James Heather

How to prevent type flaw attacks on security protocols

A type flaw attack on a security protocol is an attack where a field that was originally intended to have one type is subsequently interpreted as having another type. A number of type flaw attacks have appeared in the academic literature. In this paper we prove that type flaw attacks can be prevented using a simple technique of tagging each field with some information indicating its intended type.

PrÊt À Voter: a Voter-Verifiable Voting System

¿¿¿¿¿¿Pre¿t a¿ Voter provides a practical approach to end-to-end verifiable elections with a simple, familiar voter-experience. It assures a high degree of transparency while preserving secrecy of the ballot. Assurance arises from the auditability of the election itself, rather than the need to place trust in the system components. The original idea has undergone several revisions and enhancements since its inception in 2004, driven by the identification of threats, the availability of improved cryptographic primitives, and the desire to make the scheme as flexible as possible. This paper presents the key elements of the approach and describes the evolution of the design and their suitability in various contexts. We also describe the voter experience, and the security properties that the schemes provide.

The Append-Only Web Bulletin Board

A large number of papers on verifiable electronic voting that have appeared in the literature in recent years have relied heavily on the availability of an append-only web bulletin board . Despite this widespread requirement, however, the notion of an append-only web bulletin board remains somewhat vague, and no method of constructing such a bulletin board has been proposed. This paper fills the gap. We identify the required properties of an append-only web bulletin board, and introduce the concept of certified publishing of messages to the board. We show how such a board can be constructed in order to satisfy the properties we have identified. Finally, we consider how to extend the scheme to make the web bulletin board robust and able to offer assurance to writers of the inclusion of their messages. Although the work presented here has been inspired and motivated by the requirements of electronic voting systems, the web bulletin board is sufficiently general to allow use in other contexts.

Implementing STV securely in Pret a Voter

Work on electronic voting systems to date has largely focused around first-past-the-post voting. However, the governments of many countries, and many non-governmental organisations, use a single transferable vote system, in which the voter needs to indicate not just a single preferred candidate but a preference ranking of (some or all of) the candidates on offer. This paper investigates the possibility of modifying Pret a Voter to cope with a single transferable vote system. With its newer form involving re-encryption mixes by P.Y.A. Ryan and S.A. Schneider (2006), this seems at first sight to be impossible; with the older version based on RSA onions by D. Chaum et al (2005), the obvious approach works, but security is less than ideal; using multiple re-encryption mix onions for each vote, combined with a lazy decryption semantics, however, proves to be an elegant and efficient solution to the problem.

A decision procedure for the existence of a rank function

Schneiders work on rank functions [IEEE TSE 24(9) (1998)] provides a formal approach to verification of certain properties of a security protocol. However, he illustrates the approach only with a protocol running on a small network: and no help is given with the somewhat hit-and-miss process of finding the rank function that underpins the central theorem.In this paper, we develop the theory to allow for an arbitrarily large network, and give a clearly defined decision procedure by which one may either construct a rank function, proving correctness of the protocol, or show that no rank function exists.We briefly discuss the implications of the absence of a rank function, and the open question of completeness of the rank function theorem.

Turnitoff: identifying and fixing a hole in current plagiarism detection software

In recent times, plagiarism detection software has become popular in universities and colleges, in an attempt to stem the tide of plagiarised student coursework. Such software attempts to detect any copied material and identify its source. The most popular such software is Turnitin, a commercial system used by thousands of institutions in more than 100 countries. Here, we show how to fix a loophole in Turnitins current plagiarism detection process. We demonstrate that, in its current incarnation, one can easily create a document that passes the plagiarism check regardless of how much copied material it contains; we then show how to improve the system to avoid such attacks.

Pretty good democracy for more expressive voting schemes

In this paper we revisit Pretty Good Democracy, a scheme for verifiable Internet voting from untrusted client machines. The original scheme was designed for first-past-the-post elections. Here, we show how Pretty Good Democracy can be extended to voting schemes in which the voter lists the candidates in their order of preference. Our scheme applies to elections using STV, IRV, Borda, or any other tallying scheme in which a vote is a list of candidates in preference order. We also describe an extension to cover Approval or Range voting.

Versatile Pret a Voter: Handling Multiple Election Methods with a Unified Interface

A number of end-to-end verifiable voting schemes have been introduced recently. These schemes aim to allow voters to verify that their votes have contributed in the way they intended to the tally and in addition allow anyone to verify that the tally has been generated correctly. These goals must be achieved while maintaining voter privacy and providing receipt-freeness. However, most of these end-to-end voting schemes are only designed to handle a single election method and the voter interface varies greatly between different schemes. In this paper, we introduce a scheme which handles many of the popular election methods that are currently used around the world. Our scheme not only ensures privacy, receipt-freeness and end-to-end verifiability, but also keeps the voter interface simple and consistent between various election methods.

Equal To The Task

Many methods of analysing security protocols have been proposed, but most such methods rely on analysing a protocol running only a finite network. Some, however--notably, data independence, the strand spaces model, and the rank functions model--can be used to prove correctness of a protocol running on an unbounded network.Roscoe and Broadfoot in [17] show how data independence techniques may be used to verify a security protocol running on an unbounded network. They also consider a weakness inherent in the RSA algorithm, discovered by Franklin and Reiter [3], and show that their data independence approach cannot deal with an intruder endowed with the ability to exploit this weakness.In this paper, we show that neither can the use of honest ideals in the strand spaces model or the use of rank functions in the CSP model be easily adapted to cover such an intruder. In each case, the inequality tests required to model the new intruder cause problems when attempting to extend analysis of a finite network to cover an unbounded network. The results suggest that more work is needed on adapting the intruder model to allow for cryptographic attacks.

Strand spaces and rank functions:more than distant cousins

The strand spaces model and the rank functions model have both been used successfully to analyse and verify security protocols running on unbounded networks. At first sight, these two approaches appear rather different; however, close inspection reveals that there are strong links between strand spaces and rank functions.