electronic voting how logic can help
play

Electronic voting: how logic can help? Vronique Cortier Journes du - PowerPoint PPT Presentation

Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Electronic voting: how logic can help? Vronique Cortier Journes du GdR-IM 2016 January 18-20, 2016, Villetaneuse Funded by 1/51 Context


  1. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Electronic voting: how logic can help? Véronique Cortier Journées du GdR-IM 2016 January 18-20, 2016, Villetaneuse Funded by 1/51

  2. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Electronic voting 2/51

  3. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Two main families for electronic voting Voting machines Voters attend a polling station ; Standard authentication (id cards, etc.) Internet Voting Voters vote from home ; Using their own computer (or phone, tablet, ...) 3/51

  4. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Internet voting is used in trials in various countries France : National Assembly for the French from abroad (2012) Australia : New South Wales state (more than 280 000 votes cast by Internet) Estonia : municipal elections (2005, 2009, and 2013), in national parliamentary elections (2007 and 2011), European Parliament elections (2009 and 2014) Switzerland : several trials, a new regulation since 2013 that introduced several levels of security. Canada : municipal election in Ontario (since 2003) and Nova Scotia (since 2006) 4/51

  5. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion ...banned in other countries ! Netherland : 2008, electronic voting is abolished (voting machine and Internet) Germany : 2009, the voting machines (Nedap) are rejected, do not comply with the constitution It must be possible for a citizen to check the main steps of a voting process, with ni special expertise. Norway : trials ended in 2013 The fear of voters that their vote might become public may undermine the democratic process. 5/51

  6. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Widely used in non political election professional elections (banks, Éducation Nationale, ...) health care administration councils scientific councils 6/51

  7. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion vote at UMP 7/51

  8. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Numerous attacks ! Pilot project for overseas US military voters Alex Halderman and his team were able to : retrieve all the electoral material 8/51

  9. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Numerous attacks ! Pilot project for overseas US military voters Alex Halderman and his team were able to : retrieve all the electoral material change the votes 8/51

  10. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Numerous attacks ! Pilot project for overseas US military voters Alex Halderman and his team were able to : retrieve all the electoral material change the votes take the control of the surveillance camera 8/51

  11. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Numerous attacks ! Pilot project for overseas US military voters Alex Halderman and his team were able to : retrieve all the electoral material change the votes take the control of the surveillance camera finally add their University hymn (Michigan) 8/51

  12. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Numerous attacks ! (bis) Machines in India built a clip-on memory manipulator designed attacks that control the display screen 9/51

  13. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Numerous attacks ! (bis) Machines in India built a clip-on memory manipulator designed attacks that control the display screen Sequoia Machines AVC Edge (USA) change the memory card without tampering with the seals installation of Pac-Man 9/51

  14. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Numerous attacks ! (bis) Machines in India built a clip-on memory manipulator designed attacks that control the display screen Sequoia Machines AVC Edge (USA) change the memory card without tampering with the seals installation of Pac-Man → watch the (hilarious) videos from Alex Halderman ! (YouTube and MOOC) 9/51

  15. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion What is a good voting system ? 10/51

  16. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Confidentiality of the votes Vote privacy "No one should know how I voted" 11/51

  17. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Confidentiality of the votes Vote privacy "No one should know how I voted" Better : Receipt-free / Coercion-resistant "No one should know how I voted, even if I am willing to tell my vote ! " 11/51

  18. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Confidentiality of the votes Vote privacy "No one should know how I voted" Better : Receipt-free / Coercion-resistant "No one should know how I voted, even if I am willing to tell my vote ! " vote buying coercion 11/51

  19. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Confidentiality of the votes Vote privacy "No one should know how I voted" Better : Receipt-free / Coercion-resistant "No one should know how I voted, even if I am willing to tell my vote ! " vote buying coercion Everlasting privacy : no one should know my vote, even when the cryptographic keys will be eventually broken. 11/51

  20. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Verifiability Individual Verifiability : Each voter can check that his/her ballot is in the ballot box. Universal Verifiability : Everyone can check that the result corresponds to the content of the ballot box. Eligibility Verifiability : Everyone can check that the ballots have been casted by legitimate voters. 12/51

  21. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Verifiability Individual Verifiability : Each voter can check that his/her ballot is in the ballot box. Universal Verifiability : Everyone can check that the result corresponds to the content of the ballot box. Eligibility Verifiability : Everyone can check that the ballots have been casted by legitimate voters. You should verify the election, not the system. 12/51

  22. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion And many more properties Availability : servers available at any time Accessibility : easy to use, adapted to people with various issues ... 13/51

  23. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion What does the CNIL say ? Excepts from the recommendation of 2010 Confidentiality The system must guaranty that the identity of the voter cannot be related to his vote... The Commission considers that the number of encryption keys should be three at minimum, two out of three keys being necessary to decrypt. 14/51

  24. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion What does the CNIL say ? Excepts from the recommendation of 2010 Confidentiality The system must guaranty that the identity of the voter cannot be related to his vote... The Commission considers that the number of encryption keys should be three at minimum, two out of three keys being necessary to decrypt. Verifiability : overlooked ! The expertise should be performed by an independent expert The systems should guarantee the sincerity of the electoral process, the true surveillance of the vote and the a posteriori control of the election authority New recommendations expected for 2016. 14/51

  25. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion I should not be able to prove how I voted, yet I should be able to check that my vote has been counted... 15/51

  26. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion I should not be able to prove how I voted, yet I should be able to check that my vote has been counted... Let see how this can be realized. 15/51

  27. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Building blocks : cryptography 16/51

  28. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Asymetric encryption Invented in the 80s W. Diffie M. Hellman public key private key Hello Obawbhe Hello Encryption Decryption Encryption with the public key and decryption with the private key. 17/51

  29. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion A lot of inventivity - Shared decryption → Several keys are needed to decrypt. 18/51

  30. Context Properties Belenios Model Static equivalence Trace equivalence Privacy Discussion Threshold decryption The decryption key is shared between several authorities. Simple case : Encryption with a key built from n keys Decryption with any of the n keys 19/51

Recommend


More recommend