How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis

David Mestel*, Johannes Müller, Pascal Reisert

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingAcademicpeer-review

Abstract

Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections.Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are.We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion.Our results demonstrate that replay attacks can be devastating for a voter’s privacy even when an adversary’s resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.
Original languageEnglish
Title of host publication2022 IEEE 35th Computer Security Foundations Symposium (CSF)
PublisherThe IEEE
Pages179-194
Number of pages16
ISBN (Print)978-1-6654-8418-3
DOIs
Publication statusPublished - 10 Aug 2022
Externally publishedYes
Event35th IEEE Computer Security Foundations Symposium 2022 - Haifa, Israel
Duration: 7 Aug 202210 Aug 2022
https://www.ieee-security.org/TC/CSF2022/

Conference

Conference35th IEEE Computer Security Foundations Symposium 2022
Abbreviated titleCSF2022
Country/TerritoryIsrael
CityHaifa
Period7/08/2210/08/22
Internet address

Keywords

  • Privacy
  • Statistical analysis
  • Electronic voting
  • Computer security

Fingerprint

Dive into the research topics of 'How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis'. Together they form a unique fingerprint.

Cite this