• DocumentCode
    2867279
  • Title

    Attacking and Fixing Helios: An Analysis of Ballot Secrecy

  • Author

    Cortier, Véronique ; Smyth, Brendan

  • Author_Institution
    CNRS, INRIA Nancy Grand Est, Nancy, France
  • fYear
    2011
  • fDate
    27-29 June 2011
  • Firstpage
    297
  • Lastpage
    311
  • Abstract
    Helios 2.0 is an open-source web-based end-to-end verifiable electronic voting system, suitable for use in low-coercion environments. In this paper, we analyse ballot secrecy and discover a vulnerability which allows an adversary to compromise the privacy of voters. This vulnerability has been successfully exploited to break privacy in a mock election using the current Helios implementation. Moreover, the feasibility of an attack is considered in the context of French legislative elections and, based upon our findings, we believe it constitutes a real threat to ballot secrecy in such settings. Finally, we present a fix and show that our solution satisfies a formal definition of ballot secrecy using the applied pi calculus.
  • Keywords
    Internet; data privacy; government data processing; legislation; pi calculus; public domain software; French legislative elections; Helios 2.0; Web based system; ballot secrecy; end to end verifiable electronic voting system; mock election; open source; pi calculus; voters privacy; vulnerability; Electronic voting; Electronic voting systems; Nominations and elections; Privacy; Protocols; Public key; Applied Pi Calculus; Attack; Ballot Independence; Ballot Secrecy; Electronic Voting; Helios; Privacy;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium (CSF), 2011 IEEE 24th
  • Conference_Location
    Cernay-la-Ville
  • ISSN
    1940-1434
  • Print_ISBN
    978-1-61284-644-6
  • Type

    conf

  • DOI
    10.1109/CSF.2011.27
  • Filename
    5992139
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2867279