Central Security Requirements and Analysis of E-Voting Systems
Systems for electronic voting (e-voting systems), including systems for voting over the Internet and systems for voting in a voting booth, are employed in many countries. However, most of the systems used in practice today do not provide a sufficient level of security. For example, programming errors and malicious behavior easily go undetected. In fact, numerous problems with e-voting systems have been reported in various countries.
Therefore, in recent years modern e-voting systems have been designed that strive to achieve a rich set of fundamental but at the same time intricate and seemingly contradictory security requirements. For example, besides keeping the votes of individual voters private (privacy of votes), they try to allow voters to check that their votes were counted correctly, even if voting machines and authorities are malicious (verifiability/accountability). Some of these systems also try to prevent vote buying and voter coercion (coercion resistance).
In this course, we will cover central security requirements of e-voting systems, including those mentioned above, and how they can be formally defined. We will take a close look at several (modern) e-voting systems and study in how far these systems satisfy such requirements.
- R. Küsters. Central security requirements and analysis of e-voting systems. EWSCS 2013 course slides. Lecture 1 [ppt], lecture 2 [ppt], lecture 3 [ppt], lecture 4 [ppt].
- Videos from the lectures.
- R. Küsters, T. Truderung, A. Vogt. A game-based definition of coercion-resistance and its applications. J. of Computer Security, v. 20, n. 6, 709-764, 2012. [doi link]
- R. Küsters, T. Truderung, A. Vogt. Accountability: definition and relationship to verifiability. In Proc. of 17th ACM Conf. on Computer and Communications Security, CCS 2010, pp. 526-535, ACM Press, 2010. [doi link]
- R. Küsters, T. Truderung, A. Vogt. Verifiability, privacy, and coercion-resistance: new insights from a case study. In Proc. of 2011 IEEE Symp. on Security and Privacy, S&P 2011, pp. 538-553, IEEE CS, 2011. [doi link]
- R. Küsters, T. Truderung, A. Vogt. Clash attacks on the verifiability of e-voting systems. In Proc. of 2012 IEEE Symp. on Security and Privacy, S&P 2012, pp. 395-409, IEEE CS, 2012. [doi link]
- R. Küsters, T. Truderung, A. Vogt. Proving coercion-resistance of Scantegrity II. In M. Soriano, S. Qing, X. López, eds., Proc. of 12th Int. Conf. on Information and Communications Security, ICICS 2010, pp. 281-295, v. 6476 of Lect. Notes in Comput. Sci., Springer, 2010. [doi link]
- R. Küsters, T. Truderung. An epistemic approach to coercion-resistance for electronic voting protocols. In Proc. of 2009 IEEE Symp. on Security and Privacy, S&P 2009, pp. 251-266, IEEE CS, 2009. [doi link]
April 17, 2016 21:07 EET
local organizers, ewscs13(at)cs.ioc.ee
EWSCS'13 page: http://cs.ioc.ee/ewscs/2013/