Design And Implementation Of Trusted DRE Voting Terminal Based On TrustZone

Elections are the most direct way for people to express democracy in their daily lives.Traditional voting using papers have been accompanied by people's production and life for hundreds of years.However,this method has many disadvantages,including low efficiency,high cost,poor anti-bribery and many other aspects.With the progress of the electronic information Internet,electronic voting came into being.Electronic voting is widely favored by people because of its convenience and ease of use.However,its internal black box-like structure makes people have a better understanding of the safety and correctness of electronic voting.Therefore,most of the electronic voting uses verifiable solutions to prove to the public the safety and correctness of the electronic voting.At present,the voting schemes based on DRE(Direct Recording Electronic)equipment in electronic voting mainly includes DRE-i and DRE-ip.DRE-i needs to store all votes in the DRE device,while DRE-ip only needs to store the cumulative results of the votes.However,neither of these two solutions improve the storage method of the DRE device.Targeted attacks by hackers may expose the data stored by DRE devices and thus affect the privacy of voting.In addition,the public disclosure of DRE equipment may cause damage to some DRE equipment and affect the integrity of the entire voting system.Thus the robustness of the electronic voting scheme based on DRE equipment is also extremely important.In response to the above problems,this thesis designs and implements a trusted voting terminal DRE-t(trust)based on core technologies such as TrustZone and Shamir secret sharing.This solution implements the authentication of the voting terminal,verifying votes,confirming votes,obtaining tickets and other major functions.This solution meets the characteristics of verification,privacy,robustness,ease of use and so on.The main work of the thesis are as follows:1.Researched and summarized the process of part of the voting plan without tallying authorities,added a backup stage on the basis of this process,and conducted a specific analysis of each stage of the process.Then designed the algorithms used in each stage,including based on Pedersen's commitment Ballot encryption algorithm,DCnet-based DRE device initialization algorithm,ballot legitimacy verification algorithm based on non-interactive zero-knowledge proof,and ballot backup recovery algorithm based on Shamir's secret sharing;2.In order to enhance the storage security of DRE equipment,research TrustZone and introduce it into DRE equipment,design the core operations of voting terminal into TrustZone of DRE equipment,and ensure the security of DRE voting terminal in the storage architecture of the system;3.After completing all the above algorithms and the design of TrustZone in the DRE device,an electronic voting system with the voting terminal DRE-t as the core is implemented based on the Raspberry Pi.The system also includes a voting management module,a recovery server and a BBS module.4.Finally,this thesis perform basic function test and efficiency test of the system,demonstrate the core characteristics of the implemented system such as correctness,privacy,verification,robustness,and feasibility.The test conducted on the DRE-t voting terminal and compared with other DRE voting schemes shows that DRE-t is superior to DRE-i and DRE-ip in terms of security.At the same time,due to the introduction of TrustZone,the operating efficiency of DRE-t will be slightly lower than DRE-i and DRE-ip,but the system still meets the basic needs of user interaction.