Section: New Results

Design

E-voting protocols

Participants : Véronique Cortier, Steve Kremer, Peter Roenne.

We propose a new voting scheme, BeleniosRF, that offers both receipt-freeness and end-to-end verifiability. It is receipt-free in a strong sense, meaning that even dishonest voters cannot prove how they voted. We provide a game-based definition of receipt-freeness for voting protocols with non-interactive ballot casting, which we name strong receipt-freeness (sRF). To our knowledge, sRF is the first game-based definition of receipt-freeness in the literature, and it has the merit of being particularly concise and simple. Built upon the Helios protocol, BeleniosRF inherits its simplicity and does not require any anti-coercion strategy from the voters. We implement BeleniosRF and show its feasibility on a number of platforms, including desktop computers and smartphones. This work has been presented at CCS 2016 [26].

Another challenging problem in e-voting is to provide guarantees when the voting platform itself is corrupted. Du-Vote  [45] is a recently presented remote electronic voting scheme that aims to be malware tolerant, i.e., provide security even in the case where the platform used for voting has been compromised by dedicated malware. For this it uses an additional hardware token, similar to tokens distributed in the context of online banking. Du-Vote aims at providing vote privacy as long as either the vote platform or the vote server is honest. For verifiability, the security guarantees are even higher, as even if the token's software has been changed, and the platform and the server are colluding, attempts to change the election outcome should be detected with high probability. We provide an extensive security analysis of Du-Vote and show several attacks on both privacy as well as verifiability. We also propose changes to the system that would avoid many of these attacks. This work has been presented at Euro S&P 2016 [28].

Designing and proving an EMV-compliant payment protocol for mobile devices

Participants : Véronique Cortier, Alicia Filipiak.

In collaboration with Gharout, Traoré and Florent (Orange Labs), we devised a payment protocol that can be securely used on mobile devices, even infected by malicious applications. Our protocol only requires a light use of Secure Elements, which significantly simplifies certification procedures and protocol maintenance. It is also fully compatible with the EMV-SDA protocol and allows off-line payments for the users. We provide a formal model and full security proofs of the protocol using the TAMARIN prover. This work has been accepted for publication at Euro S&P'17 [25].

Composition and design of PKIs

Participants : Vincent Cheval, Véronique Cortier.

Public Key Infrastructures (PKIs) is the backbone of public key cryptography, as it ensures that public keys can be correctly linked to identities. Their security typically relies on honest Certificate Authorities that distribute and/or generate keys to all parties. This trust assumption is a vulnerability exploited in numerous attacks. Recent proposals using public logs have succeeded in making certificate management more transparent and verifiable. However, those proposals involve a fixed set of authorities which means an oligopoly is created. Another problem with current log-based system is their heavy reliance on trusted parties that monitor the logs. Cheval, in collaboration with Ryan and Yu (U. Birmingham, UK) propose a distributed transparent key infrastructure (DTKI), which greatly reduces the oligopoly of service providers and allows verification of the behaviour of trusted parties. Their work also formalises the public log data structure and provides a formal analysis of the security that DTKI guarantees. The work has been published in The Computer Journal [17].

In protocol analysis one makes the (strong) assumption that honestly generated keys are available to all parties and that the link between identities and public keys is fixed and known to everyone. The abstraction is grounded in solid intuition but there are currently no theoretical underpinnings to justify its use. Cheval and Cortier, in collaboration with Warinschi (U. Bristol, UK), initiate a rigorous study of how to use PKIs within other protocols, securely. They first show that the abstraction outlined above is in general unsound by exhibiting a simple protocol which is secure with idealized key distribution but fails in the presence of more realistic PKI instantiation. Their main result is a generic composition theorem that identifies under which conditions protocols that require public keys can safely use any PKI protocol (which satisfies a security notion which we identify). Interestingly, unlike most existing composition results in symbolic models they do not require full tagging of the composed protocols. Furthermore, the results confirm the recommended practice that keys used in the PKI should not be used for any other cryptographic task. This work is currently under submission.

Physical Zero-Knowledge Proofs

Participant : Jannik Dreier.

In this work we develop physical algorithms to realize zero-knowledge proofs for Akari, Takuzu, Kakuro, and KenKen, which are logic games similar to Sudoku. The zero-knowledge proofs allow a player to show that he knows a solution without revealing it. These interactive proofs can be realized with simple office material as they only rely on cards and envelopes. They can thus be used for example for scientific outreach activities, or in teaching. Moreover, we also formalized our algorithms and proved their security. This joint work with Bultel (U. Clermont-Ferrand), Dumas (U. Grenoble Alpes), and Lafourcade (U. Clermont-Ferrand) was published at FUN 2016 [22].

Privacy Protection in Social Networks

Participants : Younes Abid, Abdessamad Imine, Huu Hiep Nguyen, Clément Pascutto, Michaël Rusinowitch, Laura Trivino.

Hiep Nguyen's PhD thesis addresses three privacy problems of social networks: graph anonymization, private community detection and private link exchange. The main goal is to provide new paradigms for publication of social graphs in noisy forms, private community detection over graphs as well as distributed aggregation of graphs via noisy link exchange processes. The graph anonymization problem is solved via two different semantics: uncertainty semantics and differential privacy. For uncertainty semantics, a general obfuscation model is proposed that keeps the expected node degree equal to those in the unanonymized graph. Over the last decade, a great number of algorithms for community detection have been proposed to deal with the increasingly complex networks. However, the problem of doing this in a private manner is rarely considered. We analyze the major challenges behind the problem and propose several schemes to tackle them under differential privacy from two perspectives: input perturbation and algorithm perturbation [29].

We address the problem of rapidly disclosing many friendship links using only legitimate queries (i.e., queries and tools provided by the targeted social network). Our study  [18] sheds new light on the intrinsic relation between communities (usually represented as groups) and friendships between individuals. To develop an efficient attack we analysed group distributions, densities and visibility parameters from a large sample of a social network. By effectively exploring the target group network, our proposed algorithm is able to perform friendship and mutual-friend attacks along a strategy that minimizes the number of queries. Pascutto has established a state-of-the-art on inference techniques for social networks. Trivino has developed a user interface for privacy risk evaluation on social networks.