A note on replay attacks that violate privacy in electronic voting schemes
نویسندگان
چکیده
In our previous work, we have shown that the Helios 2.0 electronic voting protocol does not satisfy ballot independence and exploit this weakness to violate privacy; in particular, the Helios scheme is shown to be vulnerable to a replay attack. In this note we examine two further electronic voting protocols – namely, the schemes by Sako & Kilian and Schoenmakers – that are known not to satisfy ballot independence and demonstrate replay attacks that violate privacy. Key-words: Ballot Independence, Ballot Secrecy, Electronic Voting, Privacy, Replay Attack, Vulnerability. This research has received funding from the European Research Council under the European Union’s Seventh Framework Programme (FP7/2007-2013) / ERC grant agreement n◦ 258865, project ProSecure, and the ANR-07-SeSur-002 AVOTÉ project. in ria -0 05 99 18 2, v er si on 1 8 Ju n 20 11 Une note sur l’utilisation des attaques par rejeu pour compromettre la confidentialité dans les protocoles de vote électronique Résumé : Dans un résultat précédent, nous avons montré que le protocole de vote électronique Helios 2.0 ne garantissait pas l’indépendance des votes et que cela pouvait être utilisé pour compromettre la confidentialité des votes. Cette attaque repose en particulier sur le fait que le protocole Helios est vulnérable aux attaques par rejeu. Dans cette note, nous examinons le cas de deux autres protocoles de vote de la littérature – les protocoles Sako & Kilian et Schoenmakers – qui sont connus pour ne pas garantir l’indépendance des votes. Nous montrons comment cette vulnérabilité peut être à nouveau exploitée pour compromettre la confidentialité. Mots-clés : vote électronique, indépendance des bulletins, confidentialité des votes, attaque par rejeu in ria -0 05 99 18 2, v er si on 1 8 Ju n 20 11 Replay attacks that violate privacy in electronic voting schemes 3
منابع مشابه
Double voter perceptible blind signature based electronic voting protocol
Mu et al. have proposed an electronic voting protocol and claimed that it protects anonymity of voters, detects double voting and authenticates eligible voters. It has been shown that it does not protect voter's privacy and prevent double voting. After that, several schemes have been presented to fulfill these properties. However, many of them suffer from the same weaknesses. In this p...
متن کاملReplay attacks that violate ballot secrecy in Helios
Helios 2.0 is a web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this paper we identify a vulnerability in Helios which allows an adversary to compromise the privacy of voters whom cast abstention votes. The vulnerability can be attributed to the absence of ballot independence and the use of homomorphic ElGamal encryption, in particular...
متن کاملInterference Mitigation of Replay Attacks in GPS Receiver using of Finite Impulse Response Filter
The vulnerability of civil GPS receiver to interference may be intentional or unintentional. Among all types of interference, replay attack intended as the most dangerous intentional one. The signal structure of replay attack is almost the same with the satellite signal. The interference effects can be reduce with the design of an appropriate filter in the receiver. This paper presents two meth...
متن کاملEnhancing privacy of recent authentication schemes for low-cost RFID systems
Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been proposed, which have tried to provide security and privacy of RFID users. In this paper, we a...
متن کاملParallel Shuffling and Its Application to Prêt à Voter
We consider the problem of verifiable parallel shuffling in which the same shuffle is simultaneously performed on two or more lists of input ciphertexts, each list encrypted under a different key. We present three parallelisations of shuffle proofs from different paradigms. The properties of each protocol are analyzed and contrasted, and their suitability for electronic voting discussed. We sho...
متن کامل