Analysis of an Electronic Voting System,” (2004)

by T Kohno, A Stubblefield, A D Rubin, D S Wallach
Venue:IEEE S&P,
Add To MetaCart
Results 1 - 10 of 186

Verifying privacy-type properties of electronic voting protocols

by Stéphanie Delaune , Steve Kremer , Mark Ryan , 2008
"... ..."
Abstract - Cited by 124 (38 self) - Add to MetaCart
Abstract not found

Civitas: Toward a secure voting system

by Michael R. Clarkson, Stephen Chong, Andrew C. Myers - In IEEE Symposium on Security and Privacy , 2008
"... Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through ..."
Abstract - Cited by 92 (9 self) - Add to MetaCart
Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the tradeoffs between time, cost, and security. 1.
(Show Context)

Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable

by Richard Ta-min, Lionel Litty, David Lie - In Proceedings of OSDI , 2006
"... In current commodity systems, applications have no way of limiting their trust in the underlying operating system (OS), leaving them at the complete mercy of an attacker who gains control over the OS. In this work, we describe the design and implementation of Proxos, a system that allows application ..."
Abstract - Cited by 75 (3 self) - Add to MetaCart
In current commodity systems, applications have no way of limiting their trust in the underlying operating system (OS), leaving them at the complete mercy of an attacker who gains control over the OS. In this work, we describe the design and implementation of Proxos, a system that allows applications to configure their trust in the OS by partitioning the system call interface into trusted and untrusted components. System call routing rules that indicate which system calls are to be handled by the untrusted commodity OS, and which are to be handled by a trusted private OS, are specified by the application developer. We find that rather than defining a new system call interface, routing system calls of an existing interface allows applications currently targeted towards commodity operating systems to isolate their most sensitive components from the commodity OS with only minor source code modifications. We have built a prototype of our system on top of the Xen Virtual Machine Monitor with Linux as the commodity OS. In practice, we find that the system call routing rules are short and simple – on the order of 10’s of lines of code. In addition, applications in Proxos incur only modest performance overhead, with most of the cost resulting from inter-VM context switches. 1
(Show Context)

Security analysis of the Diebold AccuVote-TS voting machine

by Ariel J. Feldman, J. Alex Halderman, Edward W. Felten - In Proc. 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT ’07 , 2006
"... This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. ..."
Abstract - Cited by 68 (8 self) - Add to MetaCart
This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities—a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures. 1
(Show Context)

VoteBox: a tamper-evident, verifiable electronic voting system

by Daniel Sandler, Kyle Derr, Dan S. Wallach
"... Commercial electronic voting systems have experienced many high-profile software, hardware, and usability failures in real elections. While it is tempting to abandon electronic voting altogether, we show how a careful application of distributed systems and cryptographic techniques can yield voting ..."
Abstract - Cited by 37 (5 self) - Add to MetaCart
Commercial electronic voting systems have experienced many high-profile software, hardware, and usability failures in real elections. While it is tempting to abandon electronic voting altogether, we show how a careful application of distributed systems and cryptographic techniques can yield voting systems that surpass current systems and their analog forebears in trustworthiness and usability. We have developed the VoteBox, a complete electronic voting system that combines several recent e-voting research results into a coherent whole that can provide strong end-to-end security guarantees to voters. VoteBox machines are locally networked and all critical election events are broadcast and recorded by every machine on the network. VoteBox network data, including encrypted votes, can be safely relayed to the outside world in real time, allowing independent observers with personal computers to validate the system as it is running. We also allow any voter to challenge a VoteBox, while the election is ongoing, to produce proof that ballots are cast as intended. The VoteBox design offers a number of pragmatic benefits that can help reduce the frequency and impact of poll worker or voter errors.
(Show Context)

Prêt à voter: a systems perspective

by Peter Y. A. Ryan, Thea Peacock , 2005
"... Numerous cryptographic voting schemes have been proposed in recent years. Many of these have highly desirable formal security properties. However, as with all security systems, even a well-designed technical system can be undermined by implementation details or environmental factors, typically inclu ..."
Abstract - Cited by 34 (12 self) - Add to MetaCart
Numerous cryptographic voting schemes have been proposed in recent years. Many of these have highly desirable formal security properties. However, as with all security systems, even a well-designed technical system can be undermined by implementation details or environmental factors, typically including human users, that violate (often implicit) assumptions of the design and evaluation. In ‘Cryptographic Voting Protocols: a System Perspective ’ [11] Karlof et al perform a systems-based analysis of the Chaum [5] and Neff [17], [18], [19] schemes. They identify a number of vulnerabilities and discuss possible mitigations and counter-measures. In this paper, we examine the extent to which these vulnerabilities carry over to the Prêt à Voter scheme [6]. In addition, we describe some further systems-based vulnerabilities not identified in [11]. We also discuss some further threats, such as chain voting attacks, which do not apply to the Chaum or Neff schemes but to which Prêt à Voter is vulnerable, unless appropriate countermeasures are deployed. It turns out that Prêt à Voter is remarkably robust to most of the vulnerabilities described in [11] and here. 1

Increased security through open source ∗

by Jaap-henk Hoepman, Bart Jacobs , 2008
"... The last few years have shown a worldwide rise in the attention for, and actual use of, open source software (OSS), most notably of the operating system Linux and various applications running on top of it. Various major ..."
Abstract - Cited by 28 (0 self) - Add to MetaCart
The last few years have shown a worldwide rise in the attention for, and actual use of, open source software (OSS), most notably of the operating system Linux and various applications running on top of it. Various major
(Show Context)

Voting technologies and trust

by Brian Randell, Peter Y. A. Ryan , 2006
"... The authors propose manual voting systems that have significant security advantages over existing systems, yet retain the simplicity and familiarity that has led to widespread acceptance. The authors also discuss ways to improve efficiency without endangering this public trust. ..."
Abstract - Cited by 27 (11 self) - Add to MetaCart
The authors propose manual voting systems that have significant security advantages over existing systems, yet retain the simplicity and familiarity that has led to widespread acceptance. The authors also discuss ways to improve efficiency without endangering this public trust.

Designing Voting Machines for Verification

by Naveen Sastry , Tadayoshi Kohno, David Wagner , 2006
"... We provide techniques to help vendors, independent testing agencies, and others verify critical security properties in direct recording electronic (DRE) voting machines. We rely on specific hardware functionality, isolation, and architectural decision to allow one to easily verify these critical sec ..."
Abstract - Cited by 27 (4 self) - Add to MetaCart
We provide techniques to help vendors, independent testing agencies, and others verify critical security properties in direct recording electronic (DRE) voting machines. We rely on specific hardware functionality, isolation, and architectural decision to allow one to easily verify these critical security properties; we believe our techniques will help us verify other properties as well. Verification of these security properties is one step towards a fully verified voting machine, and helps the public gain confidence in a critical tool for democracy. We present a voting system design and discuss our experience building a prototype implementation based on the design in Java and C.

Receipt-free homomorphic elections and write-in voter verified ballots

by Alessandro Acquisti - INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH, MAY 2, 2004, AND CARNEGIE MELLON INSTITUTE FOR SOFTWARE RESEARCH INTERNATIONAL , 2004
"... We present a voting protocol that protects voters ’ privacy and achieves universal verifiability, receipt-freeness, and uncoercibility without ad hoc physical assumptions or procedural constraints (such as untappable channels, voting booths, smart cards, third-party randomizers, and so on). We discu ..."
Abstract - Cited by 26 (0 self) - Add to MetaCart
We present a voting protocol that protects voters ’ privacy and achieves universal verifiability, receipt-freeness, and uncoercibility without ad hoc physical assumptions or procedural constraints (such as untappable channels, voting booths, smart cards, third-party randomizers, and so on). We discuss under which conditions the scheme allows voters to cast write-in ballots, and we show how it can be practically implemented through voter-verified (paper) ballots. The scheme allows voters to combine voting credentials with their chosen votes applying the homomorphic properties of certain probabilistic cryptosystems.