James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne.

Slides:



Advertisements
Similar presentations
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran.
Advertisements

Chris Karlof and David Wagner
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Pretty Good Democracy James Heather, University of Surrey
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
1 Security in Wireless Protocols Bluetooth, , ZigBee.
David Evans CS588: Cryptography University of Virginia Computer Science Lecture 17: Public-Key Protocols.
Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Civitas Verifiability and Coercion Resistance for Remote Voting University of South Alabama August 15, 2012 Michael Clarkson The George Washington University.
Can voters check that their e-vote is cast as they intended and properly included in an accurate count? Vanessa Teague University of Melbourne
Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.
Civitas Security and Transparency for Remote Voting Swiss E-Voting Workshop September 6, 2010 Michael Clarkson Cornell University with Stephen Chong (Harvard)
A Pairing-Based Blind Signature
A Supervised Verifiable Voting Protocol for the Victorian Electoral Commission Craig Burton 1 Chris Culnane 2 James Heather 2 Thea Peacock 3 Peter Y. A.
ThreeBallot, VAV, and Twin Ronald L. Rivest – MIT CSAIL Warren D. Smith - CRV Talk at EVT’07 (Boston) August 6, 2007 Ballot Box Ballot Mixer Receipt G.
On the Security of Ballot Receipts in E2E Voting Systems Jeremy Clark, Aleks Essex, and Carlisle Adams Presented by Jeremy Clark.
Cryptographic Voting Protocols: A Systems Perspective Chris Karlof Naveen Sastry David Wagner UC-Berkeley Direct Recording Electronic voting machines (DREs)
1 Receipt-freedom in voting Pieter van Ede. 2 Important properties of voting  Authority: only authorized persons can vote  One vote  Secrecy: nobody.
Receipt-Free Universally-Verifiable Voting With Everlasting Privacy Tal Moran Joint work with Moni Naor.
Presidential Election 2011 The Who? Where? What? & How?
Vanessa Teague Department of Computer Science and Software Engineering University of Melbourne Australia.
Self-Enforcing E-Voting (SEEV) Feng Hao Newcastle University, UK CryptoForma’13, Egham.
Receipt-free Voting Joint work with Markus Jakobsson, C. Andy Neff Ari Juels RSA Laboratories.
Reusable Anonymous Return Channels
Research & development A Practical and Coercion-resistant scheme for Internet Voting Jacques Traoré (joint work with Roberto Araújo and Sébastien Foulle)
Pretty Good Voting (PGV) Christian Bell, Jason Duell, Amir Kamil Computer Security CS 261 Fall 2004.
How Hard Is It To Manipulate Voting? Edith Elkind, Princeton Helger Lipmaa, HUT.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Receipt-freeness and coercion-resistance: formal definitions and fault attacks Stéphanie Delaune / Steve Kremer / Mark D. Ryan.
Midterm Exam. Problem 1: Short Answer Access Control –Subject, object, rights Common Criteria –Government Assurance Standard Originator Controlled Access.
RC4 1 RC4 RC4 2 RC4  Invented by Ron Rivest o “RC” is “Ron’s Code” or “Rivest Cipher”  A stream cipher  Generate keystream byte at a step o Efficient.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Civitas Toward a Secure Voting System AFRL Information Management Workshop October 22, 2010 Michael Clarkson Cornell University.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
History and Background Part 1: Basic Concepts and Monoalphabetic Substitution CSCI 5857: Encoding and Encryption.
Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.
Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
A Brief Intro to Aperio and Eperio Aleksander Essex University of Waterloo, *University of Ottawa SecVote 2010 Sept. 3, Bertinoro Italy.
Masked Ballot Voting for Receipt-Free Online Elections Sam Heinith, David Humphrey, and Maggie Watkins.
Identity-Based Secure Distributed Data Storage Schemes.
6. Esoteric Protocols secure elections and multi-party computation Kim Hyoung-Shick.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
(Business) Process Centric Exchanges
Privacy Preservation of Aggregates in Hidden Databases: Why and How? Arjun Dasgupta, Nan Zhang, Gautam Das, Surajit Chaudhuri Presented by PENG Yu.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
A remote voting system based on Prêt à Voter coded by David Lundin Johannes Clos.
Remote Prêt à Voter 1.0 (FPTP): a voter-verifiable and receipt-free remote voting Zhe Xia (Joson) July 19, 2012.
BY: CHRIS GROVES Privacy in the Voting Booth. Reason for Privacy Voters worry that their vote may be held against them in the future  People shouldn’t.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
1 Example security systems n Kerberos n Secure shell.
The Initial Bulletin Board Posting 1 st Batch2 nd BatchEmpty forms Envelopes are: Opaque Sealed Bubbles unfilled Serial numbered (numbers unique per batch)
PowerPoint 7: The Voting Process. How to become a candidate How does a person become a candidate? First, he or she has to be nominated (or chosen) by.
Outline The basic authentication problem
EVoting 23 October 2006.
ThreeBallot, VAV, and Twin
1.3 The Borda Count Method.
Maryland State Board of Elections
CSE 484 Midterm Review “1st half of the quarter in 5 slides”
Outline Using cryptography in networks IPSec SSL and TLS.
RC4 RC
Outline The spoofing problem Approaches to handle spoofing
DEFY:A Deniable,Encrypted File System for Log-Structured Storage
Presentation transcript:

James Heather, University of Surrey Peter Y A Ryan, University of Luxembourg Vanessa Teague, University of Melbourne

Background: PGD (1.0) Combines Code Voting with Verifiable tallying High privacy and integrity guarantees from untrusted voting clients Each voter gets a sheet of codes via a “secure” channel one for each candidate One Ack They enter the code of their chosen candidate Check they got the correct Ack

PGD 1 Ballot construction Distributed ballot construction produces, for each Ballot ID: Encrypted codes on the BB listed in a random (candidate) order Described by a PaV-style onion Unencrypted codes for the code sheets Printing these out is the main privacy vulnerability

PGD1 Tallying Submitted codes are encrypted by a Vote Server Matched to the code on the BB using a distributed plaintext equivalence test This gives an index Tallied using the PaV onion

Background: PGD (1.0) Good: Even a cheating client can’t mis-cast or drop the vote A coercer can’t find out the vote afterwards Unless they have both the code sheet and control of the device Bad: A coercer can steal the code sheet before the vote A colluding threshold of trustees can misrecord the vote

Extending PGD to STV, Borda etc Each voter lists the candidates in their order of preference Obvious extension: send off the codes in order of preference Doesn’t work because a cheating device can rearrange them

Idea A: Incremental Code sheet has a Vote Code and Ack Code for each candidate Send in Vote Codes in preference order, wait for the Ack Code before sending the next Vote Code Very secure but very slow Cheating device can’t manipulate the vote

Idea C: 2 dimensional table Each voter receives a code for each candidate, for each preference One Ack Candidate1 st 2 nd 3 rd 4th Incumbent Imprudent Repellent Insolvent Ballot ID: Ack: 28902

To vote Repellent, Insolvent, Imprudent, Incumbent: Send 9521, 3455, 1223, 0934 Expect return Ack Idea C (cont’d)‏ Candidate1 st 2 nd 3 rd 4th Incumbent Imprudent Repellent Insolvent Ballot ID: Ack: 28902

Idea C: pros and cons Voting in one step; Ack returns in one simple step As strong a defence against cheating client as PGD 1.0 Device can’t change vote without knowing codes Same privacy guarantee as PGD 1.0 Single ack implies receipt-freeness even if the coercer observes ack return

Idea B: Return Ack codes in ballot order Each voter receives A list of candidate codes in a random, secret order A list of preference-ack codes in preference order The voter sends the candidate codes in preference order and receives the preference-ack codes in the order the candidates appear on their code sheet

Example To vote Repellent, Insolvent, Imprudent, Incumbent: Send 9521, 7387, 4909, 3772 Expect return pref-acks W,C,K,T CandidateVote Code Incumbent3772 Imprudent4909 Repellent9521 Insolvent7387 Ballot ID: PreferencePref-Ack Code 1 st K 2 nd T 3 rd C 4 th W Ballot ID: Pref-Ack W C K T

Idea B: security properties Integrity: A cheating client (who doesn’t know the meaning of the preference codes) can swap two preferences undetectably only if it knows which two positions on the code sheet they correspond to. Not great if there are only 2 candidates Privacy is guaranteed against an adversary who either Does not observe the voter’s communications, or Does not see the code sheet

Idea B: pros and cons Voting in one step; Ack returns in one (complicated) step (Somewhat) weaker defence against cheating client than PGD 1.0 Because if the device can guess or discover the candidates’ ballot positions, it can swap the votes (Somewhat) weaker privacy than PGD 1.0 Because if an attacker observes the code sheet and the pref-ack return they can learn the vote

Conclusion Democracy has numerous and powerful adversaries Often insiders PGD does a decent job of addressing many of the threats Especially untrusted client machines But there are more features to add before fielding in real elections Coercion-resistance

EVT/WOTE 2011 August 2011 San Francisco

Idea C: 2d table CandidateVote Code Incumbent3772 Imprudent4909 Repellent9521 Insolvent7387 Ballot ID:

Incompetent Red Green Chequered Fuzzy Cross $rJ9*mn4R&8

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.