Liudmila Babenko
ABSTRACT
The development of electronic voting systems is a complex and urgent task in today's time. At the heart of the security of any system using network interaction are cryptographic protocols. Their quality is verified by means of formal verification. However, formal verification tools work with protocols in an abstract form of Alice-Bob format, which does not allow to completely check the protocol for all sorts of attacks. In addition, when implementing the protocol in practice using any programming language, it is possible to change this protocol relative to its original form. As a result, the abstract initial form of the protocol, which was verified by means of formal verification, is considered safe, but a modified implemented protocol that has a different type can no longer be recognized as safe. Thus, verification of the cryptographic protocol of the electronic voting system using source codes is relevant. The paper described an electronic voting system based on blind intermediaries. A parser is described to extract the structure of the cryptographic protocol with which the structure of the voting protocol was obtained. The cryptographic e-voting protocol was translated into the CAS+ specification language for the Avispa automated verifier for protocol security verification.
- Viganò L. Automated security protocol analysis with the AVISPA tool//Electronic Notes in Theoretical Computer Science. - 2006. - T. 155. - C. 61--86.Google Scholar
- Cremers C. J. F. The scyther tool: Verification, falsification, and analysis of security protocols //International Conference on Computer Aided Verification. - Springer, Berlin, Heidelberg, 2008. - C. 414--418.Google Scholar
- Küsters R., Truderung T. Using ProVerif to analyze protocols with Diffie-Hellman exponentiation //Computer Security Foundations Symposium, 2009. CSF'09. 22nd IEEE. - IEEE, 2009. - C. 157--171.Google Scholar
- Babenko, L., & Pisarev, I. (2018, September). Cryptographic Protocol Security Verification of the Electronic Voting System Based on Blinded Intermediaries. In International Conference on Intelligent Information Technologies for Industry (pp. 49--57). Springer, Cham.Google Scholar
- Chaki S., Datta A. ASPIER: An automated framework for verifying security protocol implementations //Computer Security Foundations Symposium, 2009. CSF'09. 22nd IEEE. - IEEE, 2009. - C. 172--185.Google Scholar
- Goubault-Larrecq J., Parrennes F. Cryptographic protocol analysis on real C code //International Workshop on Verification, Model Checking, and Abstract Interpretation. - Springer, Berlin, Heidelberg, 2005. - C. 363--379.Google Scholar
- Goubault-Larrecq J., Parrennes F. Cryptographic protocol analysis on real C code. - Technical report, Laboratoire Spécification et Vérification, Report LSV-09-18, 2009.Google Scholar
- Jürjens J. Using interface specifications for verifying crypto-protocol implementations //Workshop on foundations of interface technologies (FIT). - 2008.Google Scholar
- Jürjens J. Automated security verification for crypto protocol implementations: Verifying the jessie project //Electronic Notes in Theoretical Computer Science. - 2009. - T. 250. - N<u>o</u>. 1. - C. 123--136.Google Scholar
- O'Shea N. Using Elyjah to analyse Java implementations of cryptographic protocols //Joint Workshop on Foundations of Computer Security, Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (FCS-ARSPA-WITS-2008). - 2008.Google Scholar
- Backes M., Maffei M., Unruh D. Computationally sound verification of source code //Proceedings of the 17th ACM conference on Computer and communications security. - ACM, 2010. - C. 387--398.Google Scholar
- Bhargavan K. et al. Cryptographically verified implementations for TLS //Proceedings of the 15th ACM conference on Computer and communications security. - ACM, 2008. - C. 459--468.Google Scholar
- Bhargavan K., Fournet C., Gordon A. D. Verified reference implementations of WS-Security protocols //International Workshop on Web Services and Formal Methods. - Springer, Berlin, Heidelberg, 2006. - C. 88--106.Google Scholar
- Bhargavan K. et al. Verified interoperable implementations of security protocols //ACM Transactions on Programming Languages and Systems (TOPLAS). - 2008. - T. 31. - N<u>o</u>. 1. - C. 5.Google Scholar
- Bhargavan K. et al. Verified implementations of the information card federated identity-management protocol //Proceedings of the 2008 ACM symposium on Information, computer and communications security. - ACM, 2008. - C. 123--135.Google Scholar
- Bhargavan K. et al. Cryptographically verified implementations for TLS //Proceedings of the 15th ACM conference on Computer and communications security. - ACM, 2008. - C. 459--468.Google Scholar
- Babenko, L., & Pisarev, I. (2018, September). Distributed E-Voting System Based On Blind Intermediaries Using Homomorphic Encryption. In Proceedings of the 11th International Conference on Security of Information and Networks (p. 6). ACM.Google ScholarDigital Library
- Babenko, L. K., & Pisarev, I. A. (2018). AN ALGORITHM FOR ANALYSIS OF C# CODE INITIAL FOR EXTRACTING THE STRUCTURE OF CRYPTOGRAPHIC PROTOCOLS1. Cybersecurity Issues, (4), 28.Google Scholar
- Capek P., Kral E., Senkerik R. Towards an empirical analysis of. NET framework and C# language features' adoption //Computational Science and Computational Intelligence (CSCI), 2015 International Conference on. - IEEE, 2015. - C. 865--866.Google Scholar
- Basin D., M'odersheim S., and Vigan'o L. OFMC: A Symbolic Model-Checker for Security Protocols, International Journal of Information Security, 2004.Google Scholar
Index Terms
- Cryptographic protocols implementation security verification of the electronic voting system based on blind intermediaries
Recommendations
Resource Fairness and Composability of Cryptographic Protocols
We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to ...
Modeling replay and integrity violations attacks for cryptographic protocols source codes verification of e-voting system based on blind intermediaries
SIN 2020: 13th International Conference on Security of Information and NetworksVerification of cryptographic protocols is an urgent and complex task. In view of the development of various e-commerce services, as well as mobile robots, unmanned aerial vehicles, internet of things, in which computing resources are in most cases very ...
Verification of security protocols with lists: From length one to unbounded length
Security and Trust PrinciplesWe present a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. More specifically, our technique relies on the Horn clause approach used in the ...
Comments