Non Repudiation for Remote Voting System

4 downloads 108591 Views 151KB Size Report
technology for free and fair online elections. ... The proposed solution use digital ... Index Terms — Authenticity, Digital Signature, Non Repudiation, Remote ...
JOURNAL OF COMPUTING, VOLUME 3, ISSUE 5, May 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

76

Non Repudiation for Remote Voting System Saira Yousuf, Malik Sikandar Hayat Khiyal, Aihab Khan, Imran Sohail Abstract— Remote voting is currently one of the most powerfully debated subjects in information communication technology for free and fair online elections. The main purpose of this research paper is to assure Non Repudiation of casted vote that is necessary in specific voting scenario. It has been designed so the institution holding the election must have proof of pointing out voters who have casted a vote. Non repudiation provides evidence that protect against any attempt by the voter to falsely deny having casted the vote. The proposed solution use digital signatures to ensure the non repudiation of the vote. The voter cast his vote by digitally signing it. The system after receiving the vote verifies authenticity of voter and safe the vote as a proof. The vote is than counted in the final tally. Only registered voter can participate in the internet voting system. The result from the system indicates the execution time and efficiency of the signatures generation using different hash functions. The quantitative analysis and comparison concludes that the signature with hash function MD4 takes least execution time and memory as compare to other signature generation algorithms. The developed system not only provides the proof of the casted vote but can also challenge the authenticity of voter. Index Terms — Authenticity, Digital Signature, Non Repudiation, Remote Voting.

1. INTRODUCTION

T

he purpose of this research paper is to ensure non-repudiation of casted vote in remote voting system.Non-repudiation of Origin (NRO) provides the recipient with evidence of origin (EOO) of the message which protect against any attempt by the originator to falsely deny having send the message[1].The participants require assurance and protection from each other, rather than from an external hostile agent. For this purpose, a digital signature is an important security mechanism for generating non-repudiation evidence and is receiving legal recognition [2].In electronic voting ————————————————



Saira Yousuf is under graduate student of Department of Software Engineering, Fatima Jinnah Women University The Mall, Rawalpindi, Pakistan



Malik Sikandar Hayat Khayal is Professor and Chairman of Department of Computer Science Fatima Jinnah Women University The Mall, Rawalpindi, Pakistan



Aihab Khan is with the Department of Software Engineering, Fatima Jinnah Women University The Mall, Rawalpindi, Pakistan



Imran Sohail is Assistant Professor and faculty of the Department of Software Engineering, Fatima Jinnah Women University The Mall, Rawalpindi, Pakistan

system the chances of the fraud, vote corruption and fake voter are very high. It is required to develop a system that not only provides the proof of the casted vote but also the authenticity of voter. Keeping this thing in view, non-repudiation is seen in legal setting in which the origin and authenticity of a vote can be challenged using digital signatures [3].For non repudiability of vote, the proposed system makes the voter cast his vote by digitally signing it The receiver after receiving the vote verifies authenticity of voter and safe the signature and vote as a proof. The vote is than counted in the final tally. The main objectives and contributions to this research are to develop a system that uses secure and efficient signature generation technique for non repudiation in remote voting. Also, to measure the execution time and memory of the signatures using different hash functions and to provide the comparative quantitative analysis of the proposed model with existing models. Section 1 provides the brief introduction of the project. Section 2 includes the related work which is done so far. Section 3 gives the description of the proposed system. Section 4 gives the results obtain from the system with the help of tables and graphs and comparison of proposed system with the existing

© 2011 Journal of Computing Press, NY, USA, http://sites.google.com/site/journalofcomputing/

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 5, May 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

system. Section 5 gives conclusion of the system and the future work that can be done in this area. Section 6 gives references.

2. BACKGROUND AND RELATED WORK Bo Meng et al. [ 4 ] , proposed a fair non repudiation protocol for electronic commerce and mailing. The proposed protocol uses hash value of cipher text and plain text message instead of plain text itself in non repudiation token, which solves transmitting large amount of data problem and improves confidentiality of msg. The purpose of non repudiation service in this paper is to generate, collect and maintain the evidence on the events and actions and to protect the parties involved in a transaction against the other party denying that a particular event took place. This paper uses tokens and the involvement of trusted third party for the non repudiation of origin and receipt. Damian et al. [5] deliver a new secured protocol for medium scale e voting, based on Cetinkaya’s Dyna Vote solution. The main features of this protocol are to improve security requirements and assure non repudiation of voter that is necessary in specific voting scenario. The protocol is divided into three phases: Obtaining Id’s from authorities to communicate with other instances, obtaining the voting ballot and sending vote and counting votes and publishing results. In the proposed system, the solution for the safe medium scale e voting protocol is described. It consists of new mechanism that ensures uncoercibility and non repudiation of voting. Hao Wang et al. [6] propose an e mail protocol that assures non repudiability, which means that if the e mail is successfully sent, the sender cannot deny of sending the mail and the recipient cannot deny of receiving it. The protocol uses an efficient RSA based convertible signature with non interactive zero knowledge proof method which is the signature scheme to elaborate an efficient non repudiable e mail protocol. The proposed model is divided in to Pre transfer registration process, Main protocol, Recover sub protocol and Abort sub protocol. The paper also provides the assurance of efficiency, fairness, timeliness and confidentiality. It presents a new non repudiable protocol with improved RSA. Fauzia Qayyum[7] provides integrity for remote voting system. After casting a vote a voter will be

77

ensured that his/her vote is not being altered or modify. The proposed solution uses simple hash functions to ensure integrity of ballot. First of all the key distribution center distributes private keys. The voter selects the candidate of his own choice. All information including voter_cnic, candidate_cnic and Area_id forms vote contents. Hash is produced on vote contents to digest vote. The digested vote is encrypted using shared key. The original vote contents and the encrypted vote are concatenated and send over a network. On receiver site, the encrypted vote is than decrypted which give the hash of the vote contents. The original vote contents are once again hashed using hash function. The hashes obtained after decryption and the hash produced latter are compared. If both of them are equal, then it shows that the vote is not altered or modified in between. The vote contents are saved in database and counted in the final tally.

3. PROPOSED TECHNIQUE The proposed system provides the non repudiation in remote voting system. After casting the vote, the voter cannot deny having casted the vote. To achieve non repudiability, digital signatures are used to ensure the origin of casted vote and authenticity of voter. Only the registered voter can participate in internet voting system and can cast the vote.

3.1. PROPOSED MODEL Figure 1 shows the proposed model for the non repudiation of vote and the authenticity of voter in remote voting system. The voter enters CNIC and family number to login to the system. Using private key, he generate signature on CNIC. The system verifies the received signature to ensure authenticity of voter. The voter after casting ballot, re generate signature on ballot contents. After verification of signature, the signature and ballot contents are stored in database as a proof of casted vote which could not be reputed.

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 5, May 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

78

Figure 1: Proposed Model of Non Repudiation for Remote Voting System

3.2. PROPOSED ALGORITHM The proposed algorithm is given as follows. STEP 1: (KEY DISTRIBUTION) First, the key distribution center through the secure channel generates the private key for the system to generate signature and public key to verify it. Step 2: The voter enters his CNIC. Step 3: Digital Signature is produced on voter’s CNIC (voters own personal info), using private key. Step 4: The original voter’s CNIC and the signature produced in step 3 are now concatenated (attached).This gives the digitally signed content, which is then sent over a network. Step 5: Original CNIC and the signature are now separated on the receiver side (system). Step 6: The original CNIC which was received in step 5, are once again signed by the same signature algorithm with which the voter signed the CNIC in step 3. Step 7: The signature produced in step 3 and the

signature received in step 6 are compared and verified by system public key. If both are equal, this means that the voter is authentic as the signatures produced on the voter’s own personal CNIC are same, so authenticity of voter achieved. Step 8: The voter then cast his ballot and digitally signs the ballot contents. The signature after verification would be stored in database as a proof so that later on the voter cannot deny the casted vote, so non repudiability is also achieved. The analysis of the proposed system gives the following results.

4. RESULTS Openssl_sign() is the signature produced using different hash functions on the vote content of length 37 and the signature generation time is calculated using the time functions as shown in table 1 and figure 2.

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 5, May 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

Signature

Openssl_sign()

SHA1

Length of Contents 37

Signature Generation Time(seconds) 0.16601

MD2

37

0.00585

MD4

37

0.00345

MD5

37

0.00347

Hash Function

Table 1: Comparison of signature generation time 0.02

Time 

0.015 0.01 0.005 0 SHA1

MD2

MD4

MD5

Hash Functions  Figure 2: Comparison of signature generation time w.r.t hash functions The comparison shows that the signature using the hash function MD4 takes least time and is most efficient among all signature generation algorithms. The memory occupied by the signatures is shown table 2 and figure 3. Signature

Openssl_sign()

Hash Function SHA1

Length of signature 40

Memory occupied(bits) 156

MD2

32

128

MD4

32

128

MD5

32

128

Memory Occupied 

Table 2: Comparison of memory occupied by signatures 200

79

The comparison shows that the signature with hash function MD2, MD4 and MD5 take least memory as compare to other hash functions used. The strengths and weaknesses of proposed system with the existing systems are compared and shown in table 3.

A fair non repudiation protocol[4] Voter non repudiation oriented scheme for medium scale e voting protocol[5] A non repudiable protocol for secure messaging[6]

Large Scale

Complexity

Non Repudiation

Yes

High

Yes

Yes

High

Yes

Yes

High

Yes

Integrity for remote Yes Low No voting system[7] Proposed non Yes Low Yes repudiation system. Table 3: Comparison of proposed non repudiation system with existing system The comparison shows that the existing systems were developed for the large scale usage but their complexity level is very high. The proposed system can work on large scale and ensures non repudiation. The complexity level of the system is also very low.

5. CONCLUSION

150 100 50 0 SHA 1

MD2

MD4

MD5

Hash Functions  Figure 3: Comparison of memory occupied by signatures w.r.t hash functions.

The paper proposes a system that ensures nonrepudiation in electronic voting system. This paper focuses on two basic aspects of non- repudiation .First to ensure non repudiability of vote and second to ensure voter’s authenticity. The digital signatures generated on vote contents provide evidence of the casted vote, which could not be reputed. The quantitative analysis of the implemented techniques helped to generalize the results. The results from the system conclude that the signature with hash function MD4 is better than the other signature algorithms, as

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 5, May 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ WWW.JOURNALOFCOMPUTING.ORG

its execution time and memory usage is less as compare to other signatures. The system has low complexity having flexible voting scheme as compare to the existing systems. The results produced support each other so the system is also validated. To achieve non repudiation of the casted data, the approach of digital signatures with hash functions is quite simple as compare to other lengthy techniques of generation of signatures. Future work is required for the Non-repudiation of Receipt (NRR) as well, to provide the originator with evidence of Receipt (EOR) of the vote which protect against any attempt by the receiver to falsely deny having received the vote.

6. REFERENCES [1]: J.Zhou, K.Y.Lam, “Securing Digital Signatures for NonRepudiation”, Computer Communication 22(1999), pp 710-716, 1999. [2]:L.Hollar, A.Asay,”Legal Recognition of Digital Signatures”, IEEE micro16(3)(1996), pp 44-45, 1996. [3] :http://www.en.wikipedia.org/wiki/Non-Repudiation (accessed April 2011). [4] Bo meng, Jianying Zhou, D. Gollman, “A Fair Non Repudiation Protocol”, IEEE Symposium on Security and Privacy, pp 68-73, 2007. [5] Damian Rusinek and Bogdan Ksiezopolski, “Voter Non Repudiation Oriented Scheme for the Medium Scale E voting Protocol”, Proceedings of the International Multi conference on Computer Science and Information Technology, pp 325-330, 2007. [6] Hao Wang, Yuyi Ou, Jie Ling, Xiaotao He, Lu Liang, Xiang Xu, "A Non-repudiable Protocol for Secure Messaging", IFIP International Conference on Network and Parallel Computing Workshops, pp 490-494, 2007. [7] Fauzia Qayyum,” Integrity for Remote Voting System”, Thesis submitted in department of software engineering, Fatima Jinnah Women University, 2008.

Bibliography Saira Yousuf is the under graduate student of Department of Software Engineering in Fatima Jinnah Women University the Mall, Rawalpindi, Pakistan. Dr. M. Sikandar Hayat Khiyal born at Khushab, Pakistan. He is Chairman Dept. Computer Sciences and Software Engineering in Fatima Jinnah Women University Pakistan. He Served in Pakistan Atomic Energy Commission for 25 years and involved in different research and development program of the PAEC. He developed software of underground flow and advanced fluid dynamic techniques. He was also involved at teaching in Computer Training Centre, PAEC and International Islamic University. His area of interest is Numerical Analysis of Algorithm, Theory of Automata and Theory of Computation. He has more than hundred research publications published in National and

80

International Journals and Conference proceedings. He has supervised three PhD and more than one hundred and thirty research projects at graduate and postgraduate level. He is member of SIAM, ACM, Informing Science Institute, IACSIT. He is associate editor of IJCTE and Co editor of the journals JATIT and International Journal of Reviews in Computing. He is reviewer of the journals, IJCSIT, JIISIT, IJCEE and CEE of Elsevier. Aihab Khan is the faculty member of the Department of Software Engineering in Fatima Jinnah Women University the Mall, Rawalpindi, Pakistan. Imran Sohail is the Assistant Professor, Web Administrator and the faculty of the Department of Software Engineering in Fatima Jinnah Women University the Mall, Rawalpindi, Pakistan. He did M.S in Internet Systems from BTH Sweden and worked as a web developer in Ericson Stockholm, Sweden. He is an associated author of publications: Network Security and DDoS (ISBN 978-38383-7009-5), Search Engine Optimization Techniques Practiced in Organization and Effectiveness of Intrusion Prevention System (IOS) in Fast Networks. He has vast experience of programming and has developed number of applications. --------------------------------------------------------------------