To Du or not to Du: A Security Analysis of Du-Vote

Steve Kremer 1 Peter Rønne 1
1 PESTO - Proof techniques for security protocols
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Du-Vote is a recently presented remote electronic voting scheme. Its goal is to be malware tolerant, i.e., provide security even in the case where the platform used for voting has been compromised by dedicated malware. For this it uses an additional hardware token, similar to tokens distributed in the context of online banking. The token is software closed and does not have any communication means other than a numerical keyboard and a small display. Du-Vote aims at providing vote privacy as long as either the vote platform or the vote server is honest. For verifiability, the security guarantees are even higher, as even if the token's software has been changed, and the platform and the server are colluding, attempts to change the election outcome should be detected with high probability. In this paper we provide an extensive security analysis of Du-Vote and show several attacks on both privacy as well as verifiability. We also propose changes to the system that would avoid many of these attacks.
Type de document :
Communication dans un congrès
IEEE European Symposium on Security and Privacy 2016 , Mar 2016, Saarbrucken, Germany. IEEE Computer Society, Proceedings of the IEEE European Symposium on Security and Privacy 2016
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01238894
Contributeur : Steve Kremer <>
Soumis le : lundi 7 décembre 2015 - 11:48:56
Dernière modification le : jeudi 11 janvier 2018 - 06:27:43
Document(s) archivé(s) le : samedi 29 avril 2017 - 09:42:46

Fichier

SecurityAnalysis.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01238894, version 1

Collections

Citation

Steve Kremer, Peter Rønne. To Du or not to Du: A Security Analysis of Du-Vote. IEEE European Symposium on Security and Privacy 2016 , Mar 2016, Saarbrucken, Germany. IEEE Computer Society, Proceedings of the IEEE European Symposium on Security and Privacy 2016. 〈hal-01238894〉

Partager

Métriques

Consultations de la notice

351

Téléchargements de fichiers

474