Seminar, Winter 2015/2016
|Instructor||Fabienne Eigner||Matteo Maffei|
|Organizational Meeting||Wednesday, October 21, 2015 at 16:00, MMCI (E1.7), room 0.10|
|Registration||Registration deadline: Monday, October 19, 2015 at 23:59|
|Place||MMCI (E1.7), room 3.23|
|Form/Credits||Seminar, 7 ECTS|
|Regular Meetings||Thursdays at 16:00|
|1st Session||Thursday, November 12, 2015 at 16:00|
|2nd Session||Thursday, November 26, 2015 at 16:00|
|3rd Session||Thursday, December 10, 2015 at 16:00|
|4th Session||Thursday, January 21, 2016 at 16:00,/FONT>|
|Contact||<fabienne's surname> at cs dot uni-saarland dot de|
- 2016-01-06: updated the schedule and milestones
- 2016-01-06: updated the project information
- 2015-10-21: updated the modus operandi and grading sections
- 2015-10-20: room change for organizational meeting: MMCI (E1.7), room 0.10
- 2015-10-19: time and place updated
- 2015-09-16: the website is online
Electronic voting is receiving increasing attention from governments, mass media, and the scientific community. The deployment of electronic voting systems, however, is limited in practice since many open questions still remain. In this seminar we will focus on answering the following questions:
- Which electronic voting schemes exist and which properties do they fulfill?
- What vulnerabilities of existing protocols have been discovered? What attacks are there? How can we defend against them and how can we prove the "security" of a voting scheme?
- How can we achieve "everlasting privacy": even if a voting scheme protects a voter's vote now, what happens twenty years from now, when current encryptions can be easily broken?
- Which real-life elections use(d) electronic voting? Which protocols are used? What legal requirements are there? Are there recorded attacks?
Topic I. Electronic Voting Schemes
In this session we will have a look at which electronic voting schemes exist and which properties they fulfill.
- (I.1) Helios: Web-based Open-Audit Voting. Ben Adida. In Usenix Security, 2008. (Homepage)
- (I.2) Civitas: Toward a Secure Voting System. Michael R. Clarkson, Stephen Chong, Andrew C. Myers. In Symposium on Security and Privacy, 2008. (Homepage)
- (I.3) Prêt à voter: A Voter-verifiable Voting System. Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, Zhe Xia. In Transactions on Information Forensics and Security, 2009 (Homepage)
- (I.4) Du-Vote: Remote Electronic Voting with Untrusted Computers. Gurchetan S. Grewal, Mark D. Ryan, Liqun Chen, and Michael R. Clarkson. In Computer Security Foundations Symposium, 2015
Topic II. Attacks and Verification
In this session we will discuss vulnerabilities of existing protocols. What attacks are there? How can we defend against them and how can we prove the "security" of a voting scheme?
- (II.1) Clash-Attacks on the Verifiability of E-Voting Systems. Ralf Küsters, Tomasz Truderung, and Andreas Vogt. In Symposium on Security and Privacy, 2012.
- (II.2) Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus. Michael Backes, Catalin Hritcu, and Matteo Maffei. In Computer Security Foundations Symposium, 2008.
- (II.3) Attacking and fixing Helios: An analysis of ballot secrecy. Véronique Cortier and Ben Smyth. In Computer Security Foundations Symposium, 2011.
- (II.4) Type-Based Verification of Electronic Voting Protocols. Véronique Cortier, Fabienne Eigner, Steve Kremer, Matteo Maffei In Conference on Principles of Security and Trust, 2015.
Topic III. Everlasting Privacy
In this session we will answer the question of how to achieve "everlasting privacy": even if a voting scheme protects a voter's vote now, what happens twenty years from now, when current encryptions can be easily broken?
- (III.1) Receipt-free Universally-verifiable Voting with Everlasting Privacy. Tal Moran and Moni Naor. In Advances in Cryptology, 2006.
- (III.2) Practical Everlasting Privacy . Myrto Arapinis, Véronique Cortier, Steve Kremer, and Mark Ryan In Conference on Principles of Security and Trust, 2013.
- (III.3) Election Verifiability or Ballot Privacy: Do We Need to Choose?. Édouard Cuvelier, Olivier Pereira, and Thomas Peters. In European Symposium on Research in Computer Security, 2013. (Technical Report)
Topic IV. Electronic Voting in Practice
In this session we will have a look at real-life elections that use(d) electronic voting. Which protocols are used? What legal requirements are there? Are there recorded attacks?
Only temporary list of papers, still subject to change!
- (IV.1) When Reality Comes Knocking: Norwegian Experiences with Verifiable Electronic Voting. Ida Sofie Gebhardt Stenerud and Christian Bull. In Electronic Voting, 2012.
- (IV.2) Developing a Legal Framework for Remote Electronic Voting. Axel Schmidt, Dennis Heinson, Lucie Langer, Zoi Opitz-Talidou, Philipp Richter, Melanie Volkamer, and Johannes Buchmann. In E-Voting and Identity, 2009.
- (IV.3) Security Analysis of India’s Electronic Voting Machines. Scott Wolchok, Eric Wustrow, J. Alex Halderman, Hari K. Prasad, Arun Kankipati, Sai Krishna Sakhamuri, Vasavya Yagati, and Rop Gonggrijp. In Conference on Computer and Communications Security, 2010.
- (IV.4) Security Analysis of the Estonian Internet Voting System. Drew Springall, Travis Finkenauer, Zakir Durumeric, Jason Kitcat, Harri Hursti, Margaret MacAlpine, and J. Alex Halderman. In Conference on Computer and Communications Security, 2014.
The seminar consists of four sessions (three reading groups and one project demonstration session) throughout the semester. In the reading groups you will present and discuss papers. In each reading group we will discuss four papers. Each student must read all of those. Four students will be assigned to be an expert for one of the papers. As an expert you will prepare a short presentation (15-20 minutes) about "your" paper and present it to the class (see this guide). All non-experts of a paper (who will also have read the paper) must hand in two meaningful questions about this paper in written form to Fabienne in advance. The experts will be given the question in advance and include them as an extra slide at the end of their presentation. After their presentations, the experts will then answer those and all questions arising in the discussion. The presentations should include a short overview of the paper as well as your own thoughts on strengths and weaknesses thereof. Moreover, you should think about the applications and influences that the paper had (or could have) on other works.
Furthermore, each students will develop a small research project that extends and improves one of the state-of-the-art protocols (Helios, Civitas, Prêt à voter). Be creative, the sky is the limit! The research projects will be presented in the fourth session to the class in a short (10-15 minutes) presentation and in a short paper (4-5 pages) documenting your extension and its development.
Overall each student will:
- read 12 papers;
- be an expert for 2 papers;
- prepare questions for 10 papers (20 in total);
- improve one state-of-the art voting system, document the process and the resulting product, and present the results in class;
- actively participate in 4 reading groups.
Participation in the organizational meeting and all the seminar sessions is mandatory.
Each student will have to hand in the slides for their "expert paper" and questions for their "non-expert papers" to Fabienne ( <fabienne's surname> at cs dot uni-saarland dot de) no later than described in the milestones table below.
|Registration||before Monday, October 19, 2015 at 23:59|
|Kick-off meeting||Wednesday, October 21, 2015 at 16:00|
|Slides for Session 1||before Sunday, November 8, 2015 at 23:59|
|Questions for Session 1||before Monday, November 8, 2015 at 23:59|
|Session 1||Thursday, November 12, 2015 at 16:00|
|Slides for Session 2||before Sunday, November 22, 2015 at 23:59|
|Questions for Session 2||before Monday, November 23, 2015 at 23:59|
|Session 2||Thursday, November 26, 2015 at 16:00|
|Slides for Session 3||before Sunday, December 6, 2015 at 23:59|
|Questions for Session 3||before Monday, December 7, 2015 at 23:59|
|Session 3||Thursday, December 10, 2015 at 16:00|
|Project documentations and slides||before Monday, January 18, 2015 at 23:59|
|Session 4||Thursday, January 21, 2015 at 16:00|
To pass the seminar you are required to meet all milestone deadlines (see the table above). Your active participation in all sessions is mandatory. Your final grade is based on the quality of your two expert talks in the reading groups, your active participation in the reading groups, the questions you prepare for the other presentations, and the paper and talk presenting your project. All grades must be 4.0 or higher.
How to register
The registration deadline is Monday, October 19, 2015 at 23:59.
For registering, please send an e-mail as early as possible to <fabienne's surname> at cs dot uni-saarland dot de, indicating your name and matriculation number and which courses related to security and cryptography you have previously taken.
As usual, you have to register in the LSF/HISPOS system (after being officially accepted to participate in the seminar).
Note that the number of participants will be limited (8)!