The e-voting is a 1 of the most attending seeking phenomenon of projecting ballots in todays universe and the authorities in the assorted states across the Earth are seeking to implement this e-voting procedure with the aid of biometries system. The biometric system is scientific discipline of placing a individual through an automated machine which is able to read the human biological characteristics such as handprints, iris acknowledgment, facial acknowledgment, voice acknowledgment etc ( Chen, 2002 ) . The two best biometric methods suited for the intent of e-voting are facial or iris acknowledgment and finger print confirmation. Both, the facial or iris acknowledgment or finger print confirmation are the most popular manner of biometric systems for human designation.
Facial or Iris acknowledgment: The human face is one of the best characteristics suited for utilizing biometric system. The individuality of the elector can be done by analyzing the form and the place of the different facial characteristics of the elector. Once, the elector within the authorities database, he can be easy identified by looking at the camera which should be placed at the voting booth or the computing machine. The system matches the facial characteristics with that on the database and therefore the individual ‘s ballot is counted. Another possible and interesting attack is to bring forth infrared recordings and followed by the analysis of the facial thermo gm. The iris acknowledgment is similar to the facial acknowledgment in context of its operation ; nevertheless the characteristic scanned is the flag, with the aid of a retina scanner. The alone quality of flag, i.e. it is different for every person makes it effectual method of utilizing. The size of the templets formed scope from 500 bytes to 1000 bytes ( Hof, 2007 ) .
Finger Print Verification: The finger print confirmation system is operated on the reading the minutiae, which are located on the finger prints. The finger print scanner reads these minutiae when the manus is placed on the scanner and the person is identified. Fingerprints are most utile biometric system because of relaxation to capture the fingerprints and the cost effectual substructure already developed to utilize it for the intent of designation. The templets formed by the finger print confirmation are comparatively big and require adequate databases to hive away the templets of all eligible electors ( Hof, 2007 ) .
The usage of biometric systems have gained allot of attending, nevertheless, the dependability and the serviceability of these is yet to be judged. The cardinal issue with the dependability and the suability is the dynamic nature of the human biometries. The ground, that these biometries keep altering with the alteration in the age ethnicity and beginning of the human being and therefore makes it hard to set in pattern. An illustration of this is alteration in the minutiae of people with their turning age. This can ensue in higher false rejection rate raising the inquiry on its credibleness. These issues make execution of biometries system for voting by authorities a really hard undertaking ( Kumar, 2003 ) . It is therefore necessary to happen steadiness amongst a system cheque which is perchance excessively rigorous and has a higher false rejection rate and a system which is excessively weak to hold higher false credence rate. The e-voting utilizing biometric system is besides an issue of security due to its exposure of system to different types of onslaughts such as burlesquing onslaught ( Felten, Balfanz, Dean, and Wallach, 1997 ) . The burlesquing onslaught means a individual who wittingly and with an purpose to sneak the personal information for personal benefits portrays himself as other entity or human being. In such type of onslaughts, the aggressor is able to turn out to the system or decision maker that the information being transmitted is send through a safe beginning or about his /her false individuality. The premier menace of spoofing is the session commandeering which is accomplished by come ining an established connexion and perverting its DataStream. Once the DataStream is corrupted the aggressor can easy short-circuit any hallmark steps which were integral to construct the connexion ( Anomynous, 1997 ) . The other types of onslaughts are adult male in in-between onslaught, routing direct etc. These are few of the onslaughts biometric systems are vulnerable to and therefore raise the inquiry about the security they can supply for an of import undertaking of vote.
B ) The biometries can merely be implemented by the authorities if the populace has faith in the proper operation of the system. However, the statistics of the biometric industry show that there is a turning support for the use of biometric system in today ‘s universe. The biometric industry research issued interesting informations in 2009 and estimated that the planetary biometries industry will acquire ternary in size by the terminal of twelvemonth 2012 ( Biometric Industry, 2009 ) . The authorities of many other states such as Australia, Brazil, Germany, USA, including UK are seeking to implement biometric system for designation of the people during the enrollment procedure with a position to cut down the false credence rate ( Buchsbaum, 2008 ) . The authorities of Mozambique implemented the biometric elector enrollment platform for all the three different degree of elections ( local, provincial and national ) in the state to cut down the fraudulence of ballots and cut down the false designation of electors and this has received tremendous support from the people ( Caubergh, 2008 ) . Besides, the Brazil authorities is taking appropriate steps to implement biometric system voting for all the elections by terminal of 2014. The enterprises taken by the authorities for the execution of the biometric system must co-occur with the public believing in its truth. Presently, people do non believe in the credibleness of the system due to the disputing proficient issues and therefore do non back up the system. The credence of the biometric system is a slow procedure even though it is more secure in the signifier of pull stringsing the ballots and numbering incorrect ballots.
Q.2 a )
The usage of biometries in e-voting has disputing issues to get the better of including security, designation of electors, public credence and besides the non-repudiation of the ballots. One of the most ambitious issues is covering with the non-repudiation of the elector. The e-voting system should be equipped with a cryptanalytic protocol that can guarantee the non renunciation of the elector. The distinction amongst the renunciation and non renunciation arises from the rule of refusal and credence. The renunciation can be best described as the refusal to admit a debt or a contract ( Rusinek and Ksiezopolski, 2009 ) . On the contrary, the non-repudiation is the rule which makes it impossible for an person or a party from denying ( disowning ) their engagement in a peculiar dealing. Non renunciation is frequently related to the codification of hallmark or individuality confirmation ( Rusinek and Ksiezopolski, 2009 ) . The chief disparity is in the procedure of hallmark, an person or an entity provides a cogent evidence of individuality to the other transacting party whereas in the non-repudiation a 3rd party is referred upon to make up one’s mind if the dealing occurred between the two parties concerned ( Zhou and Golmann, 1997 ) . The non renunciation service comprises of the four phases and can be practiced utilizing different mechanisms. These scope from digital signatures, notarizations, informations unity mechanism, digital signatures etc. The four phases of non-repudiation are the grounds coevals, grounds transportation and storage, grounds confirmation, and difference declaration ( Rusinek and Ksiezopolski, 2009 ) . With the aid of the non renunciation service the ballots can be identified and the elector can non deny his/her engagement in the vote procedure. By incorporating the non-repudiation service grounds is generated which comprises of the day of the month and clip and the content of familial message and the individualities of both the parties which involved in the dealing. The grounds generated sets up accountability of the parties/entities involved in the dealing. The grounds generated the transportation of the content and the confirmation is specified by the non-repudiation protocols ( Rusinek and Ksiezopolski, 2009 ) . A just non-repudiation protocol should non give the transmitter of a message an advantage over the receiving system, or frailty versa.
B ) The security provided by SSL/TLS or RSA protocol web sites are frequently a affair of concern for the cryptanalysts. The survey done in the recent yesteryear has revealed some unreassuring consequences. Harmonizing to research workers the web sites with these protocols are vulnerable to a assorted onslaughts such as adult male in in-between onslaught, URL burlesquing etc and the aggressors are good equipped with the thoughts and engineering to interrupt the security bed of these web sites ( RSA Data Security, 2010 ) . Harmonizing to Lyden ( 2003 ) , an aggressor can wholly decode the privy communicating by interrupting these cryptanalytic protections offered by these protocols and can recover all the private information shared between the host and the user. The Secure Socket Layer ( SSL ) protocol is placed between a trusty connection-oriented web bed protocol ( e.g. TCP/IP ) and the application protocol bed ( e.g. HTTP ) ” and provides unafraid communicating between the client and the waiter through the usage of common hallmark beginnings such as digital signatures for unity and encoding for privateness ( ASF, 2010 ) . When the web site is attacked the aggressor forms a TLS connexion with the targeted waiter and injects the content of its pick and so unify into a new TLS connexion with the client. The initial TLS handshaking by waiter is treated as a renegotiation and therefore believes the informations transmitted by the aggressor is form the same entity ( Rescorla, Ray, Depensa and Oskov, 2010 ) . The RSA protocol is besides vulnerable to the onslaughts and the aggressor targets the premaster secret and captures a RSA session ( session commandeering ) and by decoding it generates signature of any subjective message on behalf of the waiter. The SSL/TLS secured web sites try to offer most procure informations direction procedure to the authorities or fiscal establishments but the of all time increasing concern of burlesquing onslaughts and the failing of these web sites creates concern to the populace about the confidentiality of the informations.
Man in Middle Attacks
One web site posses itself as another web site
Attacker makes an single connexion with the client by come ining into the web.
The aggressor sends the information of its pick by splicing a new TLS connexion
The aggressor generates fraud digital signature for any arbitrary message