Voting Security Overview

Voting Security Overview
(Electronic) Voting Security Ben Adida Harvard University Workshop on Electronic Voting IDC Herzliya 17 May 2009
The Point of An Election
The Point of An Election “The People have spoken.... the bastards!” Dick Tuck 1966 Concession Speech
The Point of An Election “The People have spoken.... the bastards!” Dick Tuck 1966 Concession Speech Provide enough evidence to convince the loser.
quot;That's for me and a button to know.quot; Joe, the plumber.
5
5
5
5
5
5
5
6
6
Fashionable Voting http://www.cs.uiowa.edu/~jones/voting/pictures/7
Fashionable Voting 8
Fashionable Voting 8
Voting is a fundamentally difficult problem. 9
Wooten got the news from his wife, Roxanne, who went to City Hall on Wednesday to see the election results. quot;She saw my name with zero votes by it. She came home and asked me if I had voted for myself or not.quot; 10
14 12
14 12 1 person, 1 vote
Enforced Privacy to ensure each voter votes in his/her own interest 12
http://www.cs.uiowa.edu/~jones/voting/pictures/ 13
1892 - Australian Ballot http://www.cs.uiowa.edu/~jones/voting/pictures/ 14
The Ballot Handoff McCain Alice the Voter 17
The Ballot Handoff McCain Obama Obama Obama McCain McCain McCain Alice the Voter 17
The Ballot Handoff McCain Obama Obama Obama McCain McCain McCain Alice the Voter Black Box 17
Chain of Custody 18
Chain of Custody /* 1 * source * code */ if (... Vendor 18
Chain of Custody /* 1 * source * code Voting 2 */ Machine if (... Vendor 18
Chain of Custody /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 18
Chain of Custody /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 18
Chain of Custody /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 18
Chain of Custody /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice 5 Ballot Box Collection 18
Chain of Custody /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice Results 5 6 ..... Ballot Box Collection 18
Chain of Custody /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice Results 5 6 ..... Ballot Box Collection Black Box 18
The Cost of Secrecy
The Cost of Secrecy
The Cost of Secrecy
The Cost of Secrecy
The Cost of Secrecy
But Secrecy is Important. Secret Ballot implemented in Chile in 1958. “the secrecy of the ballot [...] has first-order implications for resource allocation, political outcomes, and social efficiency.” [BalandRobinson 2004]
Because we care about a meaningful result, we’ve made auditing very difficult. 21
We are left chasing evidence of correctness. Meanwhile we destroy evidence on purpose. 22
Obtaining Evidence /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor 4 Alice Results 5 6 ..... Ballot Box Collection 23
Obtaining Evidence /* 1 * source * code Polling Voting */ 3 2 Location Machine if (... Vendor - source code audit - Logic & Accuracy - Parallel Testing - Voter-Verified Paper Audit Trail
Obtaining Evidence Polling Location 3 - Multiple poll watchers competing affiliations - No personal 4 Alice electronic devices at the polling station - Logging all events
Obtaining Evidence - redundant counts - ballot box seals - statistical auditing by partial recounts Results 5 6 ..... Ballot Box Collection
Fragmented, Adversarial and Indirect - each piece of evidence covers a small segment of the chain. - attacker knows the checks, and can try to sneak in where the chain is not covered. - to maintain security and for practical purposes, the evidence is very indirect.
The Effect of DREs - More to audit - Errors can have disproportionate effects - Software is not just for speed/efficiency, it becomes central for integrity.
Software Independence an undetected mistake in the system does not cause an undetectable error in the tally.
Can we get more direct, more end-to-end evidence?
Secret Ballot vs. Verifiability Voting System convince Alice Carl the Coercer 31
Secret Ballot vs. Verifiability Voting System convince Alice Carl the Coercer [Chaum81], [Benaloh85], [PIK93], [BenalohTuinstra92], [SK94], [Neff2001], [FS2001], [Chaum2004], [Neff2004], [Ryan2004], [Chaum2005] Punchscan, Scantegrity I & II, Civitas, ThreeBallot, Prêt-à-Voter, Scratch & Vote, ... 31
Public Ballots Bulletin Board Bob: McCain Carol: Obama 32
Public Ballots Bulletin Board Bob: McCain Carol: Obama Alice 32
Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Alice 32
Public Ballots Bulletin Board Alice: Bob: Obama McCain Carol: Obama Tally Obama....2 McCain....1 Alice 32
Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Rice Tally Obama....2 McCain....1 Alice 33
Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali Rice ce ver Tally ifies he rv Obama....2 ote McCain....1 Alice 33
Encrypted Public Ballots Bulletin Board Alice: Bob: Rice Clinton Carol: Ali ce Rice ta lly ver e thTally ifies rifies ve he rv eryone ote E v Obama....2 McCain....1 Alice 33
End-to-End Verification
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Polling Location
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Polling Bulletin Board Location Alice
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... Alice
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... 1 Alice Receipt
End-to-End Verification /* * source * code Voting */ Machine if (... Vendor Ballot Box / Results Polling Bulletin Board Location ..... 1 2 Alice Receipt
Open-Audit Elections
Evidence-Based Elections
Questions? ben_adida@harvard.edu

Check these out next

Voting Security Overview

Recommended

More Related Content

Viewers also liked(17)

Recently uploaded(20)

Voting Security Overview