Title :
Attacking and Fixing Helios: An Analysis of Ballot Secrecy
Author :
Cortier, Véronique ; Smyth, Brendan
Author_Institution :
CNRS, INRIA Nancy Grand Est, Nancy, France
Abstract :
Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this paper, we analyse ballot secrecy and discover a vulnerability which allows an adversary to compromise the privacy of voters. This vulnerability has been successfully exploited to break privacy in a mock election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy in such settings. Finally, we present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus.
Keywords :
Internet; data privacy; government data processing; legislation; pi calculus; public domain software; French legislative elections; Helios 2.0; Web based system; ballot secrecy; end to end verifiable electronic voting system; mock election; open source; pi calculus; voters privacy; vulnerability; Electronic voting; Electronic voting systems; Nominations and elections; Privacy; Protocols; Public key; Applied Pi Calculus; Attack; Ballot Independence; Ballot Secrecy; Electronic Voting; Helios; Privacy;
Conference_Titel :
Computer Security Foundations Symposium (CSF), 2011 IEEE 24th
Conference_Location :
Cernay-la-Ville
Print_ISBN :
978-1-61284-644-6
DOI :
10.1109/CSF.2011.27
