usable verifiable remote electronic voting case study
play

Usable Verifiable Remote Electronic Voting case study HELIOS - PowerPoint PPT Presentation

Dec 11, 2022 •172 likes •769 views

Usable Verifiable Remote Electronic Voting case study HELIOS 18.07.2012 SecVote Dagstuhl Comments Based on research results from the project Usable Verifiability in Remote Electronic Voting Project funded by Research conducted

  1. Usable Verifiable Remote Electronic Voting case study HELIOS 18.07.2012 SecVote Dagstuhl

  2. Comments • Based on research results from the project “Usable Verifiability in Remote Electronic Voting” – Project funded by – Research conducted by M. Maina Olembo • Assumptions: – voter cast vote from trustworthy environment – voter receives authentication tokens (PWD) over secure channel • Focus on individual verifiability – Cast as intended SecVote - Dagstuhl 2

  3. Overview 1. Why Helios and how Helios works? 2. Helios version 1.0 interfaces 3. Cognitive Walkthrough (KOKV2011) 1. Findings 2. Improved Interfaces 4. User study (KKOVV2011) 1. Design 2. Findings 5. Online survey 1. Design 2. Findings 6. Next steps SecVote - Dagstuhl 3

  4. Why ? • Proposed by Ben Adida in 2008: http://heliosvoting.org/ • Implemented verifiable electronic voting protocol – User interface – Open � source system – Well studied from security point of view • Has been used in legally binding elections • in academic contexts: UCL, Princeton, IACR, … SecVote - Dagstuhl 4

  5. How Helios works? key holder 1 key holder 2 pk 4 out of 5 key holder 5 key holder 3 key holder 4 SecVote - Dagstuhl 5

  6. How Helios works? Voting Booth Invitation Email Voting Booth Voting Booth • Election Fingerprint Click • Election URL Press • Election Fingerprint Press • All Choices 2nd • Direct Voting URL • Election Fingerprint Button: • Questions Button: • Link: Update URL Start • Election Fingerprint • Voting Instructions • Check Boxes Review • Button: • Email Address • Button: Start • Button: Choices Encrypt Ballot • Password Review Choices Click Link: Click 1st Update Press Button: Encrypt Ballot Click Link URL write down/ Vote store/ print Helios Voting Voting Booth Confirmation Email Voting Booth ballot fingerprint Press • Election ID • Election Fingerprint Press Button: • Election Fingerprint • Election Fingerprint • Ballot Fingerprint Button: Submit Press Button: • Election Fingerprint • Ballot Fingerprint • Link:Vote • Panel: Email Send Back to Choices • Ballot Fingerprint Ballot • Button: Submit • Link: Audit • Panel: Password Encrypted Ballot • Link: Bulletin Board • Button: Send • Button: Audit Ballot • Box: Administration Press Button: Audit Ballot Independent application in separate window Copy and paste Audited Ballot Information into Empty Box Helios Verifier Voting Booth Helios Verifier Close Verifier • Box with Audited Press Click • Election Fingerprint to end Ballot Information Button: Link: • Box: Audited Ballot • Empty Box • Button: Verify Verifier Information Verifying Verify • Button: Verify • Result Verifying • Link: Helios Verifier Process Process • Button: Back to Choices Loop Compare

  7. Bulletin Board Pseudonym/Voter’s ID 1 � ballot fingerprint 1 Pseudonym/Voter’s ID 2 � ballot fingerprint 2 …… ….. …. Pseudonym/Voter’s ID n � ballot fingerprint n SecVote - Dagstuhl 7

  8. Important aspects • Separation of vote preparation/encryption and vote casting � Everyone, including auditors or election observers can verify cast as intended • Software commits to its encryption by displaying a hash of the ciphertext = ballot fingerprint � To ensure that the software provides the same ciphertext for verification and vote casting SecVote - Dagstuhl 8

  9. Important aspects • Voter can verify as many (test) ballots as he/she wants � From the software’s perspective, it cannot encrypt the wrong candidate with a sufficiently high probability of not being detected • In order to ensure the secrecy of the vote, it is not possible to first verify and then cast this ballot but needs first to be re � encrypted � New ballot fingerprint � The voter cannot verify the encrypted ballot he finally casts but must trust the system due to previous checks. SecVote - Dagstuhl 9

  10. Individual verifiability – stored as cast • Use ballot finger print from vote casting • Verify whether is stored on the bulletin board next to the voter’s ID / pseudonym by comparing • Remarks: – Can be repeated during the vote casting phase as well as during and after the tallying phase – Voter or external observers verify that encrypted votes match to published hash values SecVote - Dagstuhl 10

  11. Properties and Assumptions Properties Verifiability Coercion � resistance Receipt � freeness • • • Assumptions Cryptography works Not coercion � Cryptography works • • Trusted environment resistant (voter ID Trusted environment • tied to hash value on (n � k+1) honest key Bulletin Board) trustee SecVote - Dagstuhl 11

  12. Helios version 1.0 SecVote - Dagstuhl 12

  13. Helios version 1.0 SecVote - Dagstuhl 13

  14. SecVote

  15. SecVote - Dagstuhl 15

  16. SecVote - Dagstuhl 16

  19. Cognitive Walkthrough [KOKV11] SecVote - Dagstuhl 19

  20. Cognitive Walkthrough [KOKV11] • Carried out on Helios version 1.0 and later on version 3.0 – Interfaces evaluated from voter perspective • How usable is it to cast and verify a vote? – Five experts from security, e � voting and psychology – Fictitious university president election SecVote - Dagstuhl 20

  21. ? O/0? ? ? ? might be scary What to do with the ballot fingerprint / receipt SecVote - Dagstuhl 21

  22. where ? ? verify/audit? “ … how your options where encrypted”? How to continue verifying / casting a ballot?

  23. Independent? ? “ … how your options where encrypted”? ? C&P is error prone how to continue?/ vote cast? anything to verify? what to do if it does not match?

  24. Cognitive Walkthrough [KOKV11] • Carried out on Helios version 1.0 and later on version 3.0 – Interfaces evaluated from voter perspective • How usable is it to cast and verify a vote? – Five experts from security, e � voting and psychology – Fictitious university president election SecVote - Dagstuhl 24

  25. ? SecVote - Dagstuhl 25

  26. Missing instruction: comparison ? ! new: trust? SecVote - Dagstuhl 26

  27. ? ? new ? verify again? ? SecVote - Dagstuhl 27

  28. Independent? ? even worse! SecVote - Dagstuhl 28

  29. Findings Missing: clear terminology and clear instructions Complicate (many steps) and error prone verifiability Same design for verification and main voting interface Irritation to authenticate at the end of the voting process SecVote - Dagstuhl 29

  30. Improved Interfaces (1) Clear instructions To authenticate servers SecVote - Dagstuhl 30

  31. Improved Interfaces (2) Added verifiability step Instructions to voters SecVote - Dagstuhl 31

  32. Improved Interfaces (3) Back and Forward Buttons SecVote - Dagstuhl 32

  33. Improved Interfaces (4) Shortened verification code Options for voter SecVote - Dagstuhl 33

  34. Improved Interfaces (5) Trusted institutions for verification SecVote - Dagstuhl 34

  35. Improved Interfaces (6) Simplified results Clear instructions SecVote - Dagstuhl 35

  36. Improved Interfaces (5) Only button SecVote - Dagstuhl 36

  37. Improved Interfaces (7) Automatically re � encrypted Explanation for voter SecVote - Dagstuhl 37

  38. Comparison Old New Click Audit (Drops down to give more information) Click Verify Encryption Click verify the ballot Click link to select information Right � click and copy Click Ballot Verifier link Click on verifying institute Paste information in ballot verifier window Click Verify Close window Click close window (as in PPT) Click Back to Voting Click enter new vote button (as in PPT) Click Confirm button to re � encrypt or Update to change vote [automatic] SecVote - Dagstuhl 38

  39. User Study [KKOVV2011] SecVote - Dagstuhl 39

  40. Design of the user study (lab study) • Mock mayoral election in Darmstadt • Material/Interface in German • 34 participants • Asked to put on a modified bicycle helmet with a video camera and eye � tracking • Participants cast a vote w/o instructions (2 rounds) – Would people verify? How? – Can people verify if we tell them to do so? – Instructions emphasized verifying with different techniques, different votes Note: hard for participants to take it serious as it is not a secret election • 3 questionnaires due to eye tracker and log files SecVote - Dagstuhl 40

  41. General Usability (after round 1) do not agree fully agree SecVote - Dagstuhl 41

  42. General Usability • 1 of 20 who answered that they verified further stated not having noticed that the code changed (round 1) • 1 of the remaining 14 stated this in round 2 � Most of participates noticed it • After round 2 • 8 of 34 participants stated that it was not clear to them that they had to compare the verification codes or/and the candidates • All stated that it was clear to them that their vote was not cast after having verified SecVote - Dagstuhl 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo,

Remote Electronic Voting can be Efficient, Verifiable and Coercion-Resistant Roberto Arajo, Amira Barki, Solenn Brunet and Jacques Traor 1st Workshop on Advances in Secure Electronic Voting Schemes VOTING16 February 26th, 2016

532 views • 23 slides
VoteBox: a verifiable, tamper-evident electronic voting system

VoteBox: a verifiable, tamper-evident electronic voting system

VoteBox: a verifiable, tamper-evident electronic voting system Daniel R. Sandler Rice University

1.38k views • 86 slides
Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus

Electronic Voting Electronic voting at a precinct Analysis of an Internet Voting Focus is on preventing fraud on the part of Protocol people building and running system. Electronic voting over the internet Dale Neal Must

508 views • 5 slides
Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for

Source Paper An Anonymous Electronic Voting Protocol An Electronic Voting Protocol for Voting Over the Internet, Indrajit Ray, (revisited) Indrakshi Ray, Natarajan Narasimhamurthi Paul Valiant extending work by Dale Neal &

441 views • 5 slides
of Voting Software Greg Dennis, Kuat Yessenov, Daniel Jackson Tobias Hartmann 1 2 2011,

of Voting Software Greg Dennis, Kuat Yessenov, Daniel Jackson Tobias Hartmann 1 2 2011,

Bounded Verification of Voting Software Greg Dennis, Kuat Yessenov, Daniel Jackson Tobias Hartmann 1 2 2011, www.e-voting.cc Electronic voting machines Used in the Netherlands since 1998 Introduced KOA Remote Voting System in 2004

801 views • 20 slides
Voting Network: A Case Study of Digg 1 Y I N G W U Z H U S E A T T L E U N I V E R S I T Y E M

Voting Network: A Case Study of Digg 1 Y I N G W U Z H U S E A T T L E U N I V E R S I T Y E M

Measurement and Analysis of an Online Content Voting Network: A Case Study of Digg 1 Y I N G W U Z H U S E A T T L E U N I V E R S I T Y E M A I L : Z H U Y @ S E A T T L E U . E D U WWW2010 What are online content voting networks? 2

603 views • 32 slides
Enhanced Tally Scheme for the DEMOS End-2- End Verifiable E-voting Thomas Souliotis 1

Enhanced Tally Scheme for the DEMOS End-2- End Verifiable E-voting Thomas Souliotis 1

Enhanced Tally Scheme for the DEMOS End-2- End Verifiable E-voting Thomas Souliotis 1 Table of Contents Background Public Key Cryptography Zero Knowledge Proofs Homomorphic Encryption DEMOS Introduction

492 views • 34 slides
Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of

Verifying Electronic Voting Protocols in the Applied Pi Calculus Mark Ryan University of Birmingham joint work with St ephanie Delaune and Steve Kremer LSV Cachan, France SoCS Seminar November 2007 Outline Electronic voting Electronic

763 views • 33 slides
Voting using Java Card smart cards (a case study) Martijn Oostdijk (joint work with C-B.

Voting using Java Card smart cards (a case study) Martijn Oostdijk (joint work with C-B.

Voting using Java Card smart cards (a case study) Martijn Oostdijk (joint work with C-B. Breunesse & B. Jacobs) University of Nijmegen Outline 1. Context 2. Toys & Setup 3. Voting 4. Implementation 5. Demo 6. Results &

804 views • 15 slides
The United Nations Voting Dataset Exploratory Data Analysis: Case Study UN Voting Dataset Roll

The United Nations Voting Dataset Exploratory Data Analysis: Case Study UN Voting Dataset Roll

EXPLORATORY DATA ANALYSIS: CASE STUDY The United Nations Voting Dataset Exploratory Data Analysis: Case Study UN Voting Dataset Roll call ID Session (year) Vote Country code rcid session vote ccode Each row is a country- 46 2 1 2

461 views • 26 slides
Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction /

Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction /

Electronic Voting Ronald L. Rivest MIT CSAIL NSA June 3, 2004 Outline Introduction / Voting Voting using mix-nets Randomized Partial Checking (Jakobsson/Juels/Rivest USENIX 02) Pedagogic variant of Chaums proposal Voting

758 views • 36 slides
Citizens for Verifiable Voting http://www.coloradovoter.net December 4th, 2003 Boulder County

Citizens for Verifiable Voting http://www.coloradovoter.net December 4th, 2003 Boulder County

Citizens for Verifiable Voting http://www.coloradovoter.net December 4th, 2003 Boulder County Commissioners In the news: 12/3/03 - Fox News: Ohio Wont Make 2004 Deadline 12/2/03 - NYTimes: Hack the Vote 11/21/03 -

397 views • 11 slides
Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale

Large-Scale Electronic Voting Protocols Mike Carpenter Introduction What is meant by large-scale electronic voting protocol: Primarily Internet-based Users voting from their own devices (such as home PC/laptop) Aimed toward actual

721 views • 21 slides
Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of Birmingham based on joint work with Ben Smyth Steve Kremer Mounira Kourjieh IFIP WG 1.3, Udine, Italy September 2009 Outline Electronic voting Applied

695 views • 30 slides
Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi

Swiss E-Voting Workshop 2010 Verifiability in Remote Voting Systems September 2010 Jordi Puiggali VP Research & Development Jordi.Puiggali@scytl.com Index Auditability in e-voting Types of verifiability Verifiability methods

719 views • 27 slides
Voting Systems and Automated Reasoning: the QBFEVAL Case Study Massimo Narizzano, Luca Pulina and

Voting Systems and Automated Reasoning: the QBFEVAL Case Study Massimo Narizzano, Luca Pulina and

Introduction Preliminaries Methods YASM Comparative measures Conclusions Voting Systems and Automated Reasoning: the QBFEVAL Case Study Massimo Narizzano, Luca Pulina and Armando Tacchella STAR-Lab University of Genoa, Italy COMSOC 2006,

1.33k views • 77 slides
Motivation. 1 Three Basic Paradigms to Cryptographic E-voting The Mix The Mix- -net

Motivation. 1 Three Basic Paradigms to Cryptographic E-voting The Mix The Mix- -net

E- -voting with Vector Ballots : voting with Vector Ballots : E Homomorphic Encryption with Encryption with Writeins Writeins Homomorphic and Shrink- and Shrink -and and- -Mix networks Mix networks Aggelos Kiayias Aggelos Kiayias

714 views • 14 slides
Hybrid Example-Based Rule-Based MT: Feeding Apertium with Bilingual Chunks Felipe S

Hybrid Example-Based Rule-Based MT: Feeding Apertium with Bilingual Chunks Felipe S

Hybrid Example-Based Rule-Based MT: Feeding Apertium with Bilingual Chunks Felipe S anchez-Mart nez Dept. Llenguatges i Sistemes Inform` atics Universitat dAlacant E-03071 Alacant, Spain fsanchez@dlsi.ua.es Work done in

595 views • 28 slides
Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil

Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil

Sourcerer: An Infrastructure for Large-scale Collection and Analysis of Open-source Code Sushil Bajracharya, Joel Ossher , Cristina Lopes Sushil Bajracharya, Joel Ossher , Cristina Lopes Donald Bren School of Information and Computer Sciences

245 views • 21 slides
Bom Bombardier Con Contribution on t to t o the rd AIAA Hi 3 rd AIAA High gh-Lif Lift t

Bom Bombardier Con Contribution on t to t o the rd AIAA Hi 3 rd AIAA High gh-Lif Lift t

Bom Bombardier Con Contribution on t to t o the rd AIAA Hi 3 rd AIAA High gh-Lif Lift t Wo Workshop Marc Langlois Hong Yang Kurt Sermeus Advanced Aerodynamics Bombardier AIAA SciTech 2018 Forum Applied Aerodynamics Orlando,

700 views • 57 slides
GC0074: GCRP Membership Place your chosen image here. The four corners must just cover the

GC0074: GCRP Membership Place your chosen image here. The four corners must just cover the

GC0074: GCRP Membership Place your chosen image here. The four corners must just cover the arrow tips. For covers, the three pictures should be the same size and in a straight line. Workshop 2, 9 May 2014 Alex Thomason, Code Administrator

157 views • 12 slides
Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with

Formal Analysis of Electronic Voting Systems Mark Ryan University of Birmingham joint work with Ben Smyth Steve Kremer Imperial College 21 April 2010 Outline Potential & current situation 1 Desired properties 2 Example 3 Modelling

958 views • 60 slides
The Consequences of Inequality for Presidential Elections in the United States, 1976-2016 James

The Consequences of Inequality for Presidential Elections in the United States, 1976-2016 James

The Consequences of Inequality for Presidential Elections in the United States, 1976-2016 James Galbraith and Jaehee Choi SNS Roma October 7, 2019 This paper is based on a method for constructing dense and consistent measures of income

525 views • 31 slides
Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard

Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard

Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard Schfer/Tobias J. Schulz Agenda Introduction 1 2 Blockchain-based e-voting systems 3 Legal framework in Germany 4 Discussion 5 Summary/Outlook 2

353 views • 21 slides

More recommend