Election Security and Economics: It’s All About Eve

  • David Basin
  • Hans Gersbach
  • Akaki Mamageishvili
  • Lara Schmid
  • Oriol Tejada
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10615)


A system’s security must be understood with respect to the capabilities and behaviors of an adversary Eve. It is often assumed in security analysis that Eve acts as maliciously as possible. From an economic perspective, Eve tries to maximize her utility in a game with other participants. The game’s rules are determined by the system and its security mechanisms, but Eve can invent new ways of interacting with participants. We show that Eve can be used as an interface to explore the interplay between security and economics in the domain of elections. Through examples, we illustrate how reasoning from both disciplines may be combined to explicate Eve’s motives and capabilities and how this analysis could be used for reasoning about the security and performance of elections. We also point to future research directions at the intersection of these disciplines.


  1. 1.
    Anderson, R.: Why information security is hard - an economic perspective. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), pp. 358–365 (2001).
  2. 2.
    Basin, D., Cremers, C.: Modeling and analyzing security in the presence of compromising adversaries. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 340–356. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15497-3_21 CrossRefGoogle Scholar
  3. 3.
    Basin, D., Cremers, C.: Know your enemy: compromising adversaries in protocol analysis. ACM Trans. Inf. Syst. Secur. 17(2), 7:1–7:31 (2014).
  4. 4.
    Basin, D., Cremers, C., Meadows, C.: Model checking security protocols. In: Clarke, E., Henzinger, T., Veith, H. (eds.) Handbook of Model Checking. Chap. 24. Springer (to appear, 2017). ISBN: 9783319105741Google Scholar
  5. 5.
    Basin, D., Radomirovic, S., Schläpfer, M.: A complete characterization of secure human-server communication. In: 2015 IEEE 28th Computer Security Foundations Symposium, pp. 199–213. IEEE Computer Society (2015)Google Scholar
  6. 6.
    Beilharz, H.J., Gersbach, H.: Voting oneself into a crisis. Macroecon. Dyn. 20(4), 954–984 (2016)CrossRefGoogle Scholar
  7. 7.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSFW 2001), pp. 82–96 (2001).
  8. 8.
    Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: Proceedings of the 20th USENIX Conference on Security (SEC 2011), p. 13. USENIX Association, Berkeley (2011).
  9. 9.
    Chaum, D.: Random-sample voting. Accessed 7 Jul 2017
  10. 10.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    van Eeten, M.J., Bauer, J.M.: Economics of Malware: Security Decisions, Incentives and Externalities. OECD Science, Technology and Industry Working Papers 2008(1) (2008)Google Scholar
  12. 12.
    Elklit, J., Svensson, P.: What makes elections free and fair? J. Democracy 8(3), 32–46 (1997)CrossRefGoogle Scholar
  13. 13.
    Gersbach, H., Mamageishvili, A., Tejada, O.: Sophisticated Attacks on Decoy Votes. Mimeo (2017)Google Scholar
  14. 14.
    Gersbach, H., Mühe, F.: Vote-buying and growth. Macroecon. Dyn. 15(5), 656–680 (2011)CrossRefzbMATHGoogle Scholar
  15. 15.
    Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(4), 438–457 (2002)CrossRefGoogle Scholar
  16. 16.
    Krasa, S., Polborn, M.K.: Is mandatory voting better than voluntary voting? Games Econ. Behav. 66(1), 275–291 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_48 CrossRefGoogle Scholar
  18. 18.
    Oppliger, R., Schwenk, J., Helbach, J.: Protecting code voting against vote selling. In: Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit. Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 2.-4. April 2008 im Saarbrücker Schloss. LNI, vol. 128, pp. 193–204. GI (2008)Google Scholar
  19. 19.
    Parkes, D.C., Tylkin, P., Xia, L.: Thwarting vote buying through decoy ballots. In: Proceedings of the 16th Conference on Autonomous Agents and Multiagent Systems, pp. 1679–1681. International Foundation for Autonomous Agents and Multiagent Systems (2017)Google Scholar
  20. 20.
    Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium (CSF 2012), pp. 78–94 (2012).
  21. 21.
    Schweizer Radio und Fernsehen (SRF): Spurensuche nach dem Wahlbetrug im Wallis. Accessed 22 June 2017
  22. 22.
    Schweizerische Bundeskanzlei: Anhang zur Verordnung der Bundeskanzlei über die elektronische Stimmabgabe, Inkrafttreten: 15 January 2014. Accessed 16 June 2017
  23. 23.
    Schweizerische Bundeskanzlei: Verordnung der Bundeskanzlei über die elektronische Stimmabgabe, Inkrafttreten: 15 January 2014. Accessed 16 June 2017
  24. 24.
    Shieh, E., An, B., Yang, R., Tambe, M., Baldwin, C., DiRenzo, J., Maule, B., Meyer, G.: Protect: a deployed game theoretic system to protect the ports of the United States. In: Proceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems, vol. 1, pp. 13–20. International Foundation for Autonomous Agents and Multiagent Systems (2012)Google Scholar
  25. 25.
    Stone-Gross, B., Holz, T., Stringhini, G., Vigna, G.: The underground economy of spam: a botmaster’s perspective of coordinating large-scale spam campaigns. LEET 11, 4 (2011)Google Scholar
  26. 26.
    Tages Anzeiger: Wahlbetrug im Oberwallis–30-jähriger Schweizer verhaftet. Accessed 22 June 2017
  27. 27.
    Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • David Basin
    • 1
  • Hans Gersbach
    • 2
  • Akaki Mamageishvili
    • 2
  • Lara Schmid
    • 1
  • Oriol Tejada
    • 2
  1. 1.Institute of Information SecurityETH ZurichZurichSwitzerland
  2. 2.Chair of Macroeconomics: Innovation and PolicyETH ZurichZurichSwitzerland

Personalised recommendations