Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Submitted By
Tasnia Bushra
11-19762-3
11-19552-3
11-20029-3
Summer 2014-2015
Acknowledgements
At first we would like to express countless gratitude to our honorable supervisor Dr.
Dip Nandi for introducing to this interesting topic and guiding us. His profound
knowledge in this field, keen interest, patience and continuous support lead to the
completion of our work. His instructions have contributed greatly in every aspect of
the thesis.
Finally, appreciation are placed for respectable parents, honorable teachers, fellow
classmates and friends for sharing their knowledge and ideas that contributed In
accomplishing this thesis and to all who participated in many ways during this thesis.
Abstract
Voting is the most important civil right for the people of a democratic country by
which the civilians can ensure that the state is being governed according to the
peoples opinions. Voting has been applied as a means of expressing peoples
opinions for centuries, but the mobile voting system is a relatively new concept. The
voting system should be as perfect as possible to establish a complete democratic
country. We have analyzed all the previous works done relevant to electronic voting
system and briefly discussed the proposed methods of previous researchers. Among
all the aspects and issues in achieving a reliable mobile voting system, we have
narrowed down to three main issues where perfection is yet to be achieved. These
issues are Authenticity, Security and Confidentiality. Confidentiality is one of the
most crucial issue and possibly the most important from the voters point of view,
which ensures the anonymity of the voters identity and the vote content. The
commonly used techniques for ensuring vote and voter confidentiality are
Homomorphic System, Mix-net Protocol and Blind Signature System. In this thesis we
have accumulated all the drawbacks of the existing techniques and proposed a
solution of our own in order to achieve the highest level of confidentiality possible.
Contents
Topic
Page
Declaration
Approval
ii
Acknowledgement
iii
Abstract
iv
Contents
Chapter 1 Introduction
1.2 Goal
1.3 Contribution
3.1 Issues
10
12
4.1 Introduction
12
12
13
14
14
14
14
14
15
15
15
15
16
16
16
16
17
17
17
17
4.4.2 Robustness
18
18
4.4.4 Advantages
18
4.4.5 Drawbacks
18
18
19
19
19
20
20
4.5.6 Advantage
20
4.5.7 Drawbacks
20
22
22
Chapter 6 Conclusion
6.1 Conclusion
References
24
24
vii
Chapter 1
Introduction
This thesis work is focused on the confidentiality of mobile voting system.
Confidentiality is one of the crucial parts in mobile voting but has not been
completely achieved in any system. Thus to ensure complete confidentiality we
analyzed and worked on the existing techniques in order to propose a better
solution.
In the world of democratic revolution voting is the most important civil right for a
citizen of a democratic country. Though almost all of the voting systems are manual
which uses ballot papers, in 1964 electronic voting system was first introduced in
USA [43]. But in the 21st century which is also acknowledged for the biggest
technological revolutions, use of mobile phone is continuously increasing and
spreading in every level in society. Thus the technologies are used to make every
possible work easy and simple, including the voting system. We tried to make the
mobile voting system more secure by ensuring confidentiality of the votes and the
voters identities, and also proposed a solution to reduce some of the drawbacks of
the existing systems.
1.1
Thesis Overview
The contents of this thesis have been divided into several chapters. The overview of
each chapter is described below:
In chapter 1 we discussed about our thesis goals, contribution and motivation.
We introduced the topic before detailed explanations.
In chapter 2 we discussed literature reviews on security issues in mobile voting
system from different papers. We also identified the existing domains, desired
properties to fulfill the requirements of mobile voting system and discuss each of
their literature reviews.
In chapter 3 we analyzed the different issues faced in mobile voting system and
identified and classified into different domains
In chapter 4 we selected our focused domain to work on and discussed the
necessity and importance of that domain and the method used in that domain.
1.2 Goal
The main objectives of this thesis work are Introducing more security in mobile voting.
Achieving confidentiality for voters.
Introducing new methods for achieving the confidentiality.
1.3 Contribution
Main contributions of this work have been outlined below:
To ensure the confidentiality of the voters
To ensure the security for the vote
To reduce the drawbacks of the existing methods for confidentiality
Chapter 2
Literature review
In this chapter we identified the properties of mobile voting system. We also
discussed the literature and the past works on the mobile voting system and by
studying the previous works and literatures; we classified the different domains in
mobile voting system.
There are also some important properties described by different researchers which
are,
Receipt-freeness:
Voters must neither be able to obtain nor construct a receipt which can prove
the content of their vote. This property is desired in order to help prevent voting
coercion.
Robustness:
Faulty behavior of n-coalition of authorities can be tolerated. Faulty coalition of
any number of users can be tolerated. Any cheating voter can be detected.
algorithm while the election administrator server phase classifies ending result by
decrypting received encrypted data using RSA private key. System has shortcomings
like no online registration and high computational cost and communication overhead
due to RSA algorithm. [4]
A real-world electronic voting system for mobile voter verification is achieved by
collaboration of SIM card and identity card (IC) fixed in mobile phone with dual SIM
card holder. It consists of mobile voter, base station (BS), certificate authority (CA),
electoral commission (EC), mix server (MS) and court for election (CE). Mobile phone
voting system runs in three phases: setup and registering phase, voting phase and
totaling phase. At least one of the mix servers should be reliable and tampering
proof. Certificate authority, electoral commission and mix server have own
public/private keys. When mobile phone voter registers with certificate authority, CA
will compute two PINs and issue an identity card and passes PIN1 to voter via safe
channel. Voter has no access to PIN2 protected in secure memory of IC. After voter
registration with election commission it will calculates PIN3 and passes to voter via
protected channel. During polling period voters are reminded by SMS to cast their
votes to election commission. At first the voter inserts SIM card and IC into his
mobile phone with dual SIM card holder. Secondly the voter chooses his/her selected
candidate. Base station validates the voter on the basis of SIM. If the voter is
authentic then base station will forward voter request to certificate authority and
then to election commission. CA and EC jointly validate voter on the basis of MAC
(Message Authentication Code). During polling election commission, certificate
authority and base station preserve all exchanged messages. When voting is
complete, election commission shows all votes in lexicographic order. Mix server
collects all votes and confirms their signs. If signs are real then votes are decrypted
using their private key. Mix server will organize all votes in lexicographic order and
will forward them to EC with their signs. Election commission validates these signs.
During totaling EC and every mix server preserve all substituted messages and nonrepudiation evidences of message source and message transfer for record purposes.
[5]
Entities
Voter
Registration Server
Voting Server
Overview
A voter has the right for voting, and he votes in the
election.
Registration authority or authorities register eligible voters
to registration server before the election days. These
authorities ensure that only registered voters can vote.
Votes casted by voters are stored in this server for tallying
and authentication.
Authentication
Server
Tallying Server
The tallying server collects the casted votes and tallies the
results of the election.
Any e-voting system should also involve these four phases: [9]
Registration: Voters register themselves to registration authorities, and the list of
eligible voters is compiled before the election days.
Authentication and Authorization: On the election days registered voters request
ballot or voting privilege from the registration authorities. Registration authorities
check the credentials of those attempting to vote and only allow those who are
eligible and registered before.
Voting: Voters cast their vote.
Tallying: The tallying authorities count the votes and announce the election results.
Chapter 3
Issue Analysis
In this chapter we analyzed the main issues for mobile voting system and identified
and classified them into different domains such as Authentication, Confidentiality
and Security. We also explained existing techniques for each of the issues.
3.1 Issues
The importance of security in elections cannot be underestimated, if not well
planned and designed, mobile voting can undermine the confidence in the whole
electoral process. The future of a country rests on public confidence that the people
have the power to elect their own government. Any process that has the potential to
threaten the integrity of the system, or even the perceived integrity of the system,
should be treated with the utmost caution and suspicion. Security issues of mobile
voting systems can be discussed from many points of view such as technology driven,
political science driven, or judicial driven. We discuss the issues with a technological
view, focusing especially on voting servers and clients, and the network
infrastructure enabling the client-server-connections.
In technological view a mobile voting system security is the most crucial part. Many
researchers tried to find out the security issues in a mobile voting system but there
are too many variables to consider. But there are three main issues the researchers
agree on which are most crucial.
Issues
Authenticity
Overview
This domain includes identification and authentication of
voters, system operators, election officials, and system
components. Mobile voting systems must identify and
authenticate voters in order to verify their eligibility and
provide them the permission to vote.
Confidentiality
Security
Chapter 4
Confidentiality Domain
Among the three major issues faced in a mobile voting system, we have focused on
the confidentiality issues. In this chapter we described the cruciality of this domain
and the existing methods which are being applied to deal with this issue.
4.1 Introduction
Among the three major issues described in the previous chapter, confidentiality is
the most crucial and important from a voters point of view. In an election the voters
confidentiality and his vote must remain anonymous. No voter will be interested to
use a system where the confidential information of a voter might get exposed. With
this concern to strengthen the confidentiality of the voter and his vote we chose this
domain to find the most secure method to make sure the votes and the voters
remain anonymous.
Homomorphic
encryption
Overview
Mixnet Protocol
Blind signature
his/her mind. H/She does not have to reveal her choice although h/she may do so at
some point later. Some commitment schemes can be efficiently implemented using
homomorphic property.
4.4.2 Robustness
Robustness of a mix net can be obtained in several different ways, namely cut-and
choose [30, 31]; repetition robustness; standard zero-knowledge proofs in sorting
networks; use of multiple participants per layer [37, 38]; error detecting techniques ;
and techniques based on secret sharing. A robust mix net should:
1. Operate correctly: the output should correspond to a permutation of the
input,
2. Provide privacy: an observer should not be able to determine which input
element corresponds to a given output element (and vice versa) in any way, and
3. be robust: deliver proofs that it has operated correctly. In addition, it is
beneficial if any interested party is able to check the proof or evaluate the
evidence; a property also known as public verifiability.
4.4.4 Advantages
The use of mix-nets can allow for n-perfect privacy property. In the scheme described
above, compromised voting equipment will be unable to match a particular vote to a
voter. In addition, since the vote will be encrypted with multiple mix server keys, it
will take more than a single malicious mix server to compromise a voter's vote.
4.4.5 Drawbacks
As described earlier in the homomorphic section, tallying cannot begin until all voters
have cast their vote.
Blind signatures are typically employed in privacy-related protocols where the signer
and message author are different parties. Blind signature schemes are mostly used in
applications where sender privacy is important. This includes various "digital cash"
schemes, untraceable money transfer and voting protocols.
been received and sending the confirmation message back to the votet without
disrupting the integrity of the vote. [40]
The random number r (gcd(n, r) = 1) blinds the value in order to conceal the ballot
from the validator. After verifying the voter, the validator signs the ballot.
S = (B)d = rBd mod n
After receiving B the voter unbinds the ballot and computes the true signature S.
S = S r-1 mod n = B d
4.5.6 Advantage
The biggest advantage of blind signature in electrical voting scheme is efficiency and
voters confidentiality. The voting phase as well as tallying phase is more efficient
when compared to other schemes. [40]
4.5.7 Drawbacks
One drawback is that many common voting schemes using blind signatures are
unable to ensure the universal verifiability property [40]. Universal Verifiability is
anyone can verify that the protocol correctly processes and tallies all the valid votes.
This is due to the inability to handle voters who abstain from voting. In this case,
malicious authorities may impersonate because an outsider will not be able to notice
this.
Chapter 5
Proposed Method
5.1 Proposed Method
From the discussions and analyzations in the earlier chapters, it is clear that none of
the existing methods can perfectly satisfy all the desired properties for a perfectly
confidential mobile voting system. Homomorphic system has very simple tallying
system but cannot achieve receipt-freeness. Mixnet system has the ability to
implement n-perfect privacy but all the vote must cast the votes before it can begin
tallying which is clearly time consuming. As well as blind signature method is very
efficient to authenticate the votes and voters identities but cannot ensure universal
verifiability.
We proposed a system by using three different encryption protocols at the same
time to reduce each others drawbacks. Lets assume voter is V, vote m. by Mixnet
system M can be encrypted for casting with a secret key sk (sk, M). By using Blind
signature after using Mixnet the encrypted vote can be authorized for counted
without enclosing the information of the voter V.
S= r Vsk mod A
where A is validator and r is a random number to conceal the massage from
validator. Now let the voter V=1, 2, .., i. By using Homomorphic system we can start
tallying exact moment the vote has casted and count it for final tally.
E(S1) *E(S2) * *E(Si) *... *E(Sn) = E(S1+ S2+ + Si+ + Sn)
We see that homomorphic system can satisfy the drawbacks of Mixnet system
because as homomorphic system collects the vote, it can also tally the vote for the
final count. On the other hand, the receipt-freeness can be achieved by Mixnet
systems strong encryption methods. As mentioned in earlier chapter, re-encryption
Mixnet uses different keys and shuffles those keys to make it almost impossible to
access the votes without the right key. The blind signature can make it more secure
by authenticating the encrypted vote and ensuring that the voter is eligible to cast
vote and has voted only once.
By using Mixnet and homomorphic system the confidentiality of the vote and voter
increase drastically. It ensures the confidentiality of the voter ID and the vote as well
as authorizes it by using blind signature which ensures that the voter is eligible to
vote and the vote has been counted.
Chapter 6
Conclusion
6.1 Conclusion
Implementation of a mobile voting system has many issues that are yet to be solved.
In our paper, we have focused on the major issues in obtaining a completely secure
mobile voting system and proposed a solution which ensures more efficiency than all
the existing solutions.
The major issues that we faced in designing a mobile voting system are security
issues, authenticity issues and confidentiality issues. Due to time constraint, we
focused on confidentiality issues and discussed three major existing systems which
include homomorphic system, mix net system, and digital and blind signature which
is applied in order to ensure and maintain the voter id and the records of casted
votes in order to attain a completely secure, confidential and authentic mobile voting
system.
We proposed a solution to keep the voter list and casted votes hidden by encrypting
the lists using homomorphic system and then shuffling them using mix net system.
Using our method, we removed the disadvantages of the mix net system which can
only keep one of the elements hidden, not both. By keeping both the elements
hidden, we can drastically increase the confidentiality rate of the mobile voting
system and by using homomorphic system alongside the mix-net protocol we can
also begin tallying before the voting has been completed and count the casted vote
in the final tally.
The only disadvantage we faced while designing our system is the time complexity,
due to applying two different encryption algorithms in all the data, it will take almost
twice as time to get the final tallied results. Due to time constraint, we could not
manage to find the solution to this complexity. Our future work will focus on
reducing the time complexity and implementation of a completely secure, authentic
and confidential mobile voting system.
References
[1] X. Yi, P. Cerone, and Y. Zhang, Secure Electronic Voting for Mobile Communications, in Proc.
Vehicular Technology Conference, vol. 2, 2006.
[2] Y. Feng, S. L. Ng, and S.S. Grosche, An Electronic Voting System Using GSM Mobile
Technology, Department of Mathematics Royal Holloway, University of London Egham, Surrey
TW20 0EX England, England Technical Report RHUL MA2006
[3] K. Kim, and D. Hong, Electronic Voting System using Mobile Terminal, World Academy of
Science, Engineering and Technology, pp. 33-37, 2007.
[4] Y. Qiu, and H. Zhu, Somewhat Secure Mobile Electronic-voting Systems Based on the Cutand-Choose Mechanism, International Conference on Computational Intelligence and Security,
Proc. IEEE International conference on Computational Intelligence and Security (CIS09), vol. 1,
pp. 446-450, July 2009.
[5] X. Yi, and E. Komodo, Practical Mobile Electronic Election, IEEE/SICE International Symposium
on System Integration (SII), pp.1119-1124, 20-22 Dec. 2011.
[6] L. Fouard, M. Duclos, and P. Lafourcade. Survey on electronic voting schemes, 2007.
[7] B. Chevallier-Mames, P.A. Fouque, D. Pointcheval, and J. Traore. On some incompatible
properties of voting schemes. In IAVoSS Workshop on Trustworthy Elections, WOTE06. Citeseer,
2006.
[8] L. F. Cranor, and R. K. Cytron, Sensus: A security- conscious electronic polling system for the
internet. Hawaii International Conference on System Sciences, 1997, 3:560.
[9] A. Rubin, Security considerations for remote electronic voting over the Internet. The
of USENIX and SAGE, 2001, 1(26):pp. 2028.
Magazine
[10] Jefferson, D. and Rubin, A. and Simons, B. and Wagner, D. (2004), A Security Analysis of the
Secure Electronic Registration and Voting Experiment (SERVE).
[11] Aditya, Riza, Boyd, Colin, Dawson, Edward, & Lee, Byoungcheon (2004) Implementation Issues
in Secure E-Voting Schemes. In Kozan, E (Ed.) Proceedings of Abstracts and Papers of the Fifth
Asia- Pacific Industrial Engineering and Management Systems (APIEMS) Conference 2004 and
the Seventh Asia-Pacific Division Meeting of the International Foundation of production
Research, 12-15 December 2004, Gold Coast, Australia.
[12] Dierks, T. and Rescorla, E., The TLS Protocol Version 1.2, Internet Engineering Task Force,
Request for Comment 5246, August 2008.
[13] Stefano Campanelli, Alessandro Falleni, Fabio Martinelli, Marinella Petrocchi, Anna Vaccarelli
Mobile implementation and formal verification of an e-voting system IITCNR, Via G. Moruzzi
1, 56124 Pisa, Italy.
[14] D. Chaum. Blind Signatures for Untraceable Payments. In Proc. of Crypto82, pages 199203.
Plenum, NY, 1983.
[15] Manish Kumar1*, T.V.Suresh Kumar1, M. Hanumanthappa2, D Evangelin Geetha1, Secure
Mobile Based Voting System,
[16] Jiejun Kong, Petros Zerfos, HaiyunLuo, Songwu Lu, Providing Robust and Ubiquitous Security
Support for Mobile Ad-Hoc Networks Lixia Zhang Computer Science Department
[17] Keonwoo Kim, and Dowon Hong, Electronic Voting System using Mobile Terminal, World
Academy of Science, Engineering and Technology International Journal of Electrical, Computer,
Electronics and Communication Engineering Vol:1 No:8, 2007.
[18] J. D. Cohen and M. J. Fisher, A robust and verifiable cryptographically secure election system,
In Proc. 26th IEEE Symp. On Foundations of Comp. Science, pp 372-382, Portland, 1985.
[19] A. C. Yao, How to generate and exchange secrets, In Proc. of 27th IEEE Symp. On Foundations
of Comp. Science, pp 162-167, Toronto, 1986.
[20] C. S. Park, K. Itoh, and K. Kurosawa, Efficient anonymous channel and all/nothing election
scheme, EROCRYPT 93, pp 248-259, Springer-Verlag, Lecture Notes in Computer Science No.
765, 1994.
[21] Riza Aditya*, Byoungcheon Lee*,**, Colin Boyd* and Ed Dawson, IMPLEMENTATION ISSUES IN
SECURE E-VOTING SCHEMES, Kozan, E (Ed.) Proceedings of Abstracts and Papers (On CD-ROM)
of the Fifth Asia-Pacific Industrial Engineering and Management Systems (APIEMS) Conference
2004 and the Seventh Asia-Pacific Division Meeting of the International Foundation of
Production Research, 12-15 December 2004, Gold Coast, Australia.
[21] Manish Kumar1*, T.V. Suresh Kumar1, M. Hanumanthappa2, D Evangelin Geetha1, Secure
Mobile Based Voting System,
[22] MohibUllah, Arif Iqbal Umar, Noor ul Amin, Nizamuddin, An Efficient and Secure Mobile Phone
Voting System, 978-1-4799-0615-4/13/$31.00 2013 IEEE
[23] Yang Feng, Siaw-Lynn Ng and Scarlet Schwiderski-Grosche, An Electronic Voting System Using
GSM Mobile Technology, Technical Report RHULMA20065 26 June 2006
[24] Craig Stuntz (2010-03-18). "What is Homomorphic Encryption, and Why Should I Care?"
[25] A. Neff. A verifiable secret shuffle and its application to e-voting. In P. Samarati, editor.
[26] Riza Aditya, Byoungcheon Lee, Colin Boyd and Ed Dawson, Implementation Issues In secure EVoting Schemes, *Information Security Research Centre, Queensland University of Technology,
Joongbu University 101 Daebak-Ro, Chuboo-Meon, Kumsan-Gun, Chungnam, 312-702, Korea
[27] The URL for the group is http://grouper.ieee.org/groups/scc38/1622/, last accessed 7 October
2004.
[44] K. Kim, and D. Hong, Electronic Voting System using Mobile Terminal, World Academy of
Science, Engineering and Technology, pp. 33-37, 2007.
[45] D. Chaum, Untraceable electronic mail, return addresses and digital pseudonyms,
Communications of the ACM, vol. 24, no. 2, pp. 8488, 1981.
[46] Yu-Yi Chen, Jinn-Ke Jan, and Chin-Ling Chen, The design of a secure anonymous Internet voting
system, Computers & Security, vol. 23, no. 4, pp. 330337, 2004.
[47] M. Ramkumar and N. Memon, An ecient key predistribution scheme for ad hoc network
security, IEEE Journal on Selected Areas in Communications, vol. 23, no. 3, pp. 611621, 2005.