VoteBox Nano: A Smaller, Stronger FPGA-based Voting Machine

This paper describes a minimal implementation of a cryptographically secure electronic voting system, built with a low-cost Xilinx FPGA board. This system, called VoteBox Nano, follows the same basic design principles as VoteBox, a full-featured electronic voting system. As with VoteBox, the votes are encrypted using Elgamal homomorphic encryption and the accuracy of the system can be challenged by real voters during an ongoing election. In order to fit within the limits of a minimal FPGA, VoteBox Nano eliminates VoteBox's sophisticated network replication and storage facilities. In return, VoteBox Nano runs without any operating systems or language runtime system, radically shrinking the implementation complexity. VoteBox Nano also integrates a hardware true random number generator, providing improved security for the ballot cryptography. In order to deter hardware tampering, which might be done to compromise the random number generator, the FPGA's native JTAG interface can be used to verify the FPGA's configuration. At boot-time, the proper FPGA configuration also displays a random number on the built-in display. Any interaction with the JTAG interface will replace the random number with another one, allowing poll workers to detect election-day tampering, simply by observing whether the number has changed.

[1]  Klaus D. Müller-Glaser,et al.  A Prototype of Trusted Platform Functionality on Reconfigurable Hardware for Bitstream Updates , 2008, 2008 The 19th IEEE/IFIP International Symposium on Rapid System Prototyping.

[2]  Li Li,et al.  Trust-Based Design and Check of FPGA Circuits Using Two-Level Randomized ECC Structures , 2009, TRETS.

[3]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[4]  Jonathan Rose,et al.  Measuring the Gap Between FPGAs and ASICs , 2006, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[5]  Mary Baker,et al.  Historic integrity in distributed systems , 2003 .

[6]  Ryan W. Gardner,et al.  Coercion Resistant End-to-end Voting , 2009, Financial Cryptography.

[7]  Pradeep K. Khosla,et al.  Externally verifiable code execution , 2006, CACM.

[8]  Micah Sherr,et al.  Source Code Review of the Sequoia Voting System 1 , 2007 .

[9]  David A. Wagner,et al.  Prerendered User Interfaces for Higher-Assurance Electronic Voting , 2006, EVT.

[10]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[11]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12]  Ahmad-Reza Sadeghi,et al.  Reconfigurable trusted computing in hardware , 2007, STC '07.

[13]  Josh Benaloh,et al.  Ballot Casting Assurance via Voter-Initiated Poll Station Auditing , 2007, EVT.

[14]  Ryan W. Gardner,et al.  On the Difficulty of Validating Voting Machine Software with Software , 2007, EVT.

[15]  Dan S. Wallach,et al.  Finding the Evidence in Tamper-Evident Logs , 2008, 2008 Third International Workshop on Systematic Approaches to Digital Forensic Engineering.

[16]  Dan S. Wallach,et al.  VoteBox: A Tamper-evident, Verifiable Electronic Voting System , 2008, USENIX Security Symposium.

[17]  Tolga Acar,et al.  Analyzing and comparing Montgomery multiplication algorithms , 1996, IEEE Micro.

[18]  Markus G. Kuhn,et al.  A Protocol for Secure Remote Updates of FPGA Configurations , 2009, ARC.

[19]  Mary Baker,et al.  Secure History Preservation Through Timeline Entanglement , 2002, USENIX Security Symposium.

[20]  David Naccache,et al.  Alien vs. Quine , 2007, IEEE Security & Privacy.

[21]  Ingrid Verbauwhede,et al.  FPGA Vendor Agnostic True Random Number Generator , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[22]  Norashikin M. Thamrin,et al.  A true random number generator for crypto embedded systems , 2006 .

[23]  Ka-Ping Yee Extending Prerendered-Interface Voting Software to Support Accessibility and Other Ballot Features , 2007, EVT.

[24]  Christof Paar,et al.  Security on FPGAs: State-of-the-art implementations and attacks , 2004, TECS.

[25]  Naveen Sastry Designing Voting Machines for Verification , 2006, USENIX Security Symposium.

[26]  Dan S. Wallach,et al.  Casting Votes in the Auditorium , 2007, EVT.

[27]  Ricardo Chaves,et al.  On-the-fly attestation of reconfigurable hardware , 2008, 2008 International Conference on Field Programmable Logic and Applications.

[28]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[29]  Farinaz Koushanfar,et al.  Active Hardware Metering for Intellectual Property Protection and Security , 2007, USENIX Security Symposium.

[30]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[31]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[32]  J. A. Halderman Source Code Review of the Diebold Voting System , 2007 .

[33]  Christof Paar,et al.  Cryptography on FPGAs: State of the Art Implementations and Attacks , 2003 .

[34]  Erkay Savas,et al.  Parametric, Secure and Compact Implementation of RSA on FPGA , 2008, 2008 International Conference on Reconfigurable Computing and FPGAs.

[35]  Enrique San Millán,et al.  Accelerating secure circuit design with hardware implementation of Diehard Battery of tests of randomness , 2011, 2011 IEEE 17th International On-Line Testing Symposium.

[36]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[37]  Milos Drutarovský,et al.  Model of a true random number generator aimed at cryptographic applications , 2006, 2006 IEEE International Symposium on Circuits and Systems.