Attacking and fixing Helios: An analysis of ballot secrecy

Véronique Cortier 1 Ben Smyth
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies, INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this paper, we analyse ballot secrecy and discover a vulnerability which allows an adversary to compromise the privacy of voters. This vulnerability has been successfully exploited to break privacy in a mock election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy in such settings. Finally, we present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus.
Type de document :
Communication dans un congrès
24th IEEE Computer Security Foundations Symposium (CSF'11), Jun 2011, Cernay-la-Ville, France. IEEE Computer Society Press, pp.297 - 311, 2011, 〈10.1109/CSF.2011.27〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00638556
Contributeur : Véronique Cortier <>
Soumis le : samedi 5 novembre 2011 - 21:36:11
Dernière modification le : jeudi 11 janvier 2018 - 06:20:00

Identifiants

Citation

Véronique Cortier, Ben Smyth. Attacking and fixing Helios: An analysis of ballot secrecy. 24th IEEE Computer Security Foundations Symposium (CSF'11), Jun 2011, Cernay-la-Ville, France. IEEE Computer Society Press, pp.297 - 311, 2011, 〈10.1109/CSF.2011.27〉. 〈inria-00638556〉

Partager

Métriques

Consultations de la notice

206