security issues facing online voting systems
DESCRIPTION
Security Issues Facing Online Voting Systems. Joe Hernandez MEIA CS-6910 Dr. Chow. Overview. Security of Remote Online Voting [1] Two Case Studies Troubles faced by each election Cryptographic Foundations Blind Ballot using Public Key Cryptography (PKC) Voting Protocol using PKC - PowerPoint PPT PresentationTRANSCRIPT
Security Issues Facing Online Voting
SystemsJoe HernandezMEIA
CS-6910Dr. Chow
OverviewSecurity of Remote Online Voting [1]
Two Case StudiesTroubles faced by each electionCryptographic Foundations
Blind Ballot using Public Key Cryptography (PKC)Voting Protocol using PKCBlind Ballot using Public Key Infrastructure (PKI)Modified Voting Protocol using PKI
Technology Risks Facing Online VotingElection Risk & SecuritySuggested security measures for online
voting
Paper ReviewThe Security of Remote Online Voting [1]Paper Discusses two cases of Internet Voting
Arizona Democratic Party Election in 2000 Student Council Elections @ University of
VirginiaThe internet will solve typical voting problems
Eliminate “Hanging Chad” Speed up counting processEliminate lengthy recountsIncrease voter turnoutGuarantee the intent of the voter (simplify
voting)
Case Studies2000 Arizona Democratic Primary
First major use of internet voting A legally binding political electionConsidered a “Private” election Not subject to voting standardsContracted out to election.comVendor claimed success (financial
motivation)
Many things went wrong!!
What went wrong?Failed to head warnings from Tech ExpertsVoters forgot, lost, received wrong PIN #’s Violated “Secret Ballot” by assigning PINsMinority access to internet/computers Computer/Browser compatibility issuesSite down for an hour on election dayNo customer service / limited help desk
supportMultiple lawsuits filedViolated 1965 Voting Rights ActBelief security was “Airtight”Used proprietary encryption algorithm
Case StudyUniversity of Virginia Student Council Elections
Small, simple, successfulPaper ballots not effectiveEase of Internet access among campus population Minimal hardware/software necessaryEase of authentication with a small population
Similar problems to Arizona Election
What went wrong here?Believed in community of “Trust”Servers crashed within minutes of the electionStudent information was publically available
Making it easy to hijack someone's voteVotes were not encrypted in transmissionStudents restricted from voting
Based on departmentOverseas students could not voteBased on “Class Status” determined by credit
hoursAlphabetical ordering of candidates
Student’s on top appeared to be favoredFundamental tradeoff between security and
convenience
Cryptographic FoundationsOnline voting depends upon Public Key
CryptographyDiffe-Hellman public key exchange 1976
Changed cryptography foreverAllows for two people to generate a secret key
RSA allowed for use of two keys (Public & Private)RSA also allows for digital signature of messages
PKC used for Authentication and ConfidentialityMakes (theoretical) online voting possibleCan be used to generate “Blind Ballots”Blind Ballots – Voters right to keep vote private
Blind Ballot using PKC
Message(M)
M * r
BlindingFactor
(r)
EKR (M*r)
BlindedDoc
(M * r)
Notary’sSignature
(KR)
SignedBlinded
DocEKR (M*r)
Divide byBlindingFactor
(r)
EKR (M*r)
SignedMessageEKR (M)
Is something wrong with this method
Is message/vote truly blinded?
Voter received a PIN DuringRegistration
PIN
Blinded BallotAnd PIN
Sent to Validator
PIN DatabaseRegistration
Server
Validates VotersPin Signs Ballot &
Sends back to Voter
Blinded BallotSigned by Validator
Voter removes blindingAnd passes signed ballotTo tallier anonymously*
EKR (M*r) + PIN EKV(EKR (M*r))
EKV(M)
ValidatedVote tallied
Modified Blind Ballot using PKI
Message(M)
EEPK(M)
Election PublicKey (EPK)
EPK (M) + PIN
Encrypted VoteEPK(M)
(Blinded)
Voters PINFrom Registration
Process
(EVPK ((EEPK (M) + PIN))
Validators Public Key (VPK)
Vote blinded from ValidatorConfidentiality and Integrity
Provided between voter and Validator
Modified Voting Protocol
EncryptedBlinded Ballot
With PIN
PIN Database
Decrypts & Validates Vote, Removes PIN
Signs Ballot with Private KeySends to Voter
Database Blinded BallotSigned by Validator
(EVPK ((EEPK (M) + PIN))
ValidatedVotes tallied
(Must have ElectionPrivate Key)
VoteDatabase
Voting DatabaseSigned Blinded Ballot Entered Into Database
(EVPRK (EEPK (M)))
(EVPRK (EEPK (M)))
Is PIN Valid
Comparison of electionsArizona Election
• Large scale election• Traditional methods-Status Quo• Legally binding• Internet not available to
everyone• Lawsuits filled• Some voters could not vote• Large target audience (State)• Authorization req. Registration• Large political target for hackers• Undisclosed funds spent• Security a major concern • Trust a major issue!!• Considered a failure
University of Virginia • Small scale election• Traditional methods to costly• Not legally binding • Everyone had internet access• No legal requirements• Voters unable to vote• Small targeted group (Campus)• Authorization via Registration• Small target for hackers (No gain)• Managed in house by IT Dep.• Trade security for convenience• Trust within community!!• Considered a success
Technology Risks for Online VotingSecurity Risks associated with Online Voting
Internet is still a very insecure mediumSpyware, Malicious Code, Botnets, Hackers, Oh My!!!Spam – Bogus e-mails or links to Bogus Voter WebsitesPoorly developed applicationsDistribute / Denial of Service Attacks (DOS / DDOS) Physical attacks possible Insider threat, intentional or unintentional
Rarely a brute force attack against crypto algorithms
Election Risk & Security
Election Risk / Criticality of Outcome
Secu
rity
Mea
sure
s
$$$$
$Student
Council Election
University Official
State/NationalCommittee
State/Federal Official
PresidentialElection
CIA TriadLowModerateHighOff The Hook
City PublicOfficial
1 2 3 4
Trust in technology/internetTechnology & Internet is part of our culture
Ease of Internet Access Online BankingOnline Sales – Amazon etc.Use of ATMs
290,000 ATMs in US – 1999 14.9 Billion Transactions - 1998
Debit/Credit CardsAirline Tickets on you Cell phone – Approved by the TSA!
http://www.google.com/publicdata?ds=wb-wdi&met_y=it_net_user_p2&idim=country:USA&dl=en&hl=en&q=internet+usage+statistics
Zone 1 - SecurityThings to consider
Keep it simple!Utilize SSLEstablish Secure Web Site/ServerEnforce strong username & passwordsKeep systems patched and anti virus/spyware
currentApply applicable STIGs from DISA or NSAEliminate unnecessary applications/software (harden
system)Use available tools to scan for vulnerabilities before
electionBackup your website and your data (daily) keep data
secure Limit your exposure - open website during voting
hours onlyPossible use of a firewall or host system at a secure
site if $$ allow
$ - Low CIA - Low Legal - None
Zone 2 - SecurityThings to consider
Zone 1 security requirementsFirewall / DMZHost base Intrusion Detection SystemPublic Key CryptographyAuthentication, Authorization, Accountability (AAA)Redundant systems Alternate / Backup siteInternal review/certification (NIST 800-53 / Low-
Moderate) Consider Web Site Security (OWASP Top 10)Requires individual registration issuing of PIN #s
$$ - Moderate
CIA - Moderate
Legal - Possible
Web App Security RisksThe OWASP Top 10 Web Application Security Risks for 2010: A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and Forwards
Zone 3 - SecurityThings to consider
Zone 2 security requirementsIndependent registration systemEnhanced firewalls
Deep Packet InspectionIntrusion Detection / Prevention Systems VPNsEnd-to-End Encryption (PKC/PKI)Cryptographic Authentication for Officials Penetration testingIndependent certification/Review (NIST 800-53 /
Moderate-High) Functional and Compatibility TestingLegal review – Ensure compliance with applicable laws
$$$ - High CIA - High Legal – State/Federal
DMZ
Zone 4 - SecurityThings to consider
Zone 3 security requirementsMultiple Independent Operating Locations High Availability & Redundancy Distributed across the Enterprise DOS/DDOS Detection/Reaction, and Redirection of Authorized
TrafficMultiple Linked Online Intrusion Detection / Prevention Systems Enterprise monitoring /Management
(networks/servers/databases...) Private/Dedicated encrypted networks compliant with FIPS 140-2Heavy use of PKI & End-to-End EncryptionMultiple Independent certifications/Reviews (NIST 800-53 / High) Federal/States Legal review – Ensure compliance with applicable
laws
$$$$ - Very High
CIA – High + AAA
Legal – Federal/State
ConclusionIssues facing Online Voting are enormous Internet continues to be insecure mediumInsecurity is across the board-clients, applications,
networks…Insecurity seems to be increasingTrust across the community is lackingIssues range from Technical to Administrative through LegalProblems persist, new ones arise, old ones are not fixedSmall scale voting seems to be far more successfulCryptographic techniques exist to support Online VotingFurther research into multiple online voting areas still
needed
Sources
[1] The Security of Remote Online Voting - Thesis Daniel Rubin, School of Engineering and Applied Science
University of Virginia