Ersin kszo lu Dan S. Wallach VoteBox Full featured DRE voting - PowerPoint PPT Presentation

EVT/WOTE ’09 AUGUST ST 10, 2009 Ersin Öksüzo ğ lu Dan S. Wallach

 VoteBox ◦ Full featured DRE voting machine ◦ Paper in USENIX Security Symposium 2008 2

Pre-rendered Network ballot user interface replication increases the simplifies the graphics ics avail ilabil ability ity of voting subsystem & co code e size records Challenge Elgamal ballot option encryption casts the votes allows tallying ing the votes as as intende ended independently 3

 One way of encryption  Two ways of decryption 4

 In a tampered VoteBox, we cannot detect privacy attacks ◦ The random number can be used as a subliminal channel  VoteBox still needs to be smaller EVM Language LOC Pvote Python 460 VoteBox VoteBox Java 14500 14500 Diebold AccuVote TSX C++ 64000 Sequoia Edge C 124000 5

Hardware and software hybrid Pre-rendered GUI  Minimized code size for easier inspection Challenge option  End to end cryptography Elgamal Encryption True Random  Better random numbers Number Generator Session ID  Additional tamper-evidence Bitstream mechanism Readback 6

 A blank chip that the user can program on the field  Emulate any chip  Used for prototyping custom silicon  Accelerate designs taking the advantage of the parallelism  Widely deployed in the industry ($2.75 billion in 2010)  Fast time to market  Low initial cost  Re-programmable hence easy to update 7

 500k gate FPGA Chip  Flash RAM  DRAM  VGA port  Dot Matrix LCD (2x16)  A rotary encoder  RS232 serial ports  Buttons and switches  USB configuration port  No CPU, GPU, network chip 8

 Network replication and storage facilities ◦ We have limited space on board  Ethernet communication module ◦ Instead we have RS232 port  High resolution bitmap based GUI ◦ We have character graphics 9

Vot oteBox eBox Class ssic ic vs vs. . Vot oteBox Box Nano no 10

X Y color text X Y color text 11

 IEEE port standard for IC’s to:  Debug  Program USB  Monitor  Daisy chain connection for all the components on board  One wire data in For FPGA GAs, s, JTAG AG is u s use sed for  One wire data out 1. Bitstream upload and download 2. Software upload and download 3. Accessing software debugger 12

Programming USB  JTAG Done !!! ..9F23 ..9F23 ..XXXX 23 23 Triggers Session ID Captured from TRNG 13

Programming USB  JTAG Done !!! The design is ready ! ..ED92 ..259A ..0932 ..0932 .. ..0932 ..CC21 ..F032 ..9F23 ..2201 ..FAFA ..E12C ..E2D6 ..127F ..6831 ..3247 ..1456 ..7FED 32 32 32 FPGA is sealed Write e it down! 14

Readback bitstream Done !!! ..0932 32 Same ? ..E12C ..CC21 ..F032 ..2201 ..259A ..ED92 ..FAFA ..127F ..E2D6 ..6831 ..3247 ..1456 ..7FED ..0932 32 Seal is broken Compare 15

 Upload a new bitstream Session ID Elections Elections Evil End Start bitstream Bitstream verification Session ID Elections Evil Honest Elections Start bitstream bitstream End Bitstream verification  Change software  JTAG port is monitored  Session ID is read-only 16

EVM Language LOC Pvote Python 460 VoteBox Nano C 996 VoteBox (Stripped) Java ~7300 VoteBox (Full) Java 14500 Diebold AccuVote TSX C++ 64000 Sequoia Edge C 124000 17

 Pvote 460 lines Python Linux PR-GUI SHA1 Python Libraries Kernel  VoteBox (Full) Network PR-GUI ballot rep. 14500 lines JAVA Linux JAVA Libraries Kernel Elgamal enc. Challenge DSA  VoteBox Nano PR-GUI TRNG 122 kB FPGA Modules executable Custom Modules Elgamal enc. Challenge DSA Session ID 18

 We have shown that a very compact EVM can be built using an FPGA with following features: Externally Elgamal True Random verifiable Encryption and Number Generator attestation DSA Challenge Pre-rendered GUI Option No underlying OS 19

 At the last step, the voter is given two options Cast Challenge The votes are valid The votes are invalidated Usual flow FPGA reveals the random numbers  FPGA only publishes the random numbers, the secret key is still safe  With a certain amount of challenges, the results are reliable enough 20

 TRNG has 128 ring oscillators, each consisting of 3 inverters  f s is 25 MHz and throughput is 195 kB/s. 21

22

 Theft of the device ◦ No secret data is stored in long term  Tapping serial port ◦ The votes are encrypted ◦ Encryption is probabilistic 23

Hardware LOC Crypto Module 760 TRNG 520 Other 483 Total 1763 24

TDI: (Test Data In) TDO: (Test Data Out) TCK: (Test Clock) TMS: (Test Mode Select) The line is tripwired to the Session ID 25

 500k gate FPGA Chip  Flash RAM (16 MB)  DRAM (32 MB)  VGA port  Dot Matrix LCD (2x16)  A rotary encoder  RS232 serial ports  Buttons and switches  USB configuration port  Ethernet Port  PS/2 port  8 LEDs Xilinx Spartan-3E 500 Starter Kit 26

TDI: (Test Data In) TDO: (Test Data Out) TCK: (Test Clock) TMS: (Test Mode Select) USB The line is tripwired to the Session ID For FPGAs JTAG is us used for JTAG 1. Bitstream upload and download 2. Software upload and download 3. Accessing software debugger 27

28