Análise de cerimônias no sistema de votação Helios
Resumo
Helios é um sistema de votação online, que permite aos eleitores verificarem se seu voto foi corretamente computado pela cabine de votação e armazenado para contabilização final dos votos. Melhorias visando a usabilidade foram propostas por Neumann, são elas o uso de a) diversos independentes institutos de verificação e b) aplicativo para smartphone desenvolvido individualmente por tais institutos, para processos de verificação e armazenamento correto do voto no quadro de avisos. No presente trabalho, tais melhorias são analisadas como cerimônias de segurança, com base no modelo de ameaça adaptativo proposto por Carlos et al.
Palavras-chave:
Análise de cerimônias, modelos de ameaça, usabilidade, Helios
Referências
Adida, B. (2008). Helios: Web-based Open-Audit Voting. In Proceedings of the 17th Symposium on Security, pages 335 – 348. Usenix Association.
Adida, B., De Marneffe, O., Pereira, O., and Quisquater, J.-J. (2009). Electing A University President using Open-Audit Voting: Analysis of Real-World Use of Helios.
In Proceedings of the 2009 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, pages 10–10. Usenix Association.
Carlos, M. C., Martina, J., Price, G., and Custodio, R. F. (2013). An Updated Threat Model for Security Ceremonies. In Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC ’13, pages 1836–1843, New York, NY, USA. ACM.
Dolev, D. and Yao, A. C. (1983). On the Security of Public Key Protocols. IEEE Transactions on Information Theory, 29(2):198–208.
Ellison, C. (2007). Ceremony Design and Analysis. Cryptology ePrint Archive, Report 2007/399. http://eprint.iacr.org/.
Kusters, R., Truderung, T., and Vogt, A. (2012). Clash Attacks on the Verifiability of E-Voting Systems. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 395–409.
Needham, R. M. and Schroeder, M. D. (1978). Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993–999.
Neumann, S., Olembo, M. M., Renaud, K., and Volkamer, M. (2014). Helios verification: To alleviate, or to nominate: Is that the question, or shall we have both? In 3rd International Conference on Electronic Government and the Information Systems Perspective. Springer. To appear.
Adida, B., De Marneffe, O., Pereira, O., and Quisquater, J.-J. (2009). Electing A University President using Open-Audit Voting: Analysis of Real-World Use of Helios.
In Proceedings of the 2009 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, pages 10–10. Usenix Association.
Carlos, M. C., Martina, J., Price, G., and Custodio, R. F. (2013). An Updated Threat Model for Security Ceremonies. In Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC ’13, pages 1836–1843, New York, NY, USA. ACM.
Dolev, D. and Yao, A. C. (1983). On the Security of Public Key Protocols. IEEE Transactions on Information Theory, 29(2):198–208.
Ellison, C. (2007). Ceremony Design and Analysis. Cryptology ePrint Archive, Report 2007/399. http://eprint.iacr.org/.
Kusters, R., Truderung, T., and Vogt, A. (2012). Clash Attacks on the Verifiability of E-Voting Systems. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 395–409.
Needham, R. M. and Schroeder, M. D. (1978). Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993–999.
Neumann, S., Olembo, M. M., Renaud, K., and Volkamer, M. (2014). Helios verification: To alleviate, or to nominate: Is that the question, or shall we have both? In 3rd International Conference on Electronic Government and the Information Systems Perspective. Springer. To appear.
Publicado
03/11/2014
Como Citar
MARTIMIANO, Taciane; MARTINA, Jean Everson; OLEMBO, M. Maina.
Análise de cerimônias no sistema de votação Helios. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 14. , 2014, Belo Horizonte.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2014
.
p. 293-300.
DOI: https://doi.org/10.5753/sbseg.2014.20138.
