Threat analysis of cryptographic voting schemes
Sponsored Links
This presentation is the property of its rightful owner.
1 / 15

Threat Analysis of Cryptographic Voting Schemes PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Threat Analysis of Cryptographic Voting Schemes. Peter Y A Ryan and Thea Peacock University of Newcastle. Overview. Cryptographic voting schemes. Towards a taxonomy of threats and countermeasures. Conclusions. Cryptographic Voting Schemes.

Download Presentation

Threat Analysis of Cryptographic Voting Schemes

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Threat Analysis of Cryptographic Voting Schemes

Peter Y A Ryan and Thea Peacock

University of Newcastle

P Y A Ryan and Thea Peacock

Prêt à Voter


  • Cryptographic voting schemes.

  • Towards a taxonomy of threats and countermeasures.

  • Conclusions.

P Y A Ryan and Thea Peacock

Prêt à Voter

Cryptographic Voting Schemes

  • Many voting systems using cryptographic techniques have been proposed recently.

  • Strive to provide high levels of assurance of accuracy and secrecy with minimal trust in officials, suppliers, software etc.

  • Verify the election not the system!

  • Unconditional integrity: guarantees of integrity not dependent on assumptions about adversary computational capabilities.

  • Voter verifiability: voters can confirm that their vote is accurately counted whilst not being able to prove to a third party which way they voted.

P Y A Ryan and Thea Peacock

Prêt à Voter


  • These schemes have excellent properties, but various vulnerabilities have been identified.

  • Vulnerabilities often reside in the (sometimes implicit) assumptions. Often of a socio-technical nature.

  • See for example Karlof et al, [7], for Chaum and Neff and Peacock and Ryan and Peacock, [5], for Prêt à Voter.

  • Usually straightforward countermeasures can be proposed once the vulnerability has been identified.

  • But need a more systematic way to identify vulnerabilities.

  • Here we take a stab at putting together a taxonomy of known vulnerabilities and counter-measures.

P Y A Ryan and Thea Peacock

Prêt à Voter


  • Preliminary and incomplete:

    • Information flows

    • Social engineering

    • Implementation

    • Denial of service.

    • Collusion attacks

    • Coercion/vote-buying.

    • Psychological

P Y A Ryan and Thea Peacock

Prêt à Voter

A Menagerie of Vulnerabilities

  • Need to trust Authorities for secrecy (not for accuracy).

  • Need to protect (pre-printed) ballot form information (chain of custody, chain voting etc.)

  • Need to trust the auditors (absence of collusion with the tellers).

  • Need to trust tellers not to leak information (aside from audit info).

  • Subliminal, side, kleptographic channels, “invisible” dots etc.

  • “Social engineering” attacks.

  • Undermining trust.

  • Enforcing information erasure.

  • Separation of teller modes, i.e., ensure that each ballot form is processed only once.

  • Need to constrain the Web Bulletin Board audits, i.e., reveal only L or R links.

  • Vulnerabilites in implementation of secure web bulletin boards.

  • Ballot stuffing.

  • DoS attacks.

  • Failures of surrounding system: electoral role, voter authentication etc.

P Y A Ryan and Thea Peacock

Prêt à Voter

Subliminal and side channels

  • Many crypto schemes are potentially vulnerable to subliminal, side and kleptographic channels.

  • Voter’s choice is communicated in the booth to the encrypting device. Hence the device might leak information via random of semantic or side channels.

  • In Prèt à Voter, non-determinism is resolved before voter choices are revealed or association between ballot forms and voters is established.

  • And voter choice is not communicated to the device.

P Y A Ryan and Thea Peacock

Prêt à Voter

Kleptographic channels

  • These occur where a crypto device may select crypto variables in such a way to leak information to a colluding party.

  • Prêt à Voter 2005, [3], is vulnerable: The Authority might choose seed values in such a way that a certain keyed hash of the onion value leaks information about the candidate list to a colluding entity (who shared the hash key).

  • Note: Authority behaviour looks innocent.

  • Distributed generation of ballot forms will counter this: no single entity determines the crypto variables, see [6].

P Y A Ryan and Thea Peacock

Prêt à Voter

Social engineering attacks

  • Cryptographic voting schemes frequently involve moderately complex protocols between the voters and the devices.

  • Opens up possibilities for a malicious device to fool the voter about the protocol sequence, e.g., turning a cut-and-choose into a choose-and-cut.

  • Prêt à Voter 2005 seems fairly immune due to extremely simple protocol sequence.

  • Established crypto protocol analysis tools and techniques may help here (need suitable, Dolev-Yao style models of potentially malicious devices)

P Y A Ryan and Thea Peacock

Prêt à Voter

Psychological attacks

  • Particularly for systems employing encrypted receipts, there may be potential for psychological attacks: adversary claims (falsely but plausibly) to be able to decrypt receipts.

  • Difficult to counter other than be education, demonstrations etc.

P Y A Ryan and Thea Peacock

Prêt à Voter

Ballot stuffing

  • Having the voters check for the appearance of their receipt on the WBB doesn’t detect ballot stuffing: in which the authorities add spurious receipts.

  • Counter-measures:

    • Check numbers of votes cast again number posted.

    • A Verified Encrypted Paper Audit Trial (VEPAT), [5], might help here.

    • Incorporate voter signatures?

P Y A Ryan and Thea Peacock

Prêt à Voter

Denial of Service

  • Tricky in general.

  • Verified Encrypted Paper Audit Trial might help.

  • Re-encryption mixes help: can bin faulty mix tellers and rerun mixes and audits if necessary.

P Y A Ryan and Thea Peacock

Prêt à Voter


  • Initial stab at constructing a taxonomy of threats and vulnerabilities for crypto voting schemes.

  • Much more needs to be done.

  • A survey of all known threats and vulnerabilities would be useful.

  • Complete coverage probably impossible

  • Formal information flow analysis techniques and tools, e.g., identifying where and when and by whom non-determinism is resolved, may help identify potential causal flows.

  • Protocol analysis tools may help identity social engineering attacks.

  • To what extent can vulnerabilities be systematically identified by analysis of a model against requirements.

    • Requires complete, formal requirements.

    • Requires a complete system model

  • Both are challenging, arguably impossible:

    • No consensus on requirements-often driven by threat analysis anyway

    • Complete models are impossible and need to cover human user aspects etc.

P Y A Ryan and Thea Peacock

Prêt à Voter


  • [1] David Chaum, Secret-Ballot receipts: True Voter-Verifiable Elections, IEEE Security and Privacy Journal, 2(1): 38-47, Jan/Feb 2004.

  • [2] P Y A Ryan, “A Variant of the Chaum Voter-verifiable Election scheme”, WITS, 10-11 January 2005 Long Beach Ca.

  • [3] D Chaum, P Y A Ryan, S A Schneider, “A Practical, Voter-Verifiable Election Scheme”, Newcastle TR 880 December 2004, Proceedings ESORICS 2005, LNCS 3679.

  • [4] B Randell, P Y A Ryan, “Trust and Voting Technology”, NCL CS Tech Report 911, June 2005, to appear IEEE Security and Privacy Magazine.

  • [5] P Y A Ryan, T Peacock, “Prêt à Voter, A Systems Perspective”, NCL CS Tech Report 929, September 2005, submitted to ESORICS 2006.

  • [6] P Y A Ryan and Steve A Schneider, “Prêt à Voter with re-encryption mixes”, Newcastle CS TR 956, April 2006, submitted to ESORICS 2006.

  • [7] C. Karlof and N. Sastry and D. Wagner, "Cryptographic Voting Protocols: A Systems Perspective“, USENIX Security Symposium", LCNS 3444, pp 186-200“, Springer-Verlag 2005.

P Y A Ryan and Thea Peacock

Prêt à Voter


Workshop On Trustworthy Elections

(WOTE 2006)

Robinson College, Cambridge, United Kingdom

June 29 - June 30, 2006

P Y A Ryan and Thea Peacock

Prêt à Voter

  • Login