Understanding the Security Properties of Ballot-Based Verification - - PowerPoint PPT Presentation

understanding the security properties of ballot based
SMART_READER_LITE
LIVE PREVIEW

Understanding the Security Properties of Ballot-Based Verification - - PowerPoint PPT Presentation

Feb 10, 2024 119 likes •287 views

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1 WARNING This talk contains no research content.

slide-1
SLIDE 1

Understanding the Security Properties of Ballot-Based Verification Techniques

Eric Rescorla ekr@rtfm.com

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1

slide-2
SLIDE 2

WARNING

This talk contains no research content.

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 2

slide-3
SLIDE 3

Two views of vote tabulation

Returned Ballots Official Scanner(s) EMS Official Tally

The insider’s view

Returned Ballots Opaque Process Official Tally

The outsider’s view

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 3

slide-4
SLIDE 4

What are we trying to verify?

  • The votes were correctly counted
  • The right candidate won
  • The stack of votes in front of us was correctly counted
  • A recount of this stack of votes wouldn’t change the winner
  • Third party verifiability: A third party with no special access can

verify that a recount of this stack* of votes wouldn’t change the winner * Alert: we are sweeping the topic of ballot chain of custody under the rug.

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 4

slide-5
SLIDE 5

Why ballot-based audits?

  • Statistical power of an audit depends on the number of samples

– Very little dependency on the size of each sample – (Assuming attacker is intelligent)

  • Traditional precinct-based audits are not very efficient
  • Auditing individual ballots is far more efficient
  • Independently proposed several times [CHF07, Nef03, Joh04]

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 5

slide-6
SLIDE 6

Ballot-Based Auditing Workflow [CHF07]

Returned Ballots Scanner Scanned Ballots Ballot Images/ CVRs Observer EMS Election Results Verify Tabulation Audit Sampled Ballots Official Counting Process Audit Process

Adapted from [SRW09] EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 6

slide-7
SLIDE 7

Problems with Ballot-Based Auditing

  • Finding individual ballots is hard

– Possibilities: serial numbers on ballots, hand-indexing, paper counters, weight...

  • We need to publish the contents of each ballot (CVR or image)

– Accessible to any third party – The ballots are anonymous but all contents are published – This allows coercion and vote buying ∗ Easiest if we publish images ∗ Pattern voting

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 7

slide-8
SLIDE 8

What about ballot images?

  • Trivial to encode information
  • Even valid marks can encode information

– Incompletely/overfilled

  • Could digitally sanitize

– You’ve just turned ballots into CVRs

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 8

slide-9
SLIDE 9

The Math of Pattern Voting

  • Basic idea: encode voter identity in downticket races

– Assume results are reported by precinct ∗ Just need to identify voter within precincts – Need to encode no more than 1000-10,000 distinct identities (10-14 bits)

  • Each contest lets us encode minimum 1-2 bits

– Alice, Bob, undervote, overvote(?) – 10 contests is enough to encode 60,000–1,000,000 identies

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 9

slide-10
SLIDE 10

Humboldt Election Transparency Project Workflow

Returned Ballots Official Scanner EMS Official Tally Official Counting Process ETP Rescanning Process Scanned Ballots Imprinter ETP Scanner ETP Computer Signed Ballot Images

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 10

slide-11
SLIDE 11

Advantages of ETP Style Approaches

  • Fast detection of scanner/EMS errors

– Requires minimal manual intervention – It already has found errors: Deck 0 bug – Independent check on compromise of EMS (or scanner) by

  • utsiders
  • Backup for physical control of ballots

– Only applies post-scanning – And requires tight control of images or signing key

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 11

slide-12
SLIDE 12

Does the ETP offer third party verifiability?

  • Third parties can independently count the scanned ballots

– With BallotBrowser or their own software

  • This only detects some errors

– Third parties cannot verify the ETP scanner software – What if it substitutes fake ballot images? – This cannot be detected by re-processing those images

  • Checking the images requires random sampling

– ... At the same level as a ballot-based audit

  • Easiest to think of ETP checking the tabulation

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 12

slide-13
SLIDE 13

Why digital signatures don’t help

  • Signatures are applied by the ETP scanning computer [Tra08]
  • Third parties can download ballot images

– And verify that they weren’t tampered in transit

  • But this doesn’t help if the ETP scanner is compromised

– You’re getting fake ballot images that weren’t tampered in transit

  • Signatures are sort of overkill here

– Could just publish a message digest in a non-tamperable form (e.g., local paper)

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 13

slide-14
SLIDE 14

Summary

  • Ballot-based auditing systems have far higher statistical power

– But worse privacy properties (vote buying and coercion)

  • Finding the right physical ballot is a challenge
  • ETP provides good detection of scanner/EMS error

– And some kinds of outsider attack

  • ... But requires a separate audit for third-party verifiability

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 14

slide-15
SLIDE 15

References

[CHF07] Joseph A. Calandrino, J. Alex Halderman, and Edward W. Felten. Machine-assisted election auditing. USENIX/ACCURATE Electronic Voting Technology Workshop 2007, August 2007. http://www.usenix.org/events/evt07/tech/full_papers/ calandrino/calandrino.pdf. [Joh04] Kenneth C. Johnson. Election certification by statistical audit of voter-verified paper ballots, October 2004. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=640943. [Nef03]

  • C. Andrew Neff. Election confidence—a comparison of methodologies and their

relative effectiveness at achieving it (revision 6), December 2003. http://web.archive.org/web/20060117190359/http: //www.votehere.net/papers/ElectionConfidence.pdf. [SRW09] Cynthia Sturton, Eric Rescorla, and David Wagner. Weight, Weight, Don’t Tell Me: Using Scales to Select Ballots for Auditing. In Joseph Lorenzo Hall, David Jefferson, and Tal Moran, editors, Proceedings of EVT/WOTE 2009. USENIX/ACCURATE/IAVoSS, August 2009. To appear. [Tra08] Mitch Trachtenberg. Can’t Digital Images Be Faked. http://democracycounts. blogspot.com/2008/07/cant-digital-images-be-faked.html, August 2008.

EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 15