题名

以區塊鏈技術、流程安全與選民隱私設計之去中心化投票架構

并列篇名

A Decentralized Voting Framework with Blockchain Technology, Voting Process Security and Voter Privacy

作者

黃建勛(Chien-Shiun Huang);蕭舜文(Shun-Wen Hsiao)

关键词

區塊鏈 ; 投票 ; 生物辨識 ; 去中心化 ; 隱私 ; Blockchain ; I-Voting ; Bio Recognition ; Decentralization ; Privacy

期刊名称

資訊管理學報

卷期/出版年月

29卷2期(2022 / 04 / 30)

页次

133 - 159

内容语文

繁體中文
中文摘要

利用網路取代實體投票的倡議已經被提出,同時也有數個國家與地區(如愛沙尼亞與挪威)嘗試實現網路投票,但由於資安與隱私的疑慮,導致網路投票至今仍沒有大規模地採用。而區塊鏈技術的公開、不可否認、可追溯性等特性,正適合用於網路投票。本研究分析過去網路投票案例與導入區塊鏈之網路投票文獻,認為當下的區塊鏈投票機制,面臨安全性、匿名性與便利性的取捨難題。目前區塊鏈投票機制主要有三大問題,第一是多數文獻提出的投票機制都屬於權力中心化的架構,一旦中心化架構遭受攻擊則投票流程或結果將會出現問題。第二,多數投票機制也只在流程末端與區塊鏈互動,即便區塊鏈的資料難以竄改,但仍無法保證數位(區塊鏈資料)與實體(投票行為)之間的完整性與一致性,進而造成損害選民的匿名性、代替投票與選票竄改等問題。第三,因為區塊鏈透明與公開的特性,若直接把選務資料與投票內容上鏈則違反投票匿名的準則。本研究參考各文獻的投票機制後,提出一個使用生物辨識與區塊鏈技術的網路投票機制。針對問題一,本研究將投票五個階段之工作交給不同角色來執行與監督。在分權結構之下,任意一方受到全然的控制都無法完全改變投票的結果,進而降低受攻擊之風險。針對問題二,本研究的區塊鏈架構包含選民註冊、選民驗證與投票、選票挖礦與加密、選票解鎖與驗證及選票結果統計與追溯,為更完善的區塊鏈設計。問題三為解決選票隱私的問題,本研究基於生物特徵資訊的雜湊值設計選票,讓選票既可追蹤驗證也可保護隱私。本研究也討論與列舉可能之受攻擊風險,並確保本架構能有效避免遭受攻擊。
英文摘要

In the modern era of advanced Internet technology, the initiative to use the Internet to vote has been proposed. At the same time, several countries and regions (such as Estonia and Norway) have tried to implement online voting. However, due to many information security and privacy concerns, online voting has not been massively adopted. Blockchain technology has the characteristics of openness, immutable, traceability, these features are just suitable for supporting electronic voting. This research analyzes the past online voting cases and the online voting proposal studies introduced with blockchain. The current voting mechanism establishing a credible third party or system faces difficulty choosing between security, anonymity, and convenience. The popular blockchain voting mechanisms have three major problems. First, most of the voting structures proposed in the literature belong to a centralized power administration. Once the centralized administration is attacked, the voting process and results will be inaccurate. Second, most of the voting mechanisms only interact with the blockchain at the end of the voting process. Even if the blockchain guarantees that the data on the chain is difficult to tamper with, it still cannot guarantee the virtual (blockchain data) and reality (voting behavior) integrity and consistency, causing problems of damaging voter's anonymity, voter impersonation, and ballot tampering. Third, Because of the openness and transparency of blockchain, uploading the election information and ballot on blockchain violate the anonymity of voting. After referring to the voting mechanism of various studies, this research proposes an online voting framework using biometrics and blockchain technology. For the first problem, the five voting stages are assigned to different roles for execution and supervision. Under decentralization administration, any party cannot alter the election results, thereby reducing the attack risk. For the second problem, this research proposes a more comprehensive blockchain voting framework that includes Voter Register, Voter Verify & Vote, Ballot Mining & Encryption, Ballot Decryption & Verify, and Ballot Counting & Tracing. For the third problem to solve ballot privacy, this research introduces biometric technology and hashing ballot to solve voting privacy and vote tracing. This research also discusses the attack risk and ensures that the proposed framework could avoid being attacked.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 管理學
参考文献
  1. ISO/IEC 11889-1:2015 (2015), Information technology - Trusted platform module library - Part 1: Architecture, https://www.iso.org/standard/66510.html.
  2. NIST 800-57 (2020), Recommendation for Key Management, https://doi.org/10.6028/NIST.SP.800-57pt1r5
  3. Agrawal, M.,Mishra, P.(2012).A comparative survey on symmetric key encryption techniques.International Journal on Computer Science and Engineering,4(5),877-882.
  4. Australian Electoral Commission (2019), Cost of elections and referendums, https://www.aec.gov.au/elections/federal_elections/cost-of-elections.htm
  5. Ayed, A. B.(2017).A conceptual secure blockchain-based electronic voting system.International Journal of Network Security & Its Applications,9(3),1-9.
  6. Back, A. (1997), Hash cash postage implementation, http://www.hashcash.org
  7. Brightwell, I.,Cucurull, J.,Galindo, D.,Guasch, S.(2015).Brightwell, I., Cucurull, J., Galindo, D. & Guasch, S. (2015), An overview of the iVote 2015 voting system. New South Wales Electoral Commission, Australia, Scytl Secure Electronic Voting, Spain, 1-25..
  8. Buteri, V. (2017). BeyondBlock Taipei 2017. https://www.youtube.com/watch?v=9RtSod8EXn4
  9. Cho, M. H. (2018), South Korea to develop blockchain voting system, ZDNet, https://www.zdnet.com/article/south-korea-to-develop-blockchain-voting-system
  10. Danchev, D. (2010), Study finds the average price for renting a botnet, ZDNet, https://www.zdnet.com/article/study-finds-the-average-price-for-renting-a-botnet
  11. Diffie, W.,Hellman, M.(1976).New directions in cryptography.IEEE transactions on Information Theory,22(6),644-654.
  12. Edgar, T. W.,Manz, D. O.(2017).Research methods for cyber security.Syngress.
  13. Estonia (2020), ‘i-Voting e-Estonia’, https://e-estonia.com/solutions/e-governance/i-voting
  14. Feistel, H.(1973).Cryptography and computer privacy.Scientific american,228(5),15-23.
  15. Gilbert, H.,Handschuh, H.(2003).Security analysis of SHA-256 and sisters.International workshop on selected areas in cryptography,Berlin, Heidelberg:
  16. Giles, C. & Horton, J. (2020), US election 2020: Is Trump right about Dominion machines?, BBC Reality Check, https://www.bbc.com/news/election-us-2020-54959962
  17. Gomez, M. (2017), Ethereum Co-Founder Vitalik Buterin Weighs in on Blockchain Improvement & Scaling Issues, Cryptovest, https://cryptovest.com/news/ethereum-cofounder-vitalik-buterin-weighs-in-on-blockchain-improvement--scaling-issues/
  18. Hanifatunnisa, R.,Rahardjo, B.(2017).Blockchain based e-voting recording system design.11th International Conference on Telecommunication Systems Services and Applications (TSSA),Bali, Indonesia:
  19. Hjálmarsson, F. Þ.,Hreiðarsson, G. K.,Hamdaqa, M.,Hjálmtýsson, G.(2018).Blockchain-based e-voting system.2018 IEEE 11th International Conference on Cloud Computing (CLOUD),San Francisco, CA, USA:
  20. Jain, A.,Hong, L.,Pankanti, S.(2000).Biometric identification.Communications of the ACM,43(2),90-98.
  21. Khan, M. A.,Salah, K.(2018).IoT security: Review, blockchain solutions, and open challenges.Future generation computer systems,82,395-411.
  22. Kravitz, D. W.(1991).Kravitz, D. W. (1991), Digital signature algorithm, US Patent No. 5231668A..
  23. Liu, Y.,Wang, Q.(2017).Liu, Y. & Wang, Q. (2017), An E-voting Protocol Based on Blockchain, IACR Cryptol. ePrint Arch., 1043..
  24. Nakamoto, S.(2008).Bitcoin: A peer-to-peer electronic cash system.Decentralized Business Review,1-9.
  25. Pornin, T.(2013).Deterministic usage of the digital signature algorithm (DSA) and elliptic curve digital signature algorithm (ECDSA).Internet Engineering Task Force RFC,6979,1-79.
  26. PwC Australia. (2014), Plebiscite could cost Australian economy $525 million, https://www.pwc.com.au/press-room/2016/cost-plebiscite-mar16.html
  27. Saini, R.,Rana, N.(2014).Comparison of various biometric methods.International Journal of Advances in Science and Technology,2(1),24-30.
  28. Segaard, S. B.,Christensen, D. A.,Folkestad, B.,Saglie, J.(2014).Internettvalg: hva gjør og mener velgerne.Oslo, Norway:Institutt for samfunnsforskning.
  29. Shams, S. (2019), Indonesia: More than 270 election staff died from overwork https://www.dw.com/en/indonesia-more-than-270-election-staff-died-fromoverwork/a-48517308
  30. Specter, M. A.,Koppel, J.,Weitzner, D.(2020).The ballot is busted before the blockchain: A security analysis of voatz, the first internet voting application used in us federal elections.USENIX Security Symposium
  31. Springall, D.,Finkenauer, T.,Durumeric, Z.,Kitcat, J.,Hursti, H.,MacAlpine, M.,Halderman, J. A.(2014).Security analysis of the Estonian internet voting system.Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security,Arizona, USA:
  32. U.S. Election Admission Commission (2021), Voluntary Voting System Guidelines VVSG, https://www.eac.gov/sites/default/files/TestingCertification/Voluntary_Voting_System_Guidelines_Version_2_0.pdf
  33. Wei, C. C. Z.,Wen, C. C.(2018).Blockchain-based electronic voting protocol.JOIV: International Journal on Informatics Visualization,2(4-2),336-341.
  34. 李欣芳 (2018),大選綁 10 公投總花費約 47 億,自由時報,https://news.ltn.com.tw/news/politics/paper/1245513
  35. 林銘翰 (2019),中選會辦理投票模擬演練,ETtoday,https://www.ettoday.net/news/20190921/1540340.htm
  36. 姚介修 (2017),機場自動通關使用人次突破 5 千萬,自由時報,https://news.ltn.com.tw/news/life/breakingnews/2143550 (存取日期 2021/9/4)
  37. 張如嫻 (2020),密西根州計票系統出錯川普 6000 票誤算給拜登,Newtalk,https://newtalk.tw/news/view/2020-11-07/490778
  38. 黃彥鈞 (2019),愛沙尼亞線上投票比率創紀錄,科技新報,https://technews.tw/2019/03/12/nearly-half-of-voters-using-online-voting-in-estonia/
被引用次数
  1. (2024)。電腦資料交換之實體隔離機制探討-植基於身分驗證之USB存取管控研究。資訊管理學報,31(1),93-121。
print cancel