Nikos Chondros,Bingsheng Zhang,Thomas Zacharias,Panos Diamantopoulos,Stathis Maneas,Christos Patsonakis,Alex Delis,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1016/j.cose.2019.03.001

IF: 5.105

2019-01-01

Computers & Security

Abstract:We present the D-DEMOS suite of distributed, privacy-preserving, and end-to-end verifiable e-voting systems; one completely asynchronous and one with minimal timing assumptions but better performance. Their distributed voting operation is human verifiable; a voter can vote over the web, using an unsafe web client stack, without sacrificing her privacy, and get recorded-as-cast assurance. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. We provide a model and security analysis of the systems, implement prototypes of the complete systems, measure their performance experimentally, demonstrate their ability to handle large-scale elections, and demonstrate the performance trade-offs between the two versions.

Nikos Chondros,Bingsheng Zhang,Thomas Zacharias,Panos Diamantopoulos,Stathis Maneas,Christos Patsonakis,Alex Delis,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1109/icdcs.2016.56

2015-01-01

Abstract:E-voting systems have emerged as a powerful technology for improving democracy by reducing election cost, increasing voter participation, and even allowing voters to directly verify the entire election procedure. Prior internet voting systems have single points of failure, which may result in the compromise of availability, voter secrecy, or integrity of the election results. In this paper, we present the design, implementation, security analysis, and evaluation of D-DEMOS, a complete e-voting system that is distributed, privacy-preserving and end-to-end verifiable. Our system includes a fully asynchronous vote collection subsystem that provides immediate assurance to the voter her vote was recorded as cast, without requiring cryptographic operations on behalf of the voter. We also include a distributed, replicated and fault-tolerant Bulletin Board component, that stores all necessary election-related information, and allows any party to read and verify the complete election process. Finally, we also incorporate trustees, i.e., individuals who control election result production while guaranteeing privacy and end-to-end-verifiability as long as their strong majority is honest. Our system is the first e-voting system whose voting operation is human verifiable, i.e., a voter can vote over the web, even when her web client stack is potentially unsafe, without sacrificing her privacy, and still be assured her vote was recorded as cast. Additionally, a voter can outsource election auditing to third parties, still without sacrificing privacy. Finally, as the number of auditors increases, the probability of election fraud going undetected is diminished exponentially. We provide a model and security analysis of the system. We implement a prototype of the complete system, we measure its performance experimentally, and we demonstrate its ability to handle large-scale elections.

Panagiotis Grontas,Aris Pagourtzis,Alexandros Zacharakis,Bingsheng Zhang

2018-01-01

Abstract:In this work, we propose a first version of an e-voting scheme that achieves end-to-end verifiability, everlasting privacy and efficient coercion resistance in the JCJ setting. Everlasting privacy is achieved assuming an anonymous channel, without resorting to dedicated channels between the election authorities to exchange private data. In addition, the proposed scheme achieves coercion resistance under standard JCJ assumptions. As a core building block of our scheme, we also propose a new primitive called publicly auditable conditional blind signature (PACBS), where a client receives a token from the signing server after interaction; the token is a valid signature only if a certain condition holds and the validity of the signature can only be checked by a designated verifier. We utilize this primitive to blindly mark votes under coercion in an auditable manner.

Xiangan Tian,Vlasis Koutsos,Lijia Wu,Yijian Wu,Dimitrios Papadopoulos

DOI: https://doi.org/10.1145/3548606.3563492

2022-01-01

Abstract:ABSTRACTCOVID-19 has altered the landscape of medical record issuing and verification. Multiple challenges have arisen in this new era as individuals are now required to prove their health status for traveling, working, or simply eating at a restaurant. Record verification across country borders is particularly hard to achieve as it requires collaboration at an international level, sharing potentially sensitive medical data. In this work, we propose VaxPass, a scalable system for COVID-19 record issuing and verification that facilitates this collaboration with minimal data leakage. At the core of our design lies a 2-tier blockchain architecture that allows individual issuing authorities to maintain their own 1st -level blockchain and only upload a small digest of their records, periodically, on the 2nd -level. Crucially, a verifier can check the validity of a certificate without having access to the 1st -level blockchain where the records actually reside. Our system also includes a mobile application and a web client. As we demonstrate, its performance scales well with the number of participants, making this the first solution able to support real-life inspired needs for such a system, while maintaining confidentiality of the medical data solely to privy entities.

Prashant Agrawal,Mahabir Prasad Jhanwar,Subodh Vishnu Sharma,Subhashis Banerjee

2024-06-02

Abstract:While existing literature on electronic voting has extensively addressed verifiability of voting protocols, the vulnerability of electoral rolls in large public elections remains a critical concern. To ensure integrity of electoral rolls, the current practice is to either make electoral rolls public or share them with the political parties. However, this enables construction of detailed voter profiles and selective targeting and manipulation of voters, thereby undermining the fundamental principle of free and fair elections. In this paper, we study the problem of designing publicly auditable yet privacy-preserving electoral rolls. We first formulate a threat model and provide formal security definitions. We then present a protocol for creation, maintenance and usage of electoral rolls that mitigates the threats. Eligible voters can verify their inclusion, whereas political parties and auditors can statistically audit the electoral roll. Further, the audit can also detect polling-day ballot stuffing and denials to eligible voters by malicious polling officers. The entire electoral roll is never revealed, which prevents any large-scale systematic voter targeting and manipulation.

Cryptography and Security,Computers and Society

Hao Wu,Xuejin Tian,Minghao Li,Yunxin Liu,Ganesh Ananthanarayanan,Fengyuan Xu,Sheng Zhong

DOI: https://doi.org/10.1145/3447993.3448618

2021-01-01

Abstract:ABSTRACTAs Video Streaming and Analytics (VSA) systems become increasingly popular, serious privacy concerns have risen on exposing too much unnecessary private information to the VSA providers. Yet, it is challenging to protect privacy while still preserving desired VSA features, i.e., effective analytics, forensic support, resource efficiency, and real-time execution. In this paper, we present a VSA privacy enhancement system (PECAM), which addresses the above challenge with no change in the VSA back-end. PECAM leverages a novel Generative Adversarial Network to perform the privacy-enhanced securely-reversible video transformation. PECAM also incorporates a couple of system optimizations into its VSA workflow to reduce network bandwidth usage and enable real-time processing on cameras. We implement our PECAM prototype on commodity hardware and evaluate its performance via both security study and extensive experiments. Results demonstrate that PECAM can effectively enhance the visual privacy of VSA in the presence of an adversary, and its transformed videos, when taken as input for various VSA back-end tasks, maintain a 96% accuracy of corresponding original videos. Additionally, it performs 12.3× and 1.8× better than baseline methods in terms of the computing cost and network bandwidth usage, respectively.

Eleanor McMurtry,Xavier Boyen,Chris Culnane,Kristian Gjøsteen,Thomas Haines,Vanessa Teague

DOI: https://doi.org/10.48550/arXiv.2111.04210

2021-11-09

Abstract:We propose a protocol for verifiable remote voting with paper assurance. It is intended to augment existing postal voting procedures, allowing a ballot to be electronically constructed, printed on paper, then returned in the post. It allows each voter to verify that their vote has been correctly cast, recorded and tallied by the Electoral Commission. The system is not end-to-end verifiable, but does allow voters to detect manipulation by an adversary who controls either the voting device, or (the postal service and electoral commission) but not both. The protocol is not receipt-free, but if the client honestly follows the protocol (including possibly remembering everything), they cannot subsequently prove how they voted. Our proposal is the first to combine plain paper assurance with cryptographic verification in a (passively) receipt-free manner.

Cryptography and Security

Yongzhi Wang,Yulong Shen,Xiaohong Jiang

DOI: https://doi.org/10.1109/tifs.2017.2787993

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Public cloud vendors have been offering a variety of big data computing services on their clouds. However, runtime integrity is one of the major security concerns that hinder the wide adoption of those services. In this paper, we focus on MapReduce, a popular big data computing framework, and propose the runtime integrity audition (RIA), a solution that remotely verifies the runtime integrity of MapReduce applications. RIA records the runtime variable values of the MapReduce application on the public cloud and checks those values against the application’s code on the private cloud. By doing so, RIA protects the runtime integrity of MapReduce applications. Based on the idea of RIA, we developed a prototype system, called MR Auditor, and tested its applicability and performance with several Hadoop applications. Our experimental results showed that MR Auditor is a general tool that can efficiently audit the runtime integrity of all the MapReduce applications that we tested. In addition, MR Auditor incurs a moderate performance overhead. For example, when verifying the Word Count application, a proper parameter setting of MR Auditor incurs 1% of extra execution time on the public cloud and 14% of extra execution time on the private cloud.

Siqin Zhao,Kang Chen,Weimin Zheng

DOI: https://doi.org/10.1109/ISPA.2009.32

2009-01-01

Abstract:Auditable file system is used to track the usage of the file system including the operations like read and write. Auditable file system keeps the trails of userspsila action and the trails are kept faithfully for future auditing. However, as the logs are still kept within the same file system, it will be quite vulnerable to be exposed as malware penetrating the system. Even with the file system hiding the logs, the skillful attacker can still analyze the on-disk structure to get and modify the logs. Thus the logs should be kept separate from the working system. Virtual machines can provide such separation as virtual machines can hold the whole operating system while still keep the system apart from the metal hardware. We propose a method of secure logging for auditable file system using a logging virtual machine. The logs are kept in another virtual machine safely. Even the working virtual machine is broken; the logs are not exposed to the outside. By the isolation provided by virtual machines, the logs can be kept safe and valid. The high privileged user can not modify the logs contents, or forge the logs and data to keep consistency, or pretend to be another user for doing un-authorized actions. We have done several works as well as a prototype system to show the feasibility of such approach. Experiments show that the logging virtual machine will not bring too much overhead.

Philip B. Stark

2023-08-31

Abstract:Risk-limiting audits (RLAs) guarantee a high probability of correcting incorrect reported outcomes before the outcomes are certified. The most efficient use ballot-level comparison, comparing the voting system's interpretation of individual ballot cards sampled at random (cast-vote records, CVRs) from a trustworthy paper trail to a human interpretation of the same cards. Such comparisons require the voting system to create and export CVRs in a way that can be linked to the individual ballots the CVRs purport to represent. Such links can be created by keeping the ballots in the order in which they are scanned or by printing a unique serial number on each ballot. But for precinct-count systems (PCOS), these strategies may compromise vote anonymity: the order in which ballots are cast may identify the voters who cast them. Printing a unique pseudo-random number ("cryptographic nonce") on each ballot card after the voter last touches it could reduce such privacy risks. But what if the system does not in fact print a unique number on each ballot or does not accurately report the numbers it printed? This paper gives two ways to conduct an RLA so that even if the system does not print a genuine nonce on each ballot or misreports the nonces it used, the audit's risk limit is not compromised (however, the anonymity of votes might be compromised). One method allows untrusted technology to be used to imprint and to retrieve ballot cards. The method is adaptive: if the technology behaves properly, this protection does not increase the audit workload. But if the imprinting or retrieval system misbehaves, the sample size the RLA requires to confirm the reported results when the results are correct is generally larger than if the imprinting and retrieval were accurate.

Cryptography and Security,Applications

J. Karthi,K. Saravanan,S. Ravi,K. Kalaiselvi,Shalini M,T. Venkatesan

DOI: https://doi.org/10.1109/ISCS61804.2024.10581204

2024-05-03

Abstract:The abstract presents a concise overview of the methodology and key findings of the experimental evaluation conducted for a Blockchain Assisted Electronic Voting System (BAEVS) employing a Secured Authentication Scheme. This study focuses on the design, implementation, and assessment of the BAEVS, aiming to enhance the transparency, security, and reliability of electronic voting processes. The methodology encompasses three main stages: Prototype Development, Blockchain Platform Selection, and Smart Contract Implementation. The prototype is developed using modern web development frameworks to ensure usability and accessibility for diverse users. A suitable blockchain platform, such as Ethereum or Hyperledger Fabric, is chosen to implement the distributed ledger component, considering factors such as scalability and security. Smart contracts, developed in platform-specific languages, govern the voting process and undergo rigorous testing to ensure correctness and reliability. The experimental evaluation reveals promising results, demonstrating the effectiveness of the BAEVS in providing secure and transparent electronic voting. Overall, this study contributes to the advancement of electronic voting systems by offering insights into the design and implementation of blockchain-assisted solutions with secured authentication mechanisms.

Computer Science

Sweta Gupta,Kamlesh Kumar Gupta,Piyush Kumar Shukla

DOI: https://doi.org/10.1002/cpe.8324

2024-11-16

Concurrency and Computation Practice and Experience

Abstract:Voting has always been a crucial topic of public attention for democratic reasons. The ease of use and low cost are the result of e‐voting being frequently used for such important decision outcomes. However, the tremendous authority and intervening data in current e‐voting systems make it risky and difficult to achieve correct equity and clarity in e‐voting. So, by combining e‐voting with blockchain technology, these issues can be resolved while providing reorganization and intervention‐resistant characteristics. A voter's improper manipulation, frequent voting, or non‐party voting, may also undermine fairness. A verifier is therefore required to check the e‐voting mechanism in order to ensure its effectiveness and control the process equality and fairness. In this paper, a Blockchain‐based e‐Voting Mechanism (BVM) is developed for providing the end to end security and fairness for transparent voting. This mechanism also provides a zero‐knowledge proof (ZP) based verifier to inspect the voting procedure against voter's mis‐operations and uses a novel Improved Master‐key Administration (IMA) based public key cryptography to attack prevention. The utilization of blockchain technology ensures transparency, anonymity, confidentiality, authentication, tamper resistance, and a high level of data integrity, making it a promising choice for modernizing and enhancing the electoral process. Also, the performance of BVM has been compared with similar voting mechanisms and analyzed based on time complexity, security analysis, performance factors like delay and throughput, and anti‐attack examination.

computer science, theory & methods, software engineering

Se Elnour,William J Buchanan,Paul Keating,Mwrwan Abubakar,Sirag Elnour

DOI: https://doi.org/10.48550/arXiv.2403.05275

2024-03-08

Abstract:The vSPACE experimental proof-of-concept (PoC) on the TrueElect[Anon][Creds] protocol presents a novel approach to secure, private, and scalable elections, extending the TrueElect and ElectAnon protocols with the integration of AnonCreds SSI (Self-Sovereign Identity). Such a protocol PoC is situated within a Zero-Trust Architecture (ZTA) and leverages confidential computing, continuous authentication, multi-party computation (MPC), and well-architected framework (WAF) principles to address the challenges of cybersecurity, privacy, and trust over IP (ToIP) protection. Employing a Kubernetes confidential cluster within an Enterprise-Scale Landing Zone (ESLZ), vSPACE integrates Distributed Ledger Technology (DLT) for immutable and certifiable audit trails. The Infrastructure as Code (IaC) model ensures rapid deployment, consistent management, and adherence to security standards, making vSPACE a future-proof solution for digital voting systems.

Cryptography and Security,Computers and Society

Josh Benaloh,Mike Byrne,Philip Kortum,Neal McBurnett,Olivier Pereira,Philip B. Stark,Dan S. Wallach

DOI: https://doi.org/10.48550/arXiv.1211.1904

2012-11-08

Cryptography and Security

Abstract:In her 2011 EVT/WOTE keynote, Travis County, Texas County Clerk Dana DeBeauvoir described the qualities she wanted in her ideal election system to replace their existing DREs. In response, in April of 2012, the authors, working with DeBeauvoir and her staff, jointly architected STAR-Vote, a voting system with a DRE-style human interface and a "belt and suspenders" approach to verifiability. It provides both a paper trail and end-to-end cryptography using COTS hardware. It is designed to support both ballot-level risk-limiting audits, and auditing by individual voters and observers. The human interface and process flow is based on modern usability research. This paper describes the STAR-Vote architecture, which could well be the next-generation voting system for Travis County and perhaps elsewhere.

Sarah Meiklejohn,Pavel Kalinnikov,Cindy S. Lin,Martin Hutchinson,Gary Belvin,Mariana Raykova,Al Cutter

DOI: https://doi.org/10.48550/arXiv.2011.04551

2020-11-09

Cryptography and Security

Abstract:In recent years, there has been increasing recognition of the benefits of having services provide auditable logs of data, as demonstrated by the deployment of Certificate Transparency and the development of other transparency projects. Most proposed systems, however, rely on a gossip protocol by which users can be assured that they have the same view of the log, but the few gossip protocols that do exist today are not suited for near-term deployment. Furthermore, they assume the presence of global sets of auditors, who must be blindly trusted to correctly perform their roles, in order to achieve their stated transparency goals. In this paper, we address both of these issues by proposing a gossip protocol and a verifiable registry, Mog, in which users can perform their own auditing themselves. We prove the security of our protocols and demonstrate via experimental evaluations that they are performant in a variety of potential near-term deployments.

Meiqi Li,Xinyi Luo,Wentuo Sun,Jian Li,Kaiping Xue

DOI: https://doi.org/10.1109/icc45855.2022.9838840

2022-01-01

Abstract:E-voting plays a vital role in modern social life. However, traditional e-voting systems usually rely on a trusted third party and therefore non-verifiable and prone to a single point of failure. In recent years, many researchers have tried to turn to blockchain to eliminate the vulnerabilities of e-voting systems. However, blockchain-based e-voting brings new problems in protecting voters’ privacy and ballots’ confidentiality, and causes a great performance degradation. In this paper, we propose AvecVoting, an anonymous and verifiable blockchain-based e-voting scheme, providing both strong security and high performance. Specifically, we utilize threshold encryption and one-time ring signature to protect voters’ privacy and ballots’ confidentiality. Furthermore, to improve the performance, we introduce the concept "counter" to count the ballots. Through the carefully designed RandomSortition and reputation-based PayOff algorithms based on smart contracts, AvecVoting can achieve correct counting even when some counters are untrustworthy. Our security and performance analyses show that AvecVoting provides strong security such as anonymity, non-repeatability, confidentiality, verifiability, etc., and meanwhile overcome the performance issues caused by blockchain and provides good efficiency in both voting and counting stages.

Mohammed Alghazwi,Dewi Davies-Batista,Dimka Karastoyanova,Fatih Turkmen

2024-03-22

Abstract:Aggregate statistics play an important role in extracting meaningful insights from distributed data while preserving privacy. A growing number of application domains, such as healthcare, utilize these statistics in advancing research and improving patient care.

Cryptography and Security

Shaowei Zhu,Hyo Jin Kim,Maurizio Monge,G. Edward Suh,Armin Alaghi,Brandon Reagen,Vincent Lee

DOI: https://doi.org/10.48550/arXiv.2203.13308

2022-03-24

Cryptography and Security

Abstract:Localization and mapping is a key technology for bridging the virtual and physical worlds in augmented reality (AR). Localization and mapping works by creating and querying maps made of anchor points that enable the overlay of these two worlds. As a result, information about the physical world is captured in the map and naturally gives rise to concerns around who can map physical spaces as well as who can access or modify the virtual ones. This paper discusses how we can provide access controls over virtual maps as a basic building block to enhance security and privacy of AR systems. In particular, we propose VACMaps: an access control system for localization and mapping using formal methods. VACMaps defines a domain-specific language that enables users to specify access control policies for virtual spaces. Access requests to virtual spaces are then evaluated against relevant policies in a way that preserves confidentiality and integrity of virtual spaces owned by the users. The precise semantics of the policies are defined by SMT formulas, which allow VACMaps to reason about properties of access policies automatically. An evaluation of VACMaps is provided using an AR testbed of a single-family home. We show that VACMaps is scalable in that it can run at practical speeds and that it can also reason about access control policies automatically to detect potential policy misconfigurations.

Zeshun Shi,Jeroen Bergers,Ken Korsmit,Zhiming Zhao

DOI: https://doi.org/10.48550/arXiv.2207.00370

2022-07-01

Cryptography and Security

Abstract:Data tampering is often considered a severe problem in industrial applications as it can lead to inaccurate financial reports or even a corporate security crisis. A correct representation of data is essential for companies' core business processes and is demanded by investors and customers. Traditional data audits are performed through third-party auditing services; however, these services are expensive and can be untrustworthy in some cases. Blockchain and smart contracts provide a decentralized mechanism to achieve secure and trustworthy data integrity verification; however, existing solutions present challenges in terms of scalability, privacy protection, and compliance with data regulations. In this paper, we propose the AUtomated and Decentralized InTegrity vErification Model (AUDITEM) to assist business stakeholders in verifying data integrity in a trustworthy and automated manner. To address the challenges in existing integrity verification processes, our model uses carefully designed smart contracts and a distributed file system to store integrity verification attributes and uses blockchain to enhance the authenticity of data certificates. A sub-module called Data Integrity Verification Tool (DIVT) is also developed to support easy-to-use interfaces and customizable verification operations. This paper presents a detailed implementation and designs experiments to verify the proposed model. The experimental and analytical results demonstrate that our model is feasible and efficient to meet various business requirements for data integrity verification.

Hidde Lycklama,Alexander Viand,Nicolas Küchler,Christian Knabenhans,Anwar Hithnawi

2024-09-23

Abstract:Recent advancements in privacy-preserving machine learning are paving the way to extend the benefits of ML to highly sensitive data that, until now, have been hard to utilize due to privacy concerns and regulatory constraints. Simultaneously, there is a growing emphasis on enhancing the transparency and accountability of machine learning, including the ability to audit ML deployments. While ML auditing and PPML have both been the subjects of intensive research, they have predominately been examined in isolation. However, their combination is becoming increasingly important. In this work, we introduce Arc, an MPC framework for auditing privacy-preserving machine learning. At the core of our framework is a new protocol for efficiently verifying MPC inputs against succinct commitments at scale. We evaluate the performance of our framework when instantiated with our consistency protocol and compare it to hashing-based and homomorphic-commitment-based approaches, demonstrating that it is up to 10^4x faster and up to 10^6x more concise.

Cryptography and Security