INNOVATE

Cryptographic Key Management for Online Voting

The lifecycle of a cryptographic key

Cryptographic keys are crucial elements when talking about the security of online voting systems. Sensitive operations such as signing ballots require these keys in order to be executed, so if they become compromised, they could endanger the entire security of an online voting system.

For this reason, it is very important to properly define and document how these keys are managed throughout their lifecycle: how they are generated, protected, stored, used, and destroyed.

As stated in the Recommendations for Key Management done by the National Institute of Standards and Technology (NIST), keys can be classified according to their properties and uses. They can be symmetric, public, private, static, or ephemeral and be used for signature, encryption/decryption, or authentication, among other processes.

For example, in an online voting system the voter selections are encrypted using a digital envelope approach, which combines two different encryption technologies, symmetric and asymmetric encryption. In this case two keys are used: a symmetric encryption key for encrypting the voter selections and a public key-transport key for encrypting the symmetric key. In addition, if the resulting envelope is signed, the key used for this signature would be a private signature key.

Apart from the previous criteria, we could also add another one for classifying these keys, which is the level at which they are used: Infrastructure keys, used for the communication among system components; platform keys, shared among different elections, such as the keys used for logging the online voting system events; election keys, those belonging to a specific election such as the key used for encrypting the votes; and finally, voter’s keys, used for authenticating the voter and signing the vote.

The following sections explain the main phases of an online voting system’s keys lifecycle.

A first step for guaranteeing the security of a key is to ensure that the algorithms chosen for generating them are the appropriate ones. In this regard it is important to use either FIPS-approved or NIST-recommended algorithms. Also, the keys must be generated using secure random bit generators. For example, for digital signatures, one of the recommended algorithms is RSA with a minimum key length of 2048 bits. In addition, it is also important to choose appropriate environments in which to generate them, such as Hardware Security Modules (HSMs) or software programs executed in isolated systems.

In many cases it is also necessary to establish a Public Key Infrastructure (PKI). A PKI is composed of a set of certificates issued by Certification Authorities (CA). Each CA has a pair of signing keys that is used to issue new certificates. A certificate contains the public key and name of a certain entity, and it is signed with the private key of a CA. The CA, with its signature, attests that the owner of the key is the one included in the certificate. In this manner, a PKI enables anybody trusting its CAs to trust in any certificate issued by them.

Most of the keys and cryptographic material in an online voting system are generated in a pre-voting phase. Nevertheless, there can be some exceptions in which the voter’s keys are generated when the voter is authenticated in the platform, e.g. when using delegated authentication in Invote.

After their generation, keys must be well protected so only authorized users can access them. We differentiate between hardware and software protection. The former involves using hardware devices such as HSMs or Smartcards while the latter makes use of symmetric encryption standards to protect the key, e.g., PKCS#12.

Keys must be used only for one purpose since the more a key is used, the more it is weakened and consequently so is the security of the cryptographic processes in which it is involved. In addition, there are some key usages, such as encryption and signing, which are incompatible.

It is also important to define the lifetime of a key, i.e., its cryptoperiod. A cryptoperiod is a timeframe in which a certain cryptographic key is authorized to be used. When defining the length of this period it is important to consider the type of key, the type of data being protected by this key, and the environment in which it is going to be used. For example, in a signature key pair, the private key might have a shorter period than the public one. While the former will be used for signing for a fixed period of time and then its owner will destroy it, the latter may be available for a longer period of time for verifying signatures. Finally, within this cryptoperiod, it is important to limit the times the key is used in order to limit the damage that can be done in case the key is compromised.

In order to minimize the risk of a key becoming compromised, private keys must be destroyed as soon as they are not longer required, i.e., the cryptoperiod is over. It is important to ensure that all copies of the key, in case there are any, are also destroyed.

Also, there are situations in which the authorized use of the key must be terminated before finishing its crypto period. In this case, the key must be revoked and all entities with access to this key must be notified.

This article was written by Núria Costa (PhD), Cryptography Researcher at Scytl.