Your search keyword '"Dan S. Wallach"' showing total 4 results

1. Verification of STAR-Vote and Evaluation of FDR and ProVerif

Author

Dan S. Wallach and Murat Moran

Subjects

Theoretical computer science, Computer science, Privacy analysis, business.industry, media_common.quotation_subject, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Star (graph theory), Cryptographic protocol, Formal methods, 01 natural sciences, 010201 computation theory & mathematics, 020204 information systems, Voting, 0202 electrical engineering, electronic engineering, information engineering, Systems design, business, media_common

Abstract

We present the first automated privacy analysis of STAR-Vote, a real world voting system design with sophisticated “end-to-end” cryptography, using FDR and ProVerif. We also evaluate the effectiveness of these tools. Despite the complexity of the voting system, we were able to verify that our abstracted formal model of STAR-Vote provides ballot-secrecy using both formal approaches. Notably, ProVerif is radically faster than FDR, making it more suitable for rapid iteration and refinement of the formal model.

Published

2017

2. Clash Attacks and the STAR-Vote System

Author

Dan S. Wallach and Olivier Pereira

Subjects

business.industry, Computer science, media_common.quotation_subject, Cryptography, Plaintext, Collision, Computer security, computer.software_genre, Encryption, Bulletin board, Ballot, Voting, Cryptographic hash function, ComputingMilieux_COMPUTERSANDSOCIETY, business, computer, media_common

Abstract

STAR-Vote is an end-to-end cryptographic voting system that produces both plaintext paper ballots and encrypted electronic records of each ballot. We describe how clash attacks against STAR-Vote could weaken its security guarantees: corrupt voting terminals could identify voters with identical ballot preferences and print identical receipts for them, while generating electronic ballot ciphertexts for other candidates. Each voter would then be able to “verify” their ballot on the public bulletin board, but the electronic tally would include alternative ciphertexts corresponding to the duplicate voters. We describe how this threat can be exploited and mitigated with existing STAR-Vote mechanisms, including STAR-Vote’s use of Benaloh challenges and a cryptographic hash chain. We also describe how this threat can be mitigated through statistical sampling of the printed paper ballots as an extension to the risk-limiting audits that STAR-Vote already requires.

Published

2017

3. Public Evidence from Secret Ballots

Author

Peter Y. A. Ryan, Poorvi L. Vora, Philip B. Stark, J. Alex Halderman, Ronald L. Rivest, Vanessa Teague, Dan S. Wallach, Josh Benaloh, and Matthew Bernhard

Subjects

0301 basic medicine, business.industry, Computer science, media_common.quotation_subject, Context (language use), Cryptography, 16. Peace & justice, Computer security, computer.software_genre, USable, 03 medical and health sciences, Adversarial system, 030104 developmental biology, 0302 clinical medicine, Ballot, 030220 oncology & carcinogenesis, Voting, Secrecy, Key (cryptography), business, computer, media_common

Abstract

Elections seem simple—aren’t they just about counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. They also have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, as well as usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.

Published

2017

4. Users’ Mental Models for Three End-to-End Voting Systems: Helios, Prêt à Voter, and Scantegrity II

Author

Claudia Ziegler Acemyan, Philip Kortum, Dan S. Wallach, and Michael D. Byrne

Subjects

Ballot, Work (electrical), End-to-end principle, Computer science, Disapproval voting, Voting, media_common.quotation_subject, HeliOS, Computer security, computer.software_genre, computer, Cardinal voting systems, media_common

Abstract

This study sought to understand voter's mental models for three end-to-end e2e voting systems: Helios, Pret i Voter, and Scantegrity II. To study voters' mental models of e2e systems, 16 Houston area voters participated in mock elections that required them to vote first with a paper ballot and then with the three e2e systems. After using each system, subjects were asked to draw their mental model--or how the system works, then describe it to the experimenter, and last complete an interview. We found that most participants think about the systems first and foremost in terms of how-to-vote procedures, rather than detailed, conceptual models that describe all aspects of a system, including how they work. When designing e2e voting systems, the findings from this study can be used by system developers to ensure that voters find the systems easy to use and that the designs align with voters' pre-existing mental models for voting.

Published

2015