For honest voting, write a message the 'man in the middle' can't intercept

(—In the run-up to the last election warnings about computer hacking were rampant. Experts demonstrated how the hardware in voting machines could be modified. Touch-screen machines visibly changed votes. One possibility that wasn't mentioned was the "man in the middle" who might change totals as they are sent in.

Cornell computer scientists have developed a new way to send a "non-malleable" message—one that cannot be altered by a third party—over a . It's as if the message were engraved on a stone tablet, and any further chiseling would cause the tablet to crumble.

Rafael Pass, associate professor of computer science, and Ph.D. student Huijia Lin reported their work at the 43rd Association for Computing Machinery Symposium on the Theory of Computing last summer in San Jose, Calif. They worked in the context of what call "commitment schemes," such as might be used in online bidding for a contract, but their methods could be applied to other , including and online voting, Pass said.

Pass and Lin supply a that their protocol is secure. The man in the middle must pass the message unchanged or the system will fail. That proof is the most important step, Pass said. "Everything I do I prove secure," he said.

Most computer security is reactive, he explained. We trust a system until someone breaks it, then patch the vulnerability and wait. "For the last 2,000 years cryptography has been a game between artist and attacker," Pass said. "We've used it in like war, and now the Internet relies on it. It should have a scientific basis. We must rigorously model what we want to do and specify our assumptions, and if it breaks, the assumptions are broken."

The man-in-the-middle attack is a classic problem in computer security. The attacker slips into the between two parties and relays their messages back and forth, letting them think they are talking directly to one another. By monitoring many repetitions, the interloper might pick up enough clues to break whatever encryption the parties are using. It's not even necessary to read the messages. A hacker might be able to change the value of a vote or a competitive bid, even without knowing what the actual value was.

In the system proposed by the Cornell researchers, the content of the message is intimately intertwined with digital signatures of each party, encoded by a system such as public-key cryptography, where the message is enciphered using a key that is the product of two large prime numbers. The sender and receiver exchange several messages to create a "chain of signatures" that depends on the identities of the senders. To disentangle the signature chain from the message an would have to break the keys back into their two primes, which might require a computer the size of the universe. If any of this content is altered by the man in the middle, the system will detect it.

Other methods of creating non-malleable messages have been put forth, the researchers noted, but they require either thousands of rounds back and forth or that the sender and receiver agree to send messages at prearranged times. The new protocol works with perhaps 15 rounds or less and requires no "trusted infrastructure" set up in advance.

"I wouldn't say the problem of man-in-the-middle attacks is solved," Pass noted, "but a minimal number of communications rounds is now possible. And it doesn't mean we have practical solutions yet." The present work is theoretical, he pointed out, and someone has yet to write applications to put it into practice.

Provided by Cornell University

Citation: For honest voting, write a message the 'man in the middle' can't intercept (2012, December 11) retrieved 23 July 2024 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Air Force grant to tighten online encryption


Feedback to editors