Type-Based Verification of Electronic Voting Protocols

E-voting protocols aim at achieving a wide range of sophisticated security properties and, consequently, commonly employ advanced cryptographic primitives. This makes their design as well as rigorous analysis quite challenging. As a matter of fact, existing automated analysis techniques, which are mostly based on automated theorem provers, are inadequate to deal with commonly used cryptographic primitives, such as homomorphic encryption and mix-nets, as well as some fundamental security properties, such as verifiability. This work presents a novel approach based on refinement type systems for the automated analysis of e-voting protocols. Specifically, we design a generically applicable logical theory which, based on pre- and post-conditions for security-critical code, captures and guides the type-checker towards the verification of two fundamental properties of e-voting protocols, namely, vote privacy and verifiability. We further develop a code-based cryptographic abstraction of the cryptographic primitives commonly used in e-voting protocols, showing how to make the underlying algebraic properties accessible to automated verification through logical refinements. Finally, we demonstrate the effectiveness of our approach by developing the first automated analysis of Helios, a popular web-based e-voting protocol, using an off-the-shelf type-checker.

[1]  Michele Bugliesi,et al.  Logical Foundations of Secure Resource Management in Protocol Implementations , 2013, POST.

[2]  Senator,et al.  The ThreeBallot Voting System , 2006 .

[3]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[4]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[5]  Michael Backes,et al.  Achieving Security Despite Compromise Using Zero-knowledge , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[6]  Vincent Cheval APTE: An Algorithm for Proving Trace Equivalence , 2014, TACAS.

[7]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[8]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  James H. Morris Protection in programming languages , 1973, CACM.

[10]  Pierre-Yves Strub,et al.  Modular code-based cryptographic verification , 2011, CCS '11.

[11]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[12]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[13]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[14]  Agostino Cortesi,et al.  A calculus of challenges and responses , 2007, FMSE '07.

[15]  Michael Backes,et al.  The CASPA Tool: Causality-Based Abstraction for Security Protocol Analysis , 2008, CAV.

[16]  Michael Backes,et al.  Union and Intersection Types for Secure Protocol Implementations , 2011, TOSCA.

[17]  Michele Bugliesi,et al.  Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[18]  Ralf Küsters,et al.  A Game-Based Definition of Coercion-Resistance and Its Applications , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[19]  Rohit Chadha,et al.  Automated Verification of Equivalence Properties of Cryptographic Protocols , 2012, ESOP.

[20]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[21]  Véronique Cortier,et al.  Election Verifiability for Helios under Weaker Trust Assumptions , 2014, ESORICS.

[22]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[23]  Michael Backes,et al.  Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations , 2014, J. Comput. Secur..

[24]  Ben Smyth,et al.  Adapting Helios for Provable Ballot Privacy , 2011, ESORICS.

[25]  Yvo Desmedt,et al.  Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example , 2010, EVT/WOTE.

[26]  R. Rivest The ThreeBallot Voting System , 2006 .

[27]  Michele Bugliesi,et al.  Dynamic types for authentication , 2007, J. Comput. Secur..

[28]  Ralf Küsters,et al.  Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study , 2011, 2011 IEEE Symposium on Security and Privacy.

[29]  Ralf Küsters,et al.  Clash Attacks on the Verifiability of E-Voting Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[30]  Mark Ryan,et al.  Election Verifiability in Electronic Voting Protocols , 2010, ESORICS.

[31]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[32]  Benjamin Grégoire,et al.  Probabilistic relational verification for cryptographic implementations , 2014, POPL.

[33]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[34]  Rohit Chadha,et al.  Automated Verification of Equivalence Properties of Cryptographic Protocols , 2012, ACM Trans. Comput. Log..

[35]  Mark Ryan,et al.  Towards Automatic Analysis of Election Verifiability Properties , 2010, ARSPA-WITS.

[36]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[37]  Michele Bugliesi,et al.  Principles for Entity Authentication , 2003, Ershov Memorial Conference.

[38]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[39]  Benjamin C. Pierce,et al.  A bisimulation for dynamic sealing , 2007, Theor. Comput. Sci..

[40]  Véronique Cortier,et al.  A formal analysis of the Norwegian E-voting protocol , 2017, J. Comput. Secur..

[41]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2013, J. Funct. Program..

[42]  Matteo Maffei,et al.  Differential Privacy by Typing in Security Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[43]  Mark Ryan,et al.  Practical Everlasting Privacy , 2013, POST.

[44]  Michele Bugliesi,et al.  Analysis of typed analyses of authentication protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[45]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[46]  Michele Bugliesi,et al.  Authenticity by tagging and typing , 2004, FMSE '04.

[47]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[48]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[49]  Ben Smyth,et al.  Attacking and Fixing Helios: An Analysis of Ballot Secrecy , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[50]  Michael Backes,et al.  Computationally sound verification of source code , 2010, CCS '10.

[51]  Agostino Cortesi,et al.  Causality-based Abstraction of Multiplicity in Security Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[52]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[53]  Riccardo Focardi,et al.  Types for Security Protocols , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[54]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[55]  Ronald Cramer,et al.  A Secure and Optimally Efficient Multi-Authority Election Scheme ( 1 ) , 2000 .