A formal analysis of the Neuchâtel e-voting protocol

A formal analysis of the Neuchâtel e-voting protocol. Véronique Cortier, David Galindo, and Mathieu Turuani. In 3rd IEEE European Symposium on Security and Privacy (EuroSP'18), pp. 430–442, London, UK, April 2018.

Download

[PDF] [HTML] 

Abstract

Remote electronic voting is used in several countries for legally binding elections. Unlike academic voting protocols, these systems are not always documented and their security is rarely analysed rigorously.
In this paper, we study a voting system that has been used for electing political representatives and in citizen-driven referenda in the Swiss canton of Neuchâtel. We design a detailed model of the protocol in ProVerif for both privacy and verifiability properties. Our analysis mostly confirms the security of the underlying protocol: we show that the Neuchâtel protocol guarantees ballot privacy, even against a corrupted server; it also ensures cast-as-intended and recorded-as-cast verifiability, even if the voter's device is compromised. To our knowledge, this is the first time a full-fledged automatic symbolic analysis of an e-voting system used for politically-binding elections has been realized.

BibTeX

@InProceedings{Neufchatel-EuroSP18,
  author = 	 {V\'eronique Cortier and David Galindo and Mathieu Turuani},
  title = 	 {A formal analysis of the Neuch\^atel e-voting protocol},
  booktitle = {3rd IEEE European Symposium on Security and Privacy (EuroSP'18)},
  year = 	 {2018},
  OPTeditor = 	 {},
  OPTvolume = 	 {},
  OPTnumber = 	 {},
  OPTseries = 	 {},
  pages = 	 {430--442},
  month = 	 {April},
  address = 	 {London, UK},
  OPTorganization = {},
  OPTpublisher = {},
  abstract = {Remote electronic voting is used in several countries for legally binding elections. Unlike academic voting protocols, these systems are not always
documented and their security is rarely analysed rigorously.
\par
In this paper, we study a voting system that has been used for electing political representatives and in citizen-driven referenda in the Swiss canton of Neuchâtel. We design a detailed model of the protocol in ProVerif for both privacy and verifiability properties. Our analysis mostly confirms the security of the underlying protocol:  we
show that the Neuchâtel protocol guarantees ballot privacy, even against a corrupted server; it also ensures cast-as-intended and recorded-as-cast verifiability, even if the
voter's device is compromised. 
To our knowledge, this is the first time a full-fledged automatic symbolic analysis of an e-voting system used for
politically-binding elections has been realized.},
  doi = {10.1109/EuroSP.2018.00037},
}

Parts of this page have been generated by bib2html.pl (written by Patrick Riley ) on Sat Jul 13, 2024 10:29:23