01-01-2013, 01:16 PM
Authentication for online Voting Using visual cryptography
Authentication for online.pptx (Size: 551.25 KB / Downloads: 34)
ABSTRACT
Authentication is an important part of the voting process, both for the voting system authenticating the human as a legitimate voter without sacrificing secret balloting, and for the voter authenticating the vote recorder. Voters want the capability to vote remotely, but this makes both directions of authentication more difficult. Human factors are a crucial part of the authentication process. In particular, the system for authenticating the vote recorder must be designed in a way that ensures the human cannot be easily tricked into trusting an illegitimate recorder and so that the voter has confidence in the integrity of the voting process. In this paper, we discuss some of the issues associated with Internet-based remote voting and argue that visual cryptography offers a promising way to provide both satisfactory authentication and secret ballot guarantees.
INTRODUCTION
Trustworthy elections are essential to democracy. Elections are complex and involved processes that involve many components including voter registration, ballot preparation and distribution, voter authentication, vote casting, tabulation, result reporting, auditing, and validation. Either a technical or a human factors flaw in any part of the system can lead to an incorrect election result or reduce public confidence in an election. We are concerned primarily with the security and trustworthiness of the system, but realize that absolute security is not attainable. Convenience and security are often at odds, and we must consider practical and political realities in designing for security. In this paper, we only consider authentication. We realize there are many other important security issues to address before Internet voting could be adopted in governmental elections such as database security and denial-of-service attacks on the Internet.
Visual Cryptography
Visual cryptography was first introduced in 1994, and provides provable secrecy in a way similar to a one-time Pad. The simplest form of visual cryptography separates an image into two layers so that either layer by itself conveys no information, but when the layers are combined the image is revealed. Image below illustrates how an image is divided into layers.One layer can be printed on a transparency, and other layer displayed on a monitor. When the transparency is placed on top of the monitor and aligned correctly, the image is revealed. For each image pixel, one of the two encoding options is randomly selected with equal probability. Then, the appropriate colorings of the transparency and screen squares are determined based on the color of the pixel in the image. This scheme provides theoretically perfect secrecy. An attacker who obtains either the transparency image or the screen image obtains no information at all about the encoded image since a black-white square on either image is equally likely to encode a clear or dark square in the original image.
AUTHENTICATION
Establishing trust is one of the most important human-human and human-computer interactions. Authentication can be done using something you know,something you have, or something you are.These may be combined to provide stronger authentication.For example, a vigilant bartender may authenticate a customer by asking for a driver’s license that has a birth date at least 21 years old, observing if the customer looks like the picture on the license, and asking for the zip code. With traditional poll site voting, voters authenticate themselves by providing identification or an affirmation to a trusted poll worker; a poll site authenticates itself to a voter by being at a well-publicized physical location and having officials representing several different organizations present.Internet-based voting offers great convenience, but does not offer such obvious authentication methods.Today
APPROACH
We propose to provide remote authentication for both voters and voting systems using visual cryptography. David Chaum first proposed applying visual cryptography to elections to allow voters to verify their votes are included correctly in the final tabulation. Using Chaum’s secret-ballot receipts, a machine prints a receipt showing the results of a cast vote. The voter chooses to keep the top or bottom layer, each being unreadable without the other layer. Upon leaving the polling place, each voter can check to make sure the layer is correct and the vote was counted by visiting an official website that has a listing of all voter receipts used for tabulation. By itself, the voter’s receipt does not reveal any information about the actual vote.
Generating Transparencies
Before an election, the election officials need to generate and mail image transparencies to eligible voters. To generate them, they need a secure symmetric key (here after,Kg). The election officials generate random symmetric keys, Ki, where n is the number of eligible voters. A transparency is generated for each voter, using the result of encrypting Ki with key Kg as the seed to a cryptographic random number generator used to generate the transparency image. In addition to the image, the transparency includes the key Ki in a human-readable and typeable format.
Voting Process
A voter visits the election web site and enters the typeable version of the key Ki found on the transparency. We can encode a 64-bit key in 12 characters selected from lowercase letters and numbers. Many software packages require much longer input strings for their installation, so voters should not mind typing 12 characters. The election web site maintains a list of the Ki values used to generate the transparencies and checks that the entered key is on the list and has not been used already. If the entered Ki is valid, the election server (which has access to Kg) can calculate the corresponding transparency image. The election server then generates a random string to use as a password, and generates an image containing that string rendered as a bitmap image.
CONCLUSION
Internet-based voting offers many benefits including low cost and increased voter participation. Voting systems must consider security and human factors carefully, and in particular make sure that they provide voters with reliable and intuitive indications of the validity of the voting process. The system we propose uses visual cryptography to provide mutual authentication for voters and election servers.Here the main requirements of the project are creating a web application for the voting prcess,creating transparencies using visual cryptography for security purposes