Title: End-to-end verifiable e-voting for real-world elections
Abstract: End-to-end (E2E) verifiable e-voting has been widely considered the most promising solution to make an e-voting system secure. However, despite over two decades extensive research on this subject and many E2E voting systems proposed in the past, very few of them have been implemented and used in practical elections. One of the key obstacles is their almost universal reliance on a group of tallying authorities (TAs), which consist of supposedly trustworthy individuals with cryptographic expertise to perform the complex decryption and tallying process. In practice, finding and managing such TAs has proved rather difficult. Our research shows that by applying novel cryptographic techniques, it is possible to completely remove TAs while still achieving E2E verifiability. This results in a new paradigm of voting systems that are E2E verifiable without TAs - we call this "self-enforcing e-voting" (SEEV). In this talk, I'll present two concrete SEEV systems for polling station voting and Internet voting respectively. The touchscreen based SEEV prototype for polling station voting was recently trialled in Gateshead, the United Kingdom, during the local elections on 2 May 2019 with positive voter feedback. Between verifiable e-voting and paper ballots, voters clearly preferred the former. Results and lessons from this trial, as well as future challenges, will be presented.
Feng Hao is a Professor of Security Engineering and heads the Systems and Security (SAS) research theme at the Department of Computer Science, University of Warwick. He received his PhD in 2007 in Computer Science from the University of Cambridge. Being a security engineer, he has a mixture of industrial and academic experiences. Prior to starting his academic career, he worked in IT industry for 6 years. He joined Newcastle University as a lecturer in 2010, and became a Reader in 2014 and a Professor in 2018 before moving to his present position. With colleagues, he designed a few cryptographic protocols: AV-net, OV-net, J-PAKE, YAK, DRE-i, DRE-ip and SEAL, some of which have been used in real-life applications. In particular, J-PAKE has been adopted as an industry standard for the IoT commissioning process (used in Google Nest, ARM mbed, NXP IoT Gateway, OpenThread, D-Link border router, Qualcomm thread processor, Texas Instruments SimpleLink) and internationally standardized in ISO/IEC 11770-4. DRE-ip has been successfully trialed in Gateshead during the UK local elections on 2 May 2019. His first paper during PhD on "combining crypto with biometrics effectively" (IEEE Trans. Computers 2006) is ranked the top in Google Classic papers in the category of "cryptography & computer security". His work on "self-enforcing e-voting" has led to a $1.5m ERC starting grant and an ERC proof-of-concept grant.
Title: Protecting Your Critical Infrastructure During a Cyber War
Abstract: The fear of a cyber-war exists among governments and people who have experienced devastating effects of cyber-attacks. A question that often crops up is "How best to prepare for protecting our critical infrastructure in the midst of a cyber-war?" Researchers and vendors are aggressively publishing and marketing new technologies aimed at protecting critical infrastructure. Often, such technologies are evaluated by the developers themselves and the outcome generally is adequate for marketing or getting published. However, it is unclear whether the deployment of such technologies in critical infrastructure will protect their hosts during a potentially devastating cyber-attack. It is exactly such questions that we attempt to answer experimentally using realistic and fully operational testbeds in iTrust. In this talk I will present methods and procedures we use to evaluate research outcomes and vendor products aimed at protecting critical infrastructure and summarize the results obtained. I will then present challenges that ought to be met and overcome before the owners and operators of critical infrastructure can be confident that the technologies they deploy will actually protect their systems in the event of a cyber-war.
Aditya Mathur is a Professor of University at the Singapore University of Technology and Design and Professor Emeritus at Purdue University. As Center Director, Aditya has led the early development and subsequent expansion of the Center for Research in Cyber Security, iTrust, into a National Satellite of Excellence in the area of Design Science and Technology for Secure Critical Infrastructure. Aditya's research is focused on the development of new methods and tools for securing critical infrastructure in the event of a cyber-attack. Aditya, together with members of his research group, has developed several tools such as, for example, a system for the automated generation of Physics-based anomaly detectors (AEGIS), a system that combines AI and plant design to create plant models for anomaly detection (AiCrit), a system for automated protection of plant in the event of a cyber-attack (Argus), a digital twin for water treatment plants (DT-H2O), and a torture test for anomaly detectors. Aditya has authored several textbooks including one of the early books on Microprocessors that led to the introduction of courses across India and other parts of the world.