74 research outputs found
Natural Strategic Abilities in Voting Protocols
Security properties are often focused on the technological side of the
system. One implicitly assumes that the users will behave in the right way to
preserve the property at hand. In real life, this cannot be taken for granted.
In particular, security mechanisms that are difficult and costly to use are
often ignored by the users, and do not really defend the system against
possible attacks.
Here, we propose a graded notion of security based on the complexity of the
user's strategic behavior. More precisely, we suggest that the level to which a
security property is satisfied can be defined in terms of (a) the
complexity of the strategy that the voter needs to execute to make
true, and (b) the resources that the user must employ on the way. The simpler
and cheaper to obtain , the higher the degree of security.
We demonstrate how the idea works in a case study based on an electronic
voting scenario. To this end, we model the vVote implementation of the \Pret
voting protocol for coercion-resistant and voter-verifiable elections. Then, we
identify "natural" strategies for the voter to obtain receipt-freeness, and
measure the voter's effort that they require. We also look at how hard it is
for the coercer to compromise the election through a randomization attack
Expressing Receipt-Freeness and Coercion-Resistance in Logics of Strategic Ability: Preliminary Attempt
ABSTRACT Voting is a mechanism of utmost importance to social processes. In this paper, we focus on the strategic aspect of information security in voting procedures. We argue that the notions of receipt-freeness and coercion resistance are underpinned by existence (or nonexistence) of a suitable strategy for some participants of the voting process. In order to back the argument formally, we provide logical "transcriptions" of the informal intuitions behind coercion-related properties that can be found in the existing literature. The transcriptions are formulated in the modal game logic ATL * , well known in the area of multi-agent systems
BeleniosRF: A Non-interactive Receipt-Free Electronic Voting Scheme
International audienceWe propose a new voting scheme, BeleniosRF, that offers both receipt-freeness and end-to-end verifiability. It is receipt-free in a strong sense, meaning that even dishonest voters cannot prove how they voted. We provide a game-based definition of receipt-freeness for voting protocols with non-interactive ballot casting, which we name strong receipt-freeness (sRF). To our knowledge, sRF is the first game-based definition of receipt-freeness in the literature, and it has the merit of being particularly concise and simple. Built upon the Helios protocol, BeleniosRF inherits its simplicity and does not require any anti-coercion strategy from the voters. We implement BeleniosRF and show its feasibility on a number of platforms, including desktop computers and smartphones
Verification of Multi-Agent Properties in Electronic Voting: A Case Study
Formal verification of multi-agent systems is hard, both theoretically and in
practice. In particular, studies that use a single verification technique
typically show limited efficiency, and allow to verify only toy examples. Here,
we propose some new techniques and combine them with several recently developed
ones to see what progress can be achieved for a real-life scenario. Namely, we
use fixpoint approximation, domination-based strategy search, partial order
reduction, and parallelization to verify heterogeneous scalable models of the
Selene e-voting protocol. The experimental results show that the combination
allows to verify requirements for much more sophisticated models than
previously
Formal Treatment of Distributed Trust in Electronic Voting
Electronic voting systems are among the most security critical distributed systems. Different trust concepts are implemented to mitigate the risk of conspiracies endangering security properties. These concepts render systems often very complex and end users no longer recognize whom they need to trust. Correspondingly, specific trust considerations are necessary to support users. Recently, resilience terms have been proposed in order to express, which entities can violate the addressed security properties in particular by illegal collaborations. However, previous works derived these resilience terms manually. Thus, successful attacks can be missed. Based on this approach, we propose a framework to formally and automatically derive these terms. Our framework comprises a knowledge calculus, which allows us to model knowledge and reason about knowledge of collaborating election entities. The introduced framework is applied to deduce previously manually derived resilience terms of three remote electronic voting systems, namely Polyas, Helios and the Estonian voting system. Thereby, we were able to discover mistakes in previous derivations
Verification of the Socio-Technical Aspects of Voting: The Case of the Polish Postal Vote 2020
Voting procedures are designed and implemented by people, for people, and
with significant human involvement. Thus, one should take into account the
human factors in order to comprehensively analyze properties of an election and
detect threats. In particular, it is essential to assess how actions and
strategies of the involved agents (voters, municipal office employees, mail
clerks) can influence the outcome of other agents' actions as well as the
overall outcome of the election. In this paper, we present our first attempt to
capture those aspects in a formal multi-agent model of the Polish presidential
election 2020. The election marked the first time when postal vote was
universally available in Poland. Unfortunately, the voting scheme was prepared
under time pressure and political pressure, and without the involvement of
experts. This might have opened up possibilities for various kinds of ballot
fraud, in-house coercion, etc. We propose a preliminary scalable model of the
procedure in the form of a Multi-Agent Graph, and formalize selected integrity
and security properties by formulas of agent logics. Then, we transform the
models and formulas so that they can be input to the state-of-art model checker
Uppaal. The first series of experiments demonstrates that verification scales
rather badly due to the state-space explosion. However, we show that a recently
developed technique of user-friendly model reduction by variable abstraction
allows us to verify more complex scenarios
- …