A note on replay attacks that violate privacy in electronic voting schemes

In our previous work, we have shown that the Helios 2.0 electronic voting protocol does not satisfy ballot independence and exploit this weakness to violate privacy; in particular, the Helios scheme is shown to be vulnerable to a replay attack. In this note we examine two further electronic voting protocols -- namely, the schemes by Sako & Kilian and Schoenmakers -- that are known not to satisfy ballot independence and demonstrate replay attacks that violate privacy.Dans un résultat précédent, nous avons montré que le protocole de vote électronique Helios 2.0 ne garantissait pas l'indépendance des votes et que cela pouvait être utilisé pour compromettre la confidentialité des votes. Cette attaque repose en particulier sur le fait que le protocole Helios est vulnérable aux attaques par rejeu. Dans cette note, nous examinons le cas de deux autres protocoles de vote de la littérature -- les protocoles Sako & Kilian et Schoenmakers -- qui sont connus pour ne pas garantir l'indépendance des votes. Nous montrons comment cette vulnérabilité peut être à nouveau exploitée pour compromettre la confidentialité

Truncating TLS Connections to Violate Beliefs in Web Applications

We identify logical web application flaws which can be exploited by TLS truncation attacks to desynchronize the user- and server-perspective of an application’s state. It follows immediately that servers may make false assumptions about users, hence, the flaw constitutes a security vulnerability. Moreover, in the context of authentication systems, we exploit the vulnerability to launch the following practical attacks: we exploit the Helios electronic voting system to cast votes on behalf of honest voters, take full control of Microsoft Live accounts, and gain temporary access to Google accounts

Mind the Gap: Individual- and universal-verifiability plus cast-as-intended don\u27t yield verifiable voting systems

We show that verifiable voting systems require a security notion beyond individual- and universal-verifiability plus cast-as-intended

Surveying global verifiability

We explore global verifiability; discovering that voting systems vulnerable to attack can be proven to satisfy that security notion, whereas many secure systems cannot. We conclude that current definitions are unsuitable for the analysis of voting systems, fuelling the exploration for a suitable definition

Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios

We propose a definition of ballot secrecy as an indistinguishability game in the computational model of cryptography. Our definition improves upon earlier definitions to ensure ballot secrecy is preserved in the presence of an adversary that controls ballot collection. We also propose a definition of ballot independence as an adaptation of an indistinguishability game for asymmetric encryption. We prove relations between our definitions. In particular, we prove ballot independence is sufficient for ballot secrecy in voting systems with zero-knowledge tallying proofs. Moreover, we prove that building systems from non-malleable asymmetric encryption schemes suffices for ballot secrecy, thereby eliminating the expense of ballot-secrecy proofs for a class of encryption-based voting systems. We demonstrate applicability of our results by analysing the Helios voting system and its mixnet variant. Our analysis reveals that Helios does not satisfy ballot secrecy in the presence of an adversary that controls ballot collection. The vulnerability cannot be detected by earlier definitions of ballot secrecy, because they do not consider such adversaries. We adopt non-malleable ballots as a fix and prove that the fixed system satisfies ballot secrecy

A foundation for secret, verifiable elections

Many voting systems rely on art, rather than science, to ensure that votes are freely made, with equal influence. Such systems build upon creativity and skill, rather than scientific foundations. These systems are routinely broken in ways that compromise free-choice or permit undue influence. Breaks can be avoided by proving that voting systems satisfy formal notions of voters voting freely and of detecting undue influence. This manuscript provides a detailed technical introduction to a definition of ballot secrecy by Smyth that formalises the former notion and a definition of verifiability by Smyth, Frink & Clarkson that formalises the latter. The definitions are presented in the computational model of cryptography: Ballot secrecy is expressed as the inability to distinguish between an instance of the voting system in which voters cast some votes, from another instance in which the voters cast a permutation of those votes. Verifiability decomposes into individual verifiability, which is expressed as the inability to cause a collision between ballots, and universal verifiability, which is expressed as the inability to cause an incorrect election outcome to be accepted. The definitions are complimented with simple examples that demonstrate the essence of these properties and detailed proofs are constructed to show how secrecy and verifiability can be formally proved. Finally, the Helios and Helios Mixnet voting systems are presented as case studies to provide an understanding of state-of-the-art systems that are being used for binding elections

Decoupling of internal and external workload during a marathon: An analysis of durability in 82,303 recreational runner

© 2022 The Author(s). This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/Aim: This study characterised the decoupling of internal-to-external workload in marathon running and investigated whether decoupling magnitude and onset could improve predictions of marathon performance. Methods: The decoupling of internal-to-external workload was calculated in 82,303 marathon runners (13,125 female). Internal workload was determined as a percentage of maximum heart rate, and external workload as speed relative to estimated critical speed (CS). Decoupling magnitude (i.e., decoupling in the 35–40 km segment relative to the 5–10 km segment) was classified as low (< 1.1), moderate (≥ 1.1 but < 1.2) or high (≥ 1.2). Decoupling onset was calculated when decoupling exceeded 1.025. Results: The overall internal-to-external workload decoupling experienced was 1.16 ± 0.22, first detected 25.2 ± 9.9 km into marathon running. The low decoupling group (34.5% of runners) completed the marathon at a faster relative speed (88 ± 6% CS), had better marathon performance (217.3 ± 33.1 min), and first experienced decoupling later in the marathon (33.4 ± 9.0 km) compared to those in the moderate (32.7% of runners, 86 ± 6% CS, 224.9 ± 31.7 min, and 22.6 ± 7.7 km), and high decoupling groups (32.8% runners, 82 ± 7% CS, 238.5 ± 30.7 min, and 19.1 ± 6.8 km; all p < 0.01). Compared to females, males’ decoupling magnitude was greater (1.17 ± 0.22 vs. 1.12 ± 0.16; p < 0.01) and occurred earlier (25.0 ± 9.8 vs. 26.3 ± 10.6 km; p < 0.01). Marathon performance was associated with the magnitude and onset of decoupling, and when included in marathon performance models utilising CS and the curvature constant, prediction error was reduced from 6.45 to 5.16%. Conclusion: Durability characteristics, assessed as internal-to-external workload ratio, show considerable inter-individual variability, and both its magnitude and onset are associated with marathon performance.Peer reviewe

Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers

International audienceObservational equivalence allows us to study important security properties such as anonymity. Unfortunately, the difficulty of proving observational equivalence hinders analysis. Blanchet, Abadi & Fournet simplify its proof by introducing a sufficient condition for observational equivalence , called diff-equivalence, which is a reachability condition that can be proved automatically by ProVerif. However, diff-equivalence is a very strong condition, which often does not hold even if observational equivalence does. In particular, when proving equivalence between processes that contain several parallel components, e.g., P | Q and P | Q , diff-equivalence requires that P is equivalent to P and Q is equivalent to Q. To relax this constraint, Delaune, Ryan & Smyth introduced the idea of swapping data between parallel processes P and Q at synchronisation points, without proving its soundness. We extend their work by formalising the semantics of synchronisation, formalising the definition of swapping, and proving its soundness. We also relax some restrictions they had on the processes to which swapping can be applied. Moreover, we have implemented our results in ProVerif. Hence, we extend the class of equivalences that can be proved automatically. We showcase our results by analysing privacy in election schemes by Fujioka, Okamoto & Ohta and Lee et al., and in the vehicular ad-hoc network by Freudiger et al