Condiciones organizacionales

So far in this chapter, only the significant role of Mix Nets in building secure electronic voting schemes has been covered. However, this is not the only domain where Mix Nets are deployed; since they were introduced in 1981, they remain the only realistic way of ensuring privacy in settings like the Internet. Additionally, in many different applications, Mix Nets are used implicitly, by the assumption of an anonymous channel and in the following paragraphs some of the most salient applications are presented.

The first Mix Net [Cha81], was proposed for use in electronic mail, in order to hide the correspondence between the sender and the receiver. In this con- text, later email constructions like Babel [GT96], Mixminion [DDM03] and Mix- master [Mix14], tried to preserve the anonymity of the communicating entities.

6.7. Summary 115

However, these systems achieve their purposes at high cost by introducing high- latency networks. By contrast, there are low-latency network implementations for achieving anonymity, with the most characteristic ones being the onion rout- ing (Tor) project [Tor14b, GRS96, SGR97, STRL00], PipeNet [BMS01] and Anonymiser [ano14]. Apart from these applications, research in Mix Nets has spanned other domains, such as in allowing anonymous cash payments [JM98] and in anonymising Radio-Frequency Identification (RFID) tags [GJJS04] where in both, privacy is derived solely from the use of a this type of protocol. In the next paragraph, due to its importance and real-world applicability, the Tor tool is further analysed.

Tor was developed by the US Naval Research Laboratory and is now free soft- ware. It is an open network that protects the users against traffic analysis, keeps their identities secret, prevents other people from learning their location, and provides privacy and security when browsing on the Internet. It has been used for many years by journalists, activists, non-governmental organisations, as well as by individuals as a safe way of untraceable communication. However, it has also been associated with illegal activities [Tor14a, Tor14c], and national secu- rity agencies are working on finding bugs in its implementation in order to be able to find and prosecute the criminal elements. The main idea behind its im- plementation follows a decryption Mix Net’s construction: users choose a path through the network (consisting of a large number of nodes), where each node knows only its predecessor and successor. The sent message is encrypted and travels in the network, where each node, in turn, unwraps the outer layer and relays the inner (encrypted) message to the next. In this setting, it is easy to see that in the case where one of the nodes crashes, the service is lost and the transmission restarts. For a complete account on Tor, the reader is referred to [Tor14b, GRS96, SGR97, STRL00].

6.7

Summary

This chapter has highlighted the importance of using Mix Nets in real-world ap- plications. As they are the main building blocks in designing trustworthy voting protocols, their involvement has been illustrated via some specific examples. To this end, three of the most well-known voting schemes were briefly analysed. Additionally, other applications where Mix Nets have been deployed in order to preserve the privacy of the communicating entities have been referred to. In sum, this chapter has had the aim of preparing the reader for the next part of the the- sis, where different Mix Net protocols are formally analysed and verified against their security and safety requirements.

Conclusion to Part II

In this part of the thesis, an exhaustive analysis of Mix Net protocols has been provided. Additionally, Mix Nets were categorised based on how they process their input messages and the security properties they should satisfy were exam- ined. Furthermore, it has been pointed out that all the proposals in the literature achieve their robustness requirements assuming the existence of a single entity, via which the mix servers communicate with each other. Consequently, it can be perceived as a broadcast channel providing the same services to all mix servers. Regarding this, a number of different implementations were reviewed and its weaknesses highlighted. However, as will be seen in the following chapters of the thesis, this is an unrealistic assumption in that, if it is unavailable, the whole process terminates without producing an output. In this regard, the work that has been conducted in the Part III of the thesis, shall confirm that real Mix Net implementations can be proved to be robust even in the absence of this single point of trust.

With respect to the liveness and safety requirements, a complete literature review on how these were achieved throughout the years has been given. For this pur- pose, starting from the first proposal, introduced in 1981, a survey that covered over 30 years of research on Mix Nets was presented. Moreover, the schemes that have inspired many other constructions as well as some of the implementations that will be modelled, formally analysed and verified against the aforementioned requirements, in the chapters in the next part of this thesis, have been scrutinised. Of greater utility than pure analysis, is Mix Nets usage when considering them as components in real-life applications. Owing to their importance in providing anonymity to communicating entities, they have been utilised as essential compo- nents when designing trustworthy electronic voting schemes. To this end, some of the most well-known voting systems have been selected for analysis and the role of Mix Nets emphasised. Along with explanation of their usage in voting schemes, a survey on their applicability in other commercial applications has also been provided. In sum, this part of the thesis has contained a complete study of Mix Nets, with the aim being to supply the reader with as many details as

possible, so when moving on to the next chapters, the modelling, analysis and verification of the proposed protocols is easier to comprehend.

Part III

Modelling and Formal Analysis

of Mix Nets

Chapter 7

Introduction

In the preceding part, an exhaustive review of Mix Net protocols was presented and it was shown how their characteristics have changed over time. Addition- ally, the proposals that have inspired the current work were examined in detail. In particular, the problem that most of the recent constructions are not robust or that they achieve this requirement under some strong assumptions was high- lighted. Furthermore, it was pointed out that owing to their importance in pro- viding anonymity to the communicating parties, Mix Nets play a significant role in building systems where security requirements, such as privacy, should hold. In this context, in Chapter 6, it was demonstrated how they are used in applications, such as electronic voting as well as in other domains.

A variety of electronic voting schemes have been modelled and formally anal- ysed in the literature [DRS08, DKR09, KRS10, CcCK12, CS11, MH13, MHS14], but they have not considered modelling and formalising the security of Mix Net protocols. Mix Net analyses have invariably focused on safety properties, and important liveness properties, such as robustness (deadlock freedom) are wholly neglected, which is a regrettable omission. To address this gap in the litera- ture, modelling, formal analysis and automated verification of the liveness and safety properties of different Mix Net protocols have been carried out. This work is novel in that it is the first time such modelling and analysis have been con- ducted. The Mix Nets modelled in this part of the thesis not have only theoretic interest, but also practical usage; in this case for elections. That is, the Ximix Mix Net [Xim14], that it is described and modelled in Chapter 8, will be used in the upcoming real large-scale elections in Victoria State, Australia, in November 2014.