Electronic Voting Protocol Analysis with the Inductive Method

Similar documents
Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

An Electronic Voting System Based On Blind Signature Protocol

Analysis of Security Requirements for Cryptographic Voting Protocols (Extended Abstract)

A New Receipt-Free E-Voting Scheme Based on Blind Signature (Abstract)

VoteID 2011 Internet Voting System with Cast as Intended Verification

E-Democracy and e-voting

How to prove security of communication protocols?

Verification and Validation Issues in Electronic Voting

Le vote électronique : un défi pour la vérification formelle

Verifying security protocols using theorem provers

Secure Electronic Voting

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Cryptography: Authentication, Blind Signatures, and Digital Cash

Formal Verification of Authentication-Type Properties of an Electronic Voting Protocol Using mcrl2

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Combined Proxy Re-Encryption

Cryptanalysis and security enhancement on the generation of Mu-Varadharajan electronic voting protocol. Vahid Jahandideh and Amir S.

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Computer Security. Draft Exam with Answers

Analysis of a Biometric Authentication Protocol for Signature Creation Application

CSG 399 Lecture. The Inductive Approach to Protocol Analysis p.1

The Design of Web Based Secure Internet Voting System for Corporate Election

Cryptography and Network Security: Summary

CSCE 465 Computer & Network Security

Associate Prof. Dr. Victor Onomza Waziri

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

An electronic scheme for the Farnel paper-based voting protocol

Information Security Basic Concepts


CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Formal Methods in Security Protocols Analysis

GSM and UMTS security

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Secure Cloud Identity Wallet

How to Formally Model Features of Network Security Protocols

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

3-6 Toward Realizing Privacy-Preserving IP-Traceback

Computer Science A Cryptography and Data Security. Claude Crépeau

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

An Introduction to Digital Signature Schemes

CPSC 467b: Cryptography and Computer Security

Volume I, Appendix C Table of Contents

CS 758: Cryptography / Network Security

Remote (Internet) Voting in Digital India

ZQL. a cryptographic compiler for processing private data. George Danezis. Joint work with Cédric Fournet, Markulf Kohlweiss, Zhengqin Luo

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Content Teaching Academy at James Madison University

Modeling and verification of security protocols

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Information Security

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Overview of Public-Key Cryptography

Online Voting Project. New Developments in the Voting System an Consequently Implemented Improvements in the Representation of Legal Principles.

Paillier Threshold Encryption Toolbox

APPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS: EMERGING ISSUES AND TRENDS

CIS 433/533 - Computer and Network Security Public Key Crypto/ Cryptographic Protocols

Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Overview. SSL Cryptography Overview CHAPTER 1

MACs Message authentication and integrity. Table of contents

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Chapter 10. Network Security

CSE/EE 461 Lecture 23

INFORMATION SECURITY A MULTIDISCIPLINARY. Stig F. Mjolsnes INTRODUCTION TO. Norwegian University ofscience & Technology. CRC Press

Adversary Modelling 1

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Message authentication and. digital signatures

Lecture 2: Complexity Theory Review and Interactive Proofs

Advanced Topics in Cryptography and Network Security

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring Nitesh Saxena Polytechnic University

On Coercion-Resistant Electronic Elections

Transcription:

Electronic Voting Protocol Analysis with the Inductive Method

Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification through theorem proving + mathematical induction Toolbox being built with as dummy protocol Goal: make all properties rigourously verifiable

Motivation Analysis of e-voting dominated by ProVerif automatic verifier Powerful, but sometimes limited Motivation to fill in the gaps with complementary, alternative approach

E-voting protocols: primitives Often require modelling new crypto primitives Blind signatures Bit commitment Proxy re-encryption...

Related Work Ryan / Kremer / Delaune: applied pi calculus, partially mechanized through ProVerif Observational equivalence: traces in which two voters swap their votes are equivalent in a sense Parts of the proof done by hand

Method: the Inductive approach Mathematical induction on protocol steps Dolev-Yao threat model Tool support: Isabelle/HOL interactive theorem prover

92 A practical secret voting scheme for large scale elections, AUSCRYPT 1992 By Fujioka, Okamoto and Ohta Claims four classical properties

Properties of Fairness: Partial results confidential as long as the voting phase is ongoing Eligibility: Only registered voters can vote, and only once Individual verifiability: Voters can check their vote was counted Privacy: How a particular voter voted is not known to anyone

Properties of in practice Fairness tally confidentiality before deadline Eligibility authentication + uniqueness check Individual verifiability Event implication check Privacy LINKABILITY concept (hard), our focus here

Steps of (1/2) In a nutshell: Voter picks a vote and sends a signed, blinded commitment of it with its identity to Administrator Administrator checks this and returns it with own (blind) signature if approved V unblinds this and sends it to Collector anonymously Collector checks what he receives and records it on a list if correct Deadline

Steps of (2/2) Once the deadline is reached, Collector publishes list of commitments If V s commitment is in list, V discloses secret commitment key anonymously Collector opens V s ballot and publishes it

Steps of modelled

What is privacy in e-voting? Crucial point: privacy is NOT confidentiality of vote...... But unlinkability of voter and vote In Pro-Verif, done with observational equivalence between swapped votes

Privacy in the Inductive Method: aanalz Extract associations from honest agent s messages

Privacy in the Inductive Method: asynth Build up association sets from associations with common elements

Privacy in the Inductive Method: theorem statement If a normal voter started the protocol, the corresponding vote & identity cannot be associated

E-voting protocol analysis field active, yet room for improvement Inductive Method s flexiblity allows new e-voting analysis Privacy: toughest part crucial choices, ongoing

Complete verification toolbox with missing property formalisations Model & analyse real-world e-voting protocols Derive general design guidelines

Principles of the inductive method Number of agents is unbounded, session interleaving is allowed: replay attack weakness detected Cryptographic keys: type key, different subtypes for private / public / encryption / signature Events: Says (models sending), Gets (reception), Notes (knowledge) Trace: history of network events. Inductive reasoning over traces. Focus is not security of algorithms: treated as black boxes in Isabelle

Message set operators Fundamental operators, constantly used in security statements parts: decompose into atomic message components, even ciphertext for which decrypting key unavailable analz: like parts, but leaving undecryptable ciphertext untouched synth: build up messages from message components. Includes encryption if encrypting key available

Formal protocol model Every protocol step modeled as inductive rule with pre- and postconditions Protocol model is set of all admissible traces under those rules Empty trace modeled by Nil event Threat model (DY) represented by Fake event Agents knowledge derived from traces

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information