AU2004100798A4 - Method for providing peer-to-peer based Internet voting - Google Patents
Method for providing peer-to-peer based Internet voting Download PDFInfo
- Publication number
- AU2004100798A4 AU2004100798A4 AU2004100798A AU2004100798A AU2004100798A4 AU 2004100798 A4 AU2004100798 A4 AU 2004100798A4 AU 2004100798 A AU2004100798 A AU 2004100798A AU 2004100798 A AU2004100798 A AU 2004100798A AU 2004100798 A4 AU2004100798 A4 AU 2004100798A4
- Authority
- AU
- Australia
- Prior art keywords
- voter
- voting
- client
- internet
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Description
Description The World Wide Web (web) model of communication requires that a computer connected to the Internet (the server) be made openly accessible and easily located by a plurality of other computers attached to the Internet (the clients). This is an example of a client-server architecture and allows many clients to freely access the server and interact with it. The "web" as it is known specifically refers to the use of a communication protocol called HTTP which is used between clients and servers. Server software is used which manages HTTP requests from clients running a web browser which is another software program that converts HTTP content into page layout, graphics, fill-in forms and etc for the human client user.
Three key requirements for providing a web (HTTP) service to the greater Internet are the server should not refuse access to any computer making a request; the web service should be made available with as little interruption or "down time" as possible; and, that the volume of requests from the clients to the server should not overwhelm the server or intervening computers which relay Internet traffic.
This system is a very efficient and flexible model for the publication of data as well as limited interactive functions. The benefits have lead to a plurality of information services being made available via the web. Internet banking has been made available in this manner via the extension of the HTTP protocol such that the server encrypts the HTTP traffic and the client decrypts it. This is called HTTPS and it is very difficult to observe or modify transactions executed in HTTPS.
Since 1996, legally binding Internet voting has been provided using HTTPS. Uptake of this service has in fact been very slow due to a number of problems resulting from the stringent democratic requirements of elections not being adequately met by this client-server and HTTPS system.
Specifically: the voting server can be found and attacked because its address must be made known to a possibly large number of potential voters and so it is difficult to keep this address from falling in to the wrong hands the voting server can be overwhelmed in a kind of automated attack where many client computers make bogus requests to vote in great numbers (called a distributed denial-of-service or DDoS attack). This results in legitimate voters being denied the right to vote.
votes can be intercepted and possibly modified because the HTTPS standard relies on some vigilance on the part of the voter in checking the authenticity of the voting site they visit it is possible to intercept HTTPS traffic between a client and server if the client does not notice that the connection from the interceptor to their system is not encrypted.
voters are not protected before- and after- they enter the HTTPS protocol and may be stored on the server unencrypted and so can be observed, modified or removed the voting client may have a malicious program running on it that modified votes between the browser and the HTTPS service the voter can be observed remotely via monitoring software on the client that transmits the image of the computer screen and actions of the keyboard to a third party elsewhere on the Internet.
There are other requirements of the democratic process which are met by software- and humanprocesses around the execution of elections. These are not covered here. The requirements affected by the above are equity of access (election availability), secrecy (votes should not be observable), anonymity (voters should not be observable) and integrity (total votes counted should be total votes collected).
The invention which is the subject of the current innovation patent is a 7-part process with supporting systems such that a the co-location of a number of existing software techniques and established Internet services overcomes the problems stated above.
The components of the invented process which already exist are as follows: 1. A common Peer To Peer (P2P) file sharing or messaging network.
This is an emerging technology which implements a large file storage space distributed across possibly many machines attached to the Internet. Each participating machine runs one or more instances of P2P software that provide the P2P service (also called a P2P node). A P2P node uses an established communication protocol to communicate with a small number of other P2P nodes called "neighbor nodes". The P2P network may consist of thousands of neighborhoods of such nodes.
A P2P network user shares files by using a client program for connecting to a special class of P2P nodes called a seed node. The client program inserts files into the P2P network or requests files from the P2P network. The seed nodes form the periphery of the P2P network. The seed nodes are generally easy to find on the Internet, but the rest of the P2P network supported by the seed nodes is very difficult to find. The P2P nodes (as opposed to the seed nodes) generally perform the following tasks: 1.the seed node breaks up and distributes a file which a user wishes to upload to the network 2.a P2P node encrypt the parts-of-file for dispersal to neighbor seed nodes 3.transfer parts-of-files for other documents coming and going from neighbor nodes, decrypting and then re-encrypting them before passing them on The seed nodes also field requests for files by name. The seed nodes manage the re-assembly and decryption of parts-of-files so that the P2P network client receives the desired file.
This arrangement establishes a file-sharing system that is very difficult to disrupt. This is because 1.it is very difficult to observe any one P2P node to trace parts-of-files as they are distributed 2.interrupting any one node does not cause the network to fail 3.removal of any one node does not result in the loss of any files because the parts-of-files are kept in more than one place on the network Files inserted in to P2P network may be deleted after a time if they are not accessed.
A P2P file user requests files from the P2P network by name. The P2P network may use a number of file naming policies for various kinds of files those files to be shared among many people, those files for private use and so on.
The current invention may use a P2P network that is a large, public P2P network serving many users for purposes other than the current application, or the P2P network may consist of a specially established private version of a common P2P network architecture intended only for use by the invention users.
2. A web cache The invention requires the use of a large web cache or a distributed web cache. Unlike the single web server computer which provides documents, the web cache model employs many computers to hold documents and any one request for a document is farmed out to one or many other computers.
The computers holding the desired documents may hold entire documents or they may hold partsof-documents. This system differs from P2P file sharing networks because no client application is needed and the cache generally provides the same service a common web server does. The main difference is that the cache is far more resilient to DdoS type attacks. A web cache also does not typically provide interractive content (such as fill-in-forms or other applications) as the cache can only publish information, not collect it as well.
3.An in-browser execution technology The invention relies on the availability of web browsers that can execute software programs. The most common kind of application created specifically to execute inside a web browser is the Java applet. Java is a programming language created by Sun Microsystems and a Java applet provides many of the interactive and graphical components of a computer program from within a web page without the Java applet requiring installation on the user's computer. When the user changes web pages or quits their browser, the Java applet is erased from their computer. This is known as a "zero footprint" application. There are other in-browser technologies which function this way and they include Flash by Macromedia and ActiveX by Microsoft. From here down, we refer to this technology generally as applet technology.
The process which is the subject of the current application is as follows Part 1 creation of an applet to render voting ballots, collect subsequent votes and encrypt them.
The applet may perform some voter authentication step.
Part 2 provision of the voting applet from a distributed web cache. The voting applet is accessible to voters via an address on the cache given to voters before the election Part 3 provision of an applet version of a P2P network client. Another applet is used by the voting applet to insert encrypted votes into a P2P network.
Part 4 design of secret voter login credentials which encode P2P seed node addresses. This allows the P2P client to find seed nodes it can communicate with Part 5 collection of votes from the P2P network. A service is established that queries the P2P network for vote files to download.
These parts are described in detail below. After the detailed description, there is a summary provided which describes how the elements of the system circumvent or ameliorate the problems listed at the top of this application.
Part 1 Creation of an applet to render voting ballots, collect subsequent votes and encrypt them.
The invention requires a mechanism which encrypts votes so that they are immune to observation and tampering. This is necessary as the votes will reside on the P2P network which may consist of uncontrolled Internet servers anywhere in the World. Votes provided in a non-encrypted form can be observed and changed, votes provided with a digital signature can be observed (but not modified). The invention calls for votes to be encrypted and signed with a digital signature.
Encryption and the use of digital signatures is a common procedure forming the basis of many secure communications such as encrypted email.
The details of the encryption and signing system used here are commonly available and not explained here. The process of mathematically hashing information is widely known and not explained here.
One implementation of the voting applet works as follows 1.A voting applet is created that includes all voting ballots, candidates, completion rules (such as the number of candidate choices required for a formal vote) and a public encryption key.
2.The voting applet executes in the voter's browser and requests that the voter enter a Voter Identification Number (VIN) which is a secret sequence of numbers and letters sent to the voter via paper mail or some other method, in advance of voting. The VIN may be reusable so that the voter can use other ballots or it may be single-use.
3.The applet uses RSA or similar asymmetric encryption with the public key included in the applet.
The VIN is used to create an HMAC for the encrypted vote. The HMAC forms the basis of a signature which makes it impossible to modify the encrypted vote.
4.The applet requests that the voter create a password. This password is used to forward hash the VIN and a digest of the vote. This forward hash forms a receipt for the voter.
voting applet expects to communicate with another applet which handles delivery of the encrypted vote. In the current invention, this second applet delivers the vote to a P2P network.
6.The VIN also encodes which ballots the voter is to be shown in an election where there may be many ballots for many different electorates.
Part 2 provision of the voting applet from a distributed web cache.
The web cache is populated in advance of the election with the voting applet. The voters are given a web address in the cache for the ballot. In another version of the invention, the ballot resides on the P2P network.
Part 3 provision of an applet version of a P2P network client.
A second applet is created that can connect to a P2P network. From here down, this applet is called the P2P client and is provided to the voter from the web cache as in Part 2. The P2P client is given the Internet Protocol addresses of a small number of seed nodes for the P2P network from the voting applet. The voting applet obtains these addresses from the voter (see Part 4).
Part 4 design of secret voter login credentials which encode P2P seed node addresses.
Crucial to the current invention is the maintenance of secrecy of the seed node addresses of the P2P network. If a large number of seed node addresses become known to an attacker, then the entire P2P network can be attacked with a denial-of-service type attack.
The current invention requires that the secret voter identification number (VIN) issued to each voter encode the Internet Protocol addresses of a small number of seed nodes. The Voter VIN also includes unique, random information which is used to differentiate the voter from other voters and so provide the basis of ensuring one-voter-one-vote.
The VIN has the format Seed_Node_Address_+Seed_Node_Address_2+...Seed_NodeNode_Address_N...+UniqueDatal +UniqueData_2 The unique data are provided in a pair. The voting applet uses the Seed_Node_Address which is an Internet Protocol address to drive the P2P client applet to connect to a seed node. The voting applet then encrypts the vote (including the VIN), creates an HMAC based on the second UniqueData part of the VIN, then passes the encrypted vote+HMAC to the P2P client with the seed node addresses and the second unique part. This second unique data part is used to name the P2P file created out of the encrypted vote. In this way, the uniqueness of the P2P filename is guaranteed and the rest of the system that retrieves votes can know what names to retrieve.
Part 5 provision of software to collect votes from the P2P network.
This is the part of the invention that requires a software service be created that queries the P2P network for the file names of votes that have been submitted by the P2P client applets. We refer to this as the query system.
This software expects to forward hash the UniqueData string of some- or all- VINs and request files of these names from the P2P network. As specified in Part 5, it may be necessary to modify the seed nodes used by the query system so that name protection implemented by the P2P network can be executed by the P2P query system instead.
This query system repeatedly queries the P2P network for vote files it has not yet received. There may be a plurality of these query systems, each holding overlapping groups of forward-hashed VIN UniqueData strings.
How Steps 1 to 5 overcome the Internet voting issues listed in Description of the invention 1.the voting server has a public address and can be found and attacked (hacked) or overwhelmed (by a denial-of-service attack) The Invention obviates the need for a single- voting server with a public address. Instead there may be several services which collect votes from the P2P system. Each is difficult to discover because traffic is difficult to trace through the P2P network (see Components of the process point 2.votes can be intercepted because in some circumstances it is possible to launch man-in-middle attacks on SSL without the voter noticing This is no longer possible as the vote is encrypted and signed (with the HMAC) inside the voting applet. The vote cannot be decrypted without the RSA private key.
3.voters are not protected before- and after- they enter the SSL tunnel as they are not encrypted Votes remain encrypted until they reach the electoral returning officers who hold the private key.
If the private key is stolen, it is still difficult to modify votes as a digest of the vote forms part of the voter receipt. The acknowledgment system (Part 7) allows the voter to try to confirm their receipt and any changes to the vote cause this acknowledgment to alert the voter.
4.collected votes can be lost or deleted This is no longer possible as the votes reside both with the electoral returning officers and for a time, on the P2P file system. This means that independent observers can download encrypted votes and seek an injunction to decrypt them and confirm the total of votes is the same as was reported by the electoral returning officer.
voter can be observed remotely as they must be on line during the voting session This is not possible as the use of a voting applet controlling the voting session means that all interactivity is provided without the Internet (once the applet is executing in the voter's browser).
During the voting session the voter can disconnect from the Internet. They need to connect again to submit their vote. While they are not connected, they cannot be observed or interrupted (by a live attacker).
Claims (8)
1.A technique which combines several existing software programs and the Internet to establish a mechanism by which computer users connected to the Internet can both receive an electronic balloting application and submit votes in an election, referendum or poll. Specifically, the claim refers to the use of a web cache or distributed web cache system to provide a balloting application for use with a voter's web browser, and a peer-to-peer (P2P) file sharing network (defined above) for the transmission of resulting votes collected from the voter. Both the web cache and the P2P network may already exist for other purposes or may be established specifically to provide the invented service.
2.Utilisation of an Java applet, ActiveX(tm) or other similar technology which executes in a common web browser (define above), to form the basis of a P2P file sharing client as well as an Internet voting application. The claim specifies that both software elements must execute in a common web browser. This is opposed to form of software that requires it to be downloaded, installed on a computer, then execute on the computer directly, interacting directly with the computer operating system. The claim is specifically over the use of a "zero footprint" P2P client and voting applications for use in Internet voting from a web browser. "Zero footprint" refers to their being no software left on the voter's computer after the voting session ends.
3.Utilisation of the P2P client and voting applications of Claim 2 such that these services together enable the user of a computer connected to the Internet, running a web browser, the ability to cast one or more votes in an election with the subsequent votes submitted to a P2P file sharing network without the necessity of downloading and installing non-browser-based software components.
4.The configuration in Claim 2 such that the P2P client application inserts one or more copies of the voter's vote on to the P2P system as uniquely named files. arrangement by which the Internet voting application of Claim 2 communicates with the P2P client application (also of Claim 2) so that a vote obtained in the former application is passed to the latter.
6.The creation of voter authorisation credentials which encode Internet Protocol addresses. The claim is over the creation and use of secret voter credentials consisting of a string of several letters and numbers which are distributed to voters; the length of which is sufficient to allow the encoding of a small number (less than 20) Internet Protocol addresses. The method of encoding is not claimed, only that the Internet Protocol addresses are not provided in their normal form (which is a number of digits grouped into sets by a period character). The authorisation credentials of this claim differ between voters such that the credentials are unique among voters, do not identify voters and are transmitted to voters via secure means from the electoral authority. The voter authorisation credentials may also encode other information used to control the voting application.
7.Use of a web cache (defined above) to provide the voting application and P2P client application (of Claim 2) to the voter. This is in contrast with the use of a standard website (using the client- server model, defined above) to provide these files. The web cache or distributed web cache may already be established for another purpose. The voter accesses the the voting application and the P2P client application by using their browser to visit an address on the web cache. The address on the web cache may be provided to the voter by secure means from the electoral authority.
8.Installation of a software application on a number of Internet-mounted computers which query the P2P file sharing network in order to retrieve the inserted vote files (of Claim 3) placed there by the P2P file sharing client of Claim 2. Additionally, each of these computers may query for the same votes and so each may obtain copies of the same vote files.
9.The distribution of voter authorisation credentials to each of the machines in Claim 8 such that each machine may use these credentials as the basis for querying for files on the P2P network. Additionally that the voter authorisation details may be allocated to each of the machines in Claim 8 so that any one machine has a subset of the voter authorisation details and that there may be overlap (redundancy) between the querying machines of Claim 8. establishment of systems to resolve multiple copies of the same votes resulting out of the arrangement described in Claim 4 so that one-voter-one-vote is maintained. S11.The establishment of systems to detect the creation of fraudulent vote files which may have been inserted into the P2P file sharing network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2004100798A AU2004100798A4 (en) | 2004-09-23 | 2004-09-23 | Method for providing peer-to-peer based Internet voting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2004100798A AU2004100798A4 (en) | 2004-09-23 | 2004-09-23 | Method for providing peer-to-peer based Internet voting |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2004100798A4 true AU2004100798A4 (en) | 2004-11-04 |
Family
ID=34382722
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2004100798A Ceased AU2004100798A4 (en) | 2004-09-23 | 2004-09-23 | Method for providing peer-to-peer based Internet voting |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2004100798A4 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105653564A (en) * | 2014-12-03 | 2016-06-08 | Tcl集团股份有限公司 | Database block processing method and apparatus of text-message voting system |
| CN111696245A (en) * | 2020-06-30 | 2020-09-22 | 郭平波 | Voting method based on P2P network |
-
2004
- 2004-09-23 AU AU2004100798A patent/AU2004100798A4/en not_active Ceased
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105653564A (en) * | 2014-12-03 | 2016-06-08 | Tcl集团股份有限公司 | Database block processing method and apparatus of text-message voting system |
| CN111696245A (en) * | 2020-06-30 | 2020-09-22 | 郭平波 | Voting method based on P2P network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101488950B (en) | Symmetric key distribution framework for the internet | |
| CN111164948B (en) | Managing network security vulnerabilities using blockchain networks | |
| Halderman et al. | The New South Wales iVote system: Security failures and verification flaws in a live online election | |
| Wolchok et al. | Attacking the Washington, DC Internet voting system | |
| US20230299938A9 (en) | System for privacy protection during iot secure data sharing and method thereof | |
| US7721091B2 (en) | Method for protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages | |
| EP3133560B1 (en) | System and method for secure voting | |
| US20070150596A1 (en) | Content Publication | |
| Kapil et al. | Attribute based honey encryption algorithm for securing big data: Hadoop distributed file system perspective | |
| CN103188081A (en) | Systems and methods for distributing and securing data | |
| US20190372765A1 (en) | System and Method for Providing an Authorised Third Party with Overt Ledger Secured Key Escrow Access to a Secret | |
| JP5012574B2 (en) | Common key automatic sharing system and common key automatic sharing method | |
| Al-Rawy et al. | A design for blockchain-based digital voting system | |
| WO2008065349A1 (en) | Worldwide voting system | |
| Danquah et al. | Public key infrastructure: an enhanced validation framework | |
| Yang et al. | Protecting personal sensitive data security in the cloud with blockchain | |
| AU2004100798A4 (en) | Method for providing peer-to-peer based Internet voting | |
| CN109194650B (en) | Encryption transmission method based on file remote encryption transmission system | |
| CN106576050A (en) | Three-tiered security and computational architecture | |
| KR20020083551A (en) | Development and Operation Method of Multiagent Based Multipass User Authentication Systems | |
| GB2444346A (en) | Anonymous authentication in a distributed system | |
| KR20210129981A (en) | Blockchain-based authentication system and method for preventing interception hacking attacks | |
| WO2019229257A1 (en) | System and method for providing an authorised third party with overt ledger secured key escrow access to a secret | |
| WO2008065346A2 (en) | Secure messaging and data sharing | |
| WO2008065348A2 (en) | Perpetual data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGI | Letters patent sealed or granted (innovation patent) | ||
| MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |