Co er ion-Resistan e and Re eipt-F reeness in Ele troni V oting 1 , 2 2 3 St�phanie Delaune , Steve Kremer and Ma rk Ry an 1 LSV, ENS de Ca han, CNRS & INRIA, F ran e 2 F ran e T�l� om R&D 3 S ho ol of Computer S ien e, Universit y of Birmingham, UK S. Delaune (LSV, ENS Ca han) Ele troni V oting 1 / 22
Ele troni voting A dvantages: Convenient, E� ient fa ilities fo r tallying votes. Dra wba ks: Risk of la rge-s ale and undete table fraud, Su h p roto ols a re extremely erro r-p rone. "A 15-y ea r-old in a ga rage ould manufa ture sma rt a rds and sell them on the Internet that w ould allo w fo r multiple votes" A vi Rubin P ossible issue: fo rmal metho ds abstra t analysis of the p roto ol against fo rmally-stated p rop erties S. Delaune (LSV, ENS Ca han) Ele troni V oting 2 / 22
Exp e ted p rop erties Priva y: the fa t that a pa rti ula r voted in a pa rti ula r w a y is not revealed to any one Re eipt-freeness: a voter annot p rove that she voted in a ertain w a y (this is imp o rtant to p ro- te t voters from o er ion) Co er ion-resistan e: same as re eipt-freeness, but the o er er intera ts with the voter during the p roto ol, e.g. b y p repa ring messages S. Delaune (LSV, ENS Ca han) Ele troni V oting 3 / 22
Summa ry Observations: De�nitions of se urit y p rop eties a re often insu� iently p re ise No lea r distin tion b et w een re eipt-freeness and o er ion-resistan e Goal: Prop ose the �rst �fo rmal metho ds� de�nitions of re eipt-freeenes and o er ion-resistan e Results: F o rmalisation of re eipt-freenes and o er ion-resistan e as some kind of observational equivalen e in the applied pi- al ulus, Co er ion-Resistan e ⇒ Re eipt-F reeness ⇒ Priva y , Case study: p roto ol due to Lee et al. [Lee et al. , 03℄ S. Delaune (LSV, ENS Ca han) Ele troni V oting 4 / 22
Summa ry Observations: De�nitions of se urit y p rop eties a re often insu� iently p re ise No lea r distin tion b et w een re eipt-freeness and o er ion-resistan e Goal: Prop ose the �rst �fo rmal metho ds� de�nitions of re eipt-freeenes and o er ion-resistan e Results: F o rmalisation of re eipt-freenes and o er ion-resistan e as some kind of observational equivalen e in the applied pi- al ulus, Co er ion-Resistan e ⇒ Re eipt-F reeness ⇒ Priva y , Case study: p roto ol due to Lee et al. [Lee et al. , 03℄ S. Delaune (LSV, ENS Ca han) Ele troni V oting 4 / 22
Outline of the talk 1 Intro du tion 2 Applied π - al ulus 3 F o rmalisation of Priva y and Re eipt-F reeness 4 F o rmalisation of Co er ion-Resistan e 5 Con lusion and F uture W o rks S. Delaune (LSV, ENS Ca han) Ele troni V oting 5 / 22
Outline of the talk 1 Intro du tion 2 Applied π - al ulus 3 F o rmalisation of Priva y and Re eipt-F reeness 4 F o rmalisation of Co er ion-Resistan e 5 Con lusion and F uture W o rks S. Delaune (LSV, ENS Ca han) Ele troni V oting 6 / 22
Motivation fo r using the applied π - al ulus Applied pi- al ulus: [Abadi & F ournet, 01℄ basi p rogramming language with onstru ts fo r on urren y and ommuni ation based on the π - al ulus [Milner et al. , 92℄ in some w a ys simila r to the spi- al ulus [Abadi & Go rdon, 98℄ A dvantages: allo ws us to mo del less lassi al ryptographi p rimitives b oth rea habilit y and equivalen e-based sp e i� ation of p rop erties automated p ro ofs using ProV erif to ol [Blan het℄ p o w erful p ro of te hniques fo r hand p ro ofs su essfully used to analyze a va riet y of se urit y p roto ols S. Delaune (LSV, ENS Ca han) Ele troni V oting 7 / 22
Motivation fo r using the applied π - al ulus Applied pi- al ulus: [Abadi & F ournet, 01℄ basi p rogramming language with onstru ts fo r on urren y and ommuni ation based on the π - al ulus [Milner et al. , 92℄ in some w a ys simila r to the spi- al ulus [Abadi & Go rdon, 98℄ A dvantages: allo ws us to mo del less lassi al ryptographi p rimitives b oth rea habilit y and equivalen e-based sp e i� ation of p rop erties automated p ro ofs using ProV erif to ol [Blan het℄ p o w erful p ro of te hniques fo r hand p ro ofs su essfully used to analyze a va riet y of se urit y p roto ols S. Delaune (LSV, ENS Ca han) Ele troni V oting 7 / 22
The applied π - al ulus on an example Syntax: Equational theo ry: de ( en ( x , y ) , y ) = x Pro ess: P = ν s , k . ( out ( en ( s , k )) | in ( y ) . out ( de ( y , k ))) . 1 , 1 , 2 , Semanti s: Op erational semanti s → : P → ν s , k . out ( s ) 2 , Op erational lab eled semanti s α → : x out ( x 1 . 1 , 1 ) P s , k . ( in ( y ) . out ( de ( y , k ))) | { en ( s , k ) / x 1 , 2 , 1 } ) in ( x 1 , 1 ) s , k . ( out ( s ) | { en ( s , k ) / x 2 , 1 } ν − − − − − − − − → ν S. Delaune (LSV, ENS Ca han) Ele troni V oting 8 / 22 − − − − − → ν . . .
The applied π - al ulus on an example Syntax: Equational theo ry: de ( en ( x , y ) , y ) = x Pro ess: P = ν s , k . ( out ( en ( s , k )) | in ( y ) . out ( de ( y , k ))) . 1 , 1 , 2 , Semanti s: Op erational semanti s → : P → ν s , k . out ( s ) 2 , Op erational lab eled semanti s α → : x out ( x 1 . 1 , 1 ) P s , k . ( in ( y ) . out ( de ( y , k ))) | { en ( s , k ) / x 1 , 2 , 1 } ) in ( x 1 , 1 ) s , k . ( out ( s ) | { en ( s , k ) / x 2 , 1 } ν − − − − − − − − → ν S. Delaune (LSV, ENS Ca han) Ele troni V oting 8 / 22 − − − − − → ν . . .
Stati equivalen e on frames � passive atta k er F rame M 1 / M n / A frame is a p ro ess of the fo rm ν ˜ n . ( { n } ) . x x 1 } | . . . | { Example P = ν s , k . ( out ( s ) | { en ( s , k ) / x φ ( P ) = ν s , k . { en ( s , k ) / x 2 , 1 } 1 } Stati equivalen e on frames ( ≈ ) s when s ψ dom ( ϕ ) = dom ( ψ ) (the frames oin ide on unrestri ted va riables), fo r all terms U , V , ( U = V ) ϕ i� ( U = V ) ψ E E ϕ ≈ S. Delaune (LSV, ENS Ca han) Ele troni V oting 9 / 22
Stati equivalen e on frames � passive atta k er F rame M 1 / M n / A frame is a p ro ess of the fo rm ν ˜ n . ( { n } ) . x x 1 } | . . . | { Example P = ν s , k . ( out ( s ) | { en ( s , k ) / x φ ( P ) = ν s , k . { en ( s , k ) / x 2 , 1 } 1 } Stati equivalen e on frames ( ≈ ) s when s ψ dom ( ϕ ) = dom ( ψ ) (the frames oin ide on unrestri ted va riables), fo r all terms U , V , ( U = V ) ϕ i� ( U = V ) ψ E E ϕ ≈ en ( a , k ) / k / en ( b , k ) / k / Example 1: k . ( { n . ( { x } | { y } ) �≈ s ν x } | { y } ) S. Delaune (LSV, ENS Ca han) Ele troni V oting 9 / 22 ν
Stati equivalen e on frames � passive atta k er F rame M 1 / M n / A frame is a p ro ess of the fo rm ν ˜ n . ( { n } ) . x x 1 } | . . . | { Example P = ν s , k . ( out ( s ) | { en ( s , k ) / x φ ( P ) = ν s , k . { en ( s , k ) / x 2 , 1 } 1 } Stati equivalen e on frames ( ≈ ) s when s ψ dom ( ϕ ) = dom ( ψ ) (the frames oin ide on unrestri ted va riables), fo r all terms U , V , ( U = V ) ϕ i� ( U = V ) ψ E E ϕ ≈ en ( a , k ) / en ( b , k ) / Example 2: k . { n . { x } ≈ s ν x } S. Delaune (LSV, ENS Ca han) Ele troni V oting 9 / 22 ν
Lab eled bisimulation on p ro esses � a tive atta k er Lab eled bisimulation ( ≈ ℓ ) Lab eled bisimila rit y is the la rgest symmetri relation R on losed extended p ro esses, su h that A R B implies 1 φ ( A ) ≈ s φ ( B ) , 2 if A → A ′ , then B → ∗ B ′ and A ′ R B ′ fo r some B ′ , 3 if A α A ′ , then B → ∗ α B ′ and A ′ R B ′ fo r some B ′ . Theo rem (Abadi & F ournet, 01) →→ ∗ → A ≈ ℓ B ⇔ no ontext an distinguish the t w o p ro esses A and B . S. Delaune (LSV, ENS Ca han) Ele troni V oting 10 / 22
V oting p roto ols in the applied π - al ulus De�nition (V oting p ro ess) VP ≡ ν ˜ n . ( V σ V σ A A 1 | · · · | n | 1 | · · · | m ) V σ : voter p ro ess and v ∈ dom ( σ refers to the value of his vote i i ) A : ele tion autho rit y j n : hannel names The out ome of the vote is made publi , i.e. there exists B su h that VP ( → ∗ α B ˜ v σ v σ 1 / n / with φ ( B ) ≡ ϕ | { fo r some ϕ . x x n } 1 , . . . , → ∗ ) ∗ − S is a ontext whi h is as VP but has a hole instead of t w o of the V σ i S. Delaune (LSV, ENS Ca han) Ele troni V oting 11 / 22 ֒ →
Outline of the talk 1 Intro du tion 2 Applied π - al ulus 3 F o rmalisation of Priva y and Re eipt-F reeness 4 F o rmalisation of Co er ion-Resistan e 5 Con lusion and F uture W o rks S. Delaune (LSV, ENS Ca han) Ele troni V oting 12 / 22
Recommend
More recommend
