1 / 22

Performance modelling of a secure voting algorithm

Performance modelling of a secure voting algorithm. Jeremy Bradley (Imperial College London) Stephen Gilmore (University of Edinburgh) Nigel Thomas (Newcastle University). Contents. Motivation Fujioka (FOO) voting scheme PEPA The model Results Conclusions. Motivation.

yestin
Download Presentation

Performance modelling of a secure voting algorithm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performance modelling of a secure voting algorithm Jeremy Bradley (Imperial College London) Stephen Gilmore (University of Edinburgh) Nigel Thomas (Newcastle University)

  2. Contents • Motivation • Fujioka (FOO) voting scheme • PEPA • The model • Results • Conclusions

  3. Motivation • To analyse systems using time based metrics derived from stochastic models. • To use e-voting as a case study for our analysis. • To investigate the scalability of the FOO scheme and the analysis techniques. • Use stochastic process algebra for both correctness and performance analysis. • To consider performance based attacks against this (and other) e-voting schemes.

  4. Fujioka (FOO) scheme Consists of • 3 (possibly 4) class of entity • Voters • Administrator • Teller (collector & counter) • 6 phases: • Preparation (voters) • Administration (administrator) • Voting (voters) • Collecting (counter) • Opening (voters) • Counting (counter)

  5. Communication Voter i Voter i Voter i 1. Prepared ballot Voter i Voter i Administrator Voter i 2. Signed 5. Revelation (or appeal?) – via anonymous channel 3. Publish (multicast) 4. Vote - via anonymous channel Collector / Counter

  6. PEPA • PEPA is a Markovian process algebra. • Interaction of components which engage, singly or multiply in activities. • Each component may be atomic or composed of other components. • Each activity a = (, r) has a type  and a rate r. • Each activity is exponentially distributed with rate r or passive with distinguished rate T. • A model in PEPA specifies a continuous time Markov chain.

  7. PEPA constructs

  8. Experiment 1 • Use “traditional” modelling and analysis to derive the steady state distribution. • System is modelled cyclically (infinitely repeated elections). • Solve simultaneous equations to find the average proportion of time spent in each “state”. • From this we can derive metrics such as average number of completed votes and average time for a voter to complete a vote. • Model parameters were derived from an implementation of the FOO scheme (by Oliver Davis).

  9. Experiment 2 • Uses tools from computational biology to analyse very large models. • Uses a continuous state approximation. • The model concerns a single election. • Each “solution” is a single trace of a simulated election. • Within a trace we count the number of components performing each behaviour. • Same parameters used as in experiment 1.

  10. Conclusions • Using PEPA it is possible to accurately depict the behaviour of a complex e-voting scheme. • Using traditional analysis techniques (even with approximation), this leads to state space problems. • Using novel techniques it is possible to analyse models of O(1010000) states. • The analysis shows the Administrator has scalability issues and may be vulnerable to a denial of service type attack – multiple administrator versions of the scheme have been proposed.

  11. Questions and Comments • Is this style of analysis of any use or interest to this community? • What measures should we be deriving?

More Related