography (PKC)Voting Protocol using PKCBlind Ballot using Public Key Infrastructure (PKI)Modified Voting Protocol using PKITechnology Risks Facing Online VotingElection Risk & SecuritySuggested security measures for online votingJuly 25, 2011Jhernandez/Online Voting System2Paper ReviewThe Security of Remote Online Voting [1]Paper Discusses two cases of Internet VotingArizona Democratic Party Election in 2000 Student Council Elections @ University of VirginiaThe internet will solve typical voting problemsEliminate “Hanging Chad” Speed up counting processEliminate lengthy recountsIncrease voter turnoutGuarantee the intent of the voter (simplify voting)July 25, 2011Jhernandez/Online Voting System3Case Studies2000 Arizona Democratic PrimaryFirst major use of internet voting A legally binding political electionConsidered a “Private” election Not subject to voting standardsContracted out to election.comVendor claimed success (financial motivation)Many things went wrong!!July 25, 2011Jhernandez/Online Voting System4What went wrong?Failed to heed warnings from Tech ExpertsVoters forgot, lost, received wrong PIN #’s Violated “Secret Ballot” by assigning PINsMinority access to internet/computers Computer/Browser compatibility issuesSite down for an hour on election dayNo customer service / limited help desk supportMultiple lawsuits filedViolated 1965 Voting Rights ActBelief security was “Airtight”Used proprietary encryption algorithm July 25, 2011Jhernandez/Online Voting System5Case StudyUniversity of Virginia Student Council ElectionsSmall, simple, successfulPaper ballots not effectiveEase of Internet access among campus population Minimal hardware/software necessaryEase of authentication with a small populationSimilar problems to Arizona ElectionJuly 25, 2011Jhernandez/Online Voting System6What went wrong here?Believed in community of “Trust”Servers crashed within minutes of the electionStudent information was publically availableMaking it easy to hijack someone's voteVotes were not encrypted in transmissionStudents restricted from votingBased on departmentOverseas students could not voteBased on “Class Status” determined by credit hoursAlphabetical ordering of candidatesStudent’s on top appeared to be favoredFundamental tradeoff between security and convenienceJuly 25, 2011Jhernandez/Online Voting System7Cryptographic FoundationsOnline voting depends upon Public Key CryptographyDiffe-Hellman public key exchange 1976 Changed cryptography foreverAllows for two people to generate a secret key RSA allowed for use of two keys (Public & Private)RSA also allows for digital signature of messagesPKC used for Authentication and ConfidentialityMakes (theoretical) online voting possibleCan be used to generate “Blind Ballots”Blind Ballots – Voters right to keep vote privateJuly 25, 2011Jhernandez/Online Voting System8Blind Ballot using PKCMessage(M)M * rBlindingFactor(r)EKR (M*r)BlindedDoc(M * r)Notary’sSignature(KR)SignedBlindedDocEKR (M*r)Divide byBlindingFactor(r)EKR (M*r)SignedMessageEKR (M)Is something wrong with this methodJuly 25, 2011Jhernandez/Online Voting System9Is message/vote truly blinded?Voter received a PIN DuringRegistrationPINBlinded BallotAnd PINSent to ValidatorPIN DatabaseRegistrationServerValidates VotersPin Signs Ballot &Sends back to VoterBlinded BallotSigned by ValidatorVoter removes blindingAnd passes signed ballotTo tallier anonymously*EKR (M*r) + PIN EKV(EKR (M*r))EKV(M)ValidatedVote talliedJuly 25, 2011Jhernandez/Online Voting System10Modified Blind Ballot using PKIMessage(M)EEPK(M)Election PublicKey (EPK)EPK (M) + PINEncrypted VoteEPK(M)(Blinded)Voters PINFrom Registration Process(EVPK ((EEPK (M) + PIN))Validators Public Key (VPK)Vote blinded from ValidatorConfidentiality and Integrity Provided between voter and ValidatorJuly 25, 2011Jhernandez/Online Voting System11Modified Voting ProtocolEncryptedBlinded Ballot With PINPIN DatabaseDecrypts & Validates Vote, Removes PIN Signs Ballot with Private KeySends to VoterDatabaseBlinded BallotSigned by Validator(EVPK ((EEPK (M) + PIN))ValidatedVotes tallied(Must have ElectionPrivate Key)VoteDatabaseVoting DatabaseSigned Blinded Ballot Entered Into Database(EVPRK (EEPK (M)))(EVPRK (EEPK (M)))Is PIN ValidJuly 25, 2011Jhernandez/Online Voting System12Comparison of electionsArizona Election•Large scale election•Traditional methods-Status Quo•Legally binding•Internet not available to everyone•Lawsuits filled•Some voters could not vote•Large target audience (State)•Authorization req. Registration•Large political target for hackers•Undisclosed funds spent•Security a major concern •Trust a major issue!!•Considered a failureUniversity of Virginia •Small scale election•Traditional methods to costly•Not legally binding •Everyone had internet access•No legal requirements•Voters unable to vote•Small targeted group (Campus)•Authorization via Registration•Small target for hackers (No gain)•Managed in house by IT Dep.•Trade security for convenience•Trust within community!!•Considered a successJuly 25, 2011Jhernandez/Online Voting System13Technology Risks for Online VotingSecurity Risks associated with Online VotingInternet is still a very insecure mediumSpyware, Malicious Code, Botnets, Hackers, Oh My!!!Spam – Bogus e-mails or links to Bogus Voter WebsitesPoorly developed applicationsDistribute / Denial of Service Attacks (DOS / DDOS) Physical attacks possible Insider threat, intentional or unintentionalRarely a brute force attack against crypto algorithmsJuly 25,