E-voting protocol ----electing a University President

Presentation on theme: "E-voting protocol ----electing a University President"— Presentation transcript:

1 E-voting protocol ----electing a University President
July 13id, 2011

2 Resource Person Paper D. Chaum (mixnet in 1981)
J. Benaloh (casting protocol in 1994) Ben Adida (Helios) Paper Internet voting, security and privacy Helios: web-based open audit voting(2009) Helios: electing a University President using Open-Audit voting: Analysis of real-world use of Helios(2010) Secure electing voting—a framework(E2E) Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Advances in Cryptographic Voting Systems, MIT, 2006

3 Roadmap Problem and background Helios(2008-v1.0,2009-v2.0,2011-v3.1+)
Internet Voting, Security and Privacy Voting Security Overview Helios(2008-v1.0,2009-v2.0,2011-v3.1+) Web-based open-audit voting Electing an University President(March,2009) How to install Helios v3.1 in my own server Attack and Defense A possible end

4 Internet voting, Security and Privacy
Law Security Client Bug and OS（网页挂马攻击, PKI证书欺骗） Server Database(phishing 假冒投票网站) Network (redirect) DNS(DNS poisoning) BGP（路由欺骗） Route（放大攻击，IP欺骗，DHCP安全协议问题 ， SYN洪泛，UDP洪泛，TCP RST攻击，TCP会话劫持， 路由欺骗） Privacy ？网络扫描，无线网络监听破解

5 Background E-voting history Greece Paper ballots Voting machine
Internet and real world voting(March, 2009) ?US president(Bush), Diebold, 2000 (Kohno-Stubblefield-Rubin-Wallach) Helios2.0: web-based open audit voting system

6 Voting Security Overview
黄蓉心仪：郭靖 欧阳锋(A Coercer)：欧阳克 投票者的真实意愿 A coercer是对Alice施加影响的人，不是攻击者。 他的作用在于令Alice用自己的票选Coercer希望选的人而不是Alice愿意选的人。

7 保存证据，过程公开，无论团体还是个人都可认证，用于投票的机器可选择。

8 Helios: open-audit e-voting system
Problem How to get a result by voting? Chain of custody Low-coercion (胁迫性) Technical concept MixNet (Server, protect the relationship by crypt) Benaloh casting protocol(audit back-end counting) Moving the black box Zero-knowledge proof Verify operations on encrypted data

9 Problem 黄蓉选：黄药师 郭靖选：洪七公 欧阳克选：欧阳锋

10

11

12 Truly Verifiable Voting
DRE：Direct Recording by Electronic

13 Keep secret data Open the black box

14 分散认证，多人认证 打开暗箱 前端验证（front-end）与后端验证（back-end）分别完成什么作用？

15 Helios 2.0 Hardware and software Linux, MS, MacOS
Web browser(Safari2/3, Firefox 2.0/3.0, IE6/7/8, Chrom1.0)+JavaScript (Client) Free/open source software stack(v2.0), python(Django web toolkit for python) Postgre SQL database PHP(v3.1 server) .org (registered by facebook or google) Zero-Knowledge Proof MixNet Benaloh Casting

16 Definition: A prover P interacts with a verifier V to demonstrate the validity of an assertion, e.g. “ciphertext c under public key pk decrypts to ’Mickey Mouse’ ”. If the prover is disonest-i.e. the assertion is false—then the verifier should reject this proof with noticeable probability. If the prover is honest—i.e. the assertion is true—the verifier should accept this proof. Finally, the verifier should learn nothing more than the truth of the assertion.

17 ???

18 Mix servers were RSA based. Exponential EI Gamal
Definition: The type of anonymous channel that performs this repeated shuffling is called a mixnet. Each official is called a mix server. ?? Trusted third party

19 两次验证

20

21 Threshold decryption:多个officials共享公、私钥对，合作解密。
It is then possible for any k of these l officials to jointly decrypt a ciphertext in a truly distributed protocol.

22

23

24

25

26

27

28 ??????

29 防止一人多票：公开投票人列表。 把可信的分票、验证x、计票服务器分开。 在投票过程之前，增加验证(UCL central authority发签名KEY)的过程（电子邮件与安全链接，UCL的证件信息，投票者的假名）。 Security Implications. If a server is able to authoritatively claim that a ballot comes from a particular voter, then there is always the chance of ballot stuffing. In fact, this exact same problem exists with Helios 1.0: the Helios server itself could stuff the ballot box near the end of the day. In the case of an open-audit voting system, as described in the original Helios paper, the simple defense against this is to ensure that the voter list is published at the end of the election for verification during an audit phase. It is expected that ballot stuffing would be detected at this time. In the case of Helios 2.0, the additional server is not introduced for security reasons, but rather for modularity of the authentication implementation. The trust relationship hasn’t changed: we expected the set of Helios servers not to stuff the ballot, and we verify this during the audit phase and after the election results are published by publishing the voter list.

30 From Helios 1.0 to 2.0 Helios 1.0

31 The voting website was successfully tested on Linux, Mac OSX and Windows with the
Firefox 2 and 3, Internet Explorer 6, 7 and 8, Safari 2 and 3, and Chrome 1 web browsers.

32

33 使用投票者的UCL证件注册，并邮件通知本人已注册，防止没参加投票但是证件号被冒用。
The purpose of the registration notification is to invite a voter who did not register but had her credentials used by someone else to immediately contact the UCL Service Desk in order to take the appropriate reaction. At any time after registration, voters are able to regenerate their password, following the same procedure (however the voter id is attributed once and for all.) Sensitive data such as voter id and password are never sent by .

34 Helios: electing a university president in real world

35

36 Overview of the web bulletin board

37

38 Two weeks from 1st round to 2nd round.

39

40 Helios --Attacks and Defense
Estehgari-Desmedt, August 2010 Wikströn and Smyth-Cortier, December 2010

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57 Helios: Response

58 Helios: Response

59 Helios: how to install(1)
How to install Helios v3.1 in my own server

60 Helios: how to install(2)

61 Helios: how to install(3)

62 Helios: how to install(4)

63 Helios: how to install(5)

64 Helios: how to install(6)

65 回顾金庸原著与83版华山论剑 第一局 第二局 结局 洪七公、黄药师、郭靖 郭靖胜出 欧阳锋、洪七公+黄药师+郭靖 欧阳锋胜出
黄蓉给欧阳锋设的局 一个哲学问题 ： “我 是 谁”

66 候选人的竞选宣言 洪七公（计算机系主任） 大学教育 黄药师（数学系主任 ） 学科建设 欧阳锋（化学系主任） 千万别出事

67 投票系统使用前的对决 黄蓉（计算机系网络安全博士） 准备了一批基于硬件虚拟化的机器供有意使用官方机器的投票者使用
去掉原有硬盘、关掉无线与远程控制功能 修补漏洞与软件更新 多个物理独立的服务器分别完成注册、发票与计票工作 投票系统上线测试一个月 食堂门前、教室BBS、电梯间内广发宣传册 学习相关法律文件，检查隐私权保护及密钥使用权限

68 投票系统使用前的宣传工作 校园内宣传选举时间及系统使用演示视频 注册时间可选且可试用测试投票系统 投票时间机动可选 午饭时间（食堂内电视）
教室墙壁张贴打印版 论坛BBS公开源代码 注册时间可选且可试用测试投票系统 投票时间机动可选

69 投票系统使用前的对决 欧阳克在软件测试与投票人注册时可访问系统间隙的工作 邮箱、URL挂马 办公软件（文档编辑）漏洞挂马 cookie
网页挂马 利用自动更新功能于后台分版分步下载恶意软件 篡改投票内容（引入另一链接） 改变候选人的竞选宣言的链接

70 故事接龙之投票网站攻与防 华筝（来自M大的交流学生）/梅超风（计算机系研究生） 郭靖的防御（网络管理员）
伪装成victim/HoneyPot诱出攻击者 跟踪IP地址找到攻击机来源并入侵到攻击者机器中 利用自动更新系统收集rootkit代码数据并转交郭靖（程序比特位对齐技术已获专利） 郭靖的防御（网络管理员） 购置并学习使用网络流量实时监控协议分析仪 依据攻击代码，修改程序 投票系统正式上线前一天晚上完成代码优化工作

71 投票系统上线前的准备工作 A set of secured client machines for voters who wished to use an official voting machine 供投票者使用的开放实验室机房（基于ZEN的虚拟机系统 ） 紧急调用具有干净系统的备用机器（客户端） Implemented its own, high-speed, offline tallier and verifier 密钥产生过程（专家现场监督与断网专用机）

72 故事接龙之投票网站攻与防 候选人 投票人 黄蓉的纠结 洪七公、黄药师、欧阳锋 全校教师、学生、工作人员、技术人员 弃权？
一人一票？东邪？洪七公 一人三票：郭靖、东邪、洪七公（下一步工作）

73 T 大校长选举 遴选什么样的校长 一流的教育家 个人成就 门下桃李（黄蓉、郭靖） 同辈 南帝、东邪、老顽童 西毒 谁培养的毕业生日后更成功？
谁的教育，给学生的心灵留下了永久的印迹、奠定了他们一生的事业和生活的基础？ 哈佛商学院 根据2006年2月6日公布的数据，该院2003年正式发动了一场声势浩大的募捐运动，目标是募集5亿美元。如今成果出来，大大超过了原来的目标，达到6亿美元。这是世界商学院中所募集到的最大的金额。 再看看这6亿美元到手后怎么花：11400万将花在学生的奖学金上，超过预定的1亿的目标；10020万花在雇用教授上，也超过预定的1亿的目标；12530万用于技术基础设施的建设，超过12000万的目标；12750万用于全球性研究和国际交流，超过预定的1亿的目标；校园整修募集了8570万，超出8000万的目标。另有6000多万的机动基金。给学生的奖学金，占了总金额的将近1／5。