voottoopipia wwill bbe ccontinued… -...

Prof. Prof. KwangjoKwangjo Kim KimVotopiaVotopia –– A Secure Internet Voting System - A Secure Internet Voting System - ©© IRIS IRIS

11

Votopia will be continued…VotopiaVotopia will be continued will be continued……11stst Secure Internet Voting System Secure Internet Voting System

over the worldover the worldTo Choose the Most Valuable Player and the Best GoalkeeperTo Choose the Most Valuable Player and the Best Goalkeeper

in 2002 FIFA World Cup Korea/in 2002 FIFA World Cup Korea/JapanJapanTMTM

Kwangjo Kwangjo Kim Kim

International Research Center for Information SecurityInternational Research Center for Information Security

Information and Communications Univ.Information and Communications Univ.


22

IntroductionIntroductionIntroduction A project carried out by effective collaboration among some of the prominent KoreanA project carried out by effective collaboration among some of the prominent Korean

and Japanese IT firms and research institutesand Japanese IT firms and research institutes

Votopia

IRIS

NTT

U. of Tokyo

LG-CNS

STI

KSIGN KISTI

Project Coordination& System Management

Voting system C-srcPrototype

Verification

Voting Servers PKI service

Java Crypto Library

User Interface DB management

SECUi.COM

Security Management

Korean Japanese

InSol

System Testingand Integration

ORACLE

DB

MIC

KOWOC Reddevils

Sports Press

Supporters


33

ContributorsContributorsContributors IRIS : IRIS : KwangjoKwangjo Kim, Kim, Byoungcheon Byoungcheon Lee, Lee, Jinho Jinho Kim, Kim, Myoungsun Myoungsun Kim, Kim, HyunrokHyunrok

Lee, Lee, Jaegwan Jaegwan Park, Park, Manho Manho Lee, Lee, Wooseok Wooseok Ham, Ham, Jongseung Jongseung Kim, Kim, Hyunggi ChoiHyunggi Choi,,Kyuseok Kyuseok Ham, Ham, KukhwanKukhwan AhnAhn,Vo ,Vo Duc LiemDuc Liem, , Xie YanXie Yan, , FangguoFangguo Zhang, etc Zhang, etc

LG CNS : LG CNS : DaehunDaehun Kim, Kim, Seung PilSeung Pil Hong, Hong, MinhyungMinhyung Kim, Kim, Jongyoon ChoiJongyoon Choi InsolsoftInsolsoft : : SunjooSunjoo, Hyun, Mina Jung, , Hyun, Mina Jung, Junghan Junghan Kim, Kim, YongJae YongJae LeeLee KSIGN : KSIGN : KiKi--Yoong Yoong Hong, Hong, Jadong Jadong Ku, Ku, EunsongEunsong Lee, Lee, Jinsoo Jinsoo Lim, Lim, Daesung Daesung KuKu STI : Donnie STI : Donnie ChoiChoi, , Daeha Daeha Park, Park, Seoungho HeoSeoungho Heo, Jung , Jung Cheol Cheol Yoon,Yoon, KISTI : KISTI : Younghwa ChoYounghwa Cho, , JungkwonJungkwon Kim, Jun Woo, Kim, Jun Woo, Okhwan ByunOkhwan Byun SECUiSECUi.COM : .COM : KyongsooKyongsoo Oh, Oh, Moonseok SeoMoonseok Seo, , Wonkeun HurWonkeun Hur, , Hyunwon KoHyunwon Ko MIC : Hyun Lee, MIC : Hyun Lee, EeEe--HwanHwan Hwang Hwang Korean Press ( Digital Times, Daily Korean Press ( Digital Times, Daily EconimicsEconimics), ), ReddevilsReddevils U. of Tokyo : Hideki Imai, U. of Tokyo : Hideki Imai, Kazuguni KobaraKazuguni Kobara NTT : NTT : Tatsuaki Tatsuaki Okamoto, Atsushi Fujioka, Masayuki Abe, Okamoto, Atsushi Fujioka, Masayuki Abe, Koutarou Koutarou SuzukiSuzuki ORACLE, SUNORACLE, SUN


44

Cryptographic Req’tCryptographic Cryptographic ReqReq’’ttBasicBasic

PrivacyPrivacy : All votes must be secret : All votes must be secret CompletenessCompleteness : All valid votes are counted correctly : All valid votes are counted correctly SoundnessSoundness : The dishonest voter cannot disrupt the voting : The dishonest voter cannot disrupt the voting UnreusabilityUnreusability : No voter can vote twice : No voter can vote twice EligibilityEligibility : No one who isn : No one who isn’’t allowed to vote can votet allowed to vote can vote FairnessFairness : Nothing can affect the voting : Nothing can affect the voting

AdvancedAdvanced Walk-awayWalk-away : The voter need not to make any action after voting : The voter need not to make any action after voting RobustnessRobustness : The voting system should be successful regardless of partial : The voting system should be successful regardless of partial

failure of the systemfailure of the system Universal verifiability : Anyone can verify the validity of voteUniversal verifiability : Anyone can verify the validity of vote Receipt-freeness : Voter should not be able to prove his or her vote to aReceipt-freeness : Voter should not be able to prove his or her vote to a

buyer. (Voter does not have any receipt for the vote)buyer. (Voter does not have any receipt for the vote)


55

Security & Performance Req’tSecurity & Performance Security & Performance ReqReq’’tt

Server sideServer side•• Network and computer securityNetwork and computer security

•• Anti-hacking such as DDOS attack, Anti-hacking such as DDOS attack, etcetc

•• Large DB handlingLarge DB handling•• Fault-tolerance and high reliabilityFault-tolerance and high reliability•• Reasonable processing when registering and votingReasonable processing when registering and voting

Client sideClient side•• Fast and easy, user-friendly web interfaceFast and easy, user-friendly web interface•• No tamper-proof device providedNo tamper-proof device provided•• Various kinds of platforms, OS and browsersVarious kinds of platforms, OS and browsers•• Keep the privacy of all voters at maximumKeep the privacy of all voters at maximum


66

System ConfigurationSystem ConfigurationSystem Configuration

Voters

Admin ServerSUN 6500

DB ServerCOMPAQ ES40

CA Server

Clustered Web Servers

Counter Server(COMPAQ ES40)

Firewall

Internet

L4 SW

G/100M

SUN 6500 / 3000 SUN 880*2

http://mvp.worldcup2002.or.kr


77

ImplementationImplementationImplementationClientClient

•• Java1.2, JLOCK+Java1.2, JLOCK+

•• MS Explorer 4.0 on Windows98 /ME/XP/2000MS Explorer 4.0 on Windows98 /ME/XP/2000

•• Korean, Japanese, English and ChineseKorean, Japanese, English and Chinese

Web, DB, Admin, and Counter ServersWeb, DB, Admin, and Counter Servers Solaris 2.5.4 (SUN OS 5.8), Oracle DB 8.0.6 , JDBCSolaris 2.5.4 (SUN OS 5.8), Oracle DB 8.0.6 , JDBC

Tomcat3.1, Apache1.3.12, JSSWEB+Tomcat3.1, Apache1.3.12, JSSWEB+

Encryption and CertificateEncryption and Certificate•• 512 bit 512 bit ElGamalElGamal encryption and encryption and SchnorrSchnorr (blind) signature (blind) signature

•• Simplified X.509v3 certificate issued by CA serverSimplified X.509v3 certificate issued by CA server


88

DBserver

Web servers

V3. Request Schnorr blind signature

R1. After setting up secure session, download registration form

Counterserver

Adminserver

V4. Receive Schnorr blind signature

Voters

V6. Send encrypted ballot & admin’s digital signature

R5. Save certificate

R2. Send encrypted public key & registration information with session key

CAserver

R3. Request certificate

R4. Issue certificate

V1. Download voting applet

V2. Encrypt the ballot with counter’s public key in ElGamal encryption

V5. Verify admin’s blind signature

V7. Verify admin’s signature & decrypt ballot using counter’s private key

V8/C1. Save all decrypted ballots

C3. Receive the final result

C2. Send query for tallying

Flow of 3 main stagesFlow of 3 main stagesFlow of 3 main stages

R: RegistrationV: VotingC: Counting


99

Home Page(http://mvp.worldcup2002.or.kr)

Home PageHome Page(http://(http://mvpmvp.worldcup2002.or..worldcup2002.or.krkr))

15

30


1010

RegistrationRegistrationRegistration


1111

VotingVotingVoting

*This page is for “vote-now”. In case of “vote-later”, you must give ID and passwd.


1212

Statistics of main votingStatistics of main votingStatistics of main voting3604 3474

90

1150

2512

3662

0

500

1000

1500

2000

2500

3000

3500

4000

Total Asia Korea Japan Male Female

Voters

No.

of

Vot

es

Preliminary : 903 votes


1313

Top 10 MVP’sTop 10 MVPTop 10 MVP’’ss

0 200 400 600 800 1000 1200 1400 1600

Sun Hong HWANG

Nam Il KIM

Myung Bo HONG

Jung Hwan AHN

Ronaldo

Chong Gug SONG

Ji Sung PARK

David BECKHAM

Young Pyo LEE

Miroslav KLOSE

Pla

yers

No. of votes

Votes


1414

Top 10 Best GoalkeepersTop 10 Best GoalkeepersTop 10 Best Goalkeepers

0 500 1000 1500 2000 2500 3000 3500

Woon Jae LEE

Oliver KAHN

Byung Ji KIM

Tony SYLVA

casillas IKER

David SEAMAN

Brad FRIEDEL

Jose Luis CHILAVERT

Seigo NARAZAKI

Gianluigi BUFFON

Pla

yers

Votes

Votes


1515

Other DetailsOther DetailsOther Details

Age:Age: Below 10 yrs: 13 (0.4%), Below 10 yrs: 13 (0.4%), 11~ 20 yrs: 1,725 (47.1%),11~ 20 yrs: 1,725 (47.1%), 21~30 yrs: 1,551 21~30 yrs: 1,551

(42.4%), 31~40 yrs: 270 (7.4%), 41~50 yrs: 85 (2.3%), 51~60 yrs: 13(42.4%), 31~40 yrs: 270 (7.4%), 41~50 yrs: 85 (2.3%), 51~60 yrs: 13(0.4%), Above 61 yrs: 5 (0.1%)(0.4%), Above 61 yrs: 5 (0.1%)

Continents:Continents: Asia: 3,604 (98.4%), Europe: 23 (0.6%), North America: 20 (0.5%),Asia: 3,604 (98.4%), Europe: 23 (0.6%), North America: 20 (0.5%),

Oceania: 8 (0.2%), South America: 4 (0.2%), Africa: 3 (0.1%),Oceania: 8 (0.2%), South America: 4 (0.2%), Africa: 3 (0.1%),

List of nations more than 5 voters :List of nations more than 5 voters : Korea: 3,474Korea: 3,474 Japan: 90Japan: 90 Vietnam: 18Vietnam: 18 China: 14China: 14

Canada:Canada: 8 8 USA: 7USA: 7 India: 6India: 6 Australia: 6Australia: 6France: 5France: 5 Netherlands, Brazil, Denmark, England, Germany, Russia, Peru,Netherlands, Brazil, Denmark, England, Germany, Russia, Peru,Taiwan, Indonesia, Finland, Spain, Taiwan, Indonesia, Finland, Spain, etcetc..


1616

HighlightsHighlightsHighlights

Registered Registered netizennetizen can cast his vote any where, any time can cast his vote any where, any time Explorer 4.0 or higher on Windows 98/ME/2000/XPExplorer 4.0 or higher on Windows 98/ME/2000/XP Min. 56 Kb/s Internet SpeedMin. 56 Kb/s Internet Speed Minimized personal information by ID/Minimized personal information by ID/pwdpwd identification identification

Web Site AccessWeb Site Access About 100 votes and 1,000 hits in a dayAbout 100 votes and 1,000 hits in a day

S/W PortabilityS/W Portability Platform independent by JavaPlatform independent by Java

Double anti-hacking mechanismDouble anti-hacking mechanism Firewall (H/W)Firewall (H/W) Intrusion Detection System (S/W)Intrusion Detection System (S/W)


1717

Concluding RemarksConcluding RemarksConcluding Remarks Successful Internet VotingSuccessful Internet Voting

Acceptable Performance on Client sideAcceptable Performance on Client side

Comfortable User InterfaceComfortable User Interface

System Configuration and Daily AuditingSystem Configuration and Daily Auditing

Best practice of Best practice of ““cryptography everywherecryptography everywhere”” in 2002 in 2002 It works good but need some time for practical application depending on aIt works good but need some time for practical application depending on a

number of factors.number of factors.

Further WorksFurther Works Authentication (bio-identification), Mobile Internet votingAuthentication (bio-identification), Mobile Internet voting

Trial voting for small society (Trial voting for small society (e.ge.g., ., IACRIACR’’ss annual voting) annual voting)

Real voting replacements in isolated areas when natural disaster (Real voting replacements in isolated areas when natural disaster (e.ge.g., heavy., heavyrain) happens.rain) happens.

voottoopipia wwill bbe ccontinued… -...

Documents