an architecture for electronic voting master thesis presentation clifford allen mccullough...
TRANSCRIPT
An Architecture ForElectronic Voting
Master Thesis Presentation
Clifford Allen McCulloughDepartment of Computer Science
University of Colorado at Colorado SpringsOctober ??, 2012
An Architecture for Electronic Voting by Clifford Allen McCullough
2
OutlineThe Need for an E-Voting SystemUS Voluntary Voting System
GuidelinesExisting SolutionsProposed ArchitectureA Demonstration SystemPerformance ComparisonsLessons LearnedFuture WorkSummary
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
3
I. The Need for an E-Voting SystemBusiness Board of DirectorsProxy votesUS citizens overseasUS military overseas
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
4
II. US Voluntary Voting System Guidelines (VVSG)SecurityAccuracyError RecoveryIntegrityVote TabulationCasting a BallotAccessibilityIndependent Verification System
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
5
III. Existing SolutionsCommercial web-based voting
systems are availableSecure Electronic Registration
and Voting Experiment (SERVE)Security Peer Review Group
(SPRG)
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
6
IV. Proposed ArchitectureDesign RequirementsGeneral SchemaThe System ArchitecturePaillier Cryptography
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
7
Design RequirementsVVSGInformation Assurance general
rules◦Minimize the attach surface◦Mitigate the vulnerabilities
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
8
General SchemaShould not be centralizedGreatest vulnerability are from
insider attacksDenial of serviceKeep control of the ballotPublish the web application
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
9
The System ArchitectureVoting-ServerVoter AuthenticationIssue PresentationVerify the BallotCasting the BallotMutual Authentication
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
10
System Diagram
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
11
Paillier CryptographyExponentialHomomorphicGeneralized Paillier
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
12
V. A Demonstration SystemA 32-bit demonstration and
development system a.k.a ESXiA 64-bit demonstration system
a.k.a UCCS
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
13
32-bit Development System
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
14
64-bit Demonstration System
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
15
VI. Performance ComparisonsCryptographic MethodsCryptographic Key GenerationBlock Paillier vs. Generalized
PaillierBallot Casting
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
16
VII. Lessons LearnedFreewareInternet ForumsUsing Multiple Programing
Languages
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
17
VIII. Future WorkRedundancySecret Share Encryption and
DecryptionError Handling and LoggingBallot GenerationBallot and Multi-lingual DatabaseQuorum Login
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
18
IX. SummaryDeveloping an Election
Assistance Commission compliant voting system is a significant undertaking
SERVE objective too much too soon
Much future work availableThe demonstration system is a
proof of concept
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
19
DemonstrationGenerate and load a keyInitialize servicesVoteCollect the tallyDecrypt the tally
10/12/2012
An Architecture for Electronic Voting by Clifford Allen McCullough
20
References MotionVoter. (2011). Retrieved March 6, 2012, from http://www.motionvoter.com/ Cardellini, V., Casalicchio, E., Colajanni, M., & Yu, P. S. (2002). The State of the Art in Locally
Distributed Web-Server Systems. ACM Computing Surveys, Vol 34, No 2, 263-311. Damgard, I. B., & Jurik, M. J. (December 2000). A Generalisation, a Simplification and some
Applications of Paillier's Probabilstic Public-Key System. Basic Research in Computer Science, RS-00-45.
Defense, D. o. (2007). Expanding the Use of Electronic Voting Technology for UOCAVA Citizens. Department of Defense.
EAC. (2010). Election Assistance Commission. Retrieved February 29, 2012, from http://www.eac.gov/
EAC Voting System Testing and Certification Division. (2011). A Survey of Internet Voting. Washington, DC 20005.
EAC VVSG Vol I. (2010). Voluntary Voting System Guidelines Volume I. Retrieved August 24, 2012, from United States Election Assistance Commission: http://www.eac.gov/testing_and_certification/voluntary_voting_system_guidelines.aspx
EAC VVSG Vol II. (2010). Voluntary System Guidelines Volume II. Retrieved August 24, 2012, from United States Election Assistance Commission: http://www.eac.gov/testing_and_certification/voluntary_voting_system_guidelines.aspx
Jefferson, D. D., Rubin, D. A., Simons, D. B., & Wagner, D. D. (2004). A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE).
Paillier, P. (1999). Public-Key Cryptosystems Based on Composite Degree Residuosity Clases. Advances in Cryptology - Eurocrypt '99, pp. 223-238.
Shamir, A. (November, 1979). How to Share a Secret. Communications of the ACM, 612-613.
Vote-Now. (n.d.). Retrieved March 6, 2012, from https://secure.vote-now.com/
10/12/2012