Security enhancement for anonymous secure e-voting over a network

An electronic voting system makes it possible for the voters to cast their ballots over the computer network. Hence, voters can participate in elections without having to go to the polling places, which is more convenient and efficient. To design a practical voting scheme, Mu and Varadharajan have recently proposed an anonymous secure electronic voting scheme to be applied over the network. It does not only protect voters' privacy and prevent double voting, but also suits large-scale elections. However, the scheme has a weakness in security; that is, some voters may still double vote without being detected and may even reveal information they should not. In this paper, we shall show this weakness and improve the scheme to increase the protection against fraudulence.     

Remote electronic voting systems: an exploration of voters' perceptions and intention to use

Coupling telephone and web interfaces with computers for balloting outside the polling place, remote electronic voting systems (REVS) give the voter a choice: polling booth, absentee ballot, or remote voting. Not only does this e-Government technology raises issues such as security, voter participation, and accessibility, REVS technologies themselves differ in features and enabling conditions. How users (voters) perceive REVS's availability, mobility, accuracy, privacy protection, and ease of use, is likely to affect their use intention. Intention to use or not to use a voting technology can translate into a decision to vote or not – and there are no ‘do-overs’. We develop a model and report on a survey of potential voters – people waiting to be impaneled on a jury – in regard to the impact of REVS characteristics on voting intentions and how the two most discussed REVS technologies of telephone- and web-based interfaces are perceived.     

Public opinion's influence on voting system technology

The US general election in 2000 represents a turning point in elections history. A laborious count and analysis of what was statistically a tie vote in Florida decided the highly scrutinized contest for US president. Simultaneously, voting system standards continued evolving, spurred in part by the introduction of new, high-power technologies. These factors, coupled with an unprecedented level of public scrutiny, changed nearly all aspects of the election process. With its recounts, interpretation of voter intent, and presumed problems related to punch-card voting, the 2000 presidential vote triggered the passage of the Help America Vote Act (HAVA) and the massive trend toward direct recording electronic voting systems (DREs). The election process, which had always been taken for granted, now faced intense scrutiny from the media, computer scientists, conspiracy theorists, advocacy groups, and the general public. The US Federal Election Commission approved new voting system standards designed to ensure that election equipment certified for purchase by participating states would be accurate, reliable, and dependable.     

New receipt-free voting scheme using double-trapdoor commitment

It is considered to be the most suitable solution for large scale elections to design an electronic voting scheme using blind signatures and anonymous channels. Based on this framework, Okamoto first proposed a receipt-free voting scheme [30] for large scale elections. However, in the following paper, Okamoto [31] proved that the scheme [30] was not receipt-free and presented two improved schemes. One scheme requires the help of the parameter registration committee and the other needs a stronger physical assumption of the voting booth. In this paper, we utilize the double-trapdoor commitment to propose a new receipt-free voting scheme based on blind signatures for large scale elections. Neither the parameter registration committee nor the voting booth is required in our scheme. We also present a more efficient zero-knowledge proof for secret permutation. Therefore, our scheme is much more efficient than Okamoto’s schemes [30] and [31] with the weaker physical assumptions. Moreover, we prove that our scheme can achieve the desired security properties.     

ESIV: an end-to-end secure internet voting system

Nowadays, with the growing popularity of e-Government services, security of client platforms and violation of citizen e-rights are of great concerns. Since Internet-voting protocols have no control over voter-side platforms, bribery/coercion and breaching vote’s privacy and voter’s anonymity are feasible. In fact, the voter-side platform (voter’s PC) is easily vulnerable to malicious software (cyber-attacks) and can totally breach security of the entire voting protocol. We have proposed ESIV: an end-to-end secure internet-voting system that highly guarantees: voter and server-side platform’s security, verifiability, fairness, resistance to bribery/coercion and voting authorities collusion besides simultaneous election support while preserving eligibility, anonymity, privacy and trust. In addition, we utilize Java Card 3 technology as an independent secure web-server which is connected directly to network in order to send/receive HTTP(S) requests using high-speed interfaces. This technology brings about independence from utilizing any trusted device at voter-side and provides end-to-end security. Finally, an implementation of ESIV is presented and ESIV security features are evaluated.     

Anyone but him: The complexity of precluding an alternative

Preference aggregation in a multiagent setting is a central issue in both human and computer contexts. In this paper, we study in terms of complexity the vulnerability of preference aggregation to destructive control. In particular, we study the ability of an election's chair to, through such mechanisms as voter/candidate addition/suppression/partition, ensure that a particular candidate (equivalently, alternative) does not win. And we study the extent to which election systems can make it impossible, or computationally costly (NP-complete), for the chair to execute such control. Among the systems we study—plurality, Condorcet, and approval voting—we find cases where systems immune or computationally resistant to a chair choosing the winner nonetheless are vulnerable to the chair blocking a victory. Beyond that, we see that among our studied systems no one system offers the best protection against destructive control. Rather, the choice of a preference aggregation system will depend closely on which types of control one wishes to be protected against. We also find concrete cases where the complexity of or susceptibility to control varies dramatically based on the choice among natural tie-handling rules.     

基于CP-ABE和区块链的时间锁加密电子投票方案

现有电子投票系统无法同时满足投票数据隐私性、投票者之间的公平性、投票者资格控制的灵活性、投票结果的精准性、投票结果的延时公布等多元应用需求。针对上述问题,提出了一种基于CP-ABE和区块链的时间锁加密电子投票方案。该方案综合考虑了电子投票在实际场景中的多元应用需求,通过结合CP-ABE算法和Fabric技术,将属性加密后的投票链接数据存入区块链账本,满足属性策略的投票用户才能访问其链接,实现了灵活控制投票资格的机制,从而保证能获取针对不同用户群体属性的精确投票结果;基于改进的时间锁加密方案将投票数据进行加密上链,在预计投票结果公布之前为投票数据的机密性提供了保障,避免恶意节点造成合谋攻击问题,同时实现了投票结果延时公布的功能。实验从用户属性限制、投票链接获取、投票数据上链,以及投票结果延时这四个方面验证所提方案的有效性。系统测试结果表明,该方案可以有效地控制投票资格,符合属性策略的投票用户能成功获取投票链接并发送至区块链存储,同时为投票数据的机密性提供了保障。通过性能分析、安全性分析以及对比分析表明了该方案的可行性。     

Universal access in e-voting for the blind

Since the inception of elections and election technologies, all segments of the voting population have never been granted equal access, privacy and security to voting. Modern electronic voting systems have made attempts to include disabled voters but have fallen short. Using recent developments in technology a secure, user centered, multimodal electronic voting system has been developed to study a multimodal approach for providing equity in access, privacy and security in electronic voting. This article will report findings from a study at the Alabama Institute for the Deaf and Blind where more than thirty-five blind or visually impaired participants used the multimodal voting system. The findings suggest that the proposed multimodal approach to voting is easy to use and trustworthy.     

Automated anonymity verification of the ThreeBallot and VAV voting systems

In recent years, a large number of secure voting protocols have been proposed in the literature. Often these protocols contain flaws, but because they are complex protocols, rigorous formal analysis has proven hard to come by. Rivest’s ThreeBallot and Vote/Anti-Vote/Vote (VAV) voting systems are important because they aim to provide security (voter anonymity and voter verifiability) without requiring cryptography. In this paper, we construct CSP models of ThreeBallot and VAV, and use them to produce the first automated formal analysis of their anonymity properties. Along the way, we discover that one of the crucial assumptions under which ThreeBallot and VAV (and many other voting systems) operate—the short ballot assumption—is highly ambiguous in the literature. We give various plausible precise interpretations and discover that in each case, the interpretation either is unrealistically strong or else fails to ensure anonymity. We give a revised version of the short ballot assumption for ThreeBallot and VAV that is realistic but still provides a guarantee of anonymity.     

基于列表签名的安全电子投票方案

列表签名是群签名的一个推广,对用户签名的次数作了有效限制并增加了公开检测和公开身份验证。本文基于列表签名提出可用于大规模选举的电子投票方案,任何人都可以对不诚实投票行为进行验证;若不诚实投票者投出超过一张的选票,则任何人都可以通过选票中的签名进行检测并确定不诚实签名者的身份。该方案同时保证了选票的唯一性
性、秘密性、可验证性和公平性,具有较高的通信效率和安全性。     

无可信中心的电子投票方案*

给出一个无可信中心的电子投票方案,即使在管理机构和计票机构都不可信的情况下仍能够保证投票的安全性。该方案能够始终保证投票者的匿名性,即使选票公开,任何人都不能确定投票者的身份;解决了选票碰撞的问题,即不同的投票人必定产生不同的选票。     

一种抗强制的电子投票方案

利用秘密共享、混合网、可否认认证等安全技术,提出了一种抗强制的电子投票方案。该方案满足了电子投票的基本要求,并且较好地解决了电子投票中有关强迫投票和买卖选票的问题。由于强制者无法判断受迫者是否按照自己意愿投出选票,从而提高了电子投票的抗强制性。     

On the security enhancement for anonymous secure e-voting over computer network

Mu and Varadharajan proposed an electronic voting system which can be utilized in large-scale elections in 1998. Recently, Lin et al. showed that Mu and Varadharajan's scheme has a weakness. That is, voters can successfully vote more than once without being detected. To avoid this weakness, Lin et al. proposed a modified scheme. However, this paper shows that the Lin et al.'s modification allows the Authentication Server to identify the voters of published tickets so that voters will lose their privacy. An improved scheme is further proposed to solve this problem and thus enhance the security.     

An Optical Scan E-Voting System based on N-Version Programming

This article presents Demotek, a multi-agent prototype for an electronic voting system based on optical character recognition technology. Trade-offs in voter training, ease of use, security, and coercion across various systems are considered for the purpose of recognizing achievable improvements. Based on the use of N-version programming techniques, we propose improvements to Demotek, including those in security and new capabilities. This case study demonstrates how the voter's authentication system and vote data transmission could further simplify and improve the electoral process by adding these new capabilities to the electronic voting system using N-version programming.     

基于SEAL库的同态加权电子投票系统

电子投票比传统纸质投票更为灵活高效,能节省大量人力物力,在不同选举场合中的地位越来越重要.同态加密技术可以在电子投票过程中发挥重要作用,同态加密技术结合其他安全技术和手段来设计的电子投票系统,可以在计票过程中有效保护投票者的身份隐私,相比其他类型的电子投票系统也更为简洁高效.为了解决电子投票中的身份隐私保护和实现效率问题,本文提出了一种基于SEAL库的同态加权电子投票系统,通过同态操作实现密文计票,可有效抵抗来自计票中心内部的恶意攻击,保证选票保密性和计票结果正确性;通过在选票中引入投票权重,可以使电子投票系统实现加权投票;通过将选票信息密态存储在云端数据库,将计票中心部署在云端,可在保证安全的前提下借助云计算服务实现高效计票;系统中加密算法的安全性基于格上RLWE困难问题,可以抵抗量子计算攻击.对所设计投票系统的效率测试表明,完成对1000张选票的计票工作仅耗时1.867 s,相比Will等人在ICCCRI2015中提出的基于Paillier的电子投票系统计票耗时减少了32.73%,相比Wang等人在2017年提出的基于Helib的电子投票系统计票耗时减少了99.26%,相比Li在2017年提出的基于Helib的电子投票系统计票耗时减少了91.81%.本文提出的同态加权电子投票系统可以满足多个候选人投票和加权投票,能够适用于多种投票场景,且计票效率可以满足大规模投票的应用需求.     

Achieving Learning Objectives through E-Voting Case Studies

The rapidly increasing use of electronic voting machines in US elections provides a wonderful opportunity to teach students about computer security. In this article, we present an informal e-voting case study to achieve five learning outcomes for students in a typical college (or even high school) classroom. Our intent is to motivate a set of lessons specifically involving e-voting, as well as illustrate the usefulness of mapping outcomes to simplified case studies: (i) understanding how to write a "security specification", (ii) learning about different forms of security policies, (iii) understanding confidentiality, privacy, and information flow, (iv) recognizing the importance of considering usability from a security perspective, and (v) identifying assurances role in establishing confidence in results     

Recovering from a computer virus attack

What a computer virus is and why it is dangerous is discussed. A method for detecting the presence of a computer virus and removing it from a computer system is presented. This method would be applicable even if the virus had caused the system to crash. The method is flexible enough to avoid conflict with a site's security policies.     

一种非堆喷射的IE浏览器漏洞利用技术研究

随着互联网技术的进步和发展,计算机成为人们日常生产生活不可缺少的工具,计算机系统的安全问题愈加重要。目前,利用各类系统或软件的漏洞已经成为主流的攻击方法。为更加有效防御针对漏洞的攻击,就需要对各类漏洞利用方法深入研究。文章基于流行的IE浏览器漏洞利用方法的研究,介绍了一种新型的浏览器漏洞利用技术,并在已知漏洞中得到了验证。     

Scantegrity: End-to-End Voter-Verifiable Optical- Scan Voting

Scantegrity is a security enhancement for optical scan voting systems. It's part of an emerging class of "end-to-end" independent election verification systems that permit each voter to verify that his or her ballot was correctly recorded and counted. On the Scantegrity ballot, each candidate position is paired with a random letter. Election officials confirm receipt of the ballot by posting the letter that is adjacent to the marked position. Scantegrity is the first voting system to offer strong independent verification without changing the way voters mark optical scan ballots, and it complies with legislative proposals requiring "unencrypted" paper audit records.     

Apple's Leopard Versus Microsoft's Windows XP: Experimental Evaluation of Apple's Leopard Operating System with Windows XP-SP2 under Distributed Denial of Service Security Attacks

ABSTRACT

Apple's iMac computers are promoted by Apple Inc. to be secure, safe, virus free, and fast computers. In this experimental paper, we evaluate the security offered by the iMac with its usual Leopard Operating System, against different Distributed Denial of Service (DDoS) attacks in a Gigabit LAN environment. We compared the effect of DDoS attacks on Leopard OS against those on the Window's XP-SP2 when installed on the same iMac platform under the same network attack environment. DDoS-based flooding attacks can originate in a LAN environment or can be from the Internet, which can have an impact on a victim computer with a barrage of Denial of Service (DoS) packet requests, thereby exhausting the resources of the victim computer in processing these requests. To study the impact on iMac computers, we created the corresponding DDoS traffic in a controlled lab environment to test against iMac computer that first deployed Leopard OS. Later, the same iMac platform was made to use Window's XP OS. We compared the behavior of Apple's Leopard OS with Windows's XP-SP2 OS under Ping Flood, ICMP Land, TCP-SYN, Smurf Flood, ARP Flood, and UDP Flood attacks. It was found that the Apple's iMac computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac computer. Interestingly, when compared with Microsoft's Windows XP-SP2 operating system, deployed on the same iMac platform, the computer was able to sustain the attack and did not crash. Our discovery of this vulnerability shows that Apple's popular operating systems, namely Leopards, commonly deployed on iMacs are prone to crash under ARP-based security attacks. Also in other attacks Windows XP-SP2 was found to have a better performance than Leopard in terms of resource consumption.