Top

Annals of Telecommunications

Published in:

01-08-2016

SecIVo: a quantitative security evaluation framework for internet voting schemes

Authors: Stephan Neumann, Melanie Volkamer, Jurlind Budurushi, Marco Prandini

Published in: Annals of Telecommunications | Issue 7-8/2016

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Voting over the Internet is subject to a number of security requirements. Each voting scheme has its own bespoke set of assumptions to ensure these security requirements. The criticality of these assumptions depends on the election setting (e.g., how trustworthy the voting servers or the voting devices are). The consequence of this is that the security of different Internet voting schemes cannot easily be compared. We have addressed this shortcoming by developing SecIVo, a quantitative security evaluation framework for Internet voting schemes. On the basis of uniform adversarial capabilities, the framework provides two specification languages, namely qualitative security models and election settings. Upon system analysis, system analysts feed the framework with qualitative security models composed of adversarial capabilities. On the other side, election officials specify their election setting in terms of—among others—expected adversarial capabilities. The framework evaluates the qualitative security models within the given election setting and returns satisfaction degrees for a set of security requirements. We apply SecIVo to quantitatively evaluate Helios and Remotegrity within three election settings. It turns out that there is no scheme which outperforms the other scheme in all settings. Consequently, selecting the most appropriate scheme from a security perspective depends on the environment into which the scheme is to be embedded.

previous article Receipt-free remote electronic elections with everlasting privacy

next article Exact approach for the optimal design of virtual private network trees assuming a hose workload

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Knowing in advance to the election which voters will cast identical votes is at least very hard.

The IACR deploys an n-out-of-n secret sharing scheme [24].

Adida B (2008) Helios: web-based open-audit voting. In: USENIX security symposium, pp 335–348

Allan R, Billinton R, de Oliveira MF (1976) An efficient algorithm for deducing the minimal cuts and reliability indices of a general network configuration. IEEE Trans Reliab 25(4):226–233CrossRefMATH

Almasizadeh J, Azgomi MA (2009) Intrusion process modeling for security quantification. In: 2009 Fourth international conference on availability, reliability and security (ARES). IEEE, pp 114–121

Armando A, Compagna L (2004) Satmc: a sat-based model checker for security protocols. In: Logics in artificial intelligence. Springer, pp 730–733

Aven T (1985) Reliability/availability evaluations of coherent systems based on minimal cut sets. Reliab Eng 13(2):93–104MathSciNetCrossRef

Bannister F, Connolly R (2007) A risk assessment framework for electronic voting. Int J Technol Policy Manag 7(2):190–208CrossRef

Basin D, Mödersheim S, Vigano L (2005) Ofmc: a symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208CrossRef

Bella G, Paulson LC, Massacci F (2002) The verification of an industrial payment protocol: the set purchase phase. In: Proceedings of the 9th ACM conference on computer and communications security. ACM, pp 12–20

Benaloh J, Quisquater JJ, Vaudenay S (2010) IACR 2010 election report

10.

Binder K (1986) Introduction: theory and technical aspects of Monte Carlo simulations. Springer

11.

Biondi F, Legay A (2015) Quantitative anonymity evaluation of voting protocols. In: Software engineering and formal methods, lecture notes in computer science. Springer International Publishing, pp 335–349

12.

Budurushi J, Neumann S, Olembo MM, Volkamer M (2013) Pretty understandable democracy-a secure and understandable internet voting scheme. In: 2013 Eighth international conference on availability, reliability and security (ARES). IEEE, pp 198– 207

13.

Buldas A, Mägi T (2007) Practical security analysis of e-voting systems. In: Advances in information and computer security. Springer, pp 320–335

14.

Canetti R, Halevi S, Katz J (2003) A forward-secure public-key encryption scheme. In; Advances in cryptologyeurocrypt 2003. Springer, pp 255–271

15.

Carlos MC, Martina JE, Price G, Custódio RF (2013) An updated threat model for security ceremonies. In: Proceedings of the 28th Annual ACM symposium on applied computing. ACM, pp 1836–1843

16.

Cetinkaya O (2008) Analysis of security requirements for cryptographic voting protocols. In: 2008 Third international conference on availability, reliability and security (ARES). IEEE, pp 1451–1456

17.

Chaum D, Carback R, Clark J, Essex A, Popoveniuc S, Rivest RL, Ryan PY, Shen E, Sherman AT (2008) Scantegrity ii: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes. EVT 8:1–13

18.

Chaum DL (1981) Untraceable electronic mail, return addresses, and digital pseudonyms. Commun ACM 24(2):84–90CrossRef

19.

Clarkson MR, Chong S, Myers AC (2007) Civitas: a secure voting system. Tech. rep., Cornell University

20.

Coney L, Hall JL, Vora PL, Wagner D (2005) Towards a privacy measurement criterion for voting systems. In: Proceedings of the 2005 national conference on Digital government research. Digital Government Society of North America, pp 287–288

21.

Cortier V, Galindo D, Glondu S, Izabachène M (2014) Election verifiability for helios under weaker trust assumptions. In: Computer security-ESORICS 2014. Springer, pp 327–344

22.

Cortier V, Galindo D, Glondu S, Izabachne M (2013) A generic construction for voting correctness at minimum cost—application to helios. IACR Cryptology ePrint Archive 2013:177

23.

Cortier V, Smyth B (2013) Attacking and fixing helios: an analysis of ballot secrecy. J Comput Secur 21(1):89–148CrossRef

24.

Cuvelier E, Pereira O, Peters T (2013) Election verifiability or ballot privacy: Do we need to choose?. In: Computer Security–ESORICS 2013. Springer, pp 481–498

25.

Delaune S, Kremer S, Ryan M (2006) Coercion-resistance and receipt-freeness in electronic voting. In: Computer Security Foundations Workshop, 2006. 19th IEEE. IEEE, pp 12–pp

26.

Delaune S, Kremer S, Ryan M (2009) Verifying privacy-type properties of electronic voting protocols. J Comput Secur 17:435–487. doi:http://dx.doi.org/10.3233/JCS-2009-0340 CrossRefMATH

27.

Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208MathSciNetCrossRefMATH

28.

Driels MR, Shin YS (2004) Determining the number of iterations for monte carlo simulations of weapon effectiveness. Tech. rep., DTIC Document

29.

EAC Advisory Board and Standards Board (2009) Threat trees and matrices and threat instance risk analyzer (tira)

30.

Fujioka A, Okamoto T, Ohta K (1993) A practical secret voting scheme for large scale elections. In: Advances in CryptologyAUSCRYPT’92. Springer, pp 244–251

31.

Fuqua N (1987) Reliability engineering for electronic design, vol 34. CRC Press

32.

Haber S, Benaloh J, Halevi S (2010) The helios e-voting demo for the IACR. International Association for Cryptologic Research. http://www.iacr.org/elections/eVoting/heliosDemo.pdf

33.

IACR: IACR 2010 Election (2010). https://vote.heliosvoting.org/helios/elections/85db4808-cc46-11df-a972-12313f025959/view

34.

IACR: A short explanation of helios for cryptographers (2010). http://www.iacr.org/elections/2010/HeliosForCryptographers.html

35.

IACR: About the Helios System (2016). http://www.iacr.org/elections/eVoting/about-helios.html

36.

Iida Y, Wakabayashi H (1989) An approximation method of terminal reliability of road network using partial minimal path and cut sets. In: Transport policy, management & technology towards 2001: selected proceedings of the fifth world conference on transport research, vol 4

37.

Juels A, Catalano D, Jakobsson M (2005) Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society. ACM, pp 61–70

38.

Kahn J, Linial N, Samorodnitsky A (1996) Inclusion-exclusion: exact and approximate. Combinatorica 16(4):465–477MathSciNetCrossRefMATH

39.

Kim HM, Nevo S (2008) Development and application of a framework for evaluating multi-mode voting risks. Internet Research 18(1):121–135CrossRef

40.

Kremer S, Ryan M, Smyth B (2010) Election verifiability in electronic voting protocols. In: ESORICS, lecture notes in computer science, vol 6345. Springer, pp 389–404

41.

Küsters R, Truderung T (2009) An epistemic approach to coercion-resistance for electronic voting protocols. In: 30th IEEE symposium on Security and privacy (SP), 2009. IEEE, pp 251–266

42.

Küsters R, Truderung T, Vogt A (2010) Accountability: definition and relationship to verifiability. In: Proceedings of the 17th ACM conference on computer and communications security. ACM, pp 526–535

43.

Küsters R, Truderung T, Vogt A (2011) Verifiability, privacy, and coercion-resistance: new insights from a case study. In: IEEE symposium on security and privacy (SP), 2011. IEEE, pp 538–553

44.

Küsters R, Truderung T, Vogt A (2012) Clash attacks on the verifiability of e-voting systems. In: 33rd IEEE symposium on security and privacy (SP), 2012. IEEE, pp 395–409

45.

Landau DP, Binder K (2014) A guide to Monte Carlo simulations in statistical physics. Cambridge University Press

46.

Langer L (2010) Privacy and verifiability in electronic voting. Ph.D. thesis, TU Darmstadt

47.

Lauer TW (2004) The risk of e-voting. Electronic Journal of e-Government 2:177–186

48.

Lee WS, Grosh DL, Tillman FA, Lie CH (1985) Fault tree analysis, methods, and applications: a review. IEEE Trans Reliab 34(3):194–203CrossRefMATH

49.

Luna J, Suri N, Krontiris I (2012) Privacy-by-design based on quantitative threat modeling. In: Seventh international conference on risk and security of internet and systems (CRiSIS), 2012. IEEE, pp 1–8

50.

Madan BB, Goševa-Popstojanova K, Vaidyanathan K, Trivedi KS (2004) A method for modeling and quantifying the security attributes of intrusion tolerant systems. Perform Eval 56(1):167–186CrossRef

51.

Moran T, Naor M (2006) Receipt-free universally-verifiable voting with everlasting privacy. In: Advances in cryptology-CRYPTO 2006. Springer, pp 373–392

52.

Mundform DJ, Schaffer J, Kim MJ, Shaw D, Thongteeraparp A, Supawan P (2011) Number of replications required in monte carlo simulation studies: a synthesis of four studies. Journal of Modern Applied Statistical Methods 10(1):4

53.

Neumann S, Budurushi J, Volkamer M (2014) Analysis of security and cryptographic approaches to provide secret and verifiable electronic voting, chap 2, pp 27–61. Design, development, and use of secure electronic voting systems. IGI Global

54.

Neumann S, Olembo MM, Renaud K, Volkamer M (2014) Helios verification: to alleviate, or to nominate: is that the question, or shall we have both?. In: Electronic government and the information systems perspective. Springer, pp 246– 260

55.

Nevo S, Kim H (2006) How to compare and analyse risks of internet voting versus other modes of voting. Electronic Government, an International Journal 3(1):105–112CrossRef

56.

Ouchani S, Jarraya Y, Mohamed OA (2011) Model-based systems security quantification. In: Ninth annual international conference on privacy, security and trust (PST), 2011. IEEE, pp 142–149

57.

Pardue H, Landry J, Yasinsac A (2010) A risk assessment model for voting systems using threat trees and monte carlo simulation. In: First international workshop on requirements engineering for e-voting systems (RE-VOTE), 2009. IEEE, pp 55–60

58.

Pardue H, Landry JP, Yasinsac A (2011) E-voting risk assessment: a threat tree for direct recording electronic systems. Int J Inf Secur Priv (IJISP) 5(3):19–35CrossRef

59.

Pardue H, Yasinsac A, Landry J (2010) Towards internet voting security: a threat tree for risk assessment. In: Fifth international conference on risks and security of internet and systems (CRiSIS), 2010. IEEE, pp 1–7

60.

Paulson LC (1997) Proving properties of security protocols by induction. In: Computer security foundations workshop, 1997. Proceedings, 10th. IEEE, pp 70–83

61.

Pereira O (2014) Personal communication

62.

Rubinstein RY, Kroese DP (2011) Simulation and the Monte Carlo method, vol 707. Wiley

63.

Ryan PY, Teague V (2013) Pretty good democracy. In: Security protocols XVII. Springer, pp 111–130

64.

Sampigethaya K, Poovendran R (2006) A framework and taxonomy for comparison of electronic voting schemes. Computers & Security 25(2):137–153CrossRef

65.

Schryen G, Volkamer M, Ries S, Habib SM (2011) A formal approach towards measuring trust in distributed systems. In: Proceedings of the 2011 ACM symposium on applied computing. ACM, pp 1739–1745

66.

Smyth B (2012) Replay attacks that violate ballot secrecy in Helios. Tech. rep., Cryptology ePrint Archive

67.

Stoneburner G, Goguen A, Feringa A (2002) Risk management guide for information technology systems. Tech. rep., National Institute of Standards and Technology Special Publication 800–30

68.

Vaurio JK (1998) An implicit method for incorporating common-cause failures in system analysis. IEEE Trans Reliab 47(2):173–180CrossRef

69.

Waters B (2009) Dual system encryption: realizing fully secure ibe and hibe under simple assumptions. In: Advances in Cryptology-CRYPTO 2009. Springer, pp 619–636

70.

Zagórski F, Carback RT, Chaum D, Clark J, Essex A, Vora PL (2013) Remotegrity: Design and use of an end-to-end verifiable remote voting system. In: Applied cryptography and network security. Springer Berlin Heidelberg, pp 441–457

Title: SecIVo: a quantitative security evaluation framework for internet voting schemes
Authors: Stephan Neumann
Melanie Volkamer
Jurlind Budurushi
Marco Prandini
Publication date: 01-08-2016
Publisher: Springer Paris
Published in: Annals of Telecommunications / Issue 7-8/2016
Print ISSN: 0003-4347
Electronic ISSN: 1958-9395
DOI: https://doi.org/10.1007/s12243-016-0520-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 7-8/2016

Receipt-free remote electronic elections with everlasting privacy

Power allocation for device-to-device communication underlaying cellular networks under a probabilistic eavesdropping scenario

Exact approach for the optimal design of virtual private network trees assuming a hose workload

An investigation into the usability of electronic voting systems for complex elections

A review of E-voting: the past, present and future

A multi-GNSS software-defined receiver: design, implementation, and performance benefits