Browse ORBilu by Open Access
- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?
ORBilu is a project developed by
   How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative AnalysisMestel, David  ; Mueller, Johannes ; in 35th IEEE Computer Security Foundations Symposium (2022) Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real ... [more ▼] Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat. [less ▲] Detailed reference viewed: 38 (2 UL)Breaking and Fixing Vote Privacy of the Estonian E-Voting Protocol IVXVMueller, Johannes in Workshop on Advances in Secure Electronic Voting 2022 (2022) We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in ... [more ▼] We revisit the e-voting protocol IVXV that is used for legally-binding political elections in Estonia from a privacy perspective. We demonstrate that IVXV is vulnerable to attacks against vote privacy in those threat scenarios that were considered for IVXV originally. We explain how to improve IVXV so that it protects against the privacy issues we discovered. [less ▲] Detailed reference viewed: 87 (1 UL)Epoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting; ; Mueller, Johannes in IEEE European Symposium on Security and Privacy, EuroS&P 2021, Vienna, Austria, September 6-10, 2021 (2021) Detailed reference viewed: 35 (1 UL)A Novel Proof of Shuffle: Exponentially Secure Cut-and-Choose; Mueller, Johannes in Information Security and Privacy - 26th Australasian Conference, ACISP 2021, Virtual Event, December 1-3, 2021, Proceedings (2021) Detailed reference viewed: 38 (0 UL)Optimal Randomized Partial Checking for Decryption Mix Nets; Mueller, Johannes in Information Security and Privacy - 26th Australasian Conference, ACISP 2021, Virtual Event, December 1-3, 2021, Proceedings (2021) Detailed reference viewed: 35 (0 UL)A Verifiable and Practical Lattice-Based Decryption Mix Net with External Auditing; ; Mueller, Johannes in Computer Security - ESORICS 2020 - 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14-18, 2020, Proceedings, Part II (2020) Detailed reference viewed: 52 (3 UL)Post-Quantum Anonymous Veto Networks; ; Mueller, Johannes et alin E-Vote-ID 2020 (2020) Detailed reference viewed: 82 (4 UL)SoK: Techniques for Verifiable Mix NetsMueller, Johannes in Haines, Thomas; Mueller, Johannes (Eds.) IEEE Computer Security Foundations Symposium (2020) Detailed reference viewed: 51 (4 UL)Ordinos: A Verifiable Tally-Hiding E-Voting SystemMueller, Johannes in Küsters, Ralf; Liedtke, Julian; Mueller, Johannes (Eds.) et al IEEE European Symposium on Security and Privacy (2020) Detailed reference viewed: 42 (1 UL) |
||
