Cryptographic protocols implementation security verification of the electronic voting system based on blind intermediaries

The development of electronic voting systems is a complex and urgent task in today's time. At the heart of the security of any system using network interaction are cryptographic protocols. Their quality is verified by means of formal verification. However, formal verification tools work with protocols in an abstract form of Alice-Bob format, which does not allow to completely check the protocol for all sorts of attacks. In addition, when implementing the protocol in practice using any programming language, it is possible to change this protocol relative to its original form. As a result, the abstract initial form of the protocol, which was verified by means of formal verification, is considered safe, but a modified implemented protocol that has a different type can no longer be recognized as safe. Thus, verification of the cryptographic protocol of the electronic voting system using source codes is relevant. The paper described an electronic voting system based on blind intermediaries. A parser is described to extract the structure of the cryptographic protocol with which the structure of the voting protocol was obtained. The cryptographic e-voting protocol was translated into the CAS+ specification language for the Avispa automated verifier for protocol security verification.

[1]  Jan Jürjens Using Interface Specifications for Verifying Crypto-protocol Implementations , 2008 .

[2]  Somesh Jha,et al.  Proceedings of the 15th ACM conference on Computer and communications security , 2005, CCS 2008.

[3]  Liudmila Babenko,et al.  Distributed E-Voting System Based On Blind Intermediaries Using Homomorphic Encryption , 2018, SIN.

[4]  Andrew D. Gordon,et al.  Verified implementations of the information card federated identity-management protocol , 2008, ASIACCS '08.

[5]  Michael Backes,et al.  Computationally sound verification of source code , 2010, CCS '10.

[6]  Sebastian Mödersheim,et al.  OFMC: A symbolic model checker for security protocols , 2005, International Journal of Information Security.

[7]  Luca Viganò,et al.  Automated Security Protocol Analysis With the AVISPA Tool , 2006, MFPS.

[8]  Liudmila Babenko,et al.  Cryptographic Protocol Security Verification of the Electronic Voting System Based on Blinded Intermediaries , 2018 .

[9]  Jan Jürjens Automated Security Verification for Crypto Protocol Implementations: Verifying the Jessie Project , 2009, Electron. Notes Theor. Comput. Sci..

[10]  Andrew D. Gordon,et al.  Verified interoperable implementations of security protocols , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[11]  Ralf Küsters,et al.  Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[12]  Gavin Lowe,et al.  Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security , 2010, Lecture Notes in Computer Science.

[13]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[14]  Jean Goubault-Larrecq,et al.  Cryptographic Protocol Analysis on Real C Code , 2005, VMCAI.

[15]  Andrew D. Gordon,et al.  Verified Interoperable Implementations of Security Protocols , 2006, CSFW.

[16]  Roman Senkerik,et al.  Towards an Empirical Analysis of .NET Framework and C# Language Features' Adoption , 2015, 2015 International Conference on Computational Science and Computational Intelligence (CSCI).

[17]  Cédric Fournet,et al.  Cryptographically verified implementations for TLS , 2008, CCS.

[18]  Sagar Chaki,et al.  ASPIER: An Automated Framework for Verifying Security Protocol Implementations , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[19]  Andrew D. Gordon,et al.  Verified Reference Implementations of WS-Security Protocols , 2006, WS-FM.