A Usable Android Application Implementing Distributed Cryptography For Election Authorities

Although many electronic voting protocols have been proposed, their practical application faces various challenges. One of these challenges is, that these protocols require election authorities to perform complex tasks like generating keys in a distributed manner and decrypting votes in a distributed and verifiable manner. Although corresponding key generation and decryption protocols exist, they are not used in real-world elections for several reasons: The few existing implementations of these protocols and their corresponding interfaces are not designed for people with non technical background and thus not suitable for use by most election authorities. In addition, it is difficult to explain the security model of the protocols, but legal provisions generally require transparency. We implemented a smartphone application for election authorities featuring distributed key generation and verifiable distributed decryption of votes. In addition, we prepared education material throughout based on formulated metaphors for election authorities in order to explain the security of the application. We evaluated the usability of the application and understanding of the underlying security model, concluding that the application is usable for non-experts in computer science. While the participants were able to carry out the tasks, it became clear, that they did not have a clear understanding of the underlying security model, despite having viewed our educational material. We suggest improvements to this material as future work

Rational authentication protocols

ABSTRACT We use ideas from game theory to improve two families of authentication protocols, namely password-based and manual authentication schemes. The protocols will be transformed so that even if an intruder attacks different protocol runs between honest nodes, its expected payoff will still be lower than when it does not attack. A rational intruder, who always tries to maximise its payoff, therefore has no incentive to attack any protocol run among trustworthy parties

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers, humans and their devices; and we introduce Procedure Derivation Logic (PDL) as a framework for reasoning about security in actor-networks. On the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL) that evolved through our work in security in last 10 years. Both formalisms are geared towards graphic reasoning and tool support. We illustrate their workings by analysing a popular form of two-factor authentication, and a multi-channel device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended references, added discussio

Efficient Mutual Data Authentication Using Manually Authenticated Strings

Solutions for an easy and secure setup of a wireless connection between two devices are urgently needed for WLAN, Wireless USB, Bluetooth and similar standards for short range wireless communication. In this paper we analyse the SAS protocol by Vaudenay and propose a new three round protocol MA-3 for mutual data authentication based on a cryptographic commitment scheme and short manually authenticated out-of-band messages. We show that non-malleability of the commitment scheme is essential for the security of the SAS and the MA-3 schemes and that extractability or equivocability do not imply non-malleability. We also give new proofs of security for the SAS and MA-3 protocols and suggestions how to instantiate the MA-3 protocol in practise