Attacking and fixing Helios: An analysis of ballot secrecy

Attacking and fixing Helios: An analysis of ballot secrecy. Véronique Cortier and Ben Smyth. In Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF'11), IEEE Computer Society Press, June 2011.

Download

[PDF] [HTML] 

Abstract

Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this paper, we analyse ballot secrecy and discover a vulnerability which allows an adversary to compromise the privacy of voters. This vulnerability has been successfully exploited to break privacy in a mock election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy in such settings. Finally, we present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus.

BibTeX

@InProceedings{Helios-CSF11,
  author = 	 {V\'eronique Cortier and Ben Smyth},
  title = 	 {Attacking and fixing Helios: An analysis of ballot secrecy},
 abstract = {Helios 2.0 is an open-source web-based end-to-end verifiable 
electronic voting system, suitable for use in low-coercion environments. 
In this paper, we analyse ballot secrecy and discover a 
vulnerability which allows an adversary to compromise the privacy of voters.
This vulnerability has been successfully exploited to break privacy in a mock election using the current Helios implementation. 
Moreover, the feasibility of an attack is considered in the context of French 
legislative elections and, based upon our findings,
we believe it constitutes a 
real threat to ballot secrecy in such settings. 
Finally, we present a fix and show that our solution satisfies
a formal definition of ballot secrecy using the applied pi calculus.},
  booktitle = {{P}roceedings of the 24th {IEEE} {C}omputer {S}ecurity {F}oundations {S}ymposium ({CSF}'11)}, 
   month = {June}, 
   publisher = {{IEEE} Computer Society Press},
  year = 	 {2011},
doi ={10.1109/CSF.2011.27},
}

Parts of this page have been generated by bib2html.pl (written by Patrick Riley ) on Tue Feb 13, 2024 14:48:49