How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis

[en] Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.

Disciplines :

Computer science

Author, co-author :

MESTEL, David ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA

MUELLER, Johannes ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA

Reisert, Pascal; University of Stuttgart

External co-authors :

yes

Language :

English

Title :

How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis

Publication date :

2022

Event name :

IEEE CSF 2022

Event date :

from 07-08-2022 to 10-10-2022

Main work title :

35th IEEE Computer Security Foundations Symposium

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

FnR Project :

FNR14698166 - Future-proofing Privacy In Secure Electronic Voting, 2020 (01/01/2021-31/12/2023) - Johannes Mueller

Available on ORBilu :

since 09 June 2022

Statistics

Number of views

197 (10 by Unilu)

Number of downloads

176 (7 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

Bibliography

Ben Adida. Helios: Web-based Open-Audit Voting. In Paul C. van Oorschot, editor, Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, pages 335-348. USENIX Association, 2008.
Mário S. Alvim, Kostas Chatzikokolakis, Catuscia Palamidessi, and Geoffrey Smith. Measuring information leakage using generalized gain functions. In Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium, CSF '12, pages 265-279, USA, 2012. IEEE Computer Society.
Gergei Bana, Marco Biroli, Megi Dervishi, Fatima-Ezzahra El Orche, Rémi Géraud-Stewart, David Naccache, Peter B. Rønne, Peter Y. A. Ryan, and Hugo Waltsburger. Time, Privacy, Robustness, Accuracy: Trade Offs for the Open Vote Network Protocol. IACR Cryptol. ePrint Arch., page 1065, 2021.
Josh Daniel Cohen Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, 1987.
David Bernhard, Véronique Cortier, David Galindo, Olivier Pereira, and Bogdan Warinschi. SoK: A Comprehensive Analysis of Game-Based Ballot Privacy Definitions. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 499-516, 2015.
David Bernhard, Véronique Cortier, Olivier Pereira, and Bogdan Warinschi. Measuring vote privacy, revisited. In Ting Yu, George Danezis, and Virgil D. Gligor, editors, ACM Conference on Computer and Communications Security (CCS 2012), pages 941-952. ACM, 2012.
David Bernhard, Olivier Pereira, and Bogdan Warinschi. How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios. In Xiaoyun Wang and Kazue Sako, editors, Advances in Cryptology-ASIACRYPT 2012-18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6, 2012. Proceedings, volume 7658 of Lecture Notes in Computer Science, pages 626-643. Springer, 2012.
Olivier Blazy, Georg Fuchsbauer, David Pointcheval, and Damien Vergnaud. Signatures on Randomizable Ciphertexts. In Dario Catalano, Nelly Fazio, Rosario Gennaro, and Antonio Nicolosi, editors, Public Key Cryptography-PKC 2011-14th International Conference on Practice and Theory in Public Key Cryptography, Taormina, Italy, March 6-9, 2011. Proceedings, volume 6571 of Lecture Notes in Computer Science, pages 403-422. Springer, 2011.
Xavier Boyen, Thomas Haines, and Johannes Müller. Epoque: Practical End-to-End Verifiable Post-Quantum-Secure E-Voting. In IEEE European Symposium on Security and Privacy, EuroS&P 2021, Vienna, Austria, September 6-10, 2021, pages 272-291. IEEE, 2021.
Sergiu Bursuc, Constantin Catalin Dragan, and Steve Kremer. Private Votes on Untrusted Platforms: Models, Attacks and Provable Scheme. In IEEE European Symposium on Security and Privacy, EuroS&P 2019, Stockholm, Sweden, June 17-19, 2019, pages 606-620. IEEE, 2019.
Craig Burton, Chris Culnane, James Heather, Thea Peacock, Peter Y. A. Ryan, Steve Schneider, Vanessa Teague, Roland Wen, Zhe Xia, and Sriramkrishnan Srinivasan. Using Prêt à Voter in Victoria State Elections. In J. Alex Halderman and Olivier Pereira, editors, 2012 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, EVT/WOTE '12, Bellevue, WA, USA, August 6-7, 2012. USENIX Association, 2012.
Richard Carback, David Chaum, Jeremy Clark, John Conway, Aleksander Essex, Paul S. Herrnson, Travis Mayberry, Stefan Popoveniuc, Ronald L. Rivest, Emily Shen, Alan T. Sherman, and Poorvi L. Vora. Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings, pages 291-306. USENIX Association, 2010.
Pyrros Chaidos, Véronique Cortier, Georg Fuchsbauer, and David Galindo. BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 1614-1625. ACM, 2016.
David Chaum, Aleksander Essex, Richard Carback, Jeremy Clark, Stefan Popoveniuc, Alan T. Sherman, and Poorvi L. Vora. Scantegrity: End-to-End Voter-Verifiable Optical-Scan Voting. IEEE Secur. Priv., 6(3):40-46, 2008.
David Chaum, Peter Y. A. Ryan, and Steve A. Schneider. A Practical Voter-Verifiable Election Scheme. In Sabrina De Capitani di Vimercati, Paul F. Syverson, and Dieter Gollmann, editors, Computer Security-ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings, volume 3679 of Lecture Notes in Computer Science, pages 118-139. Springer, 2005.
Michael R. Clarkson, Stephen Chong, and Andrew C. Myers. Civitas: Toward a Secure Voting System. In 2008 IEEE Symposium on Security and Privacy (S&P 2008), 18-21 May 2008, Oakland, California, USA, pages 354-368. IEEE Computer Society, 2008.
Véronique Cortier, David Galindo, Ralf Küsters, Johannes Müller, and Tomasz Truderung. SoK: Verifiability Notions for E-Voting Protocols. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pages 779-798, 2016.
Véronique Cortier and Ben Smyth. Attacking and Fixing Helios: An Analysis of Ballot Secrecy. In Proceedings of the 24th IEEE Computer Security Foundations Symposium, CSF 2011, Cernay-la-Ville, France, 27-29 June, 2011, pages 297-311. IEEE Computer Society, 2011.
Jannik Dreier, Pascal Lafourcade, and Yassine Lakhnech. Vote-Independence: A Powerful Privacy Notion for Voting Protocols. In Joaquín García-Alfaro and Pascal Lafourcade, editors, Foundations and Practice of Security-4th Canada-France MITACS Workshop, FPS 2011, Paris, France, May 12-13, 2011, Revised Selected Papers, volume 6888 of Lecture Notes in Computer Science, pages 164-180. Springer, 2011.
Amos Fiat and Adi Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In Andrew M. Odlyzko, editor, Advances in Cryptology-CRYPTO '86, Santa Barbara, California, USA, 1986, Proceedings, volume 263 of Lecture Notes in Computer Science, pages 186-194. Springer, 1986.
Andrew Gelman and Thomas C Little. Poststratification into many categories using hierarchical logistic regression. Survey Methodology, 46(1), 1997.
B.V. Gnedenko. Theory of Probability. Taylor & Francis, 6 edition, 1998.
Helios Voting. Attacks and Defenses. https: //documentation.heliosvoting.org/attacks-and-defenses (accessed 11.04.2022).
Lucca Hirschi, Lara Schmid, and David A. Basin. Fixing the Achilles Heel of E-Voting: The Bulletin Board. In 34th IEEE Computer Security Foundations Symposium, CSF 2021, Dubrovnik, Croatia, June 21-25, 2021, pages 1-17. IEEE, 2021.
IACR. IACR Elections, 2020. https://www.iacr.org/ elections/ (accessed 11.04.2022).
Vincenzo Iovino, Alfredo Rial, Peter B. Rønne, and Peter Y. A. Ryan. Universal Unconditional Verifiability in EVoting without Trusted Parties. In 33rd IEEE Computer Security Foundations Symposium, CSF 2020, Boston, MA, USA, June 22-26, 2020, pages 33-48. IEEE, 2020.
Shahram Khazaei and Douglas Wikström. Randomized Partial Checking Revisited. In Ed Dawson, editor, Topics in Cryptology-CT-RSA 2013-The Cryptographers' Track at the RSA Conference 2013, San Francisco,CA, USA, February 25-March 1, 2013. Proceedings, volume 7779 of Lecture Notes in Computer Science, pages 115-128. Springer, 2013.
Ralf Küsters, Julian Liedtke, Johannes Müller, Daniel Rausch, and Andreas Vogt. Ordinos: A Verifiable Tally-Hiding E-Voting System. In IEEE European Symposium on Security and Privacy, EuroS&P 2020, Genoa, Italy, September 7-11, 2020, pages 216-235. IEEE, 2020.
Ralf Küsters, Johannes Müller, Enrico Scapin, and Tomasz Truderung. sElect: A Lightweight Verifiable Remote Voting System. In IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27-July 1, 2016, pages 341-354, 2016.
Ralf Küsters, Tomasz Truderung, and Andreas Vogt. Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22-25 May 2011, Berkeley, California, USA, pages 538-553, 2011.
Ralf Küsters, Tomasz Truderung, and Andreas Vogt. Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study. IACR Cryptol. ePrint Arch., 2011:517, 2011.
Ralf Küsters, Tomasz Truderung, and Andreas Vogt. Formal Analysis of Chaumian Mix Nets with Randomized Partial Checking. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014, pages 343-358, 2014.
Benjamin E Lauderdale, Delia Bailey, Jack Blumenau, and Douglas Rivers. Model-based pre-election polling for national and sub-national outcomes in the us and uk. International Journal of Forecasting, 36(2):399-413, 2020.
Byoungcheon Lee, Colin Boyd, Ed Dawson, Kwangjo Kim, Jeongmo Yang, and Seungjae Yoo. Providing Receipt-Freeness in Mixnet-Based Voting Protocols. In Jong In Lim and Dong Hoon Lee, editors, Information Security and Cryptology-ICISC 2003, 6th International Conference, Seoul, Korea, November 27-28, 2003, Revised Papers, volume 2971 of Lecture Notes in Computer Science, pages 245-258. Springer, 2003.
Annabelle McIver, Tahiry Rabehaja, Roland Wen, and Carroll Morgan. Privacy in elections: How small is "small"? J. Inf. Secur. Appl., 36(C):112-126, October 2017.
Kazue Sako and Joe Kilian. Secure Voting Using Partially Compatible Homomorphisms. In Yvo Desmedt, editor, Advances in Cryptology-CRYPTO '94, 14th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21-25, 1994, Proceedings, volume 839 of Lecture Notes in Computer Science, pages 411-424. Springer, 1994.
Berry Schoenmakers. A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic Voting. In Michael J. Wiener, editor, Advances in Cryptology-CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 148-164. Springer, 1999.
Smartmatic. Online Voting Successfully Solving the Challenges, 2021. https://www.smartmatic. com/fileadmin/user upload/Whitepaper Online Voting Challenge Considerations TIVI.pdf (accessed 11.04.2022).
Ben Smyth. Replay attacks that violate ballot secrecy in Helios. IACR Cryptol. ePrint Arch., 2012:185, 2012.
Swiss Post. E-voting and security, 2021. https://www.post.ch/en/business-solutions/e-voting/ security-given-top-priority (accessed 11.04.2022).