Eperio: Mitigating Technical Complexity in Cryptographic Election Verification

Cryptographic (or end-to-end) election verification is a promising approach to providing transparent elections in an age of electronic voting technology. In terms of execution time and software complexity however, the technical requirements for conducting a cryptographic election audit can be prohibitive. In an effort to reduce these requirements we present Eperio: a new, provably secure construction for providing a tally that can be efficiently verified using only a small set of primitives. We show how common-place utilities, like the use of file encryption, can further simplify the verification process for election auditors. Using Python, verification code can be expressed in 50 lines of code. Compared to other proposed proof-verification methods for end-to-end election audits, Eperio lowers the technical requirements in terms of execution time, data download times, and code size. As an interesting alternative, we explain how verification can be implemented using TrueCrypt and the built-in functions of a spreadsheet, making Eperio the first end-to-end system to not require special-purpose verification software

Practical security for rural internet kiosks

Rural Internet kiosks typically provide weak security guar-antees and therefore cannot support secure web access or transaction-oriented applications such as banking and bill payment. We present a practical, unobtrusive and easy-to-use security architecture for rural Internet kiosks that uses a combination of physical and cryptographic mechanisms to protect user data and kiosk infrastructure. Our contribu-tions include (a) a detailed threat analysis of rural Internet kiosks, (b) a security architecture for rural Internet kiosks that does not require any specialized hardware features in kiosks, and (c) an application-independent and backward-compatible security API for securely sending and receiving data between kiosks and the Internet that can operate over disconnection-tolerant links

Leading Johnny to Water: Designing for Usability and Trust

ABSTRACT Although the means and the motivation for securing private messages and emails with strong end-to-end encryption exist, we have yet to see the widespread adoption of existing implementations. Previous studies have suggested that this is due to the lack of usability and understanding of existing systems such as PGP. A recent study by Ruoti et al. suggested that transparent, standalone encryption software that shows ciphertext and allows users to manually participate in the encryption process is more trustworthy than integrated, opaque software and just as usable. In this work, we critically examine this suggestion by revisiting their study, deliberately investigating the effect of integration and transparency on users' trust. We also implement systems that adhere to the OpenPGP standard and use end-to-end encryption without reliance on third-party key escrow servers. We find that while approximately a third of users do in fact trust standalone encryption applications more than browser extensions that integrate into their webmail client, it is not due to being able to see and interact with ciphertext. Rather, we find that users hold a belief that desktop applications are less likely to transmit their personal messages back to the developer of the software. We also find that despite this trust difference, users still overwhelmingly prefer integrated encryption software, due to the enhanced user experience it provides. Finally, we provide a set of design principles to guide the development of future consumerfriendly end-to-end encryption tools