Auditing for privacy in threshold PKE e-voting. (13th March 2017)
- Record Type:
- Journal Article
- Title:
- Auditing for privacy in threshold PKE e-voting. (13th March 2017)
- Main Title:
- Auditing for privacy in threshold PKE e-voting
- Authors:
- Kiayias, Aggelos
Zacharias, Thomas
Zhang, Bingsheng - Abstract:
- Abstract : Purpose: This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB). Design/methodology/approach: Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect. Findings: The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB "append" operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system. Originality/value: As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy inAbstract : Purpose: This paper aims to investigate the importance of auditing for election privacy via issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client such as Helios and use a bulletin board (BB). Design/methodology/approach: Argumentation builds upon a formal description of a typical TPKE-based e-voting system where the election authority (EA) is the central node in a star network topology. The paper points out the weaknesses of the said topology with respect to privacy and analyzes how these weaknesses affect the security of several instances of TPKE-based e-voting systems. Overall, it studies the importance of auditing from a privacy aspect. Findings: The paper shows that without public key infrastructure (PKI) support or – more generally – authenticated BB "append" operations, TPKE-based e-voting systems are vulnerable to attacks where the malicious EA can act as a man-in-the-middle between the election trustees and the voters; hence, it can learn how the voters have voted. As a countermeasure for such attacks, this work suggests compulsory trustee auditing. Furthermore, it analyzes how lack of cryptographic proof verification affects the level of privacy that can be provably guaranteed in a typical TPKE e-voting system. Originality/value: As opposed to the extensively studied importance of auditing to ensure election integrity, the necessity of auditing to protect privacy in an e-voting system has been mostly overlooked. This paper reveals design weaknesses present in noticeable TPKE-based e-voting systems that can lead to a total breach of voters' privacy and shows how auditing can be applied for providing strong provable privacy guarantees. … (more)
- Is Part Of:
- Information and computer security. Volume 25:Number 1(2017)
- Journal:
- Information and computer security
- Issue:
- Volume 25:Number 1(2017)
- Issue Display:
- Volume 25, Issue 1 (2017)
- Year:
- 2017
- Volume:
- 25
- Issue:
- 1
- Issue Sort Value:
- 2017-0025-0001-0000
- Page Start:
- 100
- Page End:
- 116
- Publication Date:
- 2017-03-13
- Subjects:
- Privacy -- Auditing -- E-Voting -- Helios -- Man-in-the-middle
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-07-2016-0056 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2069.xml