Abstract
We present security vulnerabilities in the remote voting system Helios. We propose Apollo, a modified version of Helios, which addresses these vulnerabilities and could improve the feasibility of internet voting.
In particular, we note that Apollo does not possess Helios’ major known vulnerability, where a dishonest voting terminal can change the vote after it obtains the voter’s credential. With Apollo-lite, votes not authorized by the voter are detected by the public and prevented from being included in the tally.
The full version of Apollo enables a voter to prove that her vote was changed. We also describe a very simple protocol for the voter to interact with any devices she employs to check on the voting system, to enable frequent and easy auditing of encryptions and checking of the bulletin board.
This material is based upon work supported in part by the Maryland Procurement Office under contract H98230-14-C-0127 and NSF Award CNS 1421373.
Authors were partially supported by Polish National Science Centre contract number DEC-2013/09/D/ST6/03927.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Apollo is designed so that the terminal cannot tell whether \(n=0\) or \(n >0\).
References
Adida, B.: Helios: web-based open-audit voting. In: USENIX Security Symposium, pp. 335–348 (2008)
Adida, B., De Marneffe, O., Pereira, O., Quisquater, J.-J., et al.: Electing a university president using open-audit voting: analysis of real-world use of helios. EVT/WOTE 9, 10 (2009)
Benaloh, J.: Simple verifiable elections. In: EVT (2006)
Benaloh, J., Byrne, M., Kortum, P.T., McBurnett, N., Pereira, O., Stark, P.B., Wallach, D.S.: STAR-vote: a secure, transparent, auditable, and reliable voting system. CoRR, abs/1211.1904 (2012)
Bernhard, D., Cortier, V., Pereira, O., Smyth, B., Warinschi, B.: Adapting Helios for provable ballot privacy. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 335–354. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23822-2_19
Bernhard, D., Pereira, O., Warinschi, B.: How not to prove yourself: pitfalls of the Fiat-Shamir heuristic and applications to Helios. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 626–643. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34961-4_38
Carback, R.T., Chaum, D., Clark, J., Conway, J., Essex, A., Hernson, P.S., Mayberry, T., Popoveniuc, S., Rivest, R.L., Shen, E., Sherman, A.T., Vora, P.L.: Scantegrity II municipal election at Takoma Park: the first E2E binding governmental election with ballot privacy. In: USENIX Security Symposium (2010)
Cortier, V., Galindo, D., Glondu, S., Izabachène, M.: Election verifiability for Helios under weaker trust assumptions. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 327–344. Springer, Heidelberg (2014). doi:10.1007/978-3-319-11212-1_19
Cortier, V., Smyth, B.: Attacking and fixing Helios: an analysis of ballot secrecy. J. Comput. Secur. 21(1), 89–148 (2013)
Details, C.: Django: list of security vulnerabilities. MITRE’s CVE web site, Technical report (2015)
Estehghari, S., Desmedt, Y.: Exploiting the client vulnerabilities in internet e-voting systems: hacking Helios 2.0 as an example. In: EVT/WOTE (2010)
D. Foundation. Clickjacking protection in django. Technical report, Django Software Foundation (2015)
Gjosteen, K.: Analysis of an internet voting protocol. Technical report, IACR Eprint report 2010/380 (2010)
Grewal, G.S., Ryan, M.D., Chen, L., Clarkson, M.R.: Du-vote: remote electronic voting with untrusted computers. In: IEEE 28th Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13–17 July 2015, pp. 155–169 (2015)
Halderman, J.A., Teague, V.: The New South Wales iVote system: security failures and verification flaws in a live online election. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 35–53. Springer, Heidelberg (2015). doi:10.1007/978-3-319-22270-7_3
Heiderich, M., Frosch, T., Niemietz, M., Schwenk, J.: The bug that made me president a browser- and web-security case study on Helios voting. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 89–103. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32747-6_6
Kiayias, A., Yung, M.: The vector-ballot e-voting approach. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 72–89. Springer, Heidelberg (2004). doi:10.1007/978-3-540-27809-2_9
Kusters, R., Truderung, T., Vogt, A.: Accountability: definition and relationship to verifiability. In: CCS (2010)
Kusters, R., Truderung, T., Vogt, A.: Clash attacks on the verifiability of e-voting systems. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 395–409. IEEE (2012)
Moher, E., Clark, J., Essex, A.: Diffusion of voter responsibility: potential failings in E2E voter receipt checking. USENIX J. Election Technol. Syst. (JETS) 1, 1–17 (2014)
Neumann, S., Olembo, M.M., Renaud, K., Volkamer, M.: Helios verification: to alleviate, or to nominate: is that the question, or shall we have both? In: Kő, A., Francesconi, E. (eds.) EGOVIS 2014. LNCS, vol. 8650, pp. 246–260. Springer, Heidelberg (2014). doi:10.1007/978-3-319-10178-1_20
Popoveniuc, S., Kelsey, J., Regenscheid, A., Vora, P.: Performance requirements for end-to-end verifiable elections. In: Proceedings of the 2010 International Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, pp. 1–16. USENIX Association (2010)
Springall, D., Finkenauer, T., Durumeric, Z., Kitcat, J., Hursti, H., MacAlpine, M., Halderman, J.A.: Security analysis of the Estonian internet voting system. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 703–715. ACM, New York (2014)
West, M., Barth, A., Veditz, D.: Content security policy level 2. Last call WD, W3C, July 2014
Wolchok, S., Wustrow, E., Isabel, D., Halderman, J.A.: Attacking the Washington, D.C. Internet voting system. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 114–128. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32946-3_10
Zagórski, F., Carback, R.T., Chaum, D., Clark, J., Essex, A., Vora, P.L.: Remotegrity: design and use of an end-to-end verifiable remote voting system. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 441–457. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38980-1_28
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Gaweł, D., Kosarzecki, M., Vora, P.L., Wu, H., Zagórski, F. (2017). Apollo – End-to-End Verifiable Internet Voting with Recovery from Vote Manipulation. In: Krimmer, R., et al. Electronic Voting. E-Vote-ID 2016. Lecture Notes in Computer Science(), vol 10141. Springer, Cham. https://doi.org/10.1007/978-3-319-52240-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-52240-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-52239-5
Online ISBN: 978-3-319-52240-1
eBook Packages: Computer ScienceComputer Science (R0)