6 research outputs found
A Survey of Requirements for COVID-19 Mitigation Strategies. Part I: Newspaper Clips
The COVID-19 pandemic has influenced virtually all aspects of our lives.
Across the world, countries have applied various mitigation strategies for the
epidemic, based on social, political, and technological instruments. We
postulate that one should {identify the relevant requirements} before
committing to a particular mitigation strategy. One way to achieve it is
through an overview of what is considered relevant by the general public, and
referred to in the media. To this end, we have collected a number of news clips
that mention the possible goals and requirements for a mitigation strategy. The
snippets are sorted thematically into several categories, such as
health-related goals, social and political impact, civil rights, ethical
requirements, and so on.
In a forthcoming companion paper, we will present a digest of the
requirements, derived from the news clips, and a preliminary take on their
formal specification
User Experience Design for E-Voting: How mental models align with security mechanisms
This paper presents a mobile application for vote-casting and
vote-verification based on the Selene e-voting protocol and explains how it was
developed and implemented using the User Experience Design process. The
resulting interface was tested with 38 participants, and user experience data
was collected via questionnaires and semi-structured interviews on user
experience and perceived security. Results concerning the impact of displaying
security mechanisms on UX were presented in a complementary paper. Here we
expand on this analysis by studying the mental models revealed during the
interviews and compare them with theoretical security notions. Finally, we
propose a list of improvements for designs of future voting protocols.Comment: E-Vote-ID 2019 TalTech Proceeding
Who Was that Masked Voter? The Tally Won’t Tell!
peer reviewedWe consider elections that publish anonymised voted ballots or anonymised cast-vote records for transparency or verification purposes, investigating the implications for privacy, coercion, and vote selling and exploring how partially masking the ballots can alleviate these issues. Risk Limiting Tallies (RLT), which reveal only a random sample of ballots, were previously proposed to mitigate some coercion threats. Masking some ballots provides coerced voters with plausible deniability, while risk-limiting techniques ensure that the required confidence level in the election result is achieved. Risk-Limiting Verification (RLV) extended this approach to masking a random subset of receipts or trackers. Here we show how these ideas can be generalised and made more flexible and effective by masking at a finer level of granularity: at the level of the components of ballots. In particular, we consider elections involving complex ballots, where RLT may be vulnerable to pattern-based vote buying. We propose various measures of verifiability and coercion-resistance and investigate how several sampling/masking strategies perform against these measures. Using methods from coding theory, we analyse signature attacks, bounding the number of voters who can be coerced. We also define new quantitative measures for the level of coercion-resistance without plausible deniability and the level of vote-buying-resistance without “free lunch” vote sellers. These results and the different strategies for masking ballots are of general interest for elections that publish ballots for auditing, verification, or transparency purposes
Taphonomical Security: (DNA) Information with Foreseeable Lifespan
This paper introduces the concept of information with a foreseeable lifespan and explains who to achieve this primitive via a new method for encoding and storing information in DNA-RNA sequences.
The storage process can be divided into three time-frames. Within the first (life), we can easily read out the stored data with high probability. The second time-frame (agony) is a parameter-dependent state of uncertainty; the data is not easily accessible, but still cannot be guaranteed to be inaccessible. During the third (death), the data can with high probability not be recovered without a large computational effort which can be controlled via a security parameter.
The quality of such a system, in terms of a foreseeable lifespan, depends on the brevity of the agony time-frame, and we show how to optimise this.
In the present paper, we analyse the use of synthetic DNA and RNA as a storage medium since it is a suitable information carrier and we can manipulate the RNA nucleotide degradation rate to help control the lifespan of the message embedded in the synthesized DNA/RNA molecules.
Other media such as Bisphenol A thermal fax paper or unstable nonvolatile memory technologies can be used to implement the same principle but the decay models of each of those phenomena should be re-analysed and the formulae given in this paper adapted correspondingly
(Universal) Unconditional Verifiability in E-Voting without Trusted Parties
In traditional e-voting protocols, privacy is often provided by a trusted
authority that learns the votes and computes the tally. Some protocols replace
the trusted authority by a set of authorities, and privacy is guaranteed if
less than a threshold number of authorities are corrupt. For verifiability,
stronger security guarantees are demanded. Typically, corrupt authorities that
try to fake the result of the tally must always be detected.
To provide verifiability, many e-voting protocols use Non-Interactive
Zero-Knowledge proofs (NIZKs). Thanks to their non-interactive nature, NIZKs
allow anybody, including third parties that do not participate in the protocol,
to verify the correctness of the tally. Therefore, NIZKs can be used to obtain
universal verifiability. Additionally, NIZKs also improve usability because
they allow voters to cast a vote using a non-interactive protocol.
The disadvantage of NIZKs is that their security is based on setup
assumptions such as the common reference string (CRS) or the random oracle (RO)
model. The former requires a trusted party for the generation of a common
reference string. The latter, though a popular methodology for designing secure
protocols, has been shown to be unsound.
In this paper, we address the design of an e-voting protocol that provides
verifiability without any trust assumptions, where verifiability here is meant
without eligibility verification. We show that Non-Interactive
Witness-Indistinguishable proofs (NIWI) can be used for this purpose. The
e-voting scheme is private under the Decision Linear assumption, while
verifiability holds unconditionally. To our knowledge, this is the first
private e-voting scheme with perfect universal verifiability, i.e. one in which
the probability of a fake tally not being detected is 0, and with {\em
non-interactive} protocols that does not rely on trust assumptions