Sophisticated Attacks on Decoy Ballots: The Devil's Menu and the Market for Lemons

Decoy ballots do not count in election outcomes, but otherwise they are indistinguishable from real ballots. By means of a game-theoretical model, we show that decoy ballots may not provide effective protection against a malevolent adversary trying to buy real ballots. If the citizenry is divided into subgroups (or districts), the adversary can construct a so-called "Devil's Menu" consisting of several prices. In equilibrium, the adversary can buy the real ballots of any strict subset of districts at a price corresponding to the willingness to sell on the part of the citizens holding such ballots. By contrast, decoy voters are trapped into selling their ballots at a low, or even negligible, price. Blowing up the adversary's budget by introducing decoy ballots may thus turn out to be futile. The Devil's Menu can also be applied to the well-known "Lemons Problem"

Security Hazards when Law is Code.

As software continues to eat the world, there is an increasing pressure to automate every aspect of society, from self-driving cars, to algorithmic trading on the stock market. As this pressure manifests into software implementations of everything, there are security concerns to be addressed across many areas. But are there some domains and fields that are distinctly susceptible to attacks, making them difficult to secure? My dissertation argues that one domain in particular—public policy and law— is inherently difficult to automate securely using computers. This is in large part because law and policy are written in a manner that expects them to be flexibly interpreted to be fair or just. Traditionally, this interpreting is done by judges and regulators who are capable of understanding the intent of the laws they are enforcing. However, when these laws are instead written in code, and interpreted by a machine, this capability to understand goes away. Because they blindly fol- low written rules, computers can be tricked to perform actions counter to their intended behavior. This dissertation covers three case studies of law and policy being implemented in code and security vulnerabilities that they introduce in practice. The first study analyzes the security of a previously deployed Internet voting system, showing how attackers could change the outcome of elections carried out online. The second study looks at airport security, investigating how full-body scanners can be defeated in practice, allowing attackers to conceal contraband such as weapons or high explosives past airport checkpoints. Finally, this dissertation also studies how an Internet censorship system such as China’s Great Firewall can be circumvented by techniques that exploit the methods employed by the censors themselves. To address these concerns of securing software implementations of law, a hybrid human-computer approach can be used. In addition, systems should be designed to allow for attacks or mistakes to be retroactively undone or inspected by human auditors. By combining the strengths of computers (speed and cost) and humans (ability to interpret and understand), systems can be made more secure and more efficient than a method employing either alone.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120795/1/ewust_1.pd

Nullification, a coercion-resistance add-on for e-voting protocols

Coercion is one of the remaining issues on internet voting. Many developing countries are prone to this problem due to lower income rate. In this study, a novel coercion-resistant protocol has been proposed that can be integrated with previously proposed e-voting systems. We call it nullification. We present it as a part of the VoteXX e-voting protocol that has been designed and implemented through this study. Nullification gives the voter a strategic advantage over the coercer. The voter can share her keys with a trusted proxy, called a nullifier, for later flipping that vote. Integrity and ballot secrecy are provided simultaneously through the use of zero-knowledge proofs, specifically Σ-protocols. We show how our approach is different from (and potentially composable with) re-voting or panic password techniques that have been previously proposed in the academic literature. Through designing this protocol, we solve several issues, design new Σ-protocols and protocols for the secure evaluation of basic logic functions like exclusive-or (xor) under encryption: True XOR and Online XOR have been proposed that improves the previously proposed Mix and Match protocol for secure multi-party computation of an arbitrary function under constrained input domain

Portland Daily Press: December 29,1879

https://digitalmaine.com/pdp_1879/1119/thumbnail.jp

Winona Daily News

https://openriver.winona.edu/winonadailynews/1314/thumbnail.jp