Authentication Techniques, Client-Side Voting Software, and Secure Platform Mechanisms

Electronic voting is still a hot topic. You can mainly distinguish between three types of electronic voting, namely direct recording electronic voting devices in polling stations, scan based electronic voting systems, and remote electronic voting. In this paper we focus on the last category and in particular we discuss three dimensions that are specific for remote Internet voting. These are voter identification and authentication techniques, client-side voting software used to cast the vote and secure platform mechanisms to overcome vulnerabilities of the client used by the voter to cast her vote. We describe and analyze different implementations of each of these in the context of remote Internet voting, and assess their performance based on usability, security, costs, and maintenance issues. We identify combinations that cannot be applied at the same time and make recommendations for the application of particular implementations for specific types of elections

A Secure Authentication Scheme for RFID Systems

AbstractDay by day the importance of Radio Frequency Identification (RFID) systems is increasing for its powerful capabilities in automatic identification, localization and access control of the objects. However, the RFID techniques are plagued to security and privacy issues due to underlying wireless communication channel. In order to come up with a solution, we propose an efficient authentication scheme which uses pseudorandom number generators (PRNG) and some simple cryptographic operations. Moreover, as the current generation tags come with in-built pseudo random generators, the implementations of these operations are possible with low complexity. The secret information stored inside the tags is communicated in a more secure way ensuring confidentiality, integrity, and authentication. The security of our proposed scheme is analyzed against different attacks on RFID and with the performance of some existing protocols. Experimental results show a significant improvement in security with average cost, when compared with the existing techniques

Pseudo Identities Based on Fingerprint Characteristics

This paper presents the integrated project TURBINE which is funded under the EU 7th research framework programme. This research is a multi-disciplinary effort on privacy enhancing technology, combining innovative developments in cryptography and fingerprint recognition. The objective of this project is to provide a breakthrough in electronic authentication for various applications in the physical world and on the Internet. On the one hand it will provide secure identity verification thanks to fingerprint recognition. On the other hand it will reliably protect the biometric data through advanced cryptography technology. In concrete terms, it will provide the assurance that (i) the data used for the authentication, generated from the fingerprint, cannot be used to restore the original fingerprint sample, (ii) the individual will be able to create different "pseudo-identities" for different applications with the same fingerprint, whilst ensuring that these different identities (and hence the related personal data) cannot be linked to each other, and (iii) the individual is enabled to revoke an biometric identifier (pseudo-identity) for a given application in case it should not be used anymore

The Random Oracle Methodology, Revisited

We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes that result from implementing the random oracle by so called "cryptographic hash functions". The main result of this paper is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible definitions for the notion of a "good implementation" of a random oracle, pointing out limitations and challenges.Comment: 31 page