Reverse Bayesian poisoning: How to use spam filters to manipulate online elections

Jonker, Hugo; Mauw, Sjouke; Schmitz, Tom

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Reverse Bayesian poisoning: How to use spam filters to manipulate online elections

Jonker, Hugo; Mauw, Sjouke; Schmitz, Tom

2017 • In Krimmer, L. (Ed.) Proc. 2nd International Joint Conference on Electronic Voting

Peer reviewed

Permalink
https://hdl.handle.net/10993/34367

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

JMS17.pdf

Author preprint (269.68 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Abstract :

[en] E-voting literature has long recognised the threat of denial-of-service attacks: as attacks that (partially) disrupt the services needed to run the voting system. Such attacks violate availability. Thankfully, they are typically easily detected. We identify and investigate a denial-of-service attack on a voter's spam filters, which is not so easily detected: reverse Bayesian poisoning, an attack that lets the attacker silently suppress mails from the voting system. Reverse Bayesian poisoning can disenfranchise voters in voting systems which rely on emails for essential communication (such as voter invitation or credential distribution). The attacker stealthily trains the voter's spam filter by sending spam mails crafted to include keywords from genuine mails from the voting system. To test the potential effect of reverse Bayesian poisoning, we took keywords from the Helios voting system's email templates and poisoned the Bogofilter spam filter using these keywords. Then we tested how genuine Helios mails are classified. Our experiments show that reverse Bayesian poisoning can easily suppress genuine emails from the Helios voting system.

Disciplines :

Computer science

Author, co-author :

Jonker, Hugo

Mauw, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Schmitz, Tom ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Life Science Research Unit

External co-authors :

yes

Language :

English

Title :

Reverse Bayesian poisoning: How to use spam filters to manipulate online elections

Publication date :

2017

Event name :

2nd International Joint Conference on Electronic Voting (E-Vote-ID'17)

Event place :

Bregenz, Austria

Event date :

September 14-15 2017

Audience :

International

Main work title :

Proc. 2nd International Joint Conference on Electronic Voting

Editor :

Krimmer, L.

Publisher :

Springer

ISBN/EAN :

978-3-319-68687-5

Collection name :

LNCS 10615

Pages :

183-197

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 03 February 2018

Statistics

Number of views

150 (1 by Unilu)

Number of downloads

198 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Adida, B.: Helios: web-based open-audit voting. In: Proceedings of 17th USENIX Security Symposium, pp. 335–348. USENIX Association (2008)
Aggarwal, K.: Denial of service attack on online voting system. J. Eng. Sci. Comput. 6(5), 5585–5587 (2016)
Benaloh, J., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: Proceedings of 26th ACM Symposium on Theory of Computing (STOC), pp. 544–553. ACM (1994)
Chevallier-Mames, B., Fouque, P., Stern, J., Pointcheval, D., Traoré, J.: On some incompatible properties of voting schemes. In: Proceedings of the IAVoSS Workshop On Trustworthy Elections (2006)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)
Chaum D.: Secret-ballot receipts: true voter-verifiable elections. In: Proceedings of 25th IEEE Symposium on Security and Privacy (S&P), vol. 2(1), pp. 38–47 (2004)
Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005). doi:10.1007/11555827_8
Graham-Cumming, J.: How to beat an adaptive spam filter. In: Presentation at the MIT Spam Conference (2004)
Gerck, E., Neff, C.A., Rivest, R.L., Rubin, A.D., Yung, M.: The business of electronic voting. In: Syverson, P. (ed.) FC 2001. LNCS, vol. 2339, pp. 243–268. Springer, Heidelberg (2002). doi:10.1007/3-540-46088-8_21
Graham, P., Hackers, P.: A plan for spam. In: Big Ideas from the Computer Age, pp. 121–129. O’Reilly (2004)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES), pp. 61–70. ACM (2005)
Jefferson, D., Rubin, A.D., Simons, B., Wagner, D.: A security analysis of the secure electronic registration and voting experiment (serve). Technical report (2004)
Koenig, R.E., Locher, P., Haenni, R.: Attacking the verification code mechanism in the Norwegian internet voting system. In: Heather, J., Schneider, S., Teague, V. (eds.) Vote-ID 2013. LNCS, vol. 7985, pp. 76–92. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39185-9_5
Klimt, B., Yang, Y., Corpus, T.E.: A new dataset for email classification research. In: Proceedings of 15th European Conference on Machine Learning, pp. 217–226 (2004)
Kiayias, A., Zacharias, T., Zhang, B.: Ceremonies for end-to-end verifiable elections. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 305–334. Springer, Heidelberg (2017). doi:10.1007/978-3-662-54388-7_11
Lowd, D., Meek, C.: Good word attacks on statistical spam filters. In: Proceedings of the Second Conference on Email and Anti-Spam (CEAS 2005) (2005)
Metsis, V., Androutsopoulos, I., Paliouras G.: Spam filtering with naive Bayes - which naive Bayes? In: Proceedings of the 3rd Conference on Email and Anti-Spam (CEAS 2006) (2006)
Rubin, A.D.: Security considerations for remote electronic voting. Commun. ACM 45(12), 39–44 (2002)
Ryan, P.Y.A.: Prêt à voter with confirmation codes. In: Proceedings of the 2011 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (EVT/WOTE 2011). USENIX Association (2011)
Stern, H., Mason, J., Shepherd, M.: A linguistics-based attack on person-alised statistical e-mail classifiers. Technical report, Dalhousie University (2004)
Wittel, G.L., Wu, S.F.: On attacking statistical spam filters. In: Proceedings of the First Conference on Email and Anti-Spam (CEAS 2004) (2004)