an architecture for electronic voting

An Architecture ForElectronic Voting

Master Thesis Presentation

Clifford Allen McCulloughDepartment of Computer Science

University of Colorado at Colorado SpringsOctober 30, 2012

An Architecture for Electronic Voting by Clifford Allen McCullough

2

OutlineThe Need for an E-Voting SystemRelated WorkUS Voluntary Voting System GuidelinesExisting SolutionsProposed ArchitectureA Demonstration SystemPerformance ComparisonsLessons LearnedFuture WorkSummary

10/30/2012


3

I. The Need for an E-Voting SystemBusiness Board of DirectorsStudent class presidentUS citizens overseasUS military overseas

10/30/2012


4

Related WorkA Survey of Internet Voting (EAC Voting

System Testing and Certification Division, 2011)

VVSG (EAC VVSG Vol I, 2010), (EAC VVSG Vol II, 2010)

A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE) (Jefferson D. D., Rubin, Simons, & Wagner, 2004)

Implementing a Paillier Threshold Cryptography Scheme as a Web Service (Wilson, 2006)

10/30/2012


5

II. US Voluntary Voting System Guidelines (VVSG)SecurityAccuracyError RecoveryIntegrityVote TabulationCasting a BallotAccessibilityIndependent Verification System(EAC VVSG Vol I, 2010)

10/30/2012


6

III. Existing SolutionsCommercial web-based voting

systems are available◦(MotionVoter, 2011)◦(Vote-Now)

Secure Electronic Registration and Voting Experiment (SERVE) (Jefferson D. D., Rubin, Simons, & Wagner, 2004)◦Security Peer Review Group (SPRG)

(Defense, 2007)10/30/2012


7

IV. Proposed ArchitectureDesign RequirementsGeneral SchemaThe System ArchitecturePaillier Cryptography

10/30/2012


8

Design RequirementsVVSG (EAC VVSG Vol I, 2010)Information Assurance general

rules◦Minimize the attack surface◦Mitigate the vulnerabilities

A Survey of Internet Voting (EAC Voting System Testing and Certification Division, 2011)

10/30/2012


9

General SchemaShould not be centralized

◦Precinct level is best◦County level is good

Greatest vulnerability are from insider attacks

Denial of serviceKeep control of the ballot, server-

centricPublish the web application

10/30/2012


10

The System ArchitectureVoting-ServerVoter AuthenticationIssue PresentationVerify the BallotCasting the BallotMutual Authentication

10/30/2012


11

System Diagram

10/30/2012

Pre-election1 Deploy public key2 Start servicesElection3 Login, retrieve public key4 Vote5 Cast the ballot to both Tally serversPost election6 Retrieve ballots, check, and decrypt totals (3, 5)

(1, 6)

(1, 2, 3)

(2, 5, 6)

(3, 4, 5)

Linux OSWindows OS

Linux OS


12

Paillier CryptographyBlock Paillier (Paillier, 1999)

◦Exponential Encrypt: Decrypt:

◦Homomorphic

◦BlindingGeneralized Paillier (Damgard &

Jurik, December 2000)

10/30/2012


13

V. A Demonstration SystemA 32-bit development and

demonstration system, a.k.a IgnisA 64-bit demonstration system

on UCCS EAS Data Center Cloud, eVote resource pool, a.k.a Prometheus

10/30/2012


14

Ignis 32-bit Development System

10/30/2012


15

Prometheus 64-bit Demonstration System

10/30/2012


16

Election PreparationGenerate public and private keys

◦Private key is stored as Shamir shared secret shares (Shamir, November, 1979)

◦Total of 7 shares, quorum of 4 officials

Deploy the public keyStart the services

10/30/2012


17

Casting a BallotSeveral lines of Comma

Separated Values (CSV)One or two lines per issue

◦Precinct number may be added◦Issue number◦Check box array or write-in◦Paillier block count◦Generalized Paillier encrypted

information

10/30/2012


18

Sample Ballot

10/30/2012


19

Post ElectionCollect the tally information from

the redundant serversCompare redundant collections

◦Tally files should matchDecrypt using Shamir secret

shares (Shamir, November, 1979)◦Quorum of 4 officials is required◦Decrypt issue accumulations◦Individually decrypt write-ins

10/30/2012


20

VI. Performance ComparisonsCryptographic MethodsCryptographic Key GenerationBlock Paillier vs. Generalized

PaillierBallot Casting

10/30/2012


21

Encrypt and Decrypt Times

10/30/2012

Table 1. DES, AES, and ElGamal Methods

Table 2. Block Paillier Method

DESAES 128

AES 192

AES 256

ElGamal 128

ElGamal 256

ElGamal 512

runs / record 10,000 10,000 10,000 10,000 10 10 1032-bit Linux 81.785 7.948 9.482 11.101 0.626 0.843 1.51532-bit Windows 35.038 1.823 2.143 2.524 0.729 1.397 3.47364-bit Linux 49.343 3.970 4.761 5.562 0.307 0.368 0.52564-bit Windows 27.127 1.494 1.786 2.074 0.448 0.613 1.133

Paillier 64

Paillier 128

Paillier 256

Paillier 512

Paillier 1024

Paillier 2048

Paillier 4096

runs / record 10 10 10 10 10 10 1032-bit Linux 0.620 0.833 1.388 3.398 10.206 30.997 92.32532-bit Windows 0.710 1.261 2.951 9.247 32.041 100.295 305.87564-bit Linux 0.311 0.349 0.477 0.807 1.914 5.374 15.80964-bit Windows 0.467 0.591 0.989 2.282 7.267 24.202 76.557


22

Block vs Generalized Paillier Encrypt Decrypt Time

10/30/2012

Table 3. Block Paillier MethodKey Size 64 128 256 512 1024 2048 4096

32-bit Linux 0.607 0.839 1.401 3.39710.19

330.94

8 93.35132-bit Windows 0.660 1.156 2.807 8.600

29.832

94.428

288.980

64-bit Linux 0.357 0.406 0.554 0.930 2.216 6.090 17.80664-bit Windows 0.470 0.541 0.916 2.073 6.460

22.008 68.873

Table 4. Generalized Paillier Method

Key Size 64 128 256 512 1024 2048 4096block count 183 92 46 23 12 6 3

32-bit Linux310.69

9175.85

8151.76

5152.60

6175.02

6202.82

4269.46

032-bit Windows

902.606

580.257

515.191

514.770

576.426

674.665

826.454

64-bit Linux 81.945 37.679 31.461 31.181 36.355 41.627 53.74664-bit Windows

260.224

144.404

127.923

126.033

149.162

171.257

214.675


23

Block vs Generalized Paillier Encrypt Decrypt Time

10/30/2012

Figure 5. Block Paillier Method

Figure 6. Generalized Paillier Method

64 128 256 512 1024

2048

4096

0.0000.5001.0001.5002.0002.5003.0003.500

32-bit Windows32-bit Linux64-bit Windows64-bit Linux

Key Bit Size

Log(

Run

Tim

e)

64 128 256 512 1024

2048

4096

-1.000-0.5000.0000.5001.0001.5002.0002.5003.000


Key Bit Size

Log(

Run

Tim

e)


24

Key Generation Times

10/30/2012

Table 5. DES and AES Key GenerationTable 6. ElGamal Key Generation

Table 7. Paillier Key Generation

DESAES 128

AES 192

AES 256

runs / record

10,000

10,000

10,000

10,000

32-bit Linux 0.001 0.003 0.005 0.01332-bit

Windows 0.001 0.011 0.006 0.01664-bit Linux 0.001 0.002 0.003 0.004

64-bit Windows 0.001 0.009 0.010 0.015

ElGamal 64

ElGamal 128

ElGamal 256

ElGamal 512

ElGamal

1024runs / record 10 10 10 10 10

32-bit Linux 0.028 0.157 2.21247.46

91276.6

1632-bit

Windows 0.037 0.420 7.413181.9

435886.9

79

64-bit Linux 0.013 0.078 0.63610.80

0243.51

864-bit

Windows 0.021 0.160 1.91539.72

2897.33

2

Paillier 64

Paillier

128

Paillier

256

Paillier

512

Paillier

1024

Paillier

2048

Paillier

4096runs / record 10 10 10 10 10 10 1032-bit Linux 0.001 0.001 0.010 0.067 0.501 6.870 88.310

32-bit Windows 0.001 0.003 0.015 0.164 1.860

30.291

336.214

64-bit Linux 0.000 0.001 0.004 0.016 0.127 1.356 19.34864-bit

Windows 0.002 0.002 0.005 0.049 0.499 5.455 86.321


25

Key Generation Times

10/30/2012

Figure 7. ElGamal Key Generation

Figure 8. Paillier Key Generation

64 128 256 512 1024-3.000-2.000-1.0000.0001.0002.0003.0004.0005.000


Key Bit Size

Log(

Run

Tim

e)

64 128 256 512 1024

2048

4096

-4.000-3.000-2.000-1.0000.0001.0002.0003.000


Key Bit Size

Log(

Run

Tim

e)


26

VII. Lessons LearnedFreeware

◦Documentation not always current◦Problems persist through several updates

Internet Forums◦Good source of information and help◦No response to difficult questions

Using Multiple Programing Languages◦Transferring data between program and DLL◦Passing values between libraries is

problematic

10/30/2012


27

VIII. Future WorkRedundancySecret Share Encryption and

DecryptionError Handling and LoggingBallot GenerationBallot and Multi-lingual DatabaseQuorum Administrator Login

10/30/2012


28

IX. SummaryDeveloping an Election

Assistance Commission compliant voting system is a significant undertaking

SERVE objective too much too soon

Much future work availableThe demonstration system is a

proof of concept10/30/2012


29

DemonstrationGenerate and load a keyInitialize servicesVoteCollect the tallyDecrypt the tally

10/30/2012


30

References Damgard, I. B., & Jurik, M. J. (December 2000). A Generalisation, a Simplification and some

Applications of Paillier's Probabilstic Public-Key System. Basic Research in Computer Science, RS-00-45.

Defense, D. o. (2007). Expanding the Use of Electronic Voting Technology for UOCAVA Citizens. Department of Defense.

EAC Voting System Testing and Certification Division. (2011). A Survey of Internet Voting. Washington, DC 20005.

EAC VVSG Vol I. (2010). Voluntary Voting System Guidelines Volume I. Retrieved August 24, 2012, from United States Election Assistance Commission: http://www.eac.gov/testing_and_certification/voluntary_voting_system_guidelines.aspx

EAC VVSG Vol II. (2010). Voluntary System Guidelines Volume II. Retrieved August 24, 2012, from United States Election Assistance Commission: http://www.eac.gov/testing_and_certification/voluntary_voting_system_guidelines.aspx

Jefferson, D. D., Rubin, D. A., Simons, D. B., & Wagner, D. D. (2004). A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE).

Jefferson, D., Rubin, A., & Simons, B. (2007, June 13). The new report in response to the May 2007 DoD report on Voting Technologies for UOCAVA Citizens. Retrieved March 04, 2012, from http://www.servesecurityreport.org/

MotionVoter. (2011). Retrieved March 6, 2012, from http://www.motionvoter.com/ Paillier, P. (1999). Public-Key Cryptosystems Based on Composite Degree Residuosity

Clases. Advances in Cryptology - Eurocrypt '99, pp. 223-238. Shamir, A. (November, 1979). How to Share a Secret. Communications of the ACM, 612-

613. Vote-Now. (n.d.). Retrieved March 6, 2012, from https://secure.vote-now.com/

10/30/2012

an architecture for electronic voting

Documents

voting experiment

clifford allen mccullough2i

clifford allen mccullough4ii

vvsg eac vvsg vol

systemthe vvsg

secure electronic registration

proposed architecturethe

military personnel