Attacking and fixing Helios: An analysis of ballot secrecy
Identifieur interne : 000086 ( PascalFrancis/Corpus ); précédent : 000085; suivant : 000087Attacking and fixing Helios: An analysis of ballot secrecy
Auteurs : Véronique Cortier ; Ben SmythSource :
- Journal of computer security [ 0926-227X ] ; 2013.
Descripteurs français
- Pascal (Inist)
English descriptors
- KwdEn :
Abstract
Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this article, we analyse ballot secrecy in Helios and discover a vulnerability which allows an adversary to compromise the privacy of voters. The vulnerability exploits the absence of ballot independence in Helios and works by replaying a voter's ballot or a variant of it, the replayed ballot magnifies the voter's contribution to the election outcome and this magnification can be used to violated privacy. We demonstrate the practicality of the attack by violating a voter's privacy in a mock election using the software implementation of Helios. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy. We present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus. Furthermore, we present similar vulnerabilities in other electronic voting protocols - namely, the schemes by Lee et al., Sako and Kilian and Schoenmakers- which do not assure ballot independence. Finally, we argue that independence and privacy properties are unrelated, and non-malleability is stronger than independence.
Notice en format standard (ISO 2709)
Pour connaître la documentation sur le format Inist Standard.
pA |
|
---|
Format Inist (serveur)
NO : | PASCAL 13-0145410 INIST |
---|---|
ET : | Attacking and fixing Helios: An analysis of ballot secrecy |
AU : | CORTIER (Véronique); SMYTH (Ben) |
AF : | CNRS, Loria, UMR 7503/Vandœuvre/France (1 aut.); INRIA Paris-Rocquencourt/Paris/France (2 aut.) |
DT : | Publication en série; Niveau analytique |
SO : | Journal of computer security; ISSN 0926-227X; Pays-Bas; Da. 2013; Vol. 21; No. 1; Pp. 89-148; Bibl. 100 ref. |
LA : | Anglais |
EA : | Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this article, we analyse ballot secrecy in Helios and discover a vulnerability which allows an adversary to compromise the privacy of voters. The vulnerability exploits the absence of ballot independence in Helios and works by replaying a voter's ballot or a variant of it, the replayed ballot magnifies the voter's contribution to the election outcome and this magnification can be used to violated privacy. We demonstrate the practicality of the attack by violating a voter's privacy in a mock election using the software implementation of Helios. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy. We present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus. Furthermore, we present similar vulnerabilities in other electronic voting protocols - namely, the schemes by Lee et al., Sako and Kilian and Schoenmakers- which do not assure ballot independence. Finally, we argue that independence and privacy properties are unrelated, and non-malleability is stronger than independence. |
CC : | 001D02B04; 001D02A05; 001D02B07C |
FD : | Sécurité informatique; Vote électronique; Logiciel libre; Internet; Administration électronique; Vie privée; Faisabilité; Spécification formelle; Simultanéité informatique; Protocole transmission; Confidentialité; Réseau web; Vulnérabilité; Grossissement; Législation; pi calcul; . |
ED : | Computer security; Electronic vote; Open source software; Internet; Electronic government; Private life; Feasibility; Formal specification; Concurrency; Transmission protocol; Confidentiality; World wide web; Vulnerability; Magnification; Legislation; pi calculus |
SD : | Seguridad informatica; Voto electrónico; Software libre; Internet; Administración electrónica; Vida privada; Practicabilidad; Especificación formal; Simultaneidad informatica; Protocolo transmisión; Confidencialidad; Red WWW; Vulnerabilidad; Aumento; Legislación; pi calculo |
LO : | INIST-28149.354000173229760030 |
ID : | 13-0145410 |
Links to Exploration step
Pascal:13-0145410Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">Attacking and fixing Helios: An analysis of ballot secrecy</title>
<author><name sortKey="Cortier, Veronique" sort="Cortier, Veronique" uniqKey="Cortier V" first="Véronique" last="Cortier">Véronique Cortier</name>
<affiliation><inist:fA14 i1="01"><s1>CNRS, Loria, UMR 7503</s1>
<s2>Vandœuvre</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Smyth, Ben" sort="Smyth, Ben" uniqKey="Smyth B" first="Ben" last="Smyth">Ben Smyth</name>
<affiliation><inist:fA14 i1="02"><s1>INRIA Paris-Rocquencourt</s1>
<s2>Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">INIST</idno>
<idno type="inist">13-0145410</idno>
<date when="2013">2013</date>
<idno type="stanalyst">PASCAL 13-0145410 INIST</idno>
<idno type="RBID">Pascal:13-0145410</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">000086</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">Attacking and fixing Helios: An analysis of ballot secrecy</title>
<author><name sortKey="Cortier, Veronique" sort="Cortier, Veronique" uniqKey="Cortier V" first="Véronique" last="Cortier">Véronique Cortier</name>
<affiliation><inist:fA14 i1="01"><s1>CNRS, Loria, UMR 7503</s1>
<s2>Vandœuvre</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Smyth, Ben" sort="Smyth, Ben" uniqKey="Smyth B" first="Ben" last="Smyth">Ben Smyth</name>
<affiliation><inist:fA14 i1="02"><s1>INRIA Paris-Rocquencourt</s1>
<s2>Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</analytic>
<series><title level="j" type="main">Journal of computer security</title>
<title level="j" type="abbreviated">J. comput. secur.</title>
<idno type="ISSN">0926-227X</idno>
<imprint><date when="2013">2013</date>
</imprint>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt><title level="j" type="main">Journal of computer security</title>
<title level="j" type="abbreviated">J. comput. secur.</title>
<idno type="ISSN">0926-227X</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Computer security</term>
<term>Concurrency</term>
<term>Confidentiality</term>
<term>Electronic government</term>
<term>Electronic vote</term>
<term>Feasibility</term>
<term>Formal specification</term>
<term>Internet</term>
<term>Legislation</term>
<term>Magnification</term>
<term>Open source software</term>
<term>Private life</term>
<term>Transmission protocol</term>
<term>Vulnerability</term>
<term>World wide web</term>
<term>pi calculus</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr"><term>Sécurité informatique</term>
<term>Vote électronique</term>
<term>Logiciel libre</term>
<term>Internet</term>
<term>Administration électronique</term>
<term>Vie privée</term>
<term>Faisabilité</term>
<term>Spécification formelle</term>
<term>Simultanéité informatique</term>
<term>Protocole transmission</term>
<term>Confidentialité</term>
<term>Réseau web</term>
<term>Vulnérabilité</term>
<term>Grossissement</term>
<term>Législation</term>
<term>pi calcul</term>
<term>.</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this article, we analyse ballot secrecy in Helios and discover a vulnerability which allows an adversary to compromise the privacy of voters. The vulnerability exploits the absence of ballot independence in Helios and works by replaying a voter's ballot or a variant of it, the replayed ballot magnifies the voter's contribution to the election outcome and this magnification can be used to violated privacy. We demonstrate the practicality of the attack by violating a voter's privacy in a mock election using the software implementation of Helios. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy. We present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus. Furthermore, we present similar vulnerabilities in other electronic voting protocols - namely, the schemes by Lee et al., Sako and Kilian and Schoenmakers- which do not assure ballot independence. Finally, we argue that independence and privacy properties are unrelated, and non-malleability is stronger than independence.</div>
</front>
</TEI>
<inist><standard h6="B"><pA><fA01 i1="01" i2="1"><s0>0926-227X</s0>
</fA01>
<fA03 i2="1"><s0>J. comput. secur.</s0>
</fA03>
<fA05><s2>21</s2>
</fA05>
<fA06><s2>1</s2>
</fA06>
<fA08 i1="01" i2="1" l="ENG"><s1>Attacking and fixing Helios: An analysis of ballot secrecy</s1>
</fA08>
<fA11 i1="01" i2="1"><s1>CORTIER (Véronique)</s1>
</fA11>
<fA11 i1="02" i2="1"><s1>SMYTH (Ben)</s1>
</fA11>
<fA14 i1="01"><s1>CNRS, Loria, UMR 7503</s1>
<s2>Vandœuvre</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</fA14>
<fA14 i1="02"><s1>INRIA Paris-Rocquencourt</s1>
<s2>Paris</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</fA14>
<fA20><s1>89-148</s1>
</fA20>
<fA21><s1>2013</s1>
</fA21>
<fA23 i1="01"><s0>ENG</s0>
</fA23>
<fA43 i1="01"><s1>INIST</s1>
<s2>28149</s2>
<s5>354000173229760030</s5>
</fA43>
<fA44><s0>0000</s0>
<s1>© 2013 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45><s0>100 ref.</s0>
</fA45>
<fA47 i1="01" i2="1"><s0>13-0145410</s0>
</fA47>
<fA60><s1>P</s1>
</fA60>
<fA61><s0>A</s0>
</fA61>
<fA64 i1="01" i2="1"><s0>Journal of computer security</s0>
</fA64>
<fA66 i1="01"><s0>NLD</s0>
</fA66>
<fC01 i1="01" l="ENG"><s0>Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this article, we analyse ballot secrecy in Helios and discover a vulnerability which allows an adversary to compromise the privacy of voters. The vulnerability exploits the absence of ballot independence in Helios and works by replaying a voter's ballot or a variant of it, the replayed ballot magnifies the voter's contribution to the election outcome and this magnification can be used to violated privacy. We demonstrate the practicality of the attack by violating a voter's privacy in a mock election using the software implementation of Helios. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy. We present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus. Furthermore, we present similar vulnerabilities in other electronic voting protocols - namely, the schemes by Lee et al., Sako and Kilian and Schoenmakers- which do not assure ballot independence. Finally, we argue that independence and privacy properties are unrelated, and non-malleability is stronger than independence.</s0>
</fC01>
<fC02 i1="01" i2="X"><s0>001D02B04</s0>
</fC02>
<fC02 i1="02" i2="X"><s0>001D02A05</s0>
</fC02>
<fC02 i1="03" i2="X"><s0>001D02B07C</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE"><s0>Sécurité informatique</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG"><s0>Computer security</s0>
<s5>06</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA"><s0>Seguridad informatica</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE"><s0>Vote électronique</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG"><s0>Electronic vote</s0>
<s5>07</s5>
</fC03>
<fC03 i1="02" i2="X" l="SPA"><s0>Voto electrónico</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE"><s0>Logiciel libre</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG"><s0>Open source software</s0>
<s5>08</s5>
</fC03>
<fC03 i1="03" i2="X" l="SPA"><s0>Software libre</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE"><s0>Internet</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG"><s0>Internet</s0>
<s5>09</s5>
</fC03>
<fC03 i1="04" i2="X" l="SPA"><s0>Internet</s0>
<s5>09</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE"><s0>Administration électronique</s0>
<s5>10</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG"><s0>Electronic government</s0>
<s5>10</s5>
</fC03>
<fC03 i1="05" i2="X" l="SPA"><s0>Administración electrónica</s0>
<s5>10</s5>
</fC03>
<fC03 i1="06" i2="X" l="FRE"><s0>Vie privée</s0>
<s5>11</s5>
</fC03>
<fC03 i1="06" i2="X" l="ENG"><s0>Private life</s0>
<s5>11</s5>
</fC03>
<fC03 i1="06" i2="X" l="SPA"><s0>Vida privada</s0>
<s5>11</s5>
</fC03>
<fC03 i1="07" i2="X" l="FRE"><s0>Faisabilité</s0>
<s5>12</s5>
</fC03>
<fC03 i1="07" i2="X" l="ENG"><s0>Feasibility</s0>
<s5>12</s5>
</fC03>
<fC03 i1="07" i2="X" l="SPA"><s0>Practicabilidad</s0>
<s5>12</s5>
</fC03>
<fC03 i1="08" i2="X" l="FRE"><s0>Spécification formelle</s0>
<s5>13</s5>
</fC03>
<fC03 i1="08" i2="X" l="ENG"><s0>Formal specification</s0>
<s5>13</s5>
</fC03>
<fC03 i1="08" i2="X" l="SPA"><s0>Especificación formal</s0>
<s5>13</s5>
</fC03>
<fC03 i1="09" i2="X" l="FRE"><s0>Simultanéité informatique</s0>
<s5>14</s5>
</fC03>
<fC03 i1="09" i2="X" l="ENG"><s0>Concurrency</s0>
<s5>14</s5>
</fC03>
<fC03 i1="09" i2="X" l="SPA"><s0>Simultaneidad informatica</s0>
<s5>14</s5>
</fC03>
<fC03 i1="10" i2="X" l="FRE"><s0>Protocole transmission</s0>
<s5>15</s5>
</fC03>
<fC03 i1="10" i2="X" l="ENG"><s0>Transmission protocol</s0>
<s5>15</s5>
</fC03>
<fC03 i1="10" i2="X" l="SPA"><s0>Protocolo transmisión</s0>
<s5>15</s5>
</fC03>
<fC03 i1="11" i2="X" l="FRE"><s0>Confidentialité</s0>
<s5>18</s5>
</fC03>
<fC03 i1="11" i2="X" l="ENG"><s0>Confidentiality</s0>
<s5>18</s5>
</fC03>
<fC03 i1="11" i2="X" l="SPA"><s0>Confidencialidad</s0>
<s5>18</s5>
</fC03>
<fC03 i1="12" i2="X" l="FRE"><s0>Réseau web</s0>
<s5>19</s5>
</fC03>
<fC03 i1="12" i2="X" l="ENG"><s0>World wide web</s0>
<s5>19</s5>
</fC03>
<fC03 i1="12" i2="X" l="SPA"><s0>Red WWW</s0>
<s5>19</s5>
</fC03>
<fC03 i1="13" i2="X" l="FRE"><s0>Vulnérabilité</s0>
<s5>20</s5>
</fC03>
<fC03 i1="13" i2="X" l="ENG"><s0>Vulnerability</s0>
<s5>20</s5>
</fC03>
<fC03 i1="13" i2="X" l="SPA"><s0>Vulnerabilidad</s0>
<s5>20</s5>
</fC03>
<fC03 i1="14" i2="X" l="FRE"><s0>Grossissement</s0>
<s5>21</s5>
</fC03>
<fC03 i1="14" i2="X" l="ENG"><s0>Magnification</s0>
<s5>21</s5>
</fC03>
<fC03 i1="14" i2="X" l="SPA"><s0>Aumento</s0>
<s5>21</s5>
</fC03>
<fC03 i1="15" i2="X" l="FRE"><s0>Législation</s0>
<s5>22</s5>
</fC03>
<fC03 i1="15" i2="X" l="ENG"><s0>Legislation</s0>
<s5>22</s5>
</fC03>
<fC03 i1="15" i2="X" l="SPA"><s0>Legislación</s0>
<s5>22</s5>
</fC03>
<fC03 i1="16" i2="X" l="FRE"><s0>pi calcul</s0>
<s5>23</s5>
</fC03>
<fC03 i1="16" i2="X" l="ENG"><s0>pi calculus</s0>
<s5>23</s5>
</fC03>
<fC03 i1="16" i2="X" l="SPA"><s0>pi calculo</s0>
<s5>23</s5>
</fC03>
<fC03 i1="17" i2="X" l="FRE"><s0>.</s0>
<s4>INC</s4>
<s5>82</s5>
</fC03>
<fN21><s1>119</s1>
</fN21>
<fN44 i1="01"><s1>OTO</s1>
</fN44>
<fN82><s1>OTO</s1>
</fN82>
</pA>
</standard>
<server><NO>PASCAL 13-0145410 INIST</NO>
<ET>Attacking and fixing Helios: An analysis of ballot secrecy</ET>
<AU>CORTIER (Véronique); SMYTH (Ben)</AU>
<AF>CNRS, Loria, UMR 7503/Vandœuvre/France (1 aut.); INRIA Paris-Rocquencourt/Paris/France (2 aut.)</AF>
<DT>Publication en série; Niveau analytique</DT>
<SO>Journal of computer security; ISSN 0926-227X; Pays-Bas; Da. 2013; Vol. 21; No. 1; Pp. 89-148; Bibl. 100 ref.</SO>
<LA>Anglais</LA>
<EA>Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this article, we analyse ballot secrecy in Helios and discover a vulnerability which allows an adversary to compromise the privacy of voters. The vulnerability exploits the absence of ballot independence in Helios and works by replaying a voter's ballot or a variant of it, the replayed ballot magnifies the voter's contribution to the election outcome and this magnification can be used to violated privacy. We demonstrate the practicality of the attack by violating a voter's privacy in a mock election using the software implementation of Helios. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy. We present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus. Furthermore, we present similar vulnerabilities in other electronic voting protocols - namely, the schemes by Lee et al., Sako and Kilian and Schoenmakers- which do not assure ballot independence. Finally, we argue that independence and privacy properties are unrelated, and non-malleability is stronger than independence.</EA>
<CC>001D02B04; 001D02A05; 001D02B07C</CC>
<FD>Sécurité informatique; Vote électronique; Logiciel libre; Internet; Administration électronique; Vie privée; Faisabilité; Spécification formelle; Simultanéité informatique; Protocole transmission; Confidentialité; Réseau web; Vulnérabilité; Grossissement; Législation; pi calcul; .</FD>
<ED>Computer security; Electronic vote; Open source software; Internet; Electronic government; Private life; Feasibility; Formal specification; Concurrency; Transmission protocol; Confidentiality; World wide web; Vulnerability; Magnification; Legislation; pi calculus</ED>
<SD>Seguridad informatica; Voto electrónico; Software libre; Internet; Administración electrónica; Vida privada; Practicabilidad; Especificación formal; Simultaneidad informatica; Protocolo transmisión; Confidencialidad; Red WWW; Vulnerabilidad; Aumento; Legislación; pi calculo</SD>
<LO>INIST-28149.354000173229760030</LO>
<ID>13-0145410</ID>
</server>
</inist>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/PascalFrancis/Corpus
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000086 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Corpus/biblio.hfd -nk 000086 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Wicri/Lorraine |area= InforLorV4 |flux= PascalFrancis |étape= Corpus |type= RBID |clé= Pascal:13-0145410 |texte= Attacking and fixing Helios: An analysis of ballot secrecy }}
This area was generated with Dilib version V0.6.33. |