SlideShare a Scribd company logo

The road towards verifiable internet voting

Thomas Hofer
Thomas Hofer

Slides for my talk @EPFL on Jan 18th 2019:.. Abstract The voting and election processes are the backbone of Swiss democracy and threats to those processes are not to be taken lightly. For this reason, the Federal Chancellery introduced new rules and requirements on Internet Voting systems back in 2014, defining thresholds on the availability of Internet Voting, subjected to three increasing compliance levels. This talk will introduce some of the security properties defined in the federal requirements, and summarize the work done in collaboration between the eVoting group at the Berner Fachhochschule and the State of Geneva. We will conclude with a brief overview of the state of the project and of the work that still remains to be done, focusing on the cryptographic protocol.

Software
1 of 33
Download to read offline
22/01/2019 - Page 1 Improvements to CHvote The road towards an end-to-end verifiable internet voting system Office cantonal des systèmes d'information et du numérique Département des infrastructures
22/01/2019 - Page 2 Short Bio • EPFL MSc in IT • IT / Java consultant • Now Internet voting cryptography @ State of Geneva Java DEV & AppSec • Outside from work OWASP-Geneva co-chapter leader Married, 2 kids Thomas Hofer / @thhofer / thomas.hofer@etat.ge.ch
22/01/2019 - Page 3 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
22/01/2019 - Page 4 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
22/01/2019 - Page 5 The past of CHvote First generation E-Voting system • 2001: start of project • 2003: first use • Partners
22/01/2019 - Page 6 Context New Federal Requirements Version «1.5»: - Remove java applet - Add individual verifiability 12.2013 09.2015 06-09.2016 01.2017 V2.0: project preparation Project start 11.2018 Project terminated 04-05.2019 Expected publication date Timeline
22/01/2019 - Page 7 Context Challenges Exigences fédérales de sécurité Protocole cryptographique Software as a service Federal requirements Individual and universal verifiability End-to-end encryption Independent control components Symbolic and cryptographic proofs Common Criteria EAL 2 et EAL 4 OWASP Code review SMSI, ISO 27001 Certification Internal and public penetration test Source code publication Cryptography Bespoke cryptographic protocol Strong performance requirements Several academic partners Implementation of less common cryptographic primitives Massively parallel computations Control Components Hardware 6x 26 cores x86 256 Go 2x 16 cores IBM Power 256 Go 30 TB «live» data 4 distinct OS + 3 distinct JRE implementations + 2 distinct CPU architectures BDD PostgreSQL high-availability Encrypted and signed communications 0-loss tolerance No remote access, dedicated physical access control 4 independent pairs of administration teams Open Source AGPL v3 License Publication forbidden before audits and certification Documentation targeted at external contributors Image risks (cherry-picking of issues) Software as a service Multi-tenant (cantons, languages, legal frameworks) Autonomous ballot organisation High-availability 24/7 usage, limited windows for maintenance Integrity and authenticity of data
22/01/2019 - Page 8 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
22/01/2019 - Page 9 Security properties Target security properties Vote secrecy Result integrity No early tallyAvailability Voter authentication Enfranchisement
22/01/2019 - Page 10 Security challenges • Vote secrecy vs. result integrity Cryptographically challenging (but feasible) • Enfranchisement vs. authentication Typically opposed But: in CH, voting legitimation cards are sent to voters (Swiss Post is trusted) For mail-in ballots / polling station voting: − Voting card + signature + DOB For internet voting: − Secrets printed on voting card + DOB Partially contradicting requirements and other challenges
22/01/2019 - Page 11 Security challenges • Availability OK, but… DDOS?? Standard technical counter-measures Internet voting closes 24 hours before polling stations • DNS-cache poisoning (nov. 2018 news) Impacts everyone Some technical counter-measures in place, others coming Most importantly: certificate fingerprint printed on voting material Partially contradicting requirements and other challenges (ctd.)
22/01/2019 - Page 12 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
22/01/2019 - Page 13 Federal requirements • Published in 2013, enacted 2014 Collaborative work between lawmakers, academia and operating staff • Compliance levels The higher the compliance, the more voters allowed • Reference https://www.bk.admin.ch/themen/pore/evoting/07979/index.html New Ordinance on Electronic Voting
22/01/2019 - Page 14 Federal requirements Individual Verifiability Voters must receive proof that the server system has registered the vote as it was entered by the voter on the user platform – VEleS, art. 4
22/01/2019 - Page 15 Federal requirements End-to-End Encryption Votes must not be stored or transmitted in unencrypted form at any time from being entered to tallying. – Technical and administrative requirements, section 3.3.4
22/01/2019 - Page 16 Federal requirements Universal Verifiability For universal verification, the auditors receive proof that the result has been ascertained correctly. They must evaluate the proof in a observable procedure. – VEleS, art. 5 paragraph 4
22/01/2019 - Page 17 Federal requirements Control Components The trustworthy part of the system includes either one or a small number of groups of independent components secured by special measures (control components). Their use must also make any abuse recognisable if per group only one of the control components works correctly and in particular is not manipulated unnoticed. – VEleS, art. 5, par. 6
22/01/2019 - Page 18 Federal requirements • First level Individual verifiability Internet voting for up to 30% of voters • Second level Add certifying audit Internet voting for up to 50% of voters • Third level Add universal verifiability, control components and end-to-end encryption New certifying audit Internet voting for up to 100% of voters Compliance levels
22/01/2019 - Page 19 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
22/01/2019 - Page 20 Protocol actors Stakeholders from the perspective of the cryptographic protocol Election officer Control components Bulletin Board Voting client VoterPrinting Authorities
22/01/2019 - Page 21 Key cryptographic primitives • El Gamal homomorphic encryption • Oblivious Transfer for individual verifiability Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer • Pedersen Commitments • Non-interactive Zero-Knowledge Proofs (ZKP) • Wikström’s Proof of a Shuffle A brief overview
22/01/2019 - Page 22 Homomorphic encryption • Principles Operations performed on cipher texts Result visible on recovered plain texts Example: − Encrypt 2 − Multiply cipher text by 3 − Decrypt − Result is 6 • For this project: El Gamal encryption What is it?
22/01/2019 - Page 23 Homomorphic encryption • Used for voter credentials Voter authentication • Used for encrypting the ballots Vote secrecy • Allows re-encryptions Useful for anonymizing when shuffling Vote secrecy • Allows for key sharing Control components each hold a key share Vote secrecy & result integrity How and why?
22/01/2019 - Page 24 Oblivious Transfer • In short Server knows n secret messages Client allowed to retrieve k secret messages Server cannot know which messages the client asked for Perfect match for the verification codes issue! Vote secrecy & Result integrity • In detail Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer What does it mean and why is it useful?
22/01/2019 - Page 25 Commitments and ZKPs • “public” commitments for the secrets Share a value computed from secret, without leaking info • ZKPs relative to those commitments Prove that − Secret value used in computation = secret value used for commitment Chain of truth from key generation to ballot decryption • Combination yields Universal verifiability Result integrity How and why?
22/01/2019 - Page 26 Wikström’s Proof of a Shuffle • Re-encrypting mix-net Each component re-encrypts each ballot and shuffles them • Since shuffled, simple pre-image proofs would not work • Since re-encrypted, ciphertexts are not equal Vote secrecy • Need for a specific proof that the cryptographic shuffle is valid Result integrity Why?
22/01/2019 - Page 27 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
22/01/2019 - Page 28 State of the Project (those figures represent estimates by the team) 67% 33% Development Done To Do 40% 60% Infrastructure Done To Do 20% 80% Audits and certification Done To Do
22/01/2019 - Page 29 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
22/01/2019 - Page 30 Further reading • Published protocol specification https://eprint.iacr.org/2017/325 • Published PoC code https://github.com/republique-et-canton-de-geneve/chvote- protocol-poc • Federal requirements https://www.bk.admin.ch/bk/fr/home/droits-politiques/groupe- experts-vote-electronique/criteres-pour-les-essais.html And references
22/01/2019 - Page 31
22/01/2019 - Page 32 Thank you! Office cantonal des systèmes d'information et du numérique Département des infrastructures Thomas Hofer thomas.hofer@etat.ge.ch @thhofer
22/01/2019 - Page 33 This work is licensed under https://creativecommons.org/licenses/by/4.0/ Please attribute Republique et Canton de Genève with a link to https://republique-et-canton-de-geneve.github.io/chvote-1-0

Recommended

Securing e-Government Web Portal Access Using Enhanced Authentication System
Securing e-Government Web Portal Access Using Enhanced Authentication SystemSecuring e-Government Web Portal Access Using Enhanced Authentication System
Securing e-Government Web Portal Access Using Enhanced Authentication SystemHamdi Jaber
 
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...CSSaunders
 
Parelon (electronic online parliament) presentation slides (english version)
Parelon (electronic online parliament) presentation slides (english version)Parelon (electronic online parliament) presentation slides (english version)
Parelon (electronic online parliament) presentation slides (english version)Emanuele Sabetta
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsLionel Briand
 
IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...
IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...
IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...IRJET Journal
 
E-tendering
E-tenderingE-tendering
E-tenderingAishwaryaDamma
 
Etendering
EtenderingEtendering
EtenderingSandeep Kumar
 
Data to develop user centred justice services - Luc Altmann
Data to develop user centred justice services - Luc AltmannData to develop user centred justice services - Luc Altmann
Data to develop user centred justice services - Luc AltmannOECD Governance
 

Recommended

Securing e-Government Web Portal Access Using Enhanced Authentication System
Securing e-Government Web Portal Access Using Enhanced Authentication SystemSecuring e-Government Web Portal Access Using Enhanced Authentication System
Securing e-Government Web Portal Access Using Enhanced Authentication SystemHamdi Jaber
 
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...
Paul Whittaker CBE, Common Platform Transformation Director, Crown Prosecutio...CSSaunders
 
Parelon (electronic online parliament) presentation slides (english version)
Parelon (electronic online parliament) presentation slides (english version)Parelon (electronic online parliament) presentation slides (english version)
Parelon (electronic online parliament) presentation slides (english version)Emanuele Sabetta
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsLionel Briand
 
IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...
IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...
IRJET- Effctive In-House Voting and Implementation using Block-Chain Veri...IRJET Journal
 
E-tendering
E-tenderingE-tendering
E-tenderingAishwaryaDamma
 
Etendering
EtenderingEtendering
EtenderingSandeep Kumar
 
Data to develop user centred justice services - Luc Altmann
Data to develop user centred justice services - Luc AltmannData to develop user centred justice services - Luc Altmann
Data to develop user centred justice services - Luc AltmannOECD Governance
 
Elia's Stakeholders' day 2013 morning-part2
Elia's Stakeholders' day 2013 morning-part2Elia's Stakeholders' day 2013 morning-part2
Elia's Stakeholders' day 2013 morning-part2Elia
 
Ihan tech check 2020
Ihan tech check 2020Ihan tech check 2020
Ihan tech check 2020Sitra / Hyvinvointi
 
Blockchain Based E-Voting
Blockchain Based E-VotingBlockchain Based E-Voting
Blockchain Based E-VotingIRJET Journal
 
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)Shandy Aditya
 
Digital processes in telecoms (UPC)
Digital processes in telecoms (UPC)Digital processes in telecoms (UPC)
Digital processes in telecoms (UPC)Software602
 
A Usable Android Application Implementing Distributed Cryptography for Electi...
A Usable Android Application Implementing Distributed Cryptography for Electi...A Usable Android Application Implementing Distributed Cryptography for Electi...
A Usable Android Application Implementing Distributed Cryptography for Electi...IRJET Journal
 
e-Procurement in Indian Government
e-Procurement in Indian Governmente-Procurement in Indian Government
e-Procurement in Indian GovernmentKailashi Anand Nimbadia
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)FIWARE
 
WSO2Con EU 2015: Implementing National Interoperability Platform
WSO2Con EU 2015: Implementing National Interoperability PlatformWSO2Con EU 2015: Implementing National Interoperability Platform
WSO2Con EU 2015: Implementing National Interoperability PlatformWSO2
 
Hp 17 s-bbo-1350-brian-reed
Hp 17 s-bbo-1350-brian-reedHp 17 s-bbo-1350-brian-reed
Hp 17 s-bbo-1350-brian-reedSatya Harish
 
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...IRJET Journal
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity SlidesJim Kaplan CIA CFE
 
Internet – Voting System Using Blockchain Technology
Internet – Voting System Using Blockchain TechnologyInternet – Voting System Using Blockchain Technology
Internet – Voting System Using Blockchain TechnologyIRJET Journal
 
E-VOTING SYSTEM
E-VOTING SYSTEME-VOTING SYSTEM
E-VOTING SYSTEMIRJET Journal
 
Backoffice, frontoffice, efficiency and effectiveness
Backoffice, frontoffice, efficiency and effectivenessBackoffice, frontoffice, efficiency and effectiveness
Backoffice, frontoffice, efficiency and effectivenessMorten Meyerhoff Nielsen
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Courtney King
 
Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016Tim Willoughby
 
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Cloud & Telecom Expense Management
Cloud & Telecom Expense Management Cloud & Telecom Expense Management
Cloud & Telecom Expense Management Sergej Polovnikov
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 

More Related Content

Similar to The road towards verifiable internet voting

Elia's Stakeholders' day 2013 morning-part2
Elia's Stakeholders' day 2013 morning-part2Elia's Stakeholders' day 2013 morning-part2
Elia's Stakeholders' day 2013 morning-part2Elia
 
Blockchain Based E-Voting
Blockchain Based E-VotingBlockchain Based E-Voting
Blockchain Based E-VotingIRJET Journal
 
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)Shandy Aditya
 
Digital processes in telecoms (UPC)
Digital processes in telecoms (UPC)Digital processes in telecoms (UPC)
Digital processes in telecoms (UPC)Software602
 
A Usable Android Application Implementing Distributed Cryptography for Electi...
A Usable Android Application Implementing Distributed Cryptography for Electi...A Usable Android Application Implementing Distributed Cryptography for Electi...
A Usable Android Application Implementing Distributed Cryptography for Electi...IRJET Journal
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)FIWARE
 
WSO2Con EU 2015: Implementing National Interoperability Platform
WSO2Con EU 2015: Implementing National Interoperability PlatformWSO2Con EU 2015: Implementing National Interoperability Platform
WSO2Con EU 2015: Implementing National Interoperability PlatformWSO2
 
Hp 17 s-bbo-1350-brian-reed
Hp 17 s-bbo-1350-brian-reedHp 17 s-bbo-1350-brian-reed
Hp 17 s-bbo-1350-brian-reedSatya Harish
 
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...IRJET Journal
 
Internet – Voting System Using Blockchain Technology
Internet – Voting System Using Blockchain TechnologyInternet – Voting System Using Blockchain Technology
Internet – Voting System Using Blockchain TechnologyIRJET Journal
 
Backoffice, frontoffice, efficiency and effectiveness
Backoffice, frontoffice, efficiency and effectivenessBackoffice, frontoffice, efficiency and effectiveness
Backoffice, frontoffice, efficiency and effectivenessMorten Meyerhoff Nielsen
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Courtney King
 
Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016Tim Willoughby
 
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
 
Cloud & Telecom Expense Management
Cloud & Telecom Expense Management Cloud & Telecom Expense Management
Cloud & Telecom Expense Management Sergej Polovnikov
 

Similar to The road towards verifiable internet voting (20)

Elia's Stakeholders' day 2013 morning-part2
Elia's Stakeholders' day 2013 morning-part2Elia's Stakeholders' day 2013 morning-part2
Elia's Stakeholders' day 2013 morning-part2
 
Ihan tech check 2020
Ihan tech check 2020Ihan tech check 2020
Ihan tech check 2020
 
Blockchain Based E-Voting
Blockchain Based E-VotingBlockchain Based E-Voting
Blockchain Based E-Voting
 
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
E-Commerce Chap 5: E-COMMERCE SECURITY AND PAYMENT SYSTEMS (D3 B 2018)
 
Digital processes in telecoms (UPC)
Digital processes in telecoms (UPC)Digital processes in telecoms (UPC)
Digital processes in telecoms (UPC)
 
A Usable Android Application Implementing Distributed Cryptography for Electi...
A Usable Android Application Implementing Distributed Cryptography for Electi...A Usable Android Application Implementing Distributed Cryptography for Electi...
A Usable Android Application Implementing Distributed Cryptography for Electi...
 
e-Procurement in Indian Government
e-Procurement in Indian Governmente-Procurement in Indian Government
e-Procurement in Indian Government
 
The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)The Token Platform (Webinar July 6th 2022)
The Token Platform (Webinar July 6th 2022)
 
WSO2Con EU 2015: Implementing National Interoperability Platform
WSO2Con EU 2015: Implementing National Interoperability PlatformWSO2Con EU 2015: Implementing National Interoperability Platform
WSO2Con EU 2015: Implementing National Interoperability Platform
 
Hp 17 s-bbo-1350-brian-reed
Hp 17 s-bbo-1350-brian-reedHp 17 s-bbo-1350-brian-reed
Hp 17 s-bbo-1350-brian-reed
 
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...
IRJET- Blockchain-based Secured E-Voting System to Remove the Opacity and Ens...
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Internet – Voting System Using Blockchain Technology
Internet – Voting System Using Blockchain TechnologyInternet – Voting System Using Blockchain Technology
Internet – Voting System Using Blockchain Technology
 
E-VOTING SYSTEM
E-VOTING SYSTEME-VOTING SYSTEM
E-VOTING SYSTEM
 
Backoffice, frontoffice, efficiency and effectiveness
Backoffice, frontoffice, efficiency and effectivenessBackoffice, frontoffice, efficiency and effectiveness
Backoffice, frontoffice, efficiency and effectiveness
 
Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016Ctc rick ryan prezi 3 2016
Ctc rick ryan prezi 3 2016
 
Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016
 
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Cloud & Telecom Expense Management
Cloud & Telecom Expense Management Cloud & Telecom Expense Management
Cloud & Telecom Expense Management
 

Recently uploaded

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsBert Jan Schrijver
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 

Recently uploaded (20)

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 

The road towards verifiable internet voting

  • 1. 22/01/2019 - Page 1 Improvements to CHvote The road towards an end-to-end verifiable internet voting system Office cantonal des systèmes d'information et du numérique Département des infrastructures
  • 2. 22/01/2019 - Page 2 Short Bio • EPFL MSc in IT • IT / Java consultant • Now Internet voting cryptography @ State of Geneva Java DEV & AppSec • Outside from work OWASP-Geneva co-chapter leader Married, 2 kids Thomas Hofer / @thhofer / thomas.hofer@etat.ge.ch
  • 3. 22/01/2019 - Page 3 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
  • 4. 22/01/2019 - Page 4 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
  • 5. 22/01/2019 - Page 5 The past of CHvote First generation E-Voting system • 2001: start of project • 2003: first use • Partners
  • 6. 22/01/2019 - Page 6 Context New Federal Requirements Version «1.5»: - Remove java applet - Add individual verifiability 12.2013 09.2015 06-09.2016 01.2017 V2.0: project preparation Project start 11.2018 Project terminated 04-05.2019 Expected publication date Timeline
  • 7. 22/01/2019 - Page 7 Context Challenges Exigences fédérales de sécurité Protocole cryptographique Software as a service Federal requirements Individual and universal verifiability End-to-end encryption Independent control components Symbolic and cryptographic proofs Common Criteria EAL 2 et EAL 4 OWASP Code review SMSI, ISO 27001 Certification Internal and public penetration test Source code publication Cryptography Bespoke cryptographic protocol Strong performance requirements Several academic partners Implementation of less common cryptographic primitives Massively parallel computations Control Components Hardware 6x 26 cores x86 256 Go 2x 16 cores IBM Power 256 Go 30 TB «live» data 4 distinct OS + 3 distinct JRE implementations + 2 distinct CPU architectures BDD PostgreSQL high-availability Encrypted and signed communications 0-loss tolerance No remote access, dedicated physical access control 4 independent pairs of administration teams Open Source AGPL v3 License Publication forbidden before audits and certification Documentation targeted at external contributors Image risks (cherry-picking of issues) Software as a service Multi-tenant (cantons, languages, legal frameworks) Autonomous ballot organisation High-availability 24/7 usage, limited windows for maintenance Integrity and authenticity of data
  • 8. 22/01/2019 - Page 8 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
  • 9. 22/01/2019 - Page 9 Security properties Target security properties Vote secrecy Result integrity No early tallyAvailability Voter authentication Enfranchisement
  • 10. 22/01/2019 - Page 10 Security challenges • Vote secrecy vs. result integrity Cryptographically challenging (but feasible) • Enfranchisement vs. authentication Typically opposed But: in CH, voting legitimation cards are sent to voters (Swiss Post is trusted) For mail-in ballots / polling station voting: − Voting card + signature + DOB For internet voting: − Secrets printed on voting card + DOB Partially contradicting requirements and other challenges
  • 11. 22/01/2019 - Page 11 Security challenges • Availability OK, but… DDOS?? Standard technical counter-measures Internet voting closes 24 hours before polling stations • DNS-cache poisoning (nov. 2018 news) Impacts everyone Some technical counter-measures in place, others coming Most importantly: certificate fingerprint printed on voting material Partially contradicting requirements and other challenges (ctd.)
  • 12. 22/01/2019 - Page 12 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
  • 13. 22/01/2019 - Page 13 Federal requirements • Published in 2013, enacted 2014 Collaborative work between lawmakers, academia and operating staff • Compliance levels The higher the compliance, the more voters allowed • Reference https://www.bk.admin.ch/themen/pore/evoting/07979/index.html New Ordinance on Electronic Voting
  • 14. 22/01/2019 - Page 14 Federal requirements Individual Verifiability Voters must receive proof that the server system has registered the vote as it was entered by the voter on the user platform – VEleS, art. 4
  • 15. 22/01/2019 - Page 15 Federal requirements End-to-End Encryption Votes must not be stored or transmitted in unencrypted form at any time from being entered to tallying. – Technical and administrative requirements, section 3.3.4
  • 16. 22/01/2019 - Page 16 Federal requirements Universal Verifiability For universal verification, the auditors receive proof that the result has been ascertained correctly. They must evaluate the proof in a observable procedure. – VEleS, art. 5 paragraph 4
  • 17. 22/01/2019 - Page 17 Federal requirements Control Components The trustworthy part of the system includes either one or a small number of groups of independent components secured by special measures (control components). Their use must also make any abuse recognisable if per group only one of the control components works correctly and in particular is not manipulated unnoticed. – VEleS, art. 5, par. 6
  • 18. 22/01/2019 - Page 18 Federal requirements • First level Individual verifiability Internet voting for up to 30% of voters • Second level Add certifying audit Internet voting for up to 50% of voters • Third level Add universal verifiability, control components and end-to-end encryption New certifying audit Internet voting for up to 100% of voters Compliance levels
  • 19. 22/01/2019 - Page 19 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
  • 20. 22/01/2019 - Page 20 Protocol actors Stakeholders from the perspective of the cryptographic protocol Election officer Control components Bulletin Board Voting client VoterPrinting Authorities
  • 21. 22/01/2019 - Page 21 Key cryptographic primitives • El Gamal homomorphic encryption • Oblivious Transfer for individual verifiability Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer • Pedersen Commitments • Non-interactive Zero-Knowledge Proofs (ZKP) • Wikström’s Proof of a Shuffle A brief overview
  • 22. 22/01/2019 - Page 22 Homomorphic encryption • Principles Operations performed on cipher texts Result visible on recovered plain texts Example: − Encrypt 2 − Multiply cipher text by 3 − Decrypt − Result is 6 • For this project: El Gamal encryption What is it?
  • 23. 22/01/2019 - Page 23 Homomorphic encryption • Used for voter credentials Voter authentication • Used for encrypting the ballots Vote secrecy • Allows re-encryptions Useful for anonymizing when shuffling Vote secrecy • Allows for key sharing Control components each hold a key share Vote secrecy & result integrity How and why?
  • 24. 22/01/2019 - Page 24 Oblivious Transfer • In short Server knows n secret messages Client allowed to retrieve k secret messages Server cannot know which messages the client asked for Perfect match for the verification codes issue! Vote secrecy & Result integrity • In detail Cast-as-Intended Verification in Electronic Elections Based on Oblivious Transfer What does it mean and why is it useful?
  • 25. 22/01/2019 - Page 25 Commitments and ZKPs • “public” commitments for the secrets Share a value computed from secret, without leaking info • ZKPs relative to those commitments Prove that − Secret value used in computation = secret value used for commitment Chain of truth from key generation to ballot decryption • Combination yields Universal verifiability Result integrity How and why?
  • 26. 22/01/2019 - Page 26 Wikström’s Proof of a Shuffle • Re-encrypting mix-net Each component re-encrypts each ballot and shuffles them • Since shuffled, simple pre-image proofs would not work • Since re-encrypted, ciphertexts are not equal Vote secrecy • Need for a specific proof that the cryptographic shuffle is valid Result integrity Why?
  • 27. 22/01/2019 - Page 27 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
  • 28. 22/01/2019 - Page 28 State of the Project (those figures represent estimates by the team) 67% 33% Development Done To Do 40% 60% Infrastructure Done To Do 20% 80% Audits and certification Done To Do
  • 29. 22/01/2019 - Page 29 Outline Context Security properties and challenges Federal requirements Protocol overview State of the project Conclusion
  • 30. 22/01/2019 - Page 30 Further reading • Published protocol specification https://eprint.iacr.org/2017/325 • Published PoC code https://github.com/republique-et-canton-de-geneve/chvote- protocol-poc • Federal requirements https://www.bk.admin.ch/bk/fr/home/droits-politiques/groupe- experts-vote-electronique/criteres-pour-les-essais.html And references
  • 32. 22/01/2019 - Page 32 Thank you! Office cantonal des systèmes d'information et du numérique Département des infrastructures Thomas Hofer thomas.hofer@etat.ge.ch @thhofer
  • 33. 22/01/2019 - Page 33 This work is licensed under https://creativecommons.org/licenses/by/4.0/ Please attribute Republique et Canton de Genève with a link to https://republique-et-canton-de-geneve.github.io/chvote-1-0