Electronic Voting: How Logic Can Help

Electronic voting should offer at least the same guarantees than traditional paper-based voting systems. In order to achieve this, electronic voting protocols make use of cryptographic primitives, as in the more traditional case of authentication or key exchange protocols. All these protocols are notoriously difficult to design and flaws may be found years after their first release. Formal models, such as process algebra, Horn clauses, or constraint systems, have been successfully applied to automatically analyze traditional protocols and discover flaws. Electronic voting protocols however significantly increase the difficulty of the analysis task. Indeed, they involve for example new and sophisticated cryptographic primitives, new dedicated security properties, and new execution structures.

[1]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[2]  Kim G. Larsen,et al.  Limit Your Consumption! Finding Bounds in Average-energy Games , 2015, QAPL.

[3]  Patricia Bouyer,et al.  Improved undecidability results on weighted timed automata , 2006, Inf. Process. Lett..

[4]  Ahmed Bouajjani,et al.  Abstract Regular Model Checking , 2004, CAV.

[5]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[6]  Mark Ryan,et al.  Privacy through Pseudonymity in Mobile Telephony Systems , 2014, NDSS.

[7]  Thomas A. Henzinger,et al.  Antichains: A New Algorithm for Checking Universality of Finite Automata , 2006, CAV.

[8]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[10]  J. Hopcroft,et al.  A Linear Algorithm for Testing Equivalence of Finite Automata. , 1971 .

[11]  Kim G. Larsen,et al.  Almost Optimal Strategies in One Clock Priced Timed Games , 2006, FSTTCS.

[12]  Kim G. Larsen,et al.  Infinite Runs in Weighted Timed Automata with Energy Constraints , 2008, FORMATS.

[13]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[14]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[15]  Ralf Küsters,et al.  Clash Attacks on the Verifiability of E-Voting Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[16]  Dominique Unruh The impossibility of computationally sound XOR , 2010, IACR Cryptol. ePrint Arch..

[17]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[18]  Jean-Jacques Quisquater,et al.  Electing a University President Using Open-Audit Voting: Analysis of Real-World Use of Helios , 2009, EVT/WOTE.

[19]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[20]  Tatsuaki Okamoto,et al.  Receipt-Free Electronic Voting Schemes for Large Scale Elections , 1997, Security Protocols Workshop.

[21]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[22]  Stéphanie Delaune,et al.  Simulation based security in the applied pi calculus , 2009, FSTTCS.

[23]  Thomas Peters,et al.  Election Verifiability or Ballot Privacy: Do We Need to Choose? , 2013, ESORICS.

[24]  Véronique Cortier,et al.  A generic construction for voting correctness at minimum cost - Application to Helios , 2013, IACR Cryptol. ePrint Arch..

[25]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .

[26]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[27]  Rohit Chadha,et al.  Automated Verification of Equivalence Properties of Cryptographic Protocols , 2012, ACM Trans. Comput. Log..

[28]  Kim G. Larsen,et al.  Lower-Bound Constrained Runs in Weighted Timed Automata , 2012, 2012 Ninth International Conference on Quantitative Evaluation of Systems.

[29]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[30]  Mathieu Baudet,et al.  Deciding security of protocols against off-line guessing attacks , 2005, CCS '05.

[31]  Alwen Tiu,et al.  Automating Open Bisimulation Checking for the Spi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[32]  Birgit Pfitzmann,et al.  Symmetric encryption in a simulatable Dolev-Yao style cryptographic library , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[33]  Damien Pous,et al.  Symbolic Algorithms for Language Equivalence and Kleene Algebra with Tests , 2014, POPL.

[34]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[35]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[36]  Z. Ésik,et al.  Notes on equational theories of relations , 1995 .

[37]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[38]  Damien Pous,et al.  Checking NFA equivalence with bisimulations up to congruence , 2013, POPL.

[39]  Dexter Kozen A Completeness Theorem for Kleene Algebras and the Algebra of Regular Events , 1994, Inf. Comput..

[40]  Robert E. Tarjan,et al.  Efficiency of a Good But Not Linear Set Union Algorithm , 1972, JACM.

[41]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[42]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[43]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[44]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[45]  Kim G. Larsen,et al.  Optimal Bounds for Multiweighted and Parametrised Energy Games , 2013, Theories of Programming and Formal Methods.

[46]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[47]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[48]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[49]  Peter Bro Miltersen,et al.  A Faster Algorithm for Solving One-Clock Priced Timed Games , 2013, CONCUR.

[50]  Josh Benaloh,et al.  Ballot Casting Assurance via Voter-Initiated Poll Station Auditing , 2007, EVT.

[51]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[52]  Bogdan Warinschi,et al.  How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios , 2012, ASIACRYPT.

[53]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[54]  J. Conway Regular algebra and finite machines , 1971 .

[55]  Kim G. Larsen,et al.  Average-energy games , 2015, Acta Informatica.

[56]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[57]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[58]  Vincent Cheval APTE: An Algorithm for Proving Trace Equivalence , 2014, TACAS.

[59]  Kim G. Larsen,et al.  Energy Games in Multiweighted Automata , 2011, ICTAC.

[60]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[61]  Véronique Cortier,et al.  A formal analysis of the Norwegian E-voting protocol , 2012, J. Comput. Secur..

[62]  Jerry den Hartog,et al.  Formal Verification of Privacy for RFID Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[63]  Martín Abadi,et al.  Deciding knowledge in security protocols under equational theories , 2004, Theor. Comput. Sci..

[64]  Ben Smyth,et al.  Adapting Helios for Provable Ballot Privacy , 2011, ESORICS.

[65]  Kim G. Larsen,et al.  Timed automata with observers under energy constraints , 2010, HSCC '10.

[66]  Hideki Sakurada Computational Soundness of Symbolic Blind Signatures under Active Attacker , 2013, FPS.

[67]  Kristian Gjøsteen,et al.  Analysis of an internet voting protocol , 2010, IACR Cryptol. ePrint Arch..

[68]  L. Bernátsky,et al.  Equational Properties of Kleene Algebras of Relations with Conversion , 1995, Theor. Comput. Sci..

[69]  Dexter Kozen,et al.  On the Coalgebraic Theory of Kleene Algebra with Tests , 2017 .

[70]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[71]  Mark Ryan,et al.  Election Verifiability in Electronic Voting Protocols , 2010, ESORICS.

[72]  Vincent Cheval,et al.  Lengths May Break Privacy - Or How to Check for Equivalences with Length , 2013, CAV.

[73]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[74]  Véronique Cortier,et al.  Computational soundness of observational equivalence , 2008, CCS.

[75]  Eric Wustrow,et al.  Security analysis of India's electronic voting machines , 2010, CCS '10.

[76]  Kim G. Larsen,et al.  Minimum-Cost Reachability for Priced Timed Automata , 2001, HSCC.

[77]  Vincent Cheval,et al.  Proving More Observational Equivalences with ProVerif , 2013, POST.

[78]  Parosh Aziz Abdulla,et al.  When Simulation Meets Antichains , 2010, TACAS.

[79]  Véronique Cortier,et al.  Deduction soundness: prove one, get five for free , 2013, CCS.

[80]  Dexter Kozen,et al.  Kleene algebra with tests , 1997, TOPL.