Inference Attacks on Encrypted Online Voting via Traffic Analysis
- URL: http://arxiv.org/abs/2509.15694v1
- Date: Fri, 19 Sep 2025 07:14:01 GMT
- Title: Inference Attacks on Encrypted Online Voting via Traffic Analysis
- Authors: Anastasiia Belousova, Francesco Marchiori, Mauro Conti,
- Abstract summary: We examine how adversaries can exploit metadata from encrypted network traffic to uncover sensitive information during online voting.<n>Our analysis reveals that, even without accessing the content, it is possible to infer critical voter actions, such as whether a person votes, the exact moment a ballot is submitted, and whether the ballot is valid or spoiled.<n>We evaluate our attacks on two widely used online voting platforms, one proprietary and one partially open source, achieving classification accuracy as high as 99.5%.
- Score: 19.653420340564946
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Online voting enables individuals to participate in elections remotely, offering greater efficiency and accessibility in both governmental and organizational settings. As this method gains popularity, ensuring the security of online voting systems becomes increasingly vital, as the systems supporting it must satisfy a demanding set of security requirements. Most research in this area emphasizes the design and verification of cryptographic protocols to protect voter integrity and system confidentiality. However, other vectors, such as network traffic analysis, remain relatively understudied, even though they may pose significant threats to voter privacy and the overall trustworthiness of the system. In this paper, we examine how adversaries can exploit metadata from encrypted network traffic to uncover sensitive information during online voting. Our analysis reveals that, even without accessing the encrypted content, it is possible to infer critical voter actions, such as whether a person votes, the exact moment a ballot is submitted, and whether the ballot is valid or spoiled. We test these attacks with both rule-based techniques and machine learning methods. We evaluate our attacks on two widely used online voting platforms, one proprietary and one partially open source, achieving classification accuracy as high as 99.5%. These results expose a significant privacy vulnerability that threatens key properties of secure elections, including voter secrecy and protection against coercion or vote-buying. We explore mitigations to our attacks, demonstrating that countermeasures such as payload padding and timestamp equalization can substantially limit their effectiveness.
Related papers
- Your Privacy Depends on Others: Collusion Vulnerabilities in Individual Differential Privacy [50.66105844449181]
Individual Differential Privacy (iDP) promises users control over their privacy, but this promise can be broken in practice.<n>We reveal a previously overlooked vulnerability in sampling-based iDP mechanisms.<n>We propose $(varepsilon_i,_i,overline)$-iDP a privacy contract that uses $$-divergences to provide users with a hard upper bound on their excess vulnerability.
arXiv Detail & Related papers (2026-01-19T10:26:12Z) - Are Voters Willing to Collectively Secure Elections? Unraveling a Practical Blockchain Voting System [0.0]
This paper proposes the concept of collectively secure voting, in which voters themselves can opt in as secret holders to protect ballot secrecy.<n>A practical blockchain-based collectively secure voting system is designed and implemented.<n>Results show a high willingness to act as secret holders, reliable participation in share release, and high security confidence in the proposed system.
arXiv Detail & Related papers (2025-10-09T18:02:40Z) - VoxGuard: Evaluating User and Attribute Privacy in Speech via Membership Inference Attacks [51.68795949691009]
We introduce VoxGuard, a framework grounded in differential privacy and membership inference.<n>For attributes, we show that simple transparent attacks recover gender and accent with near-perfect accuracy even after anonymization.<n>Our results demonstrate that EER substantially underestimates leakage, highlighting the need for low-FPR evaluation.
arXiv Detail & Related papers (2025-09-22T20:57:48Z) - SmartphoneDemocracy: Privacy-Preserving E-Voting on Decentralized Infrastructure using Novel European Identity [0.0]
SmartphoneDemocracy is a novel e-voting protocol that combines three key technologies.<n>Our protocol enables voters to register and cast ballots anonymously and verifiably directly from their smartphones.
arXiv Detail & Related papers (2025-07-13T02:39:10Z) - VoteMate: A Decentralized Application for Scalable Electronic Voting on EVM-Based Blockchain [1.7034813545878589]
A single vulnerability could be exploited to manipulate elections on a large scale.<n>System can be secure but may lack transparency and confidentiality.<n>Adding cryptographic layers can also ensure voter confidentiality.
arXiv Detail & Related papers (2025-05-21T17:50:18Z) - Efficient Lower Bounding of Single Transferable Vote Election Margins [56.12949230611067]
Single transferable vote (STV) is a system of preferential proportional voting employed in multi-seat elections.<n>The margin of victory, or simply'margin', is the smallest number of ballots that need to be manipulated to alter the set of winners.<n>Lower bounds on the margin can also be used for this purpose, in cases where exact margins are difficult to compute.
arXiv Detail & Related papers (2025-01-24T13:39:23Z) - Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [43.253676241213626]
We propose an architecture for blockchain-based PAISs to preserve confidentiality and transparency.<n>Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.<n>We assess the security of our solution through a systematic threat model analysis and evaluate its practical feasibility.
arXiv Detail & Related papers (2024-12-07T20:18:36Z) - Learning to Manipulate under Limited Information [44.99833362998488]
We trained over 100,000 neural networks of 26 sizes to manipulate against 8 different voting methods.<n>We find that some voting methods, such as Borda, are highly manipulable by networks with limited information, while others, such as Instant Runoff, are not.
arXiv Detail & Related papers (2024-01-29T18:49:50Z) - Adaptively Weighted Audits of Instant-Runoff Voting Elections: AWAIRE [61.872917066847855]
Methods for auditing instant-runoff voting (IRV) elections are either not risk-limiting or require cast vote records (CVRs), the voting system's electronic record of the votes on each ballot.
We develop an RLA method that uses adaptively weighted averages of test supermartingales to efficiently audit IRV elections when CVRs are not available.
arXiv Detail & Related papers (2023-07-20T15:55:34Z) - Private Multi-Winner Voting for Machine Learning [48.0093793427039]
We propose three new DP multi-winner mechanisms: Binary, $tau$, and Powerset voting.
Binary voting operates independently per label through composition.
$tau$ voting bounds votes optimally in their $ell$ norm for tight data-independent guarantees.
Powerset voting operates over the entire binary vector by viewing the possible outcomes as a power set.
arXiv Detail & Related papers (2022-11-23T20:06:46Z) - Having your Privacy Cake and Eating it Too: Platform-supported Auditing
of Social Media Algorithms for Public Interest [70.02478301291264]
Social media platforms curate access to information and opportunities, and so play a critical role in shaping public discourse.
Prior studies have used black-box methods to show that these algorithms can lead to biased or discriminatory outcomes.
We propose a new method for platform-supported auditing that can meet the goals of the proposed legislation.
arXiv Detail & Related papers (2022-07-18T17:32:35Z) - Secure Order Based Voting Using Distributed Tallying [5.407319151576265]
One of the main challenges in e-voting systems is to certify that the computed results are consistent with the cast ballots.<n>We propose a secure voting protocol for elections governed by order-based voting rules.<n>Our protocol, in which the tallying task is distributed among several independent talliers, offers perfect ballot secrecy.
arXiv Detail & Related papers (2022-05-21T12:17:21Z) - Security Survey and Analysis of Vote-by-Mail Systems [0.0]
We examine the security of electronic systems used in the process of voting by mail, including online voter registration and online ballot tracking systems.
We find that online voter registration systems in some states have vulnerabilities that allow adversaries to alter or effectively prevent a voter's registration.
We additionally find that ballot tracking systems raise serious privacy questions surrounding ease of access to voter data.
arXiv Detail & Related papers (2020-05-18T02:18:15Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.