Browse ORBilu by Open Access
- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?
ORBilu is a project developed by
   Provably Improving Election Verifiability in BeleniosBaloglu, Sevdenur  ; Bursuc, Sergiu ; Mauw, Sjouke et alin Electronic Voting 6th International Joint Conference, E-Vote-ID 2021 Virtual Event, October 5–8, 2021, Proceedings (2021, October) Belenios is an online voting system that provides a strong notion of election verifiability, where no single party has to be trusted, and security holds as soon as either the voting registrar or the ... [more ▼] Belenios is an online voting system that provides a strong notion of election verifiability, where no single party has to be trusted, and security holds as soon as either the voting registrar or the voting server is honest. It was formally proved to be secure, making the assump- tion that no further ballots are cast on the bulletin board after voters verified their ballots. In practice, however, revoting is allowed and voters can verify their ballots anytime. This gap between formal proofs and use in practice leaves open space for attacks, as has been shown recently. In this paper we make two simple additions to Belenios and we formally prove that the new version satisfies the expected verifiability properties. Our proofs are automatically performed with the Tamarin prover, under the assumption that voters are allowed to vote at most four times. [less ▲] Detailed reference viewed: 133 (23 UL)Election Verifiability Revisited: Automated Security Proofs and Attacks on Helios and BeleniosBaloglu, Sevdenur ; Bursuc, Sergiu ; Mauw, Sjouke et alin IEEE 34th Computer Security Foundations Symposium, Dubrovnik 21-25 June 2021 (2021, June) Election verifiability aims to ensure that the outcome produced by electronic voting systems correctly reflects the intentions of eligible voters, even in the presence of an adversary that may corrupt ... [more ▼] Election verifiability aims to ensure that the outcome produced by electronic voting systems correctly reflects the intentions of eligible voters, even in the presence of an adversary that may corrupt various parts of the voting infrastructure. Protecting such systems from manipulation is challenging because of their distributed nature involving voters, election authorities, voting servers and voting platforms. An adversary corrupting any of these can make changes that, individually, would go unnoticed, yet in the end will affect the outcome of the election. It is, therefore, important to rigorously evaluate whether the measures prescribed by election verifiability achieve their goals. We propose a formal framework that allows such an evaluation in a systematic and automated way. We demonstrate its application to the verification of various scenarios in Helios and Belenios, two prominent internet voting systems, for which we capture features and corruption models previously outside the scope of formal verification. Relying on the Tamarin protocol prover for automation, we derive new security proofs and attacks on deployed versions of these protocols, illustrating trade-offs between usability and security. [less ▲] Detailed reference viewed: 200 (16 UL) |
||
