Why the Future Belongs to the Quants
IEEE Security and Privacy
Rational choice of security measures via multi-parameter attack trees
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Computing Exact Outcomes of Multi-parameter Attack Trees
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Serial model for attack tree computations
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Optimal adversary behavior for the serial model of financial attack trees
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Applying a reusable election threat model at the county level
EVT/WOTE'11 Proceedings of the 2011 conference on Electronic voting technology/workshop on trustworthy elections
On fast and approximate attack tree computations
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Hi-index | 0.00 |
We adapt game theoretic methods for studying the security of two evoting systems: the Estonian E-Voting System (EstEVS) and Secure Electronic Registration and Voting Experiment (SERVE) performed in the United States of America. While these two systems are quite similar from technical side, security experts have made totally different decisions about their security--EstEVS was indeed used in practical elections while SERVE was decided to be insecure. The aim of this work is to clarify if the minor technical differences between these two systems were indeed a sufficient reason to distinguish between their security. Our analysis is oriented to practical security against large-scale attacks. We define a model for the real-life environment in which voting takes place and analyze the behavior of adversaries. We show that in our model EstEVS is secure and SERVE is not. The reliability of the results is still questionable because of our limited knowledge about many of the parameters. It turns out though that our main results are quite robust with respect to the choice of parameters.