How Efficient Are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis

Mestel, David; Mueller, Johannes; Reisert, Pascal

Reference : How Efficient Are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/55570

Title :	How Efficient Are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis
Language :	English
Author, co-author :	Mestel, David [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA >]
	Mueller, Johannes [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > APSIA >]
	Reisert, Pascal []
Publication date :	2023
Journal title :	Journal of Computer Security
Publisher :	IOS Press
Peer reviewed :	Yes
ISSN :	0926-227X
Country :	Netherlands
Abstract :	[en] Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > APSIA - Applied Security and Information Assurance
Target :	Researchers ; Professionals
Permalink :	http://hdl.handle.net/10993/55570
FnR project :	FnR ; FNR14698166 > Johannes Mueller > FP2 > Future-proofing Privacy In Secure Electronic Voting > 01/01/2021 > 31/12/2023 > 2020

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	main-tr.pdf		Author preprint	655.07 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices