Tor is not enough: Coercion in Remote Electronic Voting Systems
This addresses a critical security issue for electronic voting systems, exposing a vulnerability that undermines coercion-freeness, though it is incremental as it builds on known limitations of existing anonymization methods.
The paper tackles the problem of coercion in remote electronic voting systems by demonstrating a monitoring attack that can detect whether participants voted, even when using low-latency anonymization networks like Tor, with measured success rates from simulations.
Current electronic voting systems require an anonymous channel during the voting phase to prevent coercion. Typically, low-latency anonymization-networks like Tor are used for this purpose. In this paper we devise a monitoring attack that allows an attacker to monitor whether participants of an election voted, despite the use of a low-latency network during the voting phase, thereby breaking an important part of coercion-freeness. We implement a simulation carrying out our attack and measure its success rates.