750 likes | 998 Views
E-voting protocol ----electing a University President. lucyh36@gmail.com July 13 id , 2011. Resource. Person D. Chaum ( mixnet in 1981 ) J. Benaloh (casting protocol in 1994) Ben Adida (Helios) Paper Internet voting, security and privacy Helios: web-based open audit voting(2009)
E N D
E-voting protocol----electing a University President lucyh36@gmail.com July 13id, 2011
Resource • Person • D. Chaum (mixnet in 1981) • J. Benaloh (casting protocol in 1994) • Ben Adida (Helios) • Paper • Internet voting, security and privacy • Helios: web-based open audit voting(2009) • Helios: electing a University President using Open-Audit voting: Analysis of real-world use of Helios(2010) • Secure electing voting—a framework(E2E) • Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example • Advances in Cryptographic Voting Systems, MIT, 2006 http://ben.adida.net/presentations/
Roadmap • Problem and background • Internet Voting, Security and Privacy • Voting Security Overview • Helios(2008-v1.0,2009-v2.0,2011-v3.1+) • Web-based open-audit voting • Electing an University President(March,2009) • How to install Helios v3.1 in my own server • Attack and Defense • A possible end
Internet voting, Security and Privacy • Law • Security • Client • Bug and OS(网页挂马攻击, PKI证书欺骗) • Server • Database(phishing 假冒投票网站) • Network (redirect) • DNS(DNS poisoning) • BGP(路由欺骗) • Route(放大攻击,IP欺骗,DHCP安全协议问题 , SYN洪泛,UDP洪泛,TCPRST攻击,TCP会话劫持, 路由欺骗) • Privacy
Background • E-voting history • Greece • Paper ballots • Voting machine • Internet and real world voting(March, 2009) • ?US president(Bush), Diebold, 2000 (Kohno-Stubblefield-Rubin-Wallach) • Helios2.0: web-based open audit voting system
Voting Security Overview 黄蓉心仪:郭靖 欧阳锋(A Coercer):欧阳克
Helios: open-audit e-voting system • Problem • How to get a result by voting? • Chain of custody • Low-coercion (胁迫性) • Technical concept • MixNet (Server, protect the relationship by crypt) • Benaloh casting protocol(audit back-end counting) • Moving the black box • Zero-knowledge proof • Verify operations on encrypted data
Problem 黄蓉选:黄药师 郭靖选:洪七公 欧阳克选:欧阳锋
Helios 2.0 • Hardware and software • Linux, MS, MacOS • Web browser(Safari2/3, Firefox 2.0/3.0, IE6/7/8, Chrom1.0)+JavaScript (Client) • Free/open source software stack(v2.0), python(Django web toolkit for python) Postgre SQL database • PHP(v3.1 server) • http://heliosvoting .org (registered by facebook or google) • Zero-Knowledge Proof • MixNet • Benaloh Casting
From Helios 1.0 to 2.0 http://code.google.com/appengine/
The voting website was successfully tested on Linux, Mac OSX and Windows with the Firefox 2 and 3, Internet Explorer 6, 7 and 8, Safari 2 and 3, and Chrome 1 web browsers.
Helios--Attacks and Defense • Estehgari-Desmedt, August 2010 • http://www.cs.ucl.ac.uk/staff/y.desmedt/slides/Hacking-Helios2.pdf • http://www.usenix.org/event/evtwote10/tech/full0papers/Estehgari.pdf • Wikströn and Smyth-Cortier, December 2010 • http://www.di.ens.fr/cryptoSeminaire.html/#Attacking_ballot_secrecy_in_Heli