747 research outputs found
A note on replay attacks that violate privacy in electronic voting schemes
In our previous work, we have shown that the Helios 2.0 electronic voting protocol does not satisfy ballot independence and exploit this weakness to violate privacy; in particular, the Helios scheme is shown to be vulnerable to a replay attack. In this note we examine two further electronic voting protocols -- namely, the schemes by Sako & Kilian and Schoenmakers -- that are known not to satisfy ballot independence and demonstrate replay attacks that violate privacy.Dans un résultat précédent, nous avons montré que le protocole de vote électronique Helios 2.0 ne garantissait pas l'indépendance des votes et que cela pouvait être utilisé pour compromettre la confidentialité des votes. Cette attaque repose en particulier sur le fait que le protocole Helios est vulnérable aux attaques par rejeu. Dans cette note, nous examinons le cas de deux autres protocoles de vote de la littérature -- les protocoles Sako & Kilian et Schoenmakers -- qui sont connus pour ne pas garantir l'indépendance des votes. Nous montrons comment cette vulnérabilité peut être à nouveau exploitée pour compromettre la confidentialité
Truncating TLS Connections to Violate Beliefs in Web Applications
We identify logical web application flaws which can be exploited by TLS truncation attacks to desynchronize the user- and server-perspective of an application’s state. It follows immediately that servers may make false assumptions about users, hence, the flaw constitutes a security vulnerability. Moreover, in the context of authentication systems, we exploit the vulnerability to launch the following practical attacks: we exploit the Helios electronic voting system to cast votes on behalf of honest voters, take full control of Microsoft Live accounts, and gain temporary access to Google accounts
Mind the Gap: Individual- and universal-verifiability plus cast-as-intended don\u27t yield verifiable voting systems
We show that verifiable voting systems require a security notion beyond individual- and universal-verifiability plus cast-as-intended
Surveying global verifiability
We explore global verifiability; discovering that voting systems vulnerable to attack
can be proven to satisfy that security notion, whereas many secure systems cannot.
We conclude that current definitions are unsuitable for the analysis of voting systems, fuelling the exploration
for a suitable definition
Ballot secrecy: Security definition, sufficient conditions, and analysis of Helios
We propose a definition of ballot secrecy as an indistinguishability game in the
computational model of cryptography. Our definition improves upon
earlier definitions to ensure
ballot secrecy is preserved in the presence
of an adversary that controls
ballot collection.
We also propose
a definition
of ballot independence as
an adaptation of an indistinguishability game
for asymmetric
encryption. We prove relations between our definitions. In particular, we prove
ballot independence is sufficient for ballot secrecy in voting systems with
zero-knowledge tallying proofs. Moreover, we prove that building
systems
from non-malleable asymmetric encryption schemes suffices for ballot secrecy,
thereby eliminating
the expense of ballot-secrecy proofs for a class
of encryption-based voting systems. We demonstrate applicability of
our results by analysing the Helios voting system and its mixnet variant.
Our analysis reveals that Helios does not satisfy ballot secrecy in the presence of
an adversary that controls
ballot collection. The
vulnerability cannot be detected by earlier definitions of ballot secrecy, because
they do not consider such adversaries. We adopt non-malleable ballots
as a fix and prove that the fixed system satisfies ballot secrecy
A foundation for secret, verifiable elections
Many voting systems rely on art, rather than science, to ensure that
votes are freely made, with equal influence. Such systems build upon
creativity and skill, rather than scientific foundations. These systems
are routinely broken in ways that compromise free-choice or permit
undue influence. Breaks can be avoided by proving that voting systems
satisfy formal notions of voters voting freely and of detecting
undue influence. This manuscript provides a detailed technical
introduction to
a definition of ballot secrecy by Smyth that formalises the former notion and
a definition of verifiability by Smyth, Frink & Clarkson that formalises the latter.
The definitions are presented in the computational model of cryptography:
Ballot secrecy is expressed as the inability to distinguish between an
instance of the voting system in which voters cast some votes, from another
instance in which the voters cast a permutation of those votes. Verifiability
decomposes into individual verifiability, which is expressed as the inability
to cause a collision between ballots,
and universal verifiability, which is expressed as the inability to cause an incorrect
election outcome to be accepted. The definitions are complimented with simple
examples that demonstrate the essence of these properties and detailed
proofs are constructed to show how secrecy and verifiability can be formally
proved. Finally, the Helios and Helios Mixnet voting systems are presented as case
studies to provide an understanding of state-of-the-art systems that are being
used for binding elections
Decoupling of internal and external workload during a marathon: An analysis of durability in 82,303 recreational runner
© 2022 The Author(s). This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/Aim: This study characterised the decoupling of internal-to-external workload in marathon running and investigated whether decoupling magnitude and onset could improve predictions of marathon performance. Methods: The decoupling of internal-to-external workload was calculated in 82,303 marathon runners (13,125 female). Internal workload was determined as a percentage of maximum heart rate, and external workload as speed relative to estimated critical speed (CS). Decoupling magnitude (i.e., decoupling in the 35–40 km segment relative to the 5–10 km segment) was classified as low (< 1.1), moderate (≥ 1.1 but < 1.2) or high (≥ 1.2). Decoupling onset was calculated when decoupling exceeded 1.025. Results: The overall internal-to-external workload decoupling experienced was 1.16 ± 0.22, first detected 25.2 ± 9.9 km into marathon running. The low decoupling group (34.5% of runners) completed the marathon at a faster relative speed (88 ± 6% CS), had better marathon performance (217.3 ± 33.1 min), and first experienced decoupling later in the marathon (33.4 ± 9.0 km) compared to those in the moderate (32.7% of runners, 86 ± 6% CS, 224.9 ± 31.7 min, and 22.6 ± 7.7 km), and high decoupling groups (32.8% runners, 82 ± 7% CS, 238.5 ± 30.7 min, and 19.1 ± 6.8 km; all p < 0.01). Compared to females, males’ decoupling magnitude was greater (1.17 ± 0.22 vs. 1.12 ± 0.16; p < 0.01) and occurred earlier (25.0 ± 9.8 vs. 26.3 ± 10.6 km; p < 0.01). Marathon performance was associated with the magnitude and onset of decoupling, and when included in marathon performance models utilising CS and the curvature constant, prediction error was reduced from 6.45 to 5.16%. Conclusion: Durability characteristics, assessed as internal-to-external workload ratio, show considerable inter-individual variability, and both its magnitude and onset are associated with marathon performance.Peer reviewe
Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers
International audienceObservational equivalence allows us to study important security properties such as anonymity. Unfortunately, the difficulty of proving observational equivalence hinders analysis. Blanchet, Abadi & Fournet simplify its proof by introducing a sufficient condition for observational equivalence , called diff-equivalence, which is a reachability condition that can be proved automatically by ProVerif. However, diff-equivalence is a very strong condition, which often does not hold even if observational equivalence does. In particular, when proving equivalence between processes that contain several parallel components, e.g., P | Q and P | Q , diff-equivalence requires that P is equivalent to P and Q is equivalent to Q. To relax this constraint, Delaune, Ryan & Smyth introduced the idea of swapping data between parallel processes P and Q at synchronisation points, without proving its soundness. We extend their work by formalising the semantics of synchronisation, formalising the definition of swapping, and proving its soundness. We also relax some restrictions they had on the processes to which swapping can be applied. Moreover, we have implemented our results in ProVerif. Hence, we extend the class of equivalences that can be proved automatically. We showcase our results by analysing privacy in election schemes by Fujioka, Okamoto & Ohta and Lee et al., and in the vehicular ad-hoc network by Freudiger et al
- …