Secure E-voting system

Presented by/Monira Monir Haroon

Secure Voting System

1Under Supervision of Prof. Dr. Hala Helmy ZayedDr. Ayman AlAhwal

AgendaObjectivesIntroductionDisadvantage of Traditional Voting ProcessE-Voting SystemWhy we need electronic voting systems?Requirements of E-Voting systemExplain Secure E-Voting system

2

ObjectivesProvides secure voting system and maintains all the requirements of the voting process such as authentication, confidentiality and integrity. Simplicity is also necessary to ensure the participation of common people. Besides security and simplicity, other issues that need to be considered such reliability, convenience, flexibility, mobility and cost.In order to make the user of the system sure that what he uses is secure and that he can use it without any doubt.We wanted to create a system where the whole en- and decryption of the ballots is transparent and still secure

3

mobility allowing them to participate in an election from any location that provides Internet access.3

IntroductionThe current voting system is paper based.Each voter will be assigned to a polling station based on the home address indicated in his/her National Identification card (NID), which is a unique number identifying each citizen. The right to vote depends on the nationality, age and criminal records.Some employees, such as police members and judges, areprevented from voting.

4

THE DEFECTS OF THE EGYPTIAN VOTING SYSTEMEgypt is one of the countries that had never conducted aproven fraud-free presidential election since it was establishedsome thousand years ago.4

Introduction(cont.)On the election days, voters go to their assigned pollingstation, sign in front of a judge that verifies their identity, take a watermarked voting ballot, choose the candidate that they want and place the ballot in the ballot box. At the end of the election, ballots are manually counted and the result will be announced.5

Disadvantage of Traditional Voting ProcessConventional voting systems are not efficient due to:-long period of preparation. The need to print ballot papers is a slow, expensive, inflexible, environmentally hostile process, visual impairments, or literacy limitations .Time consuming and inconvenient, materials required for printing and distributing ballots as well as the manpower required to govern poll sites The chances of the errors

6

E-Voting SystemWith the rapid growth of the internet and technologies, E- voting appears to be a reasonable alternative to conventional elections and other opinion expressing processes.Current research focuses on designing and building voting protocols that can support the voting process, Implementing the security mechanisms required for preventing fraud and protecting voter's privacy.

7

E-Voting System(cont.)An electronic voting (e-voting) system is a voting system in which the election data is recorded, stored and processed primarily as digital information

It is not an easy task due to the need of achieving electronic voting security requirements.

8

Why we need electronic voting systems?Allow voters to vote from any poll site in the country without the use of absentee ballots and providing ballots in multiple languages .Reduce the number of legitimate votes not counted by reducing the number of over-votes, and eliminating vote tampering.Increased participation in democratic governance as more citizens have access to express their opinion.Reduced costs as the materials required for printing and distributing ballots as well as the manpower required to govern poll sites9

tampering

9

Why we need electronic voting systems?Improve the registration process by allowing voters to check their registration status prior to voting and centralizing registration databases.Increase voter confidence and improve the voting experience

10

Requirements of E-Voting systemThese requirements include: confidentiality, integrity, authentication and verifiability/non-repudiation Fairness: No person can learn the voting outcomes before the tally. Eligibility: Only eligible voters are allowed to cast their vote.Uniqueness: No voter is allowed to cast their vote more than once. Privacy: No person can access the information about the voters vote. Accuracy: All the valid votes should be counted correctly. Efficiency: The counting of votes can be performed within a minimum amount of time

11

Explain SystemThe success rate of an electronic voting system is dependent on security, authenticity and integrity of pre-electoral, electoral and post electoral phases of the electioneering process.Registration: registration of all entities that will enable the outcome of the election, such entities are: Voters, administrators and Candidates information which are all stored in the database. legitimation: identification, authentication, and authorization of users.Casting of votes: the electronic ballot is displayed and may be cast anonymously by a citizen;Collecting of votes: votes cast are collected by an urn serverProcessing of votes: votes are processed and an election result is calculated and presented12

12

Secure E-voting system ArchitectureTo achieve the system robustness, flexibility and resistance to potential change, the popular three-tier (layer) architecture is deployed in our system. The architecture is composed of three layers: The user interface layerThe application logic layer The database layer

13

Secure E-voting system Architecture(cont.)The interface layerOffers the user a friendly and convenient entry to communicate with the system Sending requests and receiving repliesClients of the system are voters and administratorThe application logic layerPerforms the controlling functionalities and manipulating the underlying logic connection of information flowsThe database layerwhich can store, index, manage and model information needed for this application.14

Secure E-voting system Architecture(cont.)

15

Interface layer ----------------VoterVoter has mainly a user interface which communicates with application layer.Registration phase:-The voter is supposed to enter his name, national number and his randomly generated secrete number.Log-in phase:-The name and National number entered by the voter are compared with the stored name and national number in the database. Invalid name or national number will be rejected and a second chance for the voter will be given. Authentication phase:-Valid data will lead the voter to Authentication stage. The voter enters his secret number and communicates with the honest verifier through ZNP protocol to establish a secure mutual authentication and prove to each other that they are illegible.16

Authentication phase

17

Voting phaseOn successful completion of this step, candidate names are dynamically retrieved from the database and displayed to the voter. The user has an option to log out or complete the vote. If the user completes the vote, the (has voted) field in the database is updated so that the user cannot log in once more.

18

Interface layer ---------------AdministratorAdministrator has a special username and password for login to system. Administrators have the abilities to add, update or deletevoters or candidates

19

Application Logic LayerThe application logic layer is the middle layer, which bridges the gap between the user interfaces and the underlying database.Hiding technical details from the users.Components in this layer receive requests coming from the interface layer and interpret the requests into apropos actions.Application logic layer consists of a controller module andthree functional modules. The control module controls the flow of functions execution and transferring required information between them and the database layer. 20

Application Logic Layer (cont.)The functional modules are:- ZKP Authentication ModuleEach voter must be authenticated to vote through zero knowledge proof, using the proposed protocol.A claimant (voter) and the verifier (server) will interact communicating messages to prove to each other that they are illegible.After exchanging messages the voter will be either accepted and proceeds to the voting stage, or rejected and halt the system.

2) Voting ModuleResponsible for conducting the process of voting. Authenticated voter can selects his candidates and cast his vote.The votes will be encrypted and stored in the database using Homomorphic module.

21

Application Logic Layer (cont.)3) Homomorphic ModuleThe third module is the Homomorphic encryption module which is responsible for encrypting the votes and storing them in the database. In this module the sum of a group of encrypted votes is verified without revealing those encrypted votes using Homomorphic protocol, after all the voting procedure completes . At the end of the election process, process the votes and calculate the results homomorphically to produce the final election results.22

Database LayerThe database layer is responsible for modeling and storing information needed for the system and for optimizing the data access. Data needed by the application logic layer are retrieved from the database, and then the computation results produced by the application logic layer are stored back in the database.

23

ZKP PROTOCOLThe Used ZKP based on Diffie-Hellman key exchangealgorithm in the sense that both parties (the prover and theverifier) exchange non secret information without revealingsecret information to get one identical secret keyZero knowledge authentication protocols are one of the most trusted authentication protocols. In zero knowledge authentication, the claimant does not reveal anything that might endanger the confidentiality of the secret. The claimant proves to the verifier that he/she knows a secret, without revealing it24

ZKP PROTOCOL (cont.)

25

The verifier needs to prove to the prover that he is honestby sending his reply R1 together with encrypted R1, then theverifier decrypt R1' by his key and match R1 and R1', if theymatched then the verifier is honest. The prover (Alice) needsto prove to the verifier (Bob) that she knows a secret bycalculating the key (K) and resend Bobs reply (R2) to theverifier (Bob) encrypted with the generated secret key (K).Bob will encrypt his own reply (R2) with the generated secret key (K) and match the two encrypted information, if matched then Alice is verified, otherwise it is rejected

26

ZKP PROTOCOL (cont.)

back27

Homomorphic EncryptionHomomorphic encryption is special type of cryptography where a specific algebraic operation is performed on the plaintext and another (possibly different) algebraic operation is performed on the cipher text. In Homomorphic encryption, the sum of two encrypted values is equal to the encrypted sum of the values.

This encryption method is useful in e-voting applications in the sense that the sum of a group of encrypted values (votes) is verified without revealing their contents.

28

Homomorphic EncryptionHomomorphic EncryptionThe encryption algorithm E() is Homomorphic if given E(x) and E(y), one can obtain E(x y)without decrypting x,y for some operation . RSA (Multiplicative Homomorphism)

29

Research PlanPhase0: understanding research topic [1 month] .Phase1: literal review + survey [1 month] .Phase2: Suggesting several alternatives e-voting protocol for secure voting system [3 month]Phase 3: Developing an e-voting protocol for secure voting system [3 month]Phase 4: Testing &Analyzing the implemented system results [3month]Phase 5: Summarizing the results [2 month]Phase 6: Produce system for securing e-voting system [3 month]Phase 7: Writing documentation [2 month]

30

Research PlanPhasesDuration in months123456789101112131415161718192021222324Phase0Phase1Phase2Phase3Phase4Phase5Phase6Phase7

31

ReferencesInternational Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 5, May 2013) Secure online voting system proposed by biometrics and steganography Malwade Nikita1, Patil Chetan2, Chavan Suruchi3, Prof. Raut S. Y4 BE Computer, P.R.E.C., Loni.Covenant Journal of Informatics and Communication Technology (CJICT) Vol. 1, No. 2, December, 2013A Survey of Cryptographic and Stegano-Cryptographic Models for Secure Electronic Voting System Olaniyi, Olayemi Mikail1, 1Department of Computer Engineering Federal University of Technology, Minna, Niger-state, Nigeria.DESIGN A SECURE ELECTRONIC VOTING SYSTEM USING FINGERPRINT TECHNIQUESanjay Kumar1, Manpreet Singh Computer Science & Engineering Department, Maharishi Markandeshwar University Mullana, Ambala, Haryana-133203, India Computer Science & Engineering Department, Maharishi Markandeshwar University , Ambala, Haryana-133203, India

32

References (cont.)M. el Hadidi, et al. (Eds.), Egypt, 6-8 May 2002 Kluwer Academics Publishers Revisiting legal and regulatory requirements for secure e-voting Lilian MITROU1 Dimitris GRITZALIS2, Sokratis KATSIKAS1 Dept. of Information and Communication Systems, University of the AegeanHomomorphic Encryption Protocol for Secure Electronic Voting System Dr. Mahmood Khalel Ibrahem Nada Mahdi KiatanAl Nahrain University - College of Information EngineeringNigel Smart and Fre Vercauteren, (2010), "Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes, May 9, 2010. Secure Electronic VotingNew trends, new threats...Prof. Dr. Dimitris GritzalisDept. of Informatics Athens University of Economics & Business &Data Protection Commission of Greeceh, Computer Security Incidents Response Teams WorkshopSyros, Greece, September 2002

33