Reliability: Huilee and savides says iris pattern does not have any outside influences in a life span of a human being and it does not get affected easily like other human parts used in biometrics like a cut in a finger or face. Another point is iris pattern of human takes about five months to get into a perfect iris during gestation, so due to this it remains for the entire lifetime unlike other biometrics affected by ageing factor and due to its uniqueness (savides and vijayakumar) sates its reliable for e-voting and FAR in an iris scan is within 1% where as FRR within 3%.
Usability: This iris scanning method can be used for e-voting in uk on election day each party is provided a separate iris scanner once the subject pass through the particular party scanner then the vote is collected in engine to that party and this technology can be used by disabled person also that is a person who is a blind people having iris in them can also vote (Huilee and savides 2010) .But apart from blind people there are people with eye disease known as nystagmus where a person's pupil move to and fro where it will be a challenge for them to take iris picture (mib.org.uk)
Scalability: Huilee and savides(2010) says Over the last decade new iris scanning devices have been launched in the market such as iris-on-the-move this device capture as the subject pass through it. After that the image extraction process goes on and image is matched with iris engine all these done in seconds and vote is counted to a particular party,
Security vulnerabilities: The main spoofing attack here is a picture of an eye can be shown to a scanner. The attacker can attack the network where the voter's data are stored. Mis-guiding blind people to cast their votes wrongly
2) Fingerprint reader
Fingerprint based biometric e-voting can achieved because it is easy to implement comparing to other biometrics and it is already in use
Reliability: the biometric reliability is not 100% the fingerprint FAR and FRR is 0-20% (hof), and once a subjects fingerprint is collected and subject has a new scar then possibility of FRR goes high, hence its reliable because it can be easily implemented in different environments and speed of this biometric method is good compared to others.
Usability: this biometric for e-voting in uk is easy to establish like each parties are given provided with a fingerprint reader then the voter can cast their vote to a particular party. cost implementing this low compared to other biometrics method
Scalability: as nanavathi.th,rn(2002) mentioned before the election proceedings all the voters have to register their biometrics information to their nearest location where it is recorded. at the time of registering the subject biometrics should be collected three times so on elections day the template can match correctly, all recorded information should stored in a server, on election day once a voter casted the vote the finger print reader can do the process like image acquiring image, extracting feature and transmitting the template to local pc, local pc register the template and match the record by sending it to the server for auditing.
Security vulnerabilities: as nanavathi.th,rn(2002) and hof states poor images acquired by platens where the finger is placed due to a scratch. The attacker can attack the server and change the templates with other templates to change the outcome of the results, and attacks like DDOS distributed denial so service on sever may delay the results
PART B
kersting and baldershim (2004) states that E-voting in uk is held in may 2002 they used postal, internet and sms methods
The five multi-channel pilots
Polling stations/
postal votes Internet Telephone SMS
No. % No. % No. % No. %
Crewe & Nantwich 1,839 83.5 364 16.5 n. A n. a. n. a n. a.
BC (2 wards)
Liverpool City 3,957 59.4 1,093 16.4 1,162 17.4 445 6.7
(2 wards)
St Albans 1,539 49.5 825 26.5 744 23.9 n. a. n. a.
(2 wards)
Sheffield 8,881 67.7 2,904 22.1 n. a. n. a. 1,327 10.7
(3 wards)
Swindon 33,329 84.1 4,293 10.8 2,028 5.1 n. a. n. a.
(19 wards)
Total 49,545 76.5 9,479 14.6 3,934 6.1 1,772 2.7
Source (kersting and baldershim 2004)
From the table its clearly show the e-voting through internet stands second to other two formats of voting methods so as per the table most people preferred postal voting it seems so there is only a moderate support for e-voting uk
E-voting has been held by many countries as per R. Alvarez,kz,ls,mz(2009)e-voting method is piloted in colombia in 2007.the survey was held in capital bogota the population there is almost 7,000,000 and pereia 4,000,000 and san Andres 70000 so they sort these according to the size of population and survey was held among 2,294 participants. The survey had seven questions.
Socio-demographic
Variables
E-voting is easier
Correcting mistakes is easier
E-voting is more reliable
Votes will be counted
Age
18-30
31-50
>50
92.8
95.7
94.6
90.9
90.5
89.9
79.7
87.0
92.9
82.8
89.7
90.5
Education
Primary or less
Secondary
University
93.6
96.2
93.4
87.2
92.8
89.2
95.7
90.2
82.1
94.7
90.1
85.3
Gender
Male
Female
94.7
94.3
90.6
90.5
86.1
85.6
87.5
87.6
City
Bogota
Pereira
San Andres
94.7
94.9
93.4
89.0
93.2
89.0
84.7
87.0
85.6
86.7
89.7
85.7
Whole sample
94.5
90.5
85.8
87.6
Source (Lawrence Pratchett and Melvin Wingfield2009)
By analysing Alvarez,kz,ls,mz(2009) report and table of positive response of e-voting many people consider e-voting is much easier than paper based voting and they think it's reliable even the people had primary education supporting e-voting here. Hence the instrument used for e-voting here is touch screen DRE(direct recording electronic) machines and smart cards are used to operate them so illiterate people may like the traditional black box methods but his method also support the disabled to register their vote, hence how secure the data storage of these collected votes are and it cannot be implemented in all the countries where there is less technological advancements and educating people, cost of implementing this technology, but developed countries like uk can implement this system.
Question2
PART A
Repudiation: repudiation in e-voting means the voters details is kept in secret regarding the details of vote casted like for which party he voted or whether the voter has casted a vote or not
Non-repudiation: it means the voter vote clearly visible like the vote has been casted or not the technology will verify it
Difference: The main difference between repudiation and non-repudiation is privacy in repudiation process the voters alone know the ownership of the vote to whom he casted or have not voted. Whereas it is not possible in case non-repudiation
Source (Ashish,an,ap,vkg 2007)
Technology: Ashish,an,ap,vkg, (2007)states a fingerprint technology should be incorporated with this attestation and certification unit votes are counted and audited through a unique serial number, fingerprint details are collected in pre-polling booth for authentication purposes, at the time of voting once the fingerprint of a voter is submitted, though both units are interconnected then attestation unit will release the particular serial number of a electoral once authentication is complete the vote is released. In post poll authentication and repudiation voting to support repudiation the fingerprint reader and the authentication unit can be kept separately then the voters electoral serial number is released secretly so that no one view or alter the voters decision .
Y.Yan and French (2007) presented that Repudiable authentication is possible martin hellman mentioned in his material about repudiable authentication through a digital signature. Here sender can generate and validate the signature once the signature is received by the receiver the sender can deny as well as verify his signature the method in which is done are as follows
Generating a non-repudiable signature
Adding a repudialble feature to a non-reudiable signature
So this repudiation can be used in e-voting methods by using QRP kPRP and above mentioned process
PART B
A. Thomas (2000) states there is no much difference between ssl and tls, simply tls is more or less same as ssl v 3.0. Ssl protocol establishes a connection between server and client through a handshake method the communication is an encrypted communication public key is shared between two parties. But when there is a security vulnerability here when client sending a hello message there is random number field where first 32 bits of random number used for date and time where as next 28 bits is used for cryptographic random number where commonly used method is pseudorandom random generator to fill these random fields the loophole here is if attackers haves a knowledge about the algorithms used then he can extract all random values generated using same algorithm so simply altering the client hello message attacker can attack this is known as man-in-middle attack
Y.Yan (2008) says there is vulnerability in RSA especially in RSA public key cryptography because all public key cryptography are vulnerable to specified attack known as chosen-text attack. It may be either chosen (plaintext/cipher text) attack
Protocol and cryptography
Risks
SSL and TLS
Man-in-middle attack
Certificate attacks
Bleichenbacher attack
RSA public key cryptography
Chosen(cipher/plain)text
Attack
Bleichenbacher attack
Source (A. Thomas 2000, Y.Yan 2008)
From the table and A. Thomas (2000) material, it is clear that the risk in SSL incurs two main attacks man-in-middle attack is done from the client side and it can be solved through only if client is dual version and it will automatically choose SSL v2.0 than v3.0 where in 2.0 it uses a unique padding vales so that it can only detect the attack cannot prevent the attack and certificate attacks. In order communicate with the peer they need a CA certificate for trust so a fake certificate can be created by an attacker changing all things except public key and in server key exchange is vulnerable to algorithm rollback attack. Y.Yan (2008)explains In RSA attacks chosen text attack the attacker may get into machines used for encryption\decryption to find out the key he convert cipher text to plain and vice versa. A. Thomas (2000) says common attack on both RSA\SSL is bliechenbacher attack because it uses ssl protocol with RSA algorithm so attackers create artificial cipher blocks and send to victim so if victim try all possible decryption with RSA blocks which mostly starts with 00, 02 then attacker can find out plaintext by deciphering it.
