TU Darmstadt / ULB / TUbiblio

SecIVo: a quantitative security evaluation framework for internet voting schemes

Neumann, Stephan ; Volkamer, Melanie ; Budurushi, Jurlind ; Prandini, Marco (2016)
SecIVo: a quantitative security evaluation framework for internet voting schemes.
In: >Annals of Telecommunications
doi: 10.1007/s12243-016-0520-0
Artikel, Bibliographie

Kurzbeschreibung (Abstract)

Voting over the Internet is subject to a number of security requirements. Each voting scheme has its own bespoke set of assumptions to ensure these security requirements. The criticality of these assumptions depends on the election setting (e.g., how trustworthy the voting servers or the voting devices are). The consequence of this is that the security of different Internet voting schemes cannot easily be compared. We have addressed this shortcoming by developing SecIVo, a quantitative security evaluation framework for Internet voting schemes. On the basis of uniform adversarial capabilities, the framework provides two specification languages, namely qualitative security models and election settings. Upon system analysis, system analysts feed the framework with qualitative security models composed of adversarial capabilities. On the other side, election officials specify their election setting in terms of—among others—expected adversarial capabilities. The framework evaluates the qualitative security models within the given election setting and returns satisfaction degrees for a set of security requirements. We apply SecIVo to quantitatively evaluate Helios and Remotegrity within three election settings. It turns out that there is no scheme which outperforms the other scheme in all settings. Consequently, selecting the most appropriate scheme from a security perspective depends on the environment into which the scheme is to be embedded.

Typ des Eintrags: Artikel
Erschienen: 2016
Autor(en): Neumann, Stephan ; Volkamer, Melanie ; Budurushi, Jurlind ; Prandini, Marco
Art des Eintrags: Bibliographie
Titel: SecIVo: a quantitative security evaluation framework for internet voting schemes
Sprache: Deutsch
Publikationsjahr: Juni 2016
Titel der Zeitschrift, Zeitung oder Schriftenreihe: >Annals of Telecommunications
DOI: 10.1007/s12243-016-0520-0
Kurzbeschreibung (Abstract):

Voting over the Internet is subject to a number of security requirements. Each voting scheme has its own bespoke set of assumptions to ensure these security requirements. The criticality of these assumptions depends on the election setting (e.g., how trustworthy the voting servers or the voting devices are). The consequence of this is that the security of different Internet voting schemes cannot easily be compared. We have addressed this shortcoming by developing SecIVo, a quantitative security evaluation framework for Internet voting schemes. On the basis of uniform adversarial capabilities, the framework provides two specification languages, namely qualitative security models and election settings. Upon system analysis, system analysts feed the framework with qualitative security models composed of adversarial capabilities. On the other side, election officials specify their election setting in terms of—among others—expected adversarial capabilities. The framework evaluates the qualitative security models within the given election setting and returns satisfaction degrees for a set of security requirements. We apply SecIVo to quantitatively evaluate Helios and Remotegrity within three election settings. It turns out that there is no scheme which outperforms the other scheme in all settings. Consequently, selecting the most appropriate scheme from a security perspective depends on the environment into which the scheme is to be embedded.

Freie Schlagworte: Security, Usability and Society;Secure Data
ID-Nummer: TUD-CS-2016-0128
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
Profilbereiche
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 15 Mai 2018 10:33
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen