To Du or not to Du: A Security Analysis of Du-Vote

Steve Kremer and Peter Rønne. To Du or not to Du: A Security Analysis of Du-Vote. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P'16), pp. 303–323, IEEE Computer Society, Saarbrücken, Germany, March 2016.
doi:10.1109/EuroSP.2016.42

Download

[PDF] [HTML] 

Abstract

Du-Vote is a recently presented remote electronic voting scheme. Its goal is to be malware tolerant, i.e., provide security even in the case where the platform used for voting has been compromised by dedicated malware. For this it uses an additional hardware token, similar to tokens distributed in the context of online banking. The token is software closed and does not have any communication means other than a numerical keyboard and a small display. Du-Vote aims at providing vote privacy as long as either the vote platform or the vote server is honest. For verifiability, the security guarantees are even higher, as even if the token's software has been changed, and the platform and the server are colluding, attempts to change the election outcome should be detected with high probability. In this paper we provide an extensive security analysis of Du-Vote and show several attacks on both privacy as well as verifiability. We also propose changes to the system that would avoid many of these attacks.

BibTeX

@inproceedings{KR-eurosp16,
  abstract =	 {Du-Vote is a recently presented remote electronic
                  voting scheme. Its goal is to be malware tolerant,
                  i.e., provide security even in the case where the
                  platform used for voting has been compromised by
                  dedicated malware. For this it uses an additional
                  hardware token, similar to tokens distributed in the
                  context of online banking. The token is software
                  closed and does not have any communication means
                  other than a numerical keyboard and a small
                  display. Du-Vote aims at providing vote privacy as
                  long as either the vote platform or the vote server
                  is honest. For verifiability, the security
                  guarantees are even higher, as even if the token's
                  software has been changed, and the platform and the
                  server are colluding, attempts to change the
                  election outcome should be detected with high
                  probability. In this paper we provide an extensive
                  security analysis of Du-Vote and show several
                  attacks on both privacy as well as verifiability. We
                  also propose changes to the system that would avoid
                  many of these attacks. },
  address =	 {Saarbr\"ucken, Germany},
  author =	 {Kremer, Steve and R{\o}nne, Peter},
  booktitle =	 {{P}roceedings of the 1st IEEE European Symposium on
                  Security and Privacy (EuroS\&P'16)},
  DOI =		 {10.1109/EuroSP.2016.42},
  month =	 mar,
  pages =	 {303-323},
  publisher =	 {IEEE Computer Society},
  title =	 {To Du or not to Du: A Security Analysis of Du-Vote},
  year =	 2016,
  acronym =	 {{EuroSP}'16},
  nmonth =	 3,
  url =		 {https://hal.inria.fr/hal-01238894/document},
}