For honest voting, write a message the 'man in the middle' can't intercept

Dec 11, 2012 by Bill Steele

(Phys.org)—In the run-up to the last election warnings about computer hacking were rampant. Experts demonstrated how the hardware in voting machines could be modified. Touch-screen machines visibly changed votes. One possibility that wasn't mentioned was the "man in the middle" who might change totals as they are sent in.

Cornell computer scientists have developed a new way to send a "non-malleable" message—one that cannot be altered by a third party—over a . It's as if the message were engraved on a stone tablet, and any further chiseling would cause the tablet to crumble.

Rafael Pass, associate professor of computer science, and Ph.D. student Huijia Lin reported their work at the 43rd Association for Computing Machinery Symposium on the Theory of Computing last summer in San Jose, Calif. They worked in the context of what call "commitment schemes," such as might be used in online bidding for a contract, but their methods could be applied to other , including and online voting, Pass said.

Pass and Lin supply a that their protocol is secure. The man in the middle must pass the message unchanged or the system will fail. That proof is the most important step, Pass said. "Everything I do I prove secure," he said.

Most computer security is reactive, he explained. We trust a system until someone breaks it, then patch the vulnerability and wait. "For the last 2,000 years cryptography has been a game between artist and attacker," Pass said. "We've used it in like war, and now the Internet relies on it. It should have a scientific basis. We must rigorously model what we want to do and specify our assumptions, and if it breaks, the assumptions are broken."

The man-in-the-middle attack is a classic problem in computer security. The attacker slips into the between two parties and relays their messages back and forth, letting them think they are talking directly to one another. By monitoring many repetitions, the interloper might pick up enough clues to break whatever encryption the parties are using. It's not even necessary to read the messages. A hacker might be able to change the value of a vote or a competitive bid, even without knowing what the actual value was.

In the system proposed by the Cornell researchers, the content of the message is intimately intertwined with digital signatures of each party, encoded by a system such as public-key cryptography, where the message is enciphered using a key that is the product of two large prime numbers. The sender and receiver exchange several messages to create a "chain of signatures" that depends on the identities of the senders. To disentangle the signature chain from the message an would have to break the keys back into their two primes, which might require a computer the size of the universe. If any of this content is altered by the man in the middle, the system will detect it.

Other methods of creating non-malleable messages have been put forth, the researchers noted, but they require either thousands of rounds back and forth or that the sender and receiver agree to send messages at prearranged times. The new protocol works with perhaps 15 rounds or less and requires no "trusted infrastructure" set up in advance.

"I wouldn't say the problem of man-in-the-middle attacks is solved," Pass noted, "but a minimal number of communications rounds is now possible. And it doesn't mean we have practical solutions yet." The present work is theoretical, he pointed out, and someone has yet to write applications to put it into practice.

Explore further: New algorithm identifies data subsets that will yield the most reliable predictions

Related Stories

Air Force grant to tighten online encryption

Dec 14, 2009

(PhysOrg.com) -- Computer scientist Rafael Pass is seeking new approaches to cryptographic security with a $600,000, five-year grant from the Air Force Office of Scientific Research.

Simple security for wireless: no password required

Aug 22, 2011

In early August, at the Def Con conference — a major annual gathering of computer hackers — someone apparently hacked into many of the attendees’ cell phones, in what may have been the first successful breach ...

Perfecting email security

Sep 10, 2012

Millions of us send billions of emails back and forth each day without much concern for their security. On the whole, security is not a primary concern for most day-to-day emails, but some emails do contain personal, proprietary ...

Laser security for the Internet

Mar 23, 2010

A British computer hacker equipped with a "Dummies" guide recently tapped into the Pentagon. As hackers get smarter, computers get more powerful and national security is put at risk. The same goes for your own personal and ...

Recommended for you

Designing exascale computers

Jul 23, 2014

"Imagine a heart surgeon operating to repair a blocked coronary artery. Someday soon, the surgeon might run a detailed computer simulation of blood flowing through the patient's arteries, showing how millions ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Claudius
2 / 5 (4) Dec 11, 2012
While it is encouraging that systems to avoid manipulation of the vote are being developed, it is important to remember that those who control the vote will have to ensure that some kind of "back door" is built in.

Even if they can solve the "man in the middle" problem, in the current situation, the "man at the end" is still a problem, as it is a vote-counting firm in Barcelona run by former Goldman-Sachs executives.

The whole system needs to be overhauled, before voter confidence can be restored.
Expiorer
1 / 5 (1) Dec 12, 2012
Now that was an interesting news.
I was told that adding an electronic signature (with public certificate) also prevents mitm.
And you don't need back door to alter results.
Just ask some reverse engineer to hack it.