E-voting DITSCAP Project - PowerPoint PPT Presentation

About This Presentation

E-voting DITSCAP Project


... that a given system is safe to operate (security-wise) in its given environment. ... that receive, process, store, display, or transmit DoD information regardless ... – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 38
Provided by: csU75
Learn more at: http://cs.uccs.edu


Transcript and Presenter's Notes

Title: E-voting DITSCAP Project

E-voting DITSCAP Project
  • Team Samarpita Hurkute
  • Kunal Bele
  • Shin Nam
  • Saroj Patil
  • Chuck Short
  • Rajshri Vispute
  • Boeing Mentor POC Ismael Rodriguez
  • UCCS Faculty POC Edward Chow

DITSCAP Overview
  • DITSCAP DoD Information Technology Security
    Certification and Accreditation Process
  • Purpose
  • Implements policies, assigns responsibilities,
    and prescribes procedures for Certification and
    Accreditation (CA) of IT
  • Creates a process for security CA of
    unclassified and classified IT

What is the DITSCAP?
  • It is a process for certifying that a given
    system is safe to operate (security-wise) in its
    given environment.
  • A process that ensures systems maintain their
    accreditation throughout their lifecycle.

Who has to follow DITSCAP?
  • All DoD owned or controlled information systems
    that receive, process, store, display, or
    transmit DoD information regardless of
    classification or sensitivity.

What are the benefits of the DITSCAP?
  • Ensures security vulnerabilities are addressed to
    the level deemed acceptable by the Designated
    Approving Authority (DAA).
  • Certification effort can be scaled to fit the
    size and complexity of the system.
  • Adaptable for any computer environment or
  • Helps identify security solutions that are

  • Phase 1 Definition
  • Understand the mission,environment and system
  • Identify threats
  • Gauge Level of effort
  • Identify the DAA
  • Phase 2 Verification
  • Verfiy compliance of the system with security
    related requirements
  • Phase 3 Validation
  • Evaluate the system and determine residual risks
  • Phase 4 Post accreditation
  • Monitor the system to preserve the residual risk

SSAA Overview
  • SSAA System Security Authorization Agreement
  • It is a document required by the DITSCAP
  • What it does
  • Defines operating environment of the system
  • Identifies the system
  • Defines risk and countermeasures
  • Documents agreement among all parties involved in
    the system

SSAA Overview
  • Consists of main document and appendices
  • Main document covers
  • Mission Description and System Identification
  • Environment Description
  • System Architectural Description
  • System Security Requirements
  • Organizations and Resources
  • DITSCAP Plan
  • The appendices are used to provide supplement
    information to the above six sections.

SSAA Contents
  • System description along with functional diagrams
  • Highlights sensitivity of data processed
  • System architecture diagram with firewall
  • Physical security of the E-voting system
  • Threats to the E-voting system
  • Mitigations Applied
  • Data flow diagram
  • Data security requirements

Project Overview
  • Using the E-voting system to walk through the
    DITSCAP process/requirements to include
    penetration testing, threat/vulnerability
    assessment, and document SSAA which is to be
    approved by Boeing POC.

Secure E-Voting Adapted from Bretts viewgraphs
  • Secure electronic voting
  • Why?
  • 2000 Florida Presidential election
  • Increase participation/election visibility
  • Extensive research into developing technologies
    to allow secure electronic voting
  • Current methods are vulnerable
  • Diebold voting machine security
  • Princeton hacks
  • Kohno et al. software security analysis

Secure E-VotingAdapted from Bretts viewgraphs
  • E-voting Requirements
  • Privacy/Anonymity, Completeness, Soundness,
    Un-reusability, Eligibility, Fairness
  • Robustness, Universal Verifiability,
    Receipt-Freeness, Incoercibility

Related WorkBretts Master project report _at_
  • Basis for Implementation
  • Sharing Decryption in the context of Voting or
    Lotteries (Fouque, Poupard, Stern, Financial
    Cryptography 2000)
  • Closely related research
  • A Generalization of Pailliers Public Key
    Cryptosystem with Applications to Electronic
    Voting (Damgard, Jurik, Nielson, Aarhus
    University, Dept. of Computer Science)
  • Uses of Paillier Cryptography
  • Electronic Voting
  • Anonymous Mix Nets (due to self-blinding
  • Electronic Auctions
  • Electronic Lotteries

PTC Cryptography TechniquesAdapted from Bretts
viewgraphs http//cs.uccs.edu/gsc/pub/master/bswi
  • Paillier Cryptography
  • Trapdoor Discrete Logarithm Scheme
  • Important Properties
  • Homomorphic (multiply encrypt votes
  • E(M1 M2) E(M1) x E(M2), E(k x M) E(M)k
  • Self-blinding
  • Re-encryption with a different r doesnt change M

PTC Cryptography TechniquesAdapted from Bretts
viewgraphs http//cs.uccs.edu/gsc/pub/master/bswi
  • Threshold Encryption
  • Public key encryption as usual
  • Distribute secret key shares among i
  • Decryption can only be accomplished if a
    threshold number t of the i participants
  • Need at least one from each democratic and
    republican party representatives, and one
    election official presence to decrypt
  • No information about m can be obtained with less
    than t participants cooperating

PTC Based E-voting PrototypeAdapted from Bretts
viewgraphs http//cs.uccs.edu/gsc/pub/master/bswi
  • E-voting allows single-choice ballots
  • Election administrator creates election
    parameters with the help of PTC encryption
  • The administrator submits election parameters to
    PTCVotingService (Web Services)
  • Voters load election parameters and cast
    encrypted votes
  • The homomorphic properties of the PTC enable the
    tally to be done without decrypting the vote. ?
    protect the privacy of voter.
  • To decrypt the tally, require at least t
    (threshold) out of N key shared holders to
    participate to generate the key for decryption.

(No Transcript)
(No Transcript)
Security Technical Implementation Guide (STIGs)
  • Configuration standards for DOD Information
    Assurance (IA) and IA-enabled devices/systems
  • Contains instructions or procedures to verify
    compliance to a baseline level of security

Security Technical Implementation Guide (STIGs)
  • Security (CAT) Codes A measure to assess the
    systems security related standing

CAT I Immediate access to the attacker,bypass firewall
CAT II Potential information to the intruder to gain access
CAT III Potential information gained could lead to compromise
CAT IV No direct or indirect access to high value information
Application Security Requirements STIG
  • Defines a set of recommended security
    requirements that are common to all software
  • Used as a first step to designing security into
    applications to reduce application
  • Lists the potential vulnerabilities of the
    application systems
  • Design and development related vulnerabilities
  • Misconfiguration and administration related
  • Necessary non-secure standards

Network Infrastructure STIG
  • Inbound access list filter packets before they
    enter the router
  • Outbound traffic filtering rules to be applied
    to outbound traffic with an illegitimate address
  • Firewalls necessary to minimize threat and
    protect the enclave
  • Intrusion detection system detect unauthorized
    or malicious traffic

Database STIG
  • Product Updates
  • System and Data Backup
  • Access
  • Transaction auditing
  • Roles and Permissions

Secure Remote Computing STIG
  • Provides technical security policies and
    requirements to provide secure remote access to
    users in DOD.
  • Discusses remote user environment and network
    site architecture
  • Guide for securing DOD assets within a remote
    access environment
  • Provides suggestions for redundancy and

Minimal Security Activity Checklist
  • Main sections include
  • System Architecture Analysis
  • Software, Hardware, and Firmware Design Analysis
  • Network Connection Rule Compliance Analysis
  • Integrity Analysis of Integrated Products
  • Life-Cycle Management Analysis
  • Vulnerability Assessment
  • Security Test and Evaluation

Minimal Security Activity Checklist
  • Penetration Testing
  • TEMPEST and RED/BLACK Verification
  • COMSEC Compliance Validation
  • System Management Analysis
  • Site Accreditation Survey
  • Contingency Plan Evaluation
  • Risk Management Review

Threat Model - STRIDE
  • Spoofing The identity of the voter cannot be
  • Tampering The vote for Candidate A could be
    assigned to Candidate B or vice versa
  • Repudiation No authorized identification of
    parties involved in the E-voting process.
  • Information Disclosure Disclosing the tally
  • Denial of service Making the E-voting system
    unavailable to its intended users
  • Elevation of privilege gaining system
    privileges through malicious means

Threat Scenarios
  • Breaking encryption tampering with the public
    and private keys
  • Allocating observation with data
  • The database is not READ ONLY can be used for
    SQL injection
  • The Electronic Ballot Casting Device a Trojan
    horse on the voting terminal.
  • The Voting Protocol sniffing on the network.
  • The Electoral Server depending on the applied
    voting protocol, the election servers are a
    vulnerability point
  • Other Anonymity Threats the Voter Audit Trail
    could also be used to link a voter to their vote.

Threat Security Code Scenario How does it affect Mitigation
Spoofing CAT II CAT III Voter form user interface, Access control of database objects, Access control of applications host. Integrity, Access Control, Accountability Personalization methods, passwords Cryptographic or hardware token Eg.Memory Card, Smart Card, Common Access Card (CAC)
Tampering CAT I, CAT II Physical access Confidentiality, Accountability Firewall,Intrusion Detection Systems
Threat Security Code Scenario How does it affect Mitigation
Repudiation CAT I CAT II Voter form user interface, Trojan Horse, Packet Sniffing, SQL Injection, Internet Integrity, Confidentiality, Access Control, Accountability Firewall,PKI SNORT, Virus checker, Log security related events
Information Disclosure CAT IV Voter Audit Trail, Weak key DS-40 bit Integrity, Confidentiality Firewall, Key size larger than 1024, password protection
Threat Security Code Scenario How does it affect Mitigation
Denial of Service CAT III Botnet, Stacheldraht, Excess requests, Forced reset, ICMP exploits, Availability Alternative Routing, Secure Collective Network Defense
Elevation of privilege CAT II CAT III Gaining Administrator password Confidentiality Data Integrity, Accountability X.509 certificates
Residual Risks
  • Natural and man made threat
  • Eg.fire, flooding, water, wind,electrical
  • External or internal threat agents
  • Eg.espionage services, terrorists,
  • Shared Passwords
  • Accidental human action which compromises the
  • Human negligence

Future Work
  • Separate web services and UI for Administrator,
    Voters, and Key Share Owners.
  • Encrypted UI connections using HTTPS.
  • Administrator, Voter, and Key Share Owner
    identity verification using both X.509
    certificates and username/password.
  • Additional firewall layer with IDS for
    certificate generation, application
    functionality, data storage, and tabulation of
    election results.
  • Encrypted Web service to Web Service interface
    for inner firewall traversal.

Future Work
Lessons Learned
  • Problems faced
  • Not sure what could be the vulnerabilities of the
  • The DITSCAP was a big confusing concept
  • CONOPS was something complicated at first sight
  • How we solved them
  • The DITSCAP Application Manual provided easy
    reference to each section in the SSAA
  • Complexities solved by Izzy and Dr. Chow
  • STIGS was a great help
  • Vulnerability-Mitigation Mapping
  • Learned the basics of Paillier Threshold
  • The security issues surrounding E-voting systems

  • DITSCAP Overview
  • SSAA Overview
  • Project Overview
  • Secure E-voting System
  • Threats and Mitigations
  • Future Work
  • Project information can be found at

  • Brett Wilson, UCCS, Implementing a Paillier
    Threshold Cryptography Scheme as a Web Service.
  • http//www.nswc.navy.mil/ISSEC/COURSES/Ditscap.ppt
  • http//www.i-assure.com/
  • http//viva.uccs.edu/ditscap/index.php/ImageDITSC
  • http//viva.uccs.edu/ditscap/index.php/ImageDITSC
  • http//viva.uccs.edu/ditscap/index.php/ImageSSAA_
  • http//iase.disa.mil/stigs/stig/database-stig-v7r2
Write a Comment
User Comments (0)
About PowerShow.com