Verifying anonymity in voting systems using CSP

We present formal definitions of anonymity properties for voting protocols using the process algebra CSP. We analyse a number of anonymity definitions, and give formal definitions for strong and weak anonymity, highlighting the difference between these definitions. We show that the strong anonymity definition is too strong for practical purposes; the weak anonymity definition, however, turns out to be ideal for analysing voting systems. Two case studies are presented to demonstrate the usefulness of the formal definitions: a conventional voting system, and Prêt à Voter, a paper-based, voter-verifiable scheme. In each case, we give a CSP model of the system, and analyse it against our anonymity definitions by specification checks using the Failures-Divergences Refinement (FDR2) model checker. We give a detailed discussion on the results from the analysis, emphasizing the assumptions that we made in our model as well as the challenges in modelling electronic voting systems using CSP.

[1]  Zhe Xia,et al.  Versatile Prêt à Voter: Handling Multiple Election Methods with a Unified Interface , 2010, INDOCRYPT.

[2]  Michael Goldsmith,et al.  FDR2 user manual , 2000 .

[3]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[4]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[5]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[6]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[7]  Sabina Petride,et al.  Review of "Concurrent and real-time systems: the CSP approach" by Steve Schneider. Wiley 1999. , 2004, SIGA.

[8]  Jeremy Clark,et al.  Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting , 2008, IEEE Security & Privacy.

[9]  Sachin Lodha,et al.  Probabilistic Anonymity , 2007, PinKDD.

[10]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[11]  Simona Orzan,et al.  A Framework for Automatically Checking Anonymity with mu CRL , 2006, TGC.

[12]  Michael Backes,et al.  Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[13]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[14]  Jun Pang,et al.  Weak Probabilistic Anonymity , 2007, SecCO@CONCUR.

[15]  Wolter Pieters,et al.  Anonymity and Verifiability in Voting: Understanding (Un)Linkability , 2010, ICICS.

[16]  Zhe Xia,et al.  PrÊt À Voter: a Voter-Verifiable Voting System , 2009, IEEE Transactions on Information Forensics and Security.

[17]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[18]  Wolter Pieters,et al.  Provable anonymity , 2005, FMSE '05.

[19]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[20]  Steve A. Schneider,et al.  Concurrent and Real-time Systems: The CSP Approach , 1999 .

[21]  Ranko S. Lazic,et al.  A semantic study of data independence with applications to model checking , 1999 .

[22]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[23]  Vitaly Shmatikov,et al.  Information Hiding, Anonymity and Privacy: a Modular Approach , 2004, J. Comput. Secur..

[24]  Prakash Panangaden,et al.  Anonymity protocols as noisy channels , 2008, Inf. Comput..

[25]  Peter Y. A. Ryan,et al.  Prêt à Voter : a Systems Perspective , 2005 .

[26]  Peter Y. A. Ryan,et al.  A Threat Analysis of Prêt à Voter , 2010, Towards Trustworthy Elections.

[27]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[28]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[29]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[30]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[31]  Peter Y. A. Ryan,et al.  Putting the Human Back in Voting Protocols , 2009, Security Protocols Workshop.

[32]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[33]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[34]  James Heather,et al.  Implementing STV securely in Pret a Voter , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[35]  R. Rivest The ThreeBallot Voting System , 2006 .

[36]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[37]  Martín Abadi,et al.  Hiding Names: Private Authentication in the Applied Pi Calculus , 2002, ISSS.

[38]  Erik P. de Vink,et al.  A Formalization of Anonymity and Onion Routing , 2004, ESORICS.

[39]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[40]  Rance Cleaveland,et al.  Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems , 1995 .

[41]  Peter Y. A. Ryan,et al.  Prêt à Voter with Re-encryption Mixes , 2006, ESORICS.

[42]  A. W. Roscoe Understanding Concurrent Systems , 2010, Texts in Computer Science.

[43]  Dan Boneh,et al.  Almost entirely correct mixing with applications to voting , 2002, CCS '02.

[44]  Peter Y. A. Ryan,et al.  Computing Science Pret a Voter with Paillier Encryption Pret a Voter with Paillier Encryption Bibliographical Details Pret a Voter with Paillier Encryption Suggested Keywords Prêtà Voter with Paillier Encryption , 2007 .

[45]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[46]  David Chaum,et al.  A Practical Voter-Verifiable Election Scheme , 2005, ESORICS.

[47]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[48]  Peter Y. A. Ryan,et al.  The modelling and analysis of security protocols: the csp approach , 2000 .

[49]  Ramaswamy Ramanujam,et al.  Knowledge-based modelling of voting protocols , 2007, TARK '07.

[50]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[51]  Peter Y. A. Ryan,et al.  A variant of the Chaum voter-verifiable scheme , 2005, WITS '05.

[52]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[53]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).