performance modelling of a secure voting algorithm
DESCRIPTION
Performance modelling of a secure voting algorithm. Jeremy Bradley (Imperial College London) Stephen Gilmore (University of Edinburgh) Nigel Thomas (Newcastle University). Contents. Motivation Fujioka (FOO) voting scheme PEPA The model Results Conclusions. Motivation. - PowerPoint PPT PresentationTRANSCRIPT
Performance modelling of a secure voting algorithm
Jeremy Bradley (Imperial College London)
Stephen Gilmore (University of Edinburgh)
Nigel Thomas (Newcastle University)
Contents
• Motivation• Fujioka (FOO) voting scheme• PEPA• The model• Results• Conclusions
Motivation
• To analyse systems using time based metrics derived from stochastic models.
• To use e-voting as a case study for our analysis.• To investigate the scalability of the FOO scheme
and the analysis techniques.
• Use stochastic process algebra for both correctness and performance analysis.
• To consider performance based attacks against this (and other) e-voting schemes.
Fujioka (FOO) schemeConsists of
– 3 (possibly 4) class of entity• Voters• Administrator• Teller (collector & counter)
– 6 phases:• Preparation (voters)• Administration (administrator)• Voting (voters)• Collecting (counter)• Opening (voters)• Counting (counter)
Voter iVoter i
Voter iVoter i
Voter iVoter i
Collector /
Counter
1. Prepared ballot
2. Signed
3. Publish (multicast) 5. Revelation (or appeal?) – via anonymous channel
Communication
Administrator
4. Vote - via anonymous channel
PEPA
• PEPA is a Markovian process algebra.• Interaction of components which engage, singly
or multiply in activities. • Each component may be atomic or composed of
other components. • Each activity a = ( , r) has a type and a rate r. • Each activity is exponentially distributed with rate
r or passive with distinguished rate T.• A model in PEPA specifies a continuous time
Markov chain.
PEPA constructs
Experiment 1• Use “traditional” modelling and analysis to derive
the steady state distribution.– System is modelled cyclically (infinitely
repeated elections).– Solve simultaneous equations to find the
average proportion of time spent in each “state”.
– From this we can derive metrics such as average number of completed votes and average time for a voter to complete a vote.
• Model parameters were derived from an implementation of the FOO scheme (by Oliver Davis).
Experiment 2
• Uses tools from computational biology to analyse very large models.– Uses a continuous state approximation.– The model concerns a single election.– Each “solution” is a single trace of a simulated
election.– Within a trace we count the number of
components performing each behaviour.• Same parameters used as in experiment 1.
Conclusions• Using PEPA it is possible to accurately depict the
behaviour of a complex e-voting scheme.
– Using traditional analysis techniques (even with approximation), this leads to state space problems.
– Using novel techniques it is possible to analyse models of O(1010000) states.
• The analysis shows the Administrator has scalability issues and may be vulnerable to a denial of service type attack – multiple administrator versions of the scheme have been proposed.
Questions and Comments
• Is this style of analysis of any use or interest to this community?
• What measures should we be deriving?