Top

Published in:

2017 | OriginalPaper | Chapter

Apollo – End-to-End Verifiable Internet Voting with Recovery from Vote Manipulation

Authors : Dawid Gaweł, Maciej Kosarzecki, Poorvi L. Vora, Hua Wu, Filip Zagórski

Published in: Electronic Voting

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

We present security vulnerabilities in the remote voting system Helios. We propose Apollo, a modified version of Helios, which addresses these vulnerabilities and could improve the feasibility of internet voting.

In particular, we note that Apollo does not possess Helios’ major known vulnerability, where a dishonest voting terminal can change the vote after it obtains the voter’s credential. With Apollo-lite, votes not authorized by the voter are detected by the public and prevented from being included in the tally.

The full version of Apollo enables a voter to prove that her vote was changed. We also describe a very simple protocol for the voter to interact with any devices she employs to check on the voting system, to enable frequent and easy auditing of encryptions and checking of the bulletin board.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Breaching the Privacy of Israel’s Paper Ballot Voting System

next chapter Simulating STV Hand-Counting by Computers Considered Harmful: A.C.T.

Apollo is designed so that the terminal cannot tell whether \(n=0\) or \(n >0\).

Adida, B.: Helios: web-based open-audit voting. In: USENIX Security Symposium, pp. 335–348 (2008)

Adida, B., De Marneffe, O., Pereira, O., Quisquater, J.-J., et al.: Electing a university president using open-audit voting: analysis of real-world use of helios. EVT/WOTE 9, 10 (2009)

Benaloh, J.: Simple verifiable elections. In: EVT (2006)

Benaloh, J., Byrne, M., Kortum, P.T., McBurnett, N., Pereira, O., Stark, P.B., Wallach, D.S.: STAR-vote: a secure, transparent, auditable, and reliable voting system. CoRR, abs/1211.1904 (2012)

Bernhard, D., Cortier, V., Pereira, O., Smyth, B., Warinschi, B.: Adapting Helios for provable ballot privacy. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 335–354. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23822-2_19 CrossRef

Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to Helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34961-4_38 CrossRef

Carback, R.T., Chaum, D., Clark, J., Conway, J., Essex, A., Hernson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity II municipal election at Takoma Park: the first E2E binding governmental election with ballot privacy. In: USENIX Security Symposium (2010)

Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Election verifiability for Helios under weaker trust assumptions. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 327–344. Springer, Heidelberg (2014). doi:10.1007/978-3-319-11212-1_19

Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. J. Comput. Secur. 21(1), 89–148 (2013)CrossRef

10.

Details, C.: Django: list of security vulnerabilities. MITRE’s CVE web site, Technical report (2015)

11.

Estehghari, S., Desmedt, Y.: Exploiting the client vulnerabilities in internet e-voting systems: hacking Helios 2.0 as an example. In: EVT/WOTE (2010)

12.

D. Foundation. Clickjacking protection in django. Technical report, Django Software Foundation (2015)

13.

Gjosteen, K.: Analysis of an internet voting protocol. Technical report, IACR Eprint report 2010/380 (2010)

14.

Grewal, G.S., Ryan, M.D., Chen, L., Clarkson, M.R.: Du-vote: remote electronic voting with untrusted computers. In: IEEE 28th Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13–17 July 2015, pp. 155–169 (2015)

15.

Halderman, J.A., Teague, V.: The New South Wales iVote system: security failures and verification flaws in a live online election. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 35–53. Springer, Heidelberg (2015). doi:10.1007/978-3-319-22270-7_3 CrossRef

16.

Heiderich, M., Frosch, T., Niemietz, M., Schwenk, J.: The bug that made me president a browser- and web-security case study on Helios voting. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 89–103. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32747-6_6 CrossRef

17.

Kiayias, A., Yung, M.: The vector-ballot e-voting approach. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 72–89. Springer, Heidelberg (2004). doi:10.1007/978-3-540-27809-2_9 CrossRef

18.

Kusters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: CCS (2010)

19.

Kusters, R., Truderung, T., Vogt, A.: Clash attacks on the verifiability of e-voting systems. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 395–409. IEEE (2012)

20.

Moher, E., Clark, J., Essex, A.: Diffusion of voter responsibility: potential failings in E2E voter receipt checking. USENIX J. Election Technol. Syst. (JETS) 1, 1–17 (2014)

21.

Neumann, S., Olembo, M.M., Renaud, K., Volkamer, M.: Helios verification: to alleviate, or to nominate: is that the question, or shall we have both? In: Kő, A., Francesconi, E. (eds.) EGOVIS 2014. LNCS, vol. 8650, pp. 246–260. Springer, Heidelberg (2014). doi:10.1007/978-3-319-10178-1_20

22.

Popoveniuc, S., Kelsey, J., Regenscheid, A., Vora, P.: Performance requirements for end-to-end verifiable elections. In: Proceedings of the 2010 International Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, pp. 1–16. USENIX Association (2010)

23.

Springall, D., Finkenauer, T., Durumeric, Z., Kitcat, J., Hursti, H., MacAlpine, M., Halderman, J.A.: Security analysis of the Estonian internet voting system. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 703–715. ACM, New York (2014)

24.

West, M., Barth, A., Veditz, D.: Content security policy level 2. Last call WD, W3C, July 2014

25.

Wolchok, S., Wustrow, E., Isabel, D., Halderman, J.A.: Attacking the Washington, D.C. Internet voting system. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 114–128. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32946-3_10 CrossRef

26.

Zagórski, F., Carback, R.T., Chaum, D., Clark, J., Essex, A., Vora, P.L.: Remotegrity: design and use of an end-to-end verifiable remote voting system. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 441–457. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38980-1_28 CrossRef

Title: Apollo – End-to-End Verifiable Internet Voting with Recovery from Vote Manipulation
Authors: Dawid Gaweł
Maciej Kosarzecki
Poorvi L. Vora
Hua Wu
Filip Zagórski
Publisher: Springer International Publishing
Book: Electronic Voting
Print ISBN: 978-3-319-52239-5

Electronic ISBN: 978-3-319-52240-1

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-52240-1_8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner