{"title":"加密端到端可验证投票的阴暗面:Helios的安全分析","authors":"Nicholas Chang-Fong, A. Essex","doi":"10.1145/2991079.2991106","DOIUrl":null,"url":null,"abstract":"Helios is an open-audit internet voting system providing cryptographic protections to voter privacy, and election integrity. As part of these protections, Helios produces a cryptographic audit trail that can be used to verify ballots were correctly counted. Cryptographic end-to-end (E2E) election verification schemes of this kind are a promising step toward developing trustworthy electronic voting systems. In this paper we approach the discussion from the flip-side by exploring the practical potential for threats to be introduced by the presence of a cryptographic audit trail. We conducted a security analysis of the Helios implementation and discovered a range of vulnerabilities and implemented exploits that would: allow a malicious election official to produce arbitrary election results with accepting proofs of correctness; allow a malicious voter to cast a malformed ballot to prevent the tally from being computed; and, allow an attacker to surreptitiously cast a ballot on a voter's behalf. We also examine privacy issues including a random-number generation bias affecting the indistinguishably of encrypted ballots. We reported the issues and worked with the Helios designers to fix them.","PeriodicalId":419419,"journal":{"name":"Proceedings of the 32nd Annual Conference on Computer Security Applications","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"The cloudier side of cryptographic end-to-end verifiable voting: a security analysis of Helios\",\"authors\":\"Nicholas Chang-Fong, A. Essex\",\"doi\":\"10.1145/2991079.2991106\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Helios is an open-audit internet voting system providing cryptographic protections to voter privacy, and election integrity. As part of these protections, Helios produces a cryptographic audit trail that can be used to verify ballots were correctly counted. Cryptographic end-to-end (E2E) election verification schemes of this kind are a promising step toward developing trustworthy electronic voting systems. In this paper we approach the discussion from the flip-side by exploring the practical potential for threats to be introduced by the presence of a cryptographic audit trail. We conducted a security analysis of the Helios implementation and discovered a range of vulnerabilities and implemented exploits that would: allow a malicious election official to produce arbitrary election results with accepting proofs of correctness; allow a malicious voter to cast a malformed ballot to prevent the tally from being computed; and, allow an attacker to surreptitiously cast a ballot on a voter's behalf. We also examine privacy issues including a random-number generation bias affecting the indistinguishably of encrypted ballots. We reported the issues and worked with the Helios designers to fix them.\",\"PeriodicalId\":419419,\"journal\":{\"name\":\"Proceedings of the 32nd Annual Conference on Computer Security Applications\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 32nd Annual Conference on Computer Security Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2991079.2991106\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 32nd Annual Conference on Computer Security Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2991079.2991106","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The cloudier side of cryptographic end-to-end verifiable voting: a security analysis of Helios
Helios is an open-audit internet voting system providing cryptographic protections to voter privacy, and election integrity. As part of these protections, Helios produces a cryptographic audit trail that can be used to verify ballots were correctly counted. Cryptographic end-to-end (E2E) election verification schemes of this kind are a promising step toward developing trustworthy electronic voting systems. In this paper we approach the discussion from the flip-side by exploring the practical potential for threats to be introduced by the presence of a cryptographic audit trail. We conducted a security analysis of the Helios implementation and discovered a range of vulnerabilities and implemented exploits that would: allow a malicious election official to produce arbitrary election results with accepting proofs of correctness; allow a malicious voter to cast a malformed ballot to prevent the tally from being computed; and, allow an attacker to surreptitiously cast a ballot on a voter's behalf. We also examine privacy issues including a random-number generation bias affecting the indistinguishably of encrypted ballots. We reported the issues and worked with the Helios designers to fix them.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
