67 research outputs found
The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election
In the world's largest-ever deployment of online voting, the iVote Internet
voting system was trusted for the return of 280,000 ballots in the 2015 state
election in New South Wales, Australia. During the election, we performed an
independent security analysis of parts of the live iVote system and uncovered
severe vulnerabilities that could be leveraged to manipulate votes, violate
ballot privacy, and subvert the verification mechanism. These vulnerabilities
do not seem to have been detected by the election authorities before we
disclosed them, despite a pre-election security review and despite the system
having run in a live state election for five days. One vulnerability, the
result of including analytics software from an insecure external server,
exposed some votes to complete compromise of privacy and integrity. At least
one parliamentary seat was decided by a margin much smaller than the number of
votes taken while the system was vulnerable. We also found protocol flaws,
including vote verification that was itself susceptible to manipulation. This
incident underscores the difficulty of conducting secure elections online and
carries lessons for voters, election officials, and the e-voting research
community
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
End-to-end verifiable elections in the standard model
We present the cryptographic implementation of “DEMOS”, a new e-voting system that is end-to-end verifiable in the standard model, i.e., without any additional “setup” assumption or access to a random oracle (RO). Previously known end-to-end verifiable e-voting systems required such additional assumptions (specifically, either the existence of a “randomness beacon” or were only shown secure in the RO model). In order to analyze our scheme, we also provide a modeling of end-to-end verifiability as well as privacy and receipt-freeness that encompasses previous definitions in the form of two concise attack games. Our scheme satisfies end-to-end verifiability information theoretically in the standard model and privacy/receipt-freeness under a computational assumption (subexponential Decisional Diffie Helman). In our construction, we utilize a number of techniques used for the first time in the context of e-voting schemes that include utilizing randomness from bit-fixing sources, zero-knowledge proofs with imperfect verifier randomness and complexity leveraging
Overview of progress in European medium sized tokamaks towards an integrated plasma-edge/wall solution
Integrating the plasma core performance with an edge and scrape-off layer (SOL) that leads to tolerable heat and particle loads on the wall is a major challenge. The new European medium size tokamak task force (EU-MST) coordinates research on ASDEX Upgrade (AUG), MAST and TCV. This multi-machine approach within EU-MST, covering a wide parameter range, is instrumental to progress in the field, as ITER and DEMO core/pedestal and SOL parameters are not achievable simultaneously in present day devices. A two prong approach is adopted. On the one hand, scenarios with tolerable transient heat and particle loads, including active edge localised mode (ELM) control are developed. On the other hand, divertor solutions including advanced magnetic configurations are studied. Considerable progress has been made on both approaches, in particular in the fields of: ELM control with resonant magnetic perturbations (RMP), small ELM regimes, detachment onset and control, as well as filamentary scrape-off-layer transport. For example full ELM suppression has now been achieved on AUG at low collisionality with n = 2 RMP maintaining good confinement . Advances have been made with respect to detachment onset and control. Studies in advanced divertor configurations (Snowflake, Super-X and X-point target divertor) shed new light on SOL physics. Cross field filamentary transport has been characterised in a wide parameter regime on AUG, MAST and TCV progressing the theoretical and experimental understanding crucial for predicting first wall loads in ITER and DEMO. Conditions in the SOL also play a crucial role for ELM stability and access to small ELM regimes
- …