A Formal Analysis of the Neuchatel e-Voting Protocol

Cortier, Véronique; Galindo, David; Turuani, Mathieu

doi:10.1109/eurosp.2018.00037

Cited by 21 publications

(13 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As side experiments, we also tried our prototype on other model files of similar tools that we could find in the literature. We performed for example an analysis of vote privacy of an e-voting protocol by Scytl deployed in the Swiss canton of Neuchâtel, based on the ProVerif file presented in [23]. We also studied anonymity in a model of the AKA protocol deployed in 3G telephony networks [4] (without XOR), presented in the previous version of DeepSec [16].…”

Section: Methodsmentioning

confidence: 99%

Exploiting Symmetries When Proving Equivalence Properties for Security Protocols

Cheval

Kremer

Rakotonirina

2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Verification of privacy-type properties for cryptographic protocols in an active adversarial environment, modelled as a behavioural equivalence in concurrent-process calculi, exhibits a high computational complexity. While undecidable in general, for some classes of common cryptographic primitives the problem is coNEXP-complete when the number of honest participants is bounded.In this paper we develop optimisation techniques for verifying equivalences, exploiting symmetries between the two processes under study. We demonstrate that they provide a significant (several orders of magnitude) speed-up in practice, thus increasing the size of the protocols that can be analysed fully automatically. CCS CONCEPTS• Security and privacy → Formal security models; Logic and verification.Security protocols are distributed programs transmitting data between several parties. The underlying messages may be sensitivefor economical, political, or privacy reasons-and communications are usually performed through an untrusted network such as the Internet. Therefore, such protocols need to guarantee strong security requirements in an active adversarial setting, i.e., when considering an adversary that has complete control over the communication network. Formal, symbolic methods, rooted in the seminal work of Dolev and Yao [26], have been successful in analysing complex protocols, including for instance the recent TLS 1.3 proposal [11,25] and the upcoming 5G standard [8].

show abstract

Section: Methodsmentioning

confidence: 99%

Exploiting Symmetries When Proving Equivalence Properties for Security Protocols

Cheval

Kremer

Rakotonirina

2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…We present a brief formal security evaluation of the proposed protocols described in Section 5 by ProVerif [22] that is popularly used for verifying cryptographic protocols (e.g., [23,24]). Under an active Dolev-Yao adversary [25], ProVerif can verify the confidentiality and authenticity of the compromised participant, Mallory, that is also allowed to initialize sessions and exchange messages with network entities.…”

Section: Security Evaluation With Proverifmentioning

confidence: 99%

Towards Secure and Usable Certificate-Based Authentication System Using a Secondary Device for an Industrial Internet of Things

et al. 2020

View full text Add to dashboard Cite

As the number of controllers and devices increases in Industrial Internet of Things (IIoT) applications, it is essential to provide a secure and usable user authentication system for human operators who have to manage tens or hundreds of controllers and devices with his/her password. In this paper, we propose a formally verified certificate-based authentication system using a secondary network device for such IIoT applications. In the proposed system, a user’s sign key is encrypted with a secret key that can be computed with his/her password and a secret parameter in a secondary device to securely protect the sign key. To demonstrate the feasibility of the proposed system, we implemented a prototype with standard cryptographic algorithms (AES-256, RSA-3072, and ECDSA-256). The experiment results demonstrated that the execution time overhead of the sign key recovery process was 0.039 and 0.073 s, respectively, for RSA-3072 and ECDSA-256, which was marginal compared with the total execution time (0.383 s for RSA-3072 and 0.319 s for ECDSA-256) of the conventional system. We also verified the security of the proposed protocol using a formal verification tool called ProVerif.

show abstract

“…Following previous approaches [31], [32], we formally define verifiability using events, that record the progress of the protocol for each voter.…”

Section: Verifiabilitymentioning

confidence: 99%

BeleniosVS: Secrecy and Verifiability Against a Corrupted Voting Device

Cortier¹,

Filipiak²,

Lallemand³

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

Self Cite

View full text Add to dashboard Cite

Electronic voting systems aim at two conflicting properties, namely privacy and verifiability, while trying to minimise the trust assumptions on the various voting components. Most existing voting systems either assume trust in the voting device or in the voting server. We propose a novel remote voting scheme BeleniosVS that achieves both privacy and verifiability against a dishonest voting server as well as a dishonest voting device. In particular, a voter does not leak her vote to her voting device and she can check that her ballot on the bulletin board does correspond to her intended vote. More specifically, we assume two elections authorities: the voting server and a registrar that acts only during the setup. Then BeleniosVS guarantees both privacy and verifiability against a dishonest voting device, provided that not both election authorities are corrupted. Additionally, our scheme guarantees receipt-freeness against an external adversary. We provide a formal proof of privacy, receipt-freeness, and verifiability using the tool ProVerif, covering a hundred cases of threat scenarios. Proving verifiability required to develop a set of sufficient conditions, that can be handled by ProVerif. This contribution is of independent interest. Going-to-tally(id, cred, b) ∧ valid(b) Voter(id, cred , l) ∧ open(b) ∈ V. Individual verifiability. When a voter id successfully verifies that her vote v is counted, then there is a valid ballot b, registered for id, that contains v. Verified(id, v) Going-to-tally(id, cred, b) ∧ valid(b) ∧ v = open(b).

show abstract

A Formal Analysis of the Neuchatel e-Voting Protocol

Cited by 21 publications

References 33 publications

Exploiting Symmetries When Proving Equivalence Properties for Security Protocols

Exploiting Symmetries When Proving Equivalence Properties for Security Protocols

Towards Secure and Usable Certificate-Based Authentication System Using a Secondary Device for an Industrial Internet of Things

BeleniosVS: Secrecy and Verifiability Against a Corrupted Voting Device

Contact Info

Product

Resources

About