Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/131320
|
| Title: | 導入區塊鏈與生物辨識之安全網路投票機制
A Secure i-Voting Mechanism via Blockchain and Biorecognition Technology |
| Authors: | 黃建勛
Huang, Chien-Shiun |
| Contributors: | 宋皇志
蕭舜文
Hsiao, Shun-Wen
黃建勛
Huang, Chien-Shiun |
| Keywords: | 區塊鏈
網路投票
生物辨識
虛實整合投票系統
可驗證投票
Blockchain
I-voting
Bio Recognition
Cyber-Physical Voting System
Verifiable Ballot |
| Date: | 2020 |
| Issue Date: | 2020-08-03 18:36:48 (UTC+8) |
| Abstract: | 在網路科技發達的現代,利用網路進行投票的倡議已經被提出,同時也有數個國家與地區 (如愛沙尼亞與挪威) 嘗試實現網路投票,但由於諸多資安的疑慮,導致網路投票至今仍沒有大規模地採用。而區塊鏈技術有公開、不可否認、可追溯性等特性,而且可以有效地防止資料被竄改,並能有追溯區塊內資料的功能,因此被用作於加密貨幣帳本的核心技術。這些特性也正恰好適合用於支持電子投票,不過直接使用加密貨幣的概念來實做網路投票會產生許多問題 (如選票交易與灌水)。因此,即便導入區塊鏈技術,投票的流程與設計仍需要選民、主辦方、區塊鏈架構師與政府機構的相互配合,並且針對投票的特性對區塊鏈進行改造。
本研究分析過去網路投票案例與導入區塊鏈之網路投票提案文獻,在各文獻的流程中發現,現今的投票機制在當需要於選民與候選人之間建立一個可信的第三方或是系統時,投票機制在設計上面臨安全性、匿名性與便利性之間的取捨難題。
除了投票設計的取捨難題外,本研究也探討各文獻在投票流程上的潛在風險。由於多數文獻提出的投票架構都是屬於權力中心化的架構且只有在流程末端與區塊鏈互動,即便區塊鏈保證上鏈的資料難以竄改,但仍無法保證虛擬 (區塊鏈資料) 與現實 (投票行為) 整合之間的完整性與一致性。在最極端的攻擊情況下,若虛實不一致會發生損害選民的匿名性、代替投票與選票竄改等問題。
本研究參考各文獻的投票方案後,提出一個使用生物辨識技術與區塊鏈技術的網路投票方案,將投票各個階段之工作交給不同角色來執行,在分權結構之下,任意一方受到全然的控制都無法全然的改變投票之結果,進而降低受攻擊之風險。除了降低的攻擊風險之外,本研究也透過生物辨識技術來解決選民的選票隱私問題,並基於該技術設計提出選票追蹤的方法。
In the modern era of advanced Internet, the initiative to use the Internet to vote has been proposed. At the same time, several countries and regions (such as Estonia and Norway) have tried to implement i- voting. However, due to many security concerns, online voting has not yet been largely adopted. The blockchain technology has the properties of openness, non-repudiation, data immutability, and can effectively prevent data from being tampered with, and has the function of tracing the data in the block, so it considered as the core technology of the distributed ledger. These features are also just suitable for supporting I-voting, but directly using the concept of cryptocurrency to implement online voting will cause many problems (such as ballot transactions and false ballot). Therefore, even if the blockchain technology is introduced, the voting process and design still need the cooperation of voters, sponsors, blockchain architects and government agencies, and the transformation of the blockchain in accordance with the properties of voting.
This study analyzes the past online voting cases and the online voting proposal documents introduced with blockchain. It is found in the process of each document that the current voting mechanism needs to establish a trusted third party or between the voters and the candidates when it is necessary. When it is a system, the voting mechanism is faced with the trade-off between security, anonymity and convenience in design.
In addition to the difficulty of voting design, this study also explores the potential risks of various documents in the voting process. Since the voting architecture proposed in most documents is a power-centric architecture and only interacts with the blockchain at the end of the process, even if the blockchain guarantees that the data on the chain is immutable, it still cannot guarantee the cyber (blockchain data) and physical (voting behavior) data integrity and consistency. In the most extreme attack situation, inconsistent record may lead to different risks, such as compromising the anonymity of voters, delegated voting and balloting tempered.
After referring to the voting schemes of various literatures, this study proposes an online voting scheme that uses biometrics and blockchain technology. It delegates the work of each stage of voting to different roles for execution, under the decentralized structure, either party get viciously controlled cannot completely alter the result of voting, thereby reducing the risk of attack. In addition to reducing the attack risk, this research also uses biometrics to solve the dilemma between voter privacy and ballot illegibility, and proposes a method for tracking the ballot based on the technology. |
| Reference: | 外文文獻
A. Jain, L. H. (2000). Biometric identification. Communications of the ACM, pp. 90-98.
Arizona Secretarty of State, G. (2000). Arizona Secretary of State 2000 Election Information. Retrieved from Apps.azsos.gov: https://apps.azsos.gov/election/2000/Info/ElectionInformation.htm
Australian Electoral Commission. (2019). Cost of elections and referendums. Retrieved from https://www.aec.gov.au/: https://www.aec.gov.au/Elections/federal_elections/cost-of-elections.htm
Ayed, A. B. (2017, 5). A conceptual secure blockchain-based electronic voting system. International journal of network security & its applications(IJNSA) vol.9,no3.
Back, A. (1997). Hash cash postage implementation. Retrieved from http://www.hashcash.org/papers/announce.txt
Baltic, T. (2014). Estonian Electronic ID – Card Application Specification Prerequisites to the Smart Card Differentiation to previous Version of EstEID Card Application.
Buteri, V. (2017). BeyondBlock Taipei 2017. Retrieved from https://www.youtube.com/watch?v=9RtSod8EXn4
Buterin, V. (2015). Github. Retrieved from https://github.com/ethereum/wiki/wiki/White-Paper
Chinchilla, C. (2019). A Next-Generation Smart Contract and Decentralized Application Platform. Retrieved from Github: https://github.com/ethereum/wiki/wiki/White-Paper#merkle-trees
Cho, M.-H. (2018). South Korea to develop blockchain voting system. Retrieved from ZD net.
D. Larimer, et al. (2017). EOS.IO White Paper. Retrieved from Github: https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md
D. Ongaro, J. Ousterhout. (2014). In Search of an Understandable. USENIX Association, (pp. 305-319). Philadelphia.
D. Springall, T. Finkenauer, Z. Durumeric, J. Kitcat, H. Hursti, M. MacAlpine, J. A. Halderman. (2014). Security analysis of the Estonian internet voting system. In Proceedings of the . ACM SIGSAC Conference on Computer and Communicat.
Danchev, D. (2010). Study finds the average price for renting a botnet. Retrieved from ZDNet: https://www.zdnet.com/article/study-finds-the-average-price-for-renting-a-botnet/
ElGamal, T. (1985). A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory.
Estonia. (2020). i-Voting — e-Estonia. Retrieved from e-Estonia: https://e-estonia.com/solutions/e-governance/i-voting/
F. Þ. Hjálmarsson, G. K. Hreiðarsson, M. Hamdaqa, G. Hjálmtýsson. (2018, 7). Blockchain-Based E-Voting System. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD) (pp. 983-986). San Francisco, CA, USA: IEEE.
Feistel, H. (1973). Cryptography and Computer Privacy (5 ed.). Scientific American.
Frumkin, D. (2019). Transactions Per Second And Consensus Mechanisms Of The Top 50 Cryptocurrencies. Retrieved from investinblockchain: https://www.investinblockchain.com/transactions-per-second-and-consensus-mechanisms-of-the-top-50-cryptocurrencies/
Gomez, M. (2017). Ethereum Co-Founder Vitalik Buterin Weighs in on Blockchain Improvement & Scaling Issues. Retrieved from cryptovest: https://cryptovest.com/news/ethereum-co-founder-vitalik-buterin-weighs-in-on-blockchain-improvement--scaling-issues/
Government, N. P. (n.d.). https://www.regjeringen.no/en/aktuelt/Internet-voting-pilot-to-be-discontinued/id764300/. Retrieved from Government.no.
GritzalisDimitris. (2002). Principles and requirements for a secure e-voting system. Computers & Security.
H. GilbertHandschuhH. (2003). Security Analysis of SHA-256 and Sisters.Selected Areas in Cryptography.
Hendricks, B. (2017). Bitcoin: What`s in the whitepaper. Retrieved from https://huobi-1253283450.cos.ap-beijing.myqcloud.com/1543476765952_IgOT7VVGO4Vr3QUjymBa.pdf
I. Brightwell, J. Cucurull, D. Galindo, S. Guasch. (2015). An overview of the iVote 2015 voting system. Retrieved from Elections.nsw.gov.au: https://www.elections.nsw.gov.au/NSWEC/media/NSWEC/Reports/iVote%20reports/An-overview-of-the-iVote-2015-voting-system-(PDF-1.6MB).pdf
Iuon-Chang Lin, Tzu-Chun Liao. (2017, 9). A Survey of Blockchain Security Issues and. International Journal of Network Security, Vol.19, No.5, p. 653.
J. A. Halderman, V. Teague. (2015). The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election.
K. J. O`Dwyer, D. Malone. (2014). Bitcoin mining and its energy footprint. 25th IET Irish Signals & Systems Conference 2014 and 2014 China-Ireland International Conference on Information and Communications Technologies.
Kravitz, D. W. (1991). US Patent No. 5231668A.
L. F. Cranor,R. Rojas. (2001). Electronic Voting. Retrieved from lorrie.cranor.org.
M. A. Khan, K. Salah. (2018). IoT security: Review, blockchain solutions, and open challenges. Future Generation Computer Systems 82, pp. 395-411.
Marks, J. (2020). The Cybersecurity 202: Internet-based voting is the new front in the election security wars. Retrieved from The Washington Post: https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2020/05/11/the-cybersecurity-202-internet-based-voting-is-the-new-front-in-the-election-security-wars/5eb85e4e602ff11bb1179347/
Michael A. Specter, James Koppel, Daniel Weitzner. (2020). The Ballot is Busted Before the Blockchain:.
Michael J.Casey, Paul Vigna. (2019). The truth machine.
Milanov, E. (2009). The RSA algorithm. Retrieved from RSA Laboratories: https://pdfdirectory.com/702-tutorial-the-rsa-algorithm.pdf
MIT Election Lab. (2016). voting technology. Retrieved from electionlab.mit: https://electionlab.mit.edu/
N. Koblitz, A. Menezes, S. Vanstone. (2000). The State of Elliptic Curve Cryptography. Designs, Codes and Cryptography 19, pp. 173–193.
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system. Retrieved from https://bitcoin. org/bitcoin. pdf
National Institute of Standards and Technology. (2020). RISK MANAGEMENT FOR ELECTRONIC BALLOT.
PwC Australia. (2014, 3). Plebiscite could cost Australian economy $525 million. Retrieved from pwc.com.
Qadah, G. Z. (2007). Electronic voting systems: Requirements, design, and implementation.
R. Hanifatunnisa, B. Rahardjo. (2017, 10). Blockchain Based E-voting Recording System Design. 11th International Conference on Telecommunication Systems Services and Applications (TSSA).
R. Hanifatunnisa, B. Rahardjo. (2017, 10). Blockchain based e-voting recording system design. IEEE.
R. Singh, S. K. (2014). Comparison of Various Biometric Methods.
S King, S Nadal. (2012). Ppcoin: Peer-to-peer crypto-currency with proof-of-stake. Retrieved from Self publish paper.
S. B. Segaard, D. A. (2014). Internettvalg: hva gjør og mener velgerne.
S. Shah, Q. Kanchwala, H. MI. (2016). Block Chain Voting System.
Shams, S. (2019). Indonesia: More than 270 election staff died from overwork. Retrieved from dw: https://www.dw.com/en/indonesia-more-than-270-election-staff-died-from-overwork/a-48517308
Stallings, W. (2011). Cryptography and Network Security (fifth edition ed.).
T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino. (2002). Impact of artificial "gummy" fingers on fingerprint systems. San Jose, Califorina.
T. Pornin. (2013). Deterministic usage of the digital signature algorithm (DSA) and elliptic curve digital signature algorithm (ECDSA). Internet Engineering Task Force RFC, pp. 1-79.
T. W. Edgar, D. O. Manz. (2017). Research Methods for Cyber Security.
W. Diffie, M. Hellman. (1976). New directions in cryptography. IEEE, pp. 472-492.
Yi Liu, Qi Wang. (2017). An E-voting Protocol Based on Blockchain. IACR Cryptology ePrint Archive, p. 1043.
Z. W. Clement, C. W. Chuah. (2018). Blockchain-Based Electronic Voting Protocol.
中文參考文獻
李欣芳. (2018年8月11日). 大選綁10公投總花費約47億 中選會盼午夜前完成開票. 擷取自 自由時報: 選綁10公投 總花費47億
郭建邦. (2011). 適用於我國電子投票之機制設計與研究.
陳熙文. (2019). 中選會舉辦模擬投票會 平均每人花2分半完成投票. 擷取自 https://udn.com/: https://udn.com/vote2020/story/12702/4060590 |
| Description: | 碩士
國立政治大學
科技管理與智慧財產研究所
107364120 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0107364120 |
| Data Type: | thesis |
| DOI: | 10.6814/NCCU202001048 |
| Appears in Collections: | [科技管理與智慧財產研究所] 學位論文
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 412001.pdf | | 4233Kb | Adobe PDF2 | 3 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
