Performance modelling of a secure voting algorithm

1
Performance modelling of a secure voting algorithm

• Jeremy Bradley (Imperial College London)
• Stephen Gilmore (University of Edinburgh)
• Nigel Thomas (Newcastle University)

2
Contents

• Motivation
• Fujioka (FOO) voting scheme
• PEPA
• The model
• Results
• Conclusions

3
Motivation

• To analyse systems using time based metrics
  derived from stochastic models.
• To use e-voting as a case study for our analysis.
• To investigate the scalability of the FOO scheme
  and the analysis techniques.
• Use stochastic process algebra for both
  correctness and performance analysis.
• To consider performance based attacks against
  this (and other) e-voting schemes.

4
Fujioka (FOO) scheme

• Consists of
• 3 (possibly 4) class of entity
• Voters
• Administrator
• Teller (collector counter)
• 6 phases
• Preparation (voters)
• Administration (administrator)
• Voting (voters)
• Collecting (counter)
• Opening (voters)
• Counting (counter)

5
Communication
Voter i
Voter i
Voter i
1. Prepared ballot
Voter i
Voter i
Administrator
Voter i
2. Signed
5. Revelation (or appeal?) via anonymous channel
3. Publish (multicast)
4. Vote - via anonymous channel
Collector / Counter
6
PEPA

• PEPA is a Markovian process algebra.
• Interaction of components which engage, singly or
  multiply in activities.
• Each component may be atomic or composed of other
  components.
• Each activity a (? , r) has a type ? and a rate
  r.
• Each activity is exponentially distributed with
  rate r or passive with distinguished rate T.
• A model in PEPA specifies a continuous time
  Markov chain.

7
PEPA constructs
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
Experiment 1

• Use traditional modelling and analysis to
  derive the steady state distribution.
• System is modelled cyclically (infinitely
  repeated elections).
• Solve simultaneous equations to find the average
  proportion of time spent in each state.
• From this we can derive metrics such as average
  number of completed votes and average time for a
  voter to complete a vote.
• Model parameters were derived from an
  implementation of the FOO scheme (by Oliver
  Davis).

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
Experiment 2

• Uses tools from computational biology to analyse
  very large models.
• Uses a continuous state approximation.
• The model concerns a single election.
• Each solution is a single trace of a simulated
  election.
• Within a trace we count the number of components
  performing each behaviour.
• Same parameters used as in experiment 1.

18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
Conclusions

• Using PEPA it is possible to accurately depict
  the behaviour of a complex e-voting scheme.
• Using traditional analysis techniques (even with
  approximation), this leads to state space
  problems.
• Using novel techniques it is possible to analyse
  models of O(1010000) states.
• The analysis shows the Administrator has
  scalability issues and may be vulnerable to a
  denial of service type attack multiple
  administrator versions of the scheme have been
  proposed.

22
Questions and Comments

• Is this style of analysis of any use or interest
  to this community?
• What measures should we be deriving?