Скачать презентацию Nathanael Paul CRyptography Applications Bistro February 3 2004 Скачать презентацию Nathanael Paul CRyptography Applications Bistro February 3 2004

bb20d1df4ed256951170e694b4ed61c1.ppt

  • Количество слайдов: 16

Nathanael Paul CRyptography Applications Bistro February 3, 2004 Nathanael Paul CRyptography Applications Bistro February 3, 2004

Electronic Voting • • • Convenient Supposed to increase voter turnout Quicker counts Handicapped/disabled Electronic Voting • • • Convenient Supposed to increase voter turnout Quicker counts Handicapped/disabled “I wonder where the votes go once you touch the screen and if it's possible to mess with the vote. ” Carol Jacobson, Berkeley, CA

Threats • • • Vote Coercion Vote Selling Vote Solicitation Online Registration Voter Privacy Threats • • • Vote Coercion Vote Selling Vote Solicitation Online Registration Voter Privacy Could have a scrawny teenage script kiddy but now a foreign government

Rubin’s “Security Considerations for Remote Electronic Voting over the Internet” • Hosts are assumed Rubin’s “Security Considerations for Remote Electronic Voting over the Internet” • Hosts are assumed to be Windows using IE/Netscape • Internet connection using TCP/IP • Attack the endpoints (user, servers) or communications

Attacking the host • Malicious payloads – Proxy settings • Javascript or Java applets Attacking the host • Malicious payloads – Proxy settings • Javascript or Java applets – http: //www. securityfocus. com/bid/4228/discussion/ – Back. Orifice • PCAnywhere, open source – Chernobyl virus • Activate on certain day • Modified bios

Get the code on their machine • My. Doom • instant messenger, file sharing Get the code on their machine • My. Doom • instant messenger, file sharing – Windows Media Player (Java vulnerability) • AOL • Microsoft Office code

Do. S/DDo. S attacks • Attack servers – Public key encryption – Regular expression Do. S/DDo. S attacks • Attack servers – Public key encryption – Regular expression attacks • Ping of death • Do. S attacks on individual applications – Java (exploit system code)

Social Engineering • SSL – Average user checking a certificate – Even if it’s Social Engineering • SSL – Average user checking a certificate – Even if it’s bad, will some just proceed anyways? • Spoofing – Web site – Poisoning DNS cache

What is needed? • Trusted path between user and election server – Malicious code What is needed? • Trusted path between user and election server – Malicious code should not have a way to interfere with normal operation.

 • Allow citizens outside of the country to vote in an easy manner • Allow citizens outside of the country to vote in an easy manner • Should be at least as secure as current absentee voting ballot designs • SSL connection to a central server • Local Election Official (LEO) precinct computer downloads registration/ballots from central server

SERVE design <n a m e, E kv ( ba llo t )> Ballots SERVE design Ballots O Voter O TS )> LEO precinct computer

Some Security Considerations • Attack central server, LEO server, host machine, communications (DNS) • Some Security Considerations • Attack central server, LEO server, host machine, communications (DNS) • Privacy – LEO’s can view entire precinct’s votes – Central server could view everyone’s votes • Windows only • Active. X and Java used for central server and user – 75 flaws in Java from 1999 -2003 according to CVE (not all are actual entries)

Do. S/DDo. S in SERVE • Central server provides a single point of attack Do. S/DDo. S in SERVE • Central server provides a single point of attack • LEO • Election spans longer period of time (month) • DDo. S excess of 150 Gbps – E-commerce sites with 10 Gbps link

Measuring it all up • Vote Coercion – Impossible to detect • Vote Selling Measuring it all up • Vote Coercion – Impossible to detect • Vote Selling – Buyers outside of US? • Vote Solicitation – AOL and Pop-ups will go crazy • Online Registration – Man-in-the-middle • Voter Privacy – Not possible with this scheme

Proposed Alternatives • Remote ballot printer recommended with the voter mailing in the printed Proposed Alternatives • Remote ballot printer recommended with the voter mailing in the printed ballot • Chaum’s Sure. Vote scheme with voterverifiable receipts using Visual Cryptography • Vote. Here (covered by Richard) with a threshold cryptography scheme

Additional Reading • IEEE Security & Privacy, Jan/Feb 2004 special issue on E-voting • Additional Reading • IEEE Security & Privacy, Jan/Feb 2004 special issue on E-voting • Sure. Vote, Vote. Here DRE schemes • David Dill’s http: //www. verifiedvoting. org “The fact that 50 votes were cast in Florida using VOI, and that a change of 269 votes in the official tally of that state would have resulted in Al Gore becoming President. ” SERVE report, Jan. 21, 2004