1 / 36

E-voting DITSCAP Project

This project explores the implementation of secure electronic voting for the DITSCAP process, including penetration testing, threat assessment, and SSAA documentation. It addresses the vulnerabilities of current methods and proposes a robust and verifiable solution.

burtonk
Download Presentation

E-voting DITSCAP Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-voting DITSCAP Project Team: Samarpita Hurkute Kunal Bele Shin Nam Saroj Patil Chuck Short Rajshri Vispute Boeing Mentor POC: Ismael Rodriguez UCCS Faculty POC: Edward Chow

  2. DITSCAP Overview • DITSCAP – DoD Information Technology Security Certification and Accreditation Process • Purpose • Implements policies, assigns responsibilities, and prescribes procedures for Certification and Accreditation (C&A) of IT • Creates a process for security C&A of unclassified and classified IT DITSCAP

  3. What is the DITSCAP? • It is a process for certifying that a given system is safe to operate (security-wise) in its given environment. • A process that ensures systems maintain their accreditation throughout their lifecycle. DITSCAP

  4. Who has to follow DITSCAP? • All DoD owned or controlled information systems that receive, process, store, display, or transmit DoD information regardless of classification or sensitivity. DITSCAP

  5. What are the benefits of the DITSCAP? • Ensures security vulnerabilities are addressed to the level deemed acceptable by the Designated Approving Authority (DAA). • Certification effort can be scaled to fit the size and complexity of the system. • Adaptable for any computer environment or mission. • Helps identify security solutions that are achievable. DITSCAP

  6. DITSCAP Phases • Phase 1 – Definition • Understand the mission,environment and system architechture • Identify threats • Gauge Level of effort • Identify the DAA • Phase 2 – Verification • Verfiy compliance of the system with security related requirements • Phase 3 – Validation • Evaluate the system and determine residual risks • Phase 4 – Post accreditation • Monitor the system to preserve the residual risk DITSCAP

  7. SSAA Overview • SSAA – System Security Authorization Agreement • It is a document required by the DITSCAP • What it does • Defines operating environment of the system • Identifies the “system” • Defines risk and countermeasures • Documents agreement among all parties involved in the system DITSCAP

  8. SSAA Overview • Consists of main document and appendices • Main document covers: • Mission Description and System Identification • Environment Description • System Architectural Description • System Security Requirements • Organizations and Resources • DITSCAP Plan • The appendices are used to provide supplement information to the above six sections. DITSCAP

  9. SSAA Contents • System description along with functional diagrams • Highlights sensitivity of data processed • System architecture diagram with firewall • Physical security of the E-voting system • Threats to the E-voting system • Mitigations Applied • Data flow diagram • Data security requirements DITSCAP

  10. Project Overview • Using the E-voting system to walk through the DITSCAP process/requirements to include penetration testing, threat/vulnerability assessment, and document SSAA which is to be approved by Boeing POC. DITSCAP

  11. Secure E-VotingAdapted from Brett’s viewgraphs http://cs.uccs.edu/~gsc/pub/master/bswilson/docs/ • Secure electronic voting • Why? • 2000 Florida Presidential election • Increase participation/election visibility • Extensive research into developing technologies to allow secure electronic voting • Current methods are vulnerable • Diebold voting machine security • Princeton hacks • Kohno et al. software security analysis DITSCAP

  12. Secure E-VotingAdapted from Brett’s viewgraphs http://cs.uccs.edu/~gsc/pub/master/bswilson/docs/ • E-voting Requirements • Privacy/Anonymity, Completeness, Soundness, Un-reusability, Eligibility, Fairness • Robustness, Universal Verifiability, Receipt-Freeness, Incoercibility DITSCAP

  13. Related WorkBrett’s Master project report @ http://cs.uccs.edu/~gsc/pub/master/bswilson/docs • Basis for Implementation • Sharing Decryption in the context of Voting or Lotteries (Fouque, Poupard, Stern, Financial Cryptography 2000) • Closely related research • A Generalization of Paillier’s Public Key Cryptosystem with Applications to Electronic Voting (Damgard, Jurik, Nielson, Aarhus University, Dept. of Computer Science) • Uses of Paillier Cryptography • Electronic Voting • Anonymous Mix Nets (due to self-blinding property) • Electronic Auctions • Electronic Lotteries DITSCAP

  14. PTC Cryptography TechniquesAdapted from Brett’s viewgraphs http://cs.uccs.edu/~gsc/pub/master/bswilson/docs/ • Paillier Cryptography • Trapdoor Discrete Logarithm Scheme • Important Properties • Homomorphic (multiply encrypt votes = encrypt(sum(vote))!) • E(M1 + M2) = E(M1) x E(M2), E(k x M) = E(M)k • Self-blinding • Re-encryption with a different r doesn’t change M DITSCAP

  15. PTC Cryptography TechniquesAdapted from Brett’s viewgraphs http://cs.uccs.edu/~gsc/pub/master/bswilson/docs/ • Threshold Encryption • Public key encryption as usual • Distribute secret key “shares” among i participants • Decryption can only be accomplished if a threshold number t of the i participants cooperate • “Need at least one from each democratic and republican party representatives, and one election official presence to decrypt” • No information about m can be obtained with less than t participants cooperating DITSCAP

  16. PTC Based E-voting PrototypeAdapted from Brett’s viewgraphs http://cs.uccs.edu/~gsc/pub/master/bswilson/docs/ • E-voting allows single-choice ballots • Election administrator creates election parameters with the help of PTC encryption • The administrator submits election parameters to PTCVotingService (Web Services) • Voters load election parameters and cast encrypted votes • The homomorphic properties of the PTC enable the tally to be done without decrypting the vote.  protect the privacy of voter. • To decrypt the tally, require at least t (threshold) out of N key shared holders to participate to generate the key for decryption. DITSCAP

  17. DITSCAP

  18. Security Technical Implementation Guide (STIGS) • Configuration standards for DOD Information Assurance (IA) and IA-enabled devices/systems • Contains instructions or procedures to verify compliance to a baseline level of security DITSCAP

  19. Security Technical Implementation Guide (STIGS) • Security (CAT) Codes – A measure to assess the systems security related standing DITSCAP

  20. Application Security Requirements STIGS • Defines a set of recommended security requirements that are common to all software applications • Used as a first step to designing security into applications to reduce application vulnerabilities. • Lists the potential vulnerabilities of the application systems • Design and development related vulnerabilities • Misconfiguration and administration related vulnerabilities • Necessary non-secure standards DITSCAP

  21. Network Infrastructure STIGS • Inbound access list – filter packets before they enter the router • Outbound traffic – filtering rules to be applied to outbound traffic with an illegitimate address • Firewalls – necessary to minimize threat and protect the enclave • Intrusion detection system – detect unauthorized or malicious traffic DITSCAP

  22. Database STIGS • Product Updates • System and Data Backup • Access • Transaction auditing • Roles and Permissions DITSCAP

  23. Secure Remote Computing STIGS • Provides technical security policies and requirements to provide secure remote access to users in DOD. • Discusses remote user environment and network site architecture • Guide for securing DOD assets within a remote access environment • Provides suggestions for redundancy and survivability DITSCAP

  24. Minimal Security Activity Checklist • Main sections include • System Architecture Analysis • Software, Hardware, and Firmware Design Analysis • Network Connection Rule Compliance Analysis • Integrity Analysis of Integrated Products • Life-Cycle Management Analysis • Vulnerability Assessment • Security Test and Evaluation DITSCAP

  25. Minimal Security Activity Checklist • Penetration Testing • TEMPEST and RED/BLACK Verification • COMSEC Compliance Validation • System Management Analysis • Site Accreditation Survey • Contingency Plan Evaluation • Risk Management Review DITSCAP

  26. Threat Model - STRIDE • Spoofing – The identity of the voter cannot be trusted • Tampering – The vote for Candidate A could be assigned to Candidate B or vice versa • Repudiation – No authorized identification of parties involved in the E-voting process. • Information Disclosure – Disclosing the tally count • Denial of service – Making the E-voting system unavailable to its intended users • Elevation of privilege – gaining system privileges through malicious means DITSCAP

  27. Threat Scenarios • Breaking encryption – tampering with the public and private keys • Allocating observation with data • The database is not “READ ONLY” – can be used for SQL injection • The Electronic Ballot Casting Device – a ‘Trojan horse’ on the voting terminal. • The Voting Protocol – sniffing on the network. • The Electoral Server – depending on the applied voting protocol, the election servers are a vulnerability point • Other Anonymity Threats – the Voter Audit Trail could also be used to link a voter to their vote. DITSCAP

  28. Vulnerabilities-Mitigations DITSCAP

  29. Vulnerabilities-Mitigations DITSCAP

  30. Vulnerabilities-Mitigations DITSCAP

  31. Residual Risks Natural and man made threat Eg.fire, flooding, water, wind,electrical disturbances External or internal threat agents Eg.espionage services, terrorists, Shared Passwords Accidental human action which compromises the system Human negligence DITSCAP

  32. Future Work DITSCAP

  33. Lessons Learned • Problems faced : • Not sure what could be the vulnerabilities of the system • The DITSCAP was a big confusing concept • CONOPS was something complicated at first sight • How we solved them : • The DITSCAP Application Manual provided easy reference to each section in the SSAA • Complexities solved by Izzy and Dr. Chow • STIGS was a great help • Vulnerability-Mitigation Mapping • Learned the basics of Paillier Threshold Cryptography • The security issues surrounding E-voting systems DITSCAP

  34. Conclusion • DITSCAP Overview • SSAA Overview • Project Overview • Secure E-voting System • Threats and Mitigations • Future Work • Project information can be found at http://viva.uccs.edu/ditscap/ DITSCAP

  35. References • Brett Wilson, UCCS, Implementing a Paillier Threshold Cryptography Scheme as a Web Service. • http://www.nswc.navy.mil/ISSEC/COURSES/Ditscap.ppt • http://www.i-assure.com/ • http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP.pdf • http://viva.uccs.edu/ditscap/index.php/Image:DITSCAP_Application_Manual.pdf • http://viva.uccs.edu/ditscap/index.php/Image:SSAA_Guidance.doc • http://iase.disa.mil/stigs/stig/database-stig-v7r2.pdfhttp://iase.disa.mil/stigs/stig/network-stig-v6r4.pdfhttp://iase.disa.mil/stigs/stig/src-stig-v1r2.pdfhttp://iase.disa.mil/stigs/stig/applicationsecurityrequirements.pdf DITSCAP

More Related