To Du or not to Du: A Security Analysis of Du-Vote

Steve Kremer 1 Peter Rønne 1
1 PESTO - Proof techniques for security protocols
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Du-Vote is a recently presented remote electronic voting scheme. Its goal is to be malware tolerant, i.e., provide security even in the case where the platform used for voting has been compromised by dedicated malware. For this it uses an additional hardware token, similar to tokens distributed in the context of online banking. The token is software closed and does not have any communication means other than a numerical keyboard and a small display. Du-Vote aims at providing vote privacy as long as either the vote platform or the vote server is honest. For verifiability, the security guarantees are even higher, as even if the token's software has been changed, and the platform and the server are colluding, attempts to change the election outcome should be detected with high probability. In this paper we provide an extensive security analysis of Du-Vote and show several attacks on both privacy as well as verifiability. We also propose changes to the system that would avoid many of these attacks.
Document type :
Conference papers
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01238894
Contributor : Steve Kremer <>
Submitted on : Monday, December 7, 2015 - 11:48:56 AM
Last modification on : Tuesday, December 18, 2018 - 4:38:25 PM
Long-term archiving on : Saturday, April 29, 2017 - 9:42:46 AM

File

SecurityAnalysis.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01238894, version 1

Collections

Citation

Steve Kremer, Peter Rønne. To Du or not to Du: A Security Analysis of Du-Vote. IEEE European Symposium on Security and Privacy 2016 , Mar 2016, Saarbrucken, Germany. ⟨hal-01238894⟩

Share

Metrics

Record views

529

Files downloads

622