Cryptography for Electronic Voting System

Need help with assignments?

Our qualified writers can create original, plagiarism-free papers in any format you choose (APA, MLA, Harvard, Chicago, etc.)

Order from us for quality, customized work in due time of your choice.

Click Here To Order Now

Executive Summary

There have been several concerns pertaining to the implementation of the electronic voting system, making it necessary to address those concerns effectively by ensuring a secure mechanism. To achieve this, it becomes necessary to focus on various security mechanisms in relation to cryptography. A review of these mechanisms indicates that protecting data and preventing misuse of the electronic voting system requires implementation, monitoring, and frequent updating of relevant security measures.

Public Key Infrastructures (PKI)

A PKI helps users of a public network to securely and privately exchange data through a trusted authority by using public and private cryptographic key pairs (PKI 1). The PKI offers a digital certificate that can recognize an individual or entity and a listing of services that can store and cancel certificates (PKI 1). PKI uses public-key cryptography that is slightly different from traditional cryptography in which only one secret key is provided, resulting in the risk of data loss if the key is intercepted (PKI 1).

Main features of the PKI:

  1. A certificate authority (CA) provides and validates a digital certificate that contains the information related to the public key (PKI 1).
  2. A registration authority (RA) helps the CA in issuing a digital certificate to a requested party by acting as the verifier (PKI 1). It also contains a certificate management system and multiple directories containing certificates with respective public keys (PKI 1).
  3. Both public and private keys are created simultaneously with the same algorithm (PKI 1). However, the private key is available only to the requesting entity, whereas the public key is freely available to the public (PKI 1).

Internet Protocol Security and Architecture

The Internet Protocol Security Architecture (IPsec) is meant to protect IP datagrams in terms of confidentiality, data integrity, sequence integrity and data validation (ipsec(7P) 1).

There are two mechanisms of data protection by IPsec (ipsec(7P) 1). Firstly, the authentication header (AH) protects IP datagram through strong integrity, replay protection and data validation (ipsec(7P) 1). However, it cannot protect the areas, which change disproportionately between sender and receiver (ipsec(7P) 1). Secondly, the encapsulating security payload (ESP) offers confidentiality of data it encompasses, even when that data is covered by the AH (ipsec(7P) 1). However, ESP services are optional, which can be used together with AH (ipsec(7P) 1). Furthermore, IPsec uses authentication and encryption algorithms that work based on the formation of digest from the data and data units of a block size, respectively (ipsec(7P) 1).

IPsec implementation policy is enforced on a system-wide or individual socket level (ipsec(7P) 1). Also, IPsec may be tunnel or transport mode, and the application depends on the nature and volume of encompassed datagrams (ipsec(7P) 1). Though IPsec provides effective security for network traffic, it cannot be a comprehensive tool as users of some datagrams can bypass the policy, making use of policy exceptions and special requests (ipsec(7P) 1).

The Encapsulating Security Payload (ESP) Protocol

ESP provides data confidentially along with the optional provision of data validation, data integrity surveillance and replay protection (Encapsulating 1). Both AH and ESP provides authentication, integrity verification and replay protection services (Encapsulating 1). In addition, ESP provides an encryption service and enables the use of a common key by both ESP and AH to encrypt and decrypt shared data (Encapsulating 1). To ensure proper service and reduce process overheads, it is useful to use both encryption and authentication services, as the system first validates the respective packet first before proceeding for decryption (Encapsulating 1).

ESP has certain weaknesses in comparison to AH. As ESP provides encryption, respective encryption schemes are restricted by export laws, thereby making global implications of strong encryption schemes a difficult issue (Toderick 3). Also, unlike AH, the use of ESP is only optional for IPv6 compliance while using IPsec (Toderick 4).

 Security Associations and Databases

Security associations (SA) consist of keying information, algorithm choices, endpoint identities and other related parameters (Security Associations 1). Accordingly, managing SA is known as key management (Security Associations 1). They indicate security characteristics between hosts (Security Associations 1). For this to happen, two communication systems, except in the case of multicast, require a minimum of two SAs for secure communication (Security Associations 1). SAs generally protect inbound and outbound data packets (SAD for IPsec 1).

Coming to the Security Associations Database (SADB), it is a table specifying cryptographic keys and algorithms (Glossary 1). They are used in the secure transmission of particular data (Glossary 1). The SADBs are managed by multiple coordinating processes, sending messages through a particular socket (SAD for IPsec 1). Only superusers or equivalent users have access to SADBs (SAD for IPsec 1).

Internet Key Exchange (IKE)

It is an Internet Protocol Security (IPsec) standard protocol that is used to guarantee security for VPN (a virtual private network) negotiation and remote host and/or network access (Internet 1). It provides an automatic mode of negotiation and validation for IPsec security associations while ensuring security for SA communications without preconfiguration (Internet 1).

Furthermore, IKE is a hybrid protocol as it includes two security protocols, namely Oakley and SKEME, while working in an ISAKMP (Internet Security Association and Key Management Protocol) TCP/IP dependent framework that specifies key exchange and authentication (Internet 1). Oakley protocol offers a series of key exchanges related to identity protection and validation, whereas SKEME offers the exact process of key exchange (Internet 1). In fact, IKE is not mandatory for the IPsec pattern (Internet 1). However, it is greatly helpful in automatic negotiation and authentication, anti-replay services, CA support, and in changing keys in an IPsec session (Internet 1).

Secure Sockets Layer (SSL)

It is a common protocol used for the security management of a message transmission on the Internet (Secure Sockets 1). It uses a program layer that is placed between the internets Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) (Secure Sockets 1). Though it was developed by Netscape, it became part of Microsoft and other web server products until the recent evolution of Transport Layer Security (TLS) (Secure Sockets 1). Though SSL and TSL are not interchangeable, SSL clients can handle messages sent by the TSL system (Secure Sockets 1).

The word sockets implies the sockets method of two-dimensional data transmission between a client and a server program in the network or between program layers of the same computer (Secure Sockets 1). Also, it consists of the public and private key system of encryption from RSA (Internet encryption and authentication system) (Secure Sockets 1).

Smart Cards

Smart cards are generally used in applications requiring heavy security protection and validation, as the self-containment of smart cards keeps them independent of sensitive external resources, thereby making them resistant to attacks (Smart Card 1). The smart card communicates with a card accepting device (CAD) through tiny data packets known as Application Protocol Data Units (APDUs) (Smart Card 1). External entities cannot attack this interaction due to the following features of this communication:

  1. Small bit rate of nearly 9600 bits per second through a serial bi-directional communication line (Smart Card 1).
  2. Information transmission in a half-duplex manner, which means unidirectional data travel at each instance (Smart Card 1).
  3. The communication through the smart card is by a sophisticated protocol (Smart Card 1).
  4. Enhanced security measures and firmware functions further ensure safety with smart cards (Smart Card 1).

Learning Lesson From Break-Ins

Break-ins have been a major problem for a long time (Dam 6). To be precise, the severity of the problem is evident by knowing the fact that the US Department of Defense faces hackers attempts on its computers at a rate of nearly 250,000 per year (Dam 6). In such conditions, cryptography seems to be one of the obvious solutions to detect and minimize such break-ins (Dam 7). Also, implementing cryptographic methods is not sufficient, as frequent monitoring of the existing system is necessary to correct any flaws and make the system more secure.

Non-repudiation

It can be defined as the inability of a person, to whom a public key has been bound by the issuance of a public key certificate, to refuse having made some digital signature (Non-repudiation 1). Coming to cryptographic non-repudiation, it can be achieved by all public-key cryptosystems (Non-repudiation 1). It implies that a person knows that a relevant private key has been used to make his/her digital signature that verifies with the public key (Non-repudiation 1).

It is useful in preventing the actual sender of particular information from arguing in future that he/she has never sent that information (Technologies 1).

Works Cited

PKI. SearchSecurity.com. 2008.

ipsec(7P). Man Pages Section 7: Device and Network Interfaces. Sun Microsystems. 2006.

Encapsulating Security Payload.iSeries Information Center, Version 5 Release 3. 2008. Web.

Toderick, Shawn W. Encapsulating Security Payload: Strengths and Weaknesses. 2004. Web.

Security Associations. System Administration Guide, Volume 3. Sun Microsystems. 2008.

Glossary. System Administration Guide: IP Services. Sun Microsystems. 2008.

SAD for IPsec: Security Associations Database for IPsec. System Administration Guide: IP Services. Sun Microsystems. 2008.

Internet Key Exchange. SearchSecurity.com. 2007.

Secure Sockets Layer. SearchSecurity.com. 2008.

Smart Card Technology and Security. People.cs.uchicago.edu. 2008.

Dam, Kenneth W. The Role of Private Groups in Public Policy: Cryptography and the National Research Council. The Law School of the University of Chicago. 1996.

Technologies for Non-Repudiation. Blindside.org.uk. 2008.

Non-repudiation. World.std.com. 2008.

Need help with assignments?

Our qualified writers can create original, plagiarism-free papers in any format you choose (APA, MLA, Harvard, Chicago, etc.)

Order from us for quality, customized work in due time of your choice.

Click Here To Order Now