Results 1 -
9 of
9
Formal Verification, and Evaluation of an E-Voting System With VVPAT
- IEEE Transactions on Info. Fore & Sec
"... Abstract-The use of new technologies to support voting has been and is the subject of great debate. Several people advocate the benefits it can bring-such as improved speed and accuracy in counting, accessibility, voting from home-and as many are concerned with the risks it poses, such as unequal a ..."
Abstract
-
Cited by 7 (3 self)
- Add to MetaCart
Abstract-The use of new technologies to support voting has been and is the subject of great debate. Several people advocate the benefits it can bring-such as improved speed and accuracy in counting, accessibility, voting from home-and as many are concerned with the risks it poses, such as unequal access (digital divide), violation to secrecy and anonymity, alteration of the results of an election (because of malicious attacks, bad design/coding, or procedural weaknesses). The attitude of different governments towards electronic voting (e-voting) varies accordingly. In this paper, we present the activities related to the development and formal verification of an e-voting system, called ProVotE. ProVotE is an end-to-end e-voting system with a voter verified paper audit trial, developed within the framework of a larger initiative whose goal is assessing the feasibility of introducing e-voting in the Autonomous Province of Trento. ProVotE has been used in trials and elections with legal value in Italy. What we believe to be of interest is the approach we took for its development, which has been based on a participatory design for the definition of the voter interface, on the usage of formal methods and model checking for the validation of the core logic of the machine, on open source components, and on the formal analysis of some critical procedures related to the usage of the machine during the election.
Procedural security analysis: A methodological approach
- JSS
, 2011
"... a b s t r a c t This article introduces what we call procedural security analysis, an approach that allows for a systematic security assessment of (business) processes. The approach is based on explicit reasoning on asset flows and is implemented by building formal models to describe the nominal pr ..."
Abstract
-
Cited by 3 (1 self)
- Add to MetaCart
(Show Context)
a b s t r a c t This article introduces what we call procedural security analysis, an approach that allows for a systematic security assessment of (business) processes. The approach is based on explicit reasoning on asset flows and is implemented by building formal models to describe the nominal procedures under analysis, by injecting possible threat-actions of such models, and by assuming that any combination of threats can be possible in all steps into such models. We use the NuSMV input language to encode the asset flows, which are amenable for formal analysis. This allows us to understand how the switch to a new technological solution changes the requirements of an organization, with the ultimate goal of defining the new processes that ensure a sufficient level of security. We have applied the technique to a real-world electronic voting system named ProVotE to analyze the procedures used during and after elections. Such analyses are essential to identify the limits of the current procedures (i.e., conditions under which attacks are undetectable) and to identify the hypotheses that can guarantee reasonably secure electronic elections. Additionally, the results of the analyses can be a step forward to devise a set of requirements, to be applied both at the organizational level and on the (software) systems to make them more secure.
Formal Specification and Analysis of an e-Voting System. In:
- The 5th International Conference on Availability Reliability and Security, IEEE
, 2010
"... Abstract-Electronic voting systems are a perfect example of security-critical computing. One of the critical and complex parts of such systems is the voting process, which is responsible for correctly and securely storing intentions and actions of the voters. Unfortunately, recent studies revealed ..."
Abstract
-
Cited by 3 (2 self)
- Add to MetaCart
(Show Context)
Abstract-Electronic voting systems are a perfect example of security-critical computing. One of the critical and complex parts of such systems is the voting process, which is responsible for correctly and securely storing intentions and actions of the voters. Unfortunately, recent studies revealed that various evoting systems show serious specification, design, and implementation flaws. The application of formal specification and verification can greatly help to better understand the system requirements of e-voting systems by thoroughly specifying and analyzing the underlying assumptions and the security specific properties. This paper presents the specification and verification of the electronic voting process for the Election Systems & Software (ES&S) system. We used the ASTRAL language to specify the voting process of ES&S machines and the critical security requirements for the system. Proof obligations that verify that the specified system meets the critical requirements were automatically generated by the ASTRAL Software Development Environment (SDE). The PVS interactive theorem prover was then used to apply the appropriate proof strategies and discharge the proof obligations.
A Survey: Electronic Voting Development and Trends
, 2010
"... Any practitioner working on electronic voting (e-voting) seems to have different opinions on the main issues that seem to affect the area. On the one hand– given the criticality and the risk e-voting systems potentially pose to the democratic process–e-voting systems are permanently under a magnify ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
Any practitioner working on electronic voting (e-voting) seems to have different opinions on the main issues that seem to affect the area. On the one hand– given the criticality and the risk e-voting systems potentially pose to the democratic process–e-voting systems are permanently under a magnifying glass that amplifies any glitch, be it significant or not. On the other hand, given the interest e-voting raises within the general public, there seems to be a tendency to generalize and oversimplify. This tendency leads to attributing specific problems to all systems, regardless of context, situation, and actual systems used. Additionally, scarce know-how about the electoral context often contributes to make matters even more confused. This is not to say all e-voting systems show the security and reliability characteristics that are necessary for a system of such a criticality. On the contrary, a lot of work still has to be done. Starting from previous experiences and from a large-scale experiment we conducted in Italy, this paper provides some direction, issues, and trends in e-voting. Getting a clearer view of the research activities in the area, highlighting both positive and negative results, and emphasizing some trends could help, in our opinion, to draw a neater line between opinion and facts, and contribute to the construction of a next generation of e-voting machines to be safely and more confidently employed for elections.
Formal analysis of attacks for e-voting system
- In CRiSIS ’09: Fourth international
, 2009
"... Abstract-Recently, the use of formal methods to specify and verify properties of electronic voting (e-voting) systems, with particular interest in security, verifiability, and anonymity, is getting much attention. Formal specification and verification of such systems can greatly help to better unde ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Abstract-Recently, the use of formal methods to specify and verify properties of electronic voting (e-voting) systems, with particular interest in security, verifiability, and anonymity, is getting much attention. Formal specification and verification of such systems can greatly help to better understand the system requirements by thoroughly specifying and analyzing the underlying assumptions and security specific properties. Unfortunately, even though these systems have been formally verified to satisfy the desired system security requirements, they are still vulnerable to attack. In this paper we extend a formal specification of the ES&S voting system by specifying attacks that have been shown to successfully compromise the system. We believe that performing such analysis is important for two reasons: first, it allows us to discover some missing critical requirements for the specification and/or assumptions that were not met. Second, it allows us to derive mitigation or counter-measure strategies when the system behaves differently than it should. We used the ASTRAL language for the specification, and the verification is performed using the PVS tool.
REQUIREMENTS
"... Abstract—We report on the development of a novel electronic vote machine interface, with emphasis on the requirements engineering process. In particular, we review how we followed an operational prototyping approach in order to gain a better understanding of requirements in an incremental fashion. O ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
Abstract—We report on the development of a novel electronic vote machine interface, with emphasis on the requirements engineering process. In particular, we review how we followed an operational prototyping approach in order to gain a better understanding of requirements in an incremental fashion. Our most interesting observations are concerned with the evolution of our most fundamental requirement: that the voting process followed by the voter should be just like paper. We comment on how the weakening of this requirement was deemed necessary by the addition of other requirements that were identified during our prototype evaluation. This weakening was minimized through the specification of a passive voting protocol that provides feedback to voters without obliging them to follow a voting process any different from that which is normally done using a traditional paper vote. The protocol is based on a simple 3-state machine where we naturally represent the states using the familiar traffic light colour scheme: thus the interaction between voter and interface became known as the three colour protocol. Keywords-prototyping, requirements, evolution, validation
Gang Tan
"... As a result of a public-interest lawsuit, by Court order we were able to study, for one month, the hardware and source code of the Sequoia AVC Advantage direct-recording electronic voting machine, which is used throughout New Jersey (and Louisiana), and the Court has permitted us to publicly describ ..."
Abstract
- Add to MetaCart
(Show Context)
As a result of a public-interest lawsuit, by Court order we were able to study, for one month, the hardware and source code of the Sequoia AVC Advantage direct-recording electronic voting machine, which is used throughout New Jersey (and Louisiana), and the Court has permitted us to publicly describe almost everything that we were able to learn. In short, these machines are vulnerable to a wide variety of attacks on the voting process. It would not be in the slightest difficult for a moderately determined group or individual to mount a vote-stealing attack that would be successful and undetectable. 1 Litigation and legislation in New Jersey In October 2004 a group of public-interest plaintiffs, represented by Professor Penny Venetis of the Rutgers Law School, sued the State of New Jersey (in NJ Superior Court) over the State’s use of direct-recording electronic (DRE) voting machines in New Jersey. By 2004, most of New Jersey’s counties had adopted the Sequoia AVC Advantage full-face DRE. Currently 18 out of New Jersey’s 21 counties use this DRE. The plaintiffs argued that the use of DRE voting machines is illegal and unconstitutional: illegal, because they violate New Jersey election laws requiring that all votes be counted accurately and that voting machines be thoroughly tested, accurate, and reliable; and unconstitutional, because they violate the New Jersey constitution’s requirement that
Experiments and Data Analysis of Electronic Voting System
"... Abstract—Experimental data sets related to e-voting systems are very demanding in order to improve currently deployed e-voting machines. Unfortunately, the studies of such data about the machines ’ security, performance and their evolution with respect to the social and technical aspects are still u ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—Experimental data sets related to e-voting systems are very demanding in order to improve currently deployed e-voting machines. Unfortunately, the studies of such data about the machines ’ security, performance and their evolution with respect to the social and technical aspects are still unsatisfactory. During the last four years we have been involved in the development, experimentation, and evaluation of an e-voting system. The system tried out in several regular elections, and also used in two small elections with legal value. Each experiment provided various sociological (e.g. citizens ’ opinions on the system) and technical data that are related to system’s performance and behavior. In this paper, we present various technical insights and the lessons learned during the e-voting experiment. The method-ology for the various experiments we have carried-out and the data sets collection process are also discussed. This helps to confirm existing data on the subject (e.g., data related to security, procedures and logistics) and, in some cases, provide novel information or, at least, shed a new perspective on some security-critical factors concerning e-voting systems.
