Introduction Definitions: Four Dimensions Analysis and Case Studies Conclusion A Formal Taxonomy of Privacy in Voting Protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Université Grenoble 1, CNRS, Verimag, France First IEEE International Workshop on Security and Forensics in Communication Systems, Ottawa, Canada June 15, 2012 Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Definitions: Four Dimensions Analysis and Case Studies Conclusion Electronic voting machines. . . . . . are used all over the world Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Definitions: Four Dimensions Analysis and Case Studies Conclusion Internet voting Available in Estonia France Switzerland . . . Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Definitions: Four Dimensions Analysis and Case Studies Conclusion Security Requirements Fairness Individual Verifiability Eligibility Universal Verifiability Security Requirements Privacy Vote-Independence Receipt-Freeness Robustness Coercion-Resistance Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Definitions: Four Dimensions Analysis and Case Studies Conclusion Security Requirements Fairness Individual Verifiability Eligibility Universal Verifiability Security Requirements Privacy Vote-Independence Receipt-Freeness Robustness Coercion-Resistance Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Definitions: Four Dimensions Analysis and Case Studies Conclusion How to secure electronic voting? Idea: Use formal methods to find bugs and increase confidence Need for formal definitions Lots of related work: [ ? , ? , ? , ? , ? , ? , ? ]... Ideally we need definitions that can be applied on any protocol are comparable include known threats: coercion, vote-buying, vote-copying, forced abstention are suitable for automation Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Definitions: Four Dimensions Analysis and Case Studies Conclusion Plan 1 Introduction 2 Definitions: Four Dimensions Communication Vote-Independence Forced Abstention Knowledge about honest voters 3 Analysis and Case Studies 4 Conclusion Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Plan 1 Introduction 2 Definitions: Four Dimensions Communication Vote-Independence Forced Abstention Knowledge about honest voters 3 Analysis and Case Studies 4 Conclusion Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Four Dimensions Communication: Vote-Privacy (VP), Receipt-Freeness (RF), Coercion-Resistance (CR) Vote-Independence: Outsider (O), Insider (I) Forced Abstention Attacks: Participation Only (PO), Security against Forced-Abstention-Attacks (FA) Knowledge about honest voters: Exists Behavior (EB), Any Behavior (AB) Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Plan 1 Introduction 2 Definitions: Four Dimensions Communication Vote-Independence Forced Abstention Knowledge about honest voters 3 Analysis and Case Studies 4 Conclusion Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Vote-Privacy (VP) Main idea: Observational equivalence between two situations. Alice Bob Vote A B ≈ l Vote B A Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters The Applied Pi Calculus [ ? ] Syntax P , Q , R := processes 0 null process P | Q parallel composition ! P replication ν n . P restriction (“new”) if M = N then P else Q conditional in ( u , x ) . P message input message output out ( u , x ) . P { M / x } active substitution Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Vote-Privacy: The formal definition Definition (Vote-Privacy) A voting process respects Vote-Privacy (VP) if for all votes σ v A and σ v B we have VP ′ [ V σ id A σ f A σ v A | V σ id B σ f B σ v B ] ≈ l VP ′ [ σ id A σ f A σ v B | V σ id B σ f B σ v A ] Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Receipt-Freeness (RF) Again: Observational equivalence between two situations, but Alice tries to create a receipt or a fake. Mallory Alice Bob Secret Data A B ≈ l Fake Data B A Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Receipt-Freeness (RF) Again: Observational equivalence between two situations, but Alice tries to create a receipt or a fake. Mallory Alice Bob Secret Data A B ≈ l Fake Data B A Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Coercion-Resistance (CR) Observational equivalence between two situations, but Alice is under control by Mallory or only pretends to be so. Orders Mallory Alice Bob Secret Data A B ≈ l Fake Data B A Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Coercion-Resistance (CR) Observational equivalence between two situations, but Alice is under control by Mallory or only pretends to be so. Orders Mallory Alice Bob Secret Data A B ≈ l Fake Data B A Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Plan 1 Introduction 2 Definitions: Four Dimensions Communication Vote-Independence Forced Abstention Knowledge about honest voters 3 Analysis and Case Studies 4 Conclusion Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Insider (I) vs. Outsider (O) Main idea: Privacy, but with a voter under control of the attacker. If he can relate his vote to e.g. Alice’s vote, Mallory can distinguish both sides. O r d e r s Mallory Alice Bob Chuck Vote A B ? ≈ l Vote B A ? Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Insider (I) vs. Outsider (O) Main idea: Privacy, but with a voter under control of the attacker. If he can relate his vote to e.g. Alice’s vote, Mallory can distinguish both sides. O r d e r s Mallory Alice Bob Chuck Vote A B ? ≈ l Vote B A ? Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Introduction Communication Definitions: Four Dimensions Vote-Independence Analysis and Case Studies Forced Abstention Conclusion Knowledge about honest voters Can we combine Vote-Independence with Receipt-Freeness? “Receipt-Freeness with Chuck”: O r d e r s Mallory Alice Bob Chuck Secret Data A B ? ≈ l Fake Data B A ? Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech A Formal Taxonomy of Privacy in Voting Protocols
Recommend
More recommend
