Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols

Code voting was introduced by Chaum as a solution for using a possibly infected-by-malware device to cast a vote in an electronic voting application. Chaum's work on code voting assumed voting codes are physically delivered to voters using the mail system, implicitly requiring to trust the mail system. This is not necessarily a valid assumption to make - especially if the mail system cannot be trusted. When conspiring with the recipient of the cast ballots, privacy is broken. It is clear to the public that when it comes to privacy, computers and "secure" communication over the Internet cannot fully be trusted. This emphasizes the importance of using: (1) Unconditional security for secure network communication. (2) Reduce reliance on untrusted computers. In this paper we explore how to remove the mail system trust assumption in code voting. We use PSMT protocols (SCN 2012) where with the help of visual aids, humans can carry out $\mod 10$ addition correctly with a 99\% degree of accuracy. We introduce an unconditionally secure MIX based on the combinatorics of set systems. Given that end users of our proposed voting scheme construction are humans we \emph{cannot use} classical Secure Multi Party Computation protocols. Our solutions are for both single and multi-seat elections achieving: \begin{enumerate}[i)] \item An anonymous and perfectly secure communication network secure against a $t$-bounded passive adversary used to deliver voting, \item The end step of the protocol can be handled by a human to evade the threat of malware. \end{enumerate} We do not focus on active adversaries

A Cut Principle for Information Flow

We view a distributed system as a graph of active locations with unidirectional channels between them, through which they pass messages. In this context, the graph structure of a system constrains the propagation of information through it. Suppose a set of channels is a cut set between an information source and a potential sink. We prove that, if there is no disclosure from the source to the cut set, then there can be no disclosure to the sink. We introduce a new formalization of partial disclosure, called *blur operators*, and show that the same cut property is preserved for disclosure to within a blur operator. This cut-blur property also implies a compositional principle, which ensures limited disclosure for a class of systems that differ only beyond the cut.Comment: 31 page

A Fast Cryptographic Protocol for Anonymous Voting

In this work, we discuss the problem of electronic voting. This notion has become widely sought in the world, which justifies the efforts made by researchers in this field. Voting by electronic means does not facilitate the task only for the organizers, but also for the voters who can send their choices from the home. Our system of binary electronic voting is based on Paillier cryptosystem. We chose this protocol as it is an additive homomorphism which will facilitate the calculation of the final vote results. The method presents a great difficulty in the decryption for attackers as it is based on the problem of factoring large numbers.   The protocol that we propose guarantees the anonymity of the vote, i.e. no one should know the vote of an elector. We also worked on the control of the parties holding the ballot. This increases the security, reliability and integrity of the vote. We have introduced several cryptographic notions to create an effective scheme

A note on replay attacks that violate privacy in electronic voting schemes

In our previous work, we have shown that the Helios 2.0 electronic voting protocol does not satisfy ballot independence and exploit this weakness to violate privacy; in particular, the Helios scheme is shown to be vulnerable to a replay attack. In this note we examine two further electronic voting protocols -- namely, the schemes by Sako & Kilian and Schoenmakers -- that are known not to satisfy ballot independence and demonstrate replay attacks that violate privacy.Dans un résultat précédent, nous avons montré que le protocole de vote électronique Helios 2.0 ne garantissait pas l'indépendance des votes et que cela pouvait être utilisé pour compromettre la confidentialité des votes. Cette attaque repose en particulier sur le fait que le protocole Helios est vulnérable aux attaques par rejeu. Dans cette note, nous examinons le cas de deux autres protocoles de vote de la littérature -- les protocoles Sako & Kilian et Schoenmakers -- qui sont connus pour ne pas garantir l'indépendance des votes. Nous montrons comment cette vulnérabilité peut être à nouveau exploitée pour compromettre la confidentialité

Implementation of a Secure Internet Voting Protocol

Voting is one of the most important activities in a democratic society. In a traditional voting environment voting process sometimes becomes quite inconvenient due to the reluctance of certain voters to visit a polling booth to cast votes besides involving huge social and human resources. The development of computer networks and elaboration of cryptographic techniques facilitate the implementation of electronic voting. In this work we propose a secure electronic voting protocol that is suitable for large scale voting over the Internet. The protocol allows a voter to cast his or her ballot anonymously, by exchanging untraceable yet authentic messages. The e-voting protocol is based on blind signatures and has the properties of anonymity, mobility, efficiency, robustness, authentication, uniqueness, and universal verifiability and coercion-resistant. The proposed protocol encompasses three distinct phases - that of registration phase, voting phase and counting phase involving five parties, the voter, certification centre, authentication server, voting server and a tallying server

Civitas: Toward a Secure Voting System

Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the tradeoffs between time, cost, and security.Engineering and Applied Science

Privacy-preserving information hiding and its applications

The phenomenal advances in cloud computing technology have raised concerns about data privacy. Aided by the modern cryptographic techniques such as homomorphic encryption, it has become possible to carry out computations in the encrypted domain and process data without compromising information privacy. In this thesis, we study various classes of privacy-preserving information hiding schemes and their real-world applications for cyber security, cloud computing, Internet of things, etc. Data breach is recognised as one of the most dreadful cyber security threats in which private data is copied, transmitted, viewed, stolen or used by unauthorised parties. Although encryption can obfuscate private information against unauthorised viewing, it may not stop data from illegitimate exportation. Privacy-preserving Information hiding can serve as a potential solution to this issue in such a manner that a permission code is embedded into the encrypted data and can be detected when transmissions occur. Digital watermarking is a technique that has been used for a wide range of intriguing applications such as data authentication and ownership identification. However, some of the algorithms are proprietary intellectual properties and thus the availability to the general public is rather limited. A possible solution is to outsource the task of watermarking to an authorised cloud service provider, that has legitimate right to execute the algorithms as well as high computational capacity. Privacypreserving Information hiding is well suited to this scenario since it is operated in the encrypted domain and hence prevents private data from being collected by the cloud. Internet of things is a promising technology to healthcare industry. A common framework consists of wearable equipments for monitoring the health status of an individual, a local gateway device for aggregating the data, and a cloud server for storing and analysing the data. However, there are risks that an adversary may attempt to eavesdrop the wireless communication, attack the gateway device or even access to the cloud server. Hence, it is desirable to produce and encrypt the data simultaneously and incorporate secret sharing schemes to realise access control. Privacy-preserving secret sharing is a novel research for fulfilling this function. In summary, this thesis presents novel schemes and algorithms, including: • two privacy-preserving reversible information hiding schemes based upon symmetric cryptography using arithmetic of quadratic residues and lexicographic permutations, respectively. • two privacy-preserving reversible information hiding schemes based upon asymmetric cryptography using multiplicative and additive privacy homomorphisms, respectively. • four predictive models for assisting the removal of distortions inflicted by information hiding based respectively upon projection theorem, image gradient, total variation denoising, and Bayesian inference. • three privacy-preserving secret sharing algorithms with different levels of generality