-------------------------------------------------------------------------- Mohamed G. Gouda CS 386S Spring 2009 Quiz 5 -------------------------------------------------------------------------- Consider an e-voting system that consists of a voting center c and an array of 100 voters v[0], .., v[99]. Periodically, c sends a "motion" to every voter v[i] which replies by sending back its vote, 0 or 1, on the motion to c. The protocol between c and each v[i] can be specified as follows: c --> v[i] : R.c c <-- v[i] : B.c where R.c is the private key of the voting center c, B.c is the public key of the voting center c, motion is an integer in the range 0..(k-1) for some large k, vote is either 0 or 1, i is a value in the range 0..99, and P.i is the password of voter v[i] which is known by both c and v[i]. Explain why is this protocol vulnerable when P.i is poorly chosen. Show how to strengthen this protocol without strengthening P.i. ------------------------------------------------------------------------------ Student Name: Student EID: ------------------------------------------------------------------------------ Solution: The values of "B.c", "motion", and "i" in the second message in the protocol are all known. Also, the numbers of all possible values of "vote" and "P.i" are relatively small (since vote is either 0 or 1 and P.i is poorly chosen). Thus, an adversary can guess possible values vote' and P'.i for vote and P.i, and if it turns out that B.c = B.c then the adversary concludes that vote' = vote and P'.i = P.i. Thus the vote cast by v[i] is no longer confidential. To strengthen the protocol, v[i] should add a random confounder cn to the second message in the protocol. The strengthened protocol becomes: c --> v[i] : R.c c <-- v[i] : B.c -------------------------------------------------------------------------------