12-05-2011, 12:03 PM
e-voting system.ppt (Size: 1.27 MB / Downloads: 64)
SECURITY ANALTSIS ON AN ELEMENTARY E-VOTING SYSTEM
Agenda
What is E-Voting?
E-voting is an election system that allows a voter to record his or her secure and secret ballot electronically.
Introduction
E-voting using RFID has many advantages over the current voting system.
Radio Frequency Identification technology is becoming pervasive in our daily life.
It makes the voting system verifiable and re-count easy.
The basic working prototype applies an inexpensive RFID-tag.
Requirements
The voting system and procedure using RFID should satisfy five requirements.
Correctness: Votes are counted and tallied correctly.
Privacy: No way to trace a voter from his/her vote.
Receipt-freeness: Voters have no evidence to show others what they vote.
Continued...
Verifiability: Votes are double-checked during their voting
Robustness: The voting system can withstand some technical failures.
Hardware Equipments
Several specifications of the e-voting using RFID are described.
Physical Ballot: An active RFID tag which can be read and written with encryption keys to be locked/unlocked.
Verifier: A device which can display the contents of a physical ballot.
Voting device: A device which can read from and write to a physical ballot.
Continued…
Ballot box: A radio-shielded receptacle to store and protect the physical ballot after they have been casted.
Public Bulletin Board: A distributed and load balenced,to display the result of the ballots.
Centralized database: To store information about valid physical ballot.
Poll workers: Validate physical ballots using the encryption key for voters to use.
Eraser: To detect and erase the physical ballot.
Voting,Tallying and Verification procedure
Voting:
A voter is verified as a registered voter by poll workers and given a randomly selected,validated,unlocked physical ballot.
In the voting booth, the voter can verify the physical ballot by using the verifier.
The device also verifies the physical ballot if it is unused and valid before the voting.
The voter drops the physical ballot into the ballot box before he/her leaves the voting booth.
Continued…
Tallying,verification,and re-count:
At the end of election the poll workers use the smart card which contains the private key to decrypt the ballot.
The poll workers verify the number of the ballots casted and the number received from the bulletin board.
For the case of re-count poll workers need to check the vote on each physical ballot and database server.
Voting Process
Security Analysis
Correctness:
We are supposed to trust the election registration system that no one can register twice or more.
The eraser is supposed to detect any fake RFIDs which is brought by a voter to the voting.
There will be two levels to lock the physical ballot after it is casted in the proposed voting protocol.
A ballot should be dropped in the ballot box after it is casted in order for the re-count.
Receipt-freeness:
A voter has no evidence to show others what they vote.
It is not proper to give the ballot to a poll worker since the voters record would be traced.
A minor issue is that a voter is not allowed to bring any device which can record the process or result of his voting.
Continued..
Verifiability:
A voter has a way to verify his/her vote casted and the re-count can be conducted easily and correctly.
The contents of the vote is verified during the voting process on the voting device.
The total number of valid ballot casted should match the total votes displayed on the bulletin board.
Continued..
Robustness:
Several minor system problems should not shut down the election.
The common problems are from the hardware and software.
Other security concerns
One major concerns is that an attacker could bring a RFID writer in the poll station.
To avoid this to happen we may need a powerful detector for those metal devices or to detect any unrecognized frequency within the poll station.
Conclusion
The e-voting using RFID could be applied for the remote voting since the result can be transmitted through the internet and collected/counted by the database server.
The system of elementary voting protocol could be considered as an alternative physical implementation only needs minor modification