Secure Electronic Voting

Similar documents
Electronic Voting Systems

Secure and Reliable Electronic Voting. Dimitris Gritzalis

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Addressing the Challenges of e-voting Through Crypto Design

Swiss E-Voting Workshop 2010

CHAPTER 2 LITERATURE REVIEW

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

E- Voting System [2016]

Union Elections. Online Voting. for Credit. Helping increase voter turnout & provide accessible, efficient and secure election processes.

PRIVACY PRESERVING IN ELECTRONIC VOTING

Estonian National Electoral Committee. E-Voting System. General Overview

Ballot Reconciliation Procedure Guide

Functional Requirements for a Secure Electronic Voting System

On e-voting and privacy

SECURE REMOTE VOTER REGISTRATION

L9. Electronic Voting

Challenges and Advances in E-voting Systems Technical and Socio-technical Aspects. Peter Y A Ryan Lorenzo Strigini. Outline

SMART VOTING. Bhuvanapriya.R#1, Rozil banu.s#2, Sivapriya.P#3 Kalaiselvi.V.K.G# /17/$31.00 c 2017 IEEE ABSTRACT:

Should We Vote Online? Martyn Thomas CBE FREng Livery Company Professor of Information Technology Gresham College

CRYPTOGRAPHIC PROTOCOLS FOR TRANSPARENCY AND AUDITABILITY IN REMOTE ELECTRONIC VOTING SCHEMES

Privacy of E-Voting (Internet Voting) Erman Ayday

Towards a Practical, Secure, and Very Large Scale Online Election

Int. J. of Security and Networks, Vol. x, No. x, 201X 1, Vol. x, No. x, 201X 1

Distributed Protocols at the Rescue for Trustworthy Online Voting

SECURE e-voting The Current Landscape

Secure Voter Registration and Eligibility Checking for Nigerian Elections

Security Analysis on an Elementary E-Voting System

Ad Hoc Voting on Mobile Devices

Brittle and Resilient Verifiable Voting Systems

Electronic Voting: An Electronic Voting Scheme using the Secure Payment card System Voke Augoye. Technical Report RHUL MA May 2013

Designing issues and requirement to develop online e- voting system systems having a voter verifiable audit trail.

An untraceable, universally verifiable voting scheme

Ronald L. Rivest MIT CSAIL Warren D. Smith - CRV

E-Voting, a technical perspective

Voting Protocol. Bekir Arslan November 15, 2008

An Overview on Cryptographic Voting Systems

An Introduction to Cryptographic Voting Systems

M-Vote (Online Voting System)

Checklist. Industry Requirements for E-Bonding Solutions. Based on Surety Association of Canada Vendor Guidelines. Version date: October 19, 2009

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

The Effectiveness of Receipt-Based Attacks on ThreeBallot

Citizen engagement and compliance with the legal, technical and operational measures in ivoting

Netvote: A Blockchain Voting Protocol

The usage of electronic voting is spreading because of the potential benefits of anonymity,

Key Considerations for Implementing Bodies and Oversight Actors

A paramount concern in elections is how to regularly ensure that the vote count is accurate.

An Application of time stamped proxy blind signature in e-voting

A MULTIPLE BALLOTS ELECTION SCHEME USING ANONYMOUS DISTRIBUTION

Running head: ROCK THE BLOCKCHAIN 1. Rock the Blockchain: Next Generation Voting. Nikolas Roby, Patrick Gill, Michael Williams

Audits: an in-depth review of Venezuela s automatic voting

Design and Prototype of a Coercion-Resistant, Voter Verifiable Electronic Voting System

FULL-FACE TOUCH-SCREEN VOTING SYSTEM VOTE-TRAKKER EVC308-SPR-FF

Colorado s Risk-Limiting Audits (RLA) CO Risk-Limiting Audits -- Feb Neal McBurnett

On Some Incompatible Properties of Voting Schemes

Recommendations of the Symposium. Facilitating Voting as People Age: Implications of Cognitive Impairment March 2006

The California Voter s Choice Act: Managing Transformational Change with Voting System Technology

SMS based Voting System

Josh Benaloh. Senior Cryptographer Microsoft Research

Thoughts On Appropriate Technologies for Voting

COMPUTING SCIENCE. University of Newcastle upon Tyne. Verified Encrypted Paper Audit Trails. P. Y. A. Ryan TECHNICAL REPORT SERIES

SEMINAR WORK: E- ELECTIONS AND E- VOTING - THE CASE OF SWITZERLAND AND FRANCE

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Privacy Issues in an Electronic Voting Machine

The Economist Case Study: Blockchain-based Digital Voting System. Team UALR. Connor Young, Yanyan Li, and Hector Fernandez

IMPLEMENTATION OF SECURE PLATFORM FOR E- VOTING SYSTEM

Statement on Security & Auditability

Checklist. Industry Requirements for E-Bonding Solutions. Based on Surety Association of Canada Vendor Guidelines

Prêt à Voter: a Voter-Verifiable Voting System Peter Y. A. Ryan, David Bismark, James Heather, Steve Schneider, and Zhe Xia

Receipt-Free Homomorphic Elections and Write-in Voter Verified Ballots

Case Study. MegaMatcher Accelerator

E-voting at Expatriates MPs Elections in France

Towards a Standard Architecture for Digital Voting Systems - Defining a Generalized Ballot Schema

STATE OF NEW JERSEY. SENATE, No th LEGISLATURE

Submission for Roger Wilkins AO and the NSW Electoral Commission. Review of the NSW ivote internet and telephone voting system

Secured Electronic Voting Protocol Using Biometric Authentication

A Study on Ways to Apply the Blockchain-based Online Voting System 1

Using Prêt à Voter in Victorian State Elections. EVT August 2012

ISSUES AND PROPOSED SOLUTIONS

Electronic Voting in Belgium Past, Today and Future

The problems with a paper based voting

Supporting Debates over Citizen Initiatives

Electronic Voting. Mohammed Awad. Ernst L. Leiss

E-Voting Systems Security Issues

Between Law and Technology: Internet Voting, Secret Suffrage and the European Electoral Heritage

Survey of Fully Verifiable Voting Cryptoschemes

Trustwave Subscriber Agreement for Digital Certificates Ver. 15FEB17

Paper-based electronic voting

福井大学審査 学位論文 博士 ( 工学 )

Nevada Republican Party

Key Considerations for Oversight Actors

Maryland State Board of Elections Comprehensive Audit Guidelines Revised: February 2018

Volume I Appendix A. Table of Contents

Uncovering the veil on Geneva s internet voting solution

User Guide for the electronic voting system

Online Voting System Using Aadhar Card and Biometric

Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting

Yes, my name's Priit, head of the Estonian State Election Office. Right. So how secure is Estonia's online voting system?

Blind Signatures in Electronic Voting Systems

An OASIS White Paper. The Case for using Election Markup Language (EML)

Transcription:

Secure Electronic Voting Dr. Costas Lambrinoudakis Lecturer Dept. of Information and Communication Systems Engineering University of the Aegean Greece & e-vote Project, Technical Director European Commission, IST Program

What is electronic voting? An electronic voting (e-voting) system is a voting system in which the election data is recorded, stored and processed primarily as digital information. Voting Network Voting System Standards, VoteHere, Inc., April 2002 Paper voting E-voting Paper ballots... Punch cards Polling place voting Internet voting Precinct voting Kiosk voting 2

Do we need electronic voting systems? * Electronic voting has been considered to be an efficient and cost effective alternative / complement of the conventional voting procedure They could lead to increased voter turnout, thus supporting democratic process. They could give elections new potential (by providing ballots in multiple languages, accommodating lengthy ballots, etc.) thus enhancing democratic process. They could open a new market, supporting the commerce and the employment. * D. Gritzalis (Ed.),, Kluwer Academic Publishers, USA, January 2003. 3

Opportunities for electronic voting Most countries believe that Internet voting will occur within the next decade. Internet voting options satisfy voter s desire for convenience. Internet voting can satisfy the requirements of people with special needs. Several countries are willing to try Internet voting for a small scale election (local regional). The technology is available. 4

Barriers to electronic voting Lack of common voting system standards across nations. Time and difficulty of changing national election laws. Time and cost of certifying a voting system. Security and reliability of electronic voting. Equal access to Internet voting for all socioeconomic groups. The Digital Divide problem (both for election organisers and voters). Political risk associated with trying a new voting system. Need for security and election experts. 5

Generic voting principles Only eligible persons can vote. No person can vote more than once. The vote is secret. Each (correctly cast) vote gets counted. The voters trust that their vote is counted. Internet Policy Institute, Report of the National Workshop on Internet Voting, March 2001 6

Identifying e-voting Requirements but do we really know what is the expected functionality from an e-voting system? to which election process does it apply (General Elections, Internal Elections, Polls.)? Does it comply with the existing legal framework? Is it secure? Are the actors (users) of the system and their roles clearly defined? 7

Identifying e-voting Requirements Two approaches for.. what we need: An e-voting system may be specified either as a set of guidelines to be adopted for ensuring conformance to the legislation. ( State Authority point of view) or in terms of the problems associated with the provision of the adequate level of security (anonymity, authentication, tractability, etc.). ( System Engineer point of view) 8

Identifying e-voting Requirements none of these approaches is complete! Legal Requirements Abstract formulations (Laws, Principles etc) Functional Requirements Usability Properties Non-Functional Requirements Security and System Properties (flexibility - efficiency etc) 9

Identifying e-voting Requirements A third approach, proposed by the e-vote project * : Requirements elicitation based on a Generic Voting Model, taking into account the: European Union legislation. Organisational details of the conventional voting processes. Opportunities offered and the constraints imposed by stateof-the-art technologies. Aim of the developers is to express: The legal requirements. The security (non-functional) requirements. The functional requirements. as a User Requirements Specification document that sets specific Design Criteria. Consortium: Q&R (GR), Univ. of the Aegean(GR), Cryptomathic (DK), Univ. of Regensburg (D), Municipality of Amaroussion(GR), Self Governing Region of Kosice (SK) 10

Design Criteria (Non-functional: Security and other System Properties) For an electronic voting system to comply with the constitutional and legal requirements, it must exhibit specific security properties,, aiming at protecting the: Democracy: Only eligible voters are allowed to vote and each eligible voter can only cast a single vote. Accuracy: The announced tally exactly matches the actual outcome of the election, implying that no one can change anyone else s vote, all valid votes are included in the final tally and no invalid vote Privacy: Integrity: Verifiability: is included in the final tally. No one should be able to determine how any other individual voted. Votes should not be able to be modified without detection. Mechanisms for auditing the election in order to ensure that it has been properly conducted (Universal or Individual). 11

Design Criteria (Non-functional: Security and other System Properties) Robustness: Non-coercibility Fairness: No reasonably sized coalition of voters or authorities may disrupt the election. Protection against external threats and attacks, e.g. denial of service attacks. coercibility: Voters should not be able to convince any other participant on what they have voted. There is no receipt proving the content of their vote. Ensures that no one can learn the outcome of the election before the announcement of the tally. Verifiable Participation:Ensures that it is possible to find out whether a particular voter has participated in the election by casting a ballot or not. Transparency: Participants should be able to possess a general understanding of the entire process. 12

Design Criteria (Non-functional: Security and other System Properties) Flexibility: Convenience: Reliability: Voter Mobility: Efficiency: Equipment should allow for a variety of ballot question formats, in various languages and adaptable to many types of election processes. Voters should be able to cast votes with minimal equipment and skills. The system must be resistant to randomly generated malfunctions. There should be no restrictions on the location from which a voter can cast a vote. Overall system performance (the complexity of the scheme becomes a crucial system parameter). The time needed by a voter to cast a ballot poses an upper boundary to the number of voters that are allowed to participate in a specific election (scalability). 13

Design Criteria (Functional Requirements) Support all essential services for organizing and conducting an opinion expressing process: Poll Decision-making (e.g. Referenda) Internal election General election Depending on the specific process, the services may include voter registration, vote casting, voter authentication, calculation of the vote tally, verification of the election result, etc. 14

Requirements for different types of election processes The General Election requirements are practically a superset of those regarding the other election processes Polls Decision-making procedures (e.g. Referenda) Internal elections General elections 15

The e-vote System Provides all the necessary services for organising and conducting a voting process. Election Set-up; Supports election organisers to register all eligible voters, issue authentication means, ballot generation, management and specification of voting districts etc. Election in Progress; Offers an easy and user friendly environment for the interaction of the voter with the system through a conventional WWW browser. Election Concluded; Automatic generation of the vote tally Modular and highly flexible multi-tier architecture that supports a wide range of voting processes (use of election templates ) Its operation is independent of the geographical coverage of the voting process and thus the number of voting districts and voters. 16

The e-vote System The Voting Protocol (Damgaard-Jurik) has been based on a homomorphic encryption scheme known as the Generalised Paillier encryption scheme. Instead of hiding the identity of the voters, using anonymous voting methods, the protocol hides the contents of the ballot itself. The ballot is submitted in a traceable manner, attached to the voter identity, so that the verifiability property is easily satisfied. The vote tally can be calculated without decrypting any of the ballots. E(T 1 ) E(T 2 ) = E(T 1 T 2 ) 17

The e-vote System The clear text vote (M j ) is encrypted, and a zeroknowledge proof that the cipher-text vote is of the form M j for j in [0,..,L-1] is produced. The encrypted vote is the pair of the cipher text and the zero-knowledge proof. The encryption of the vote is done through a public key. The decryption of the result is done through a private key that has been secret-shared to the tally servers. The shares have to be constructed w.r.t. a threshold value t so that no information about the private key leaks as long as t servers are corrupt. t+1 servers are needed for decrypting the result. No competing protocols using homomorphic encryption; the ordinary ElGamal is too slow for large number of voters and candidates. 18

The e-vote System Decryption shares Registration client CA Tally server PKCS#10/PKCS#7 Web browser Web server Message board Voter Administrative client Tally server 19

Is a Secure Voting Protocol Enough?? A lot of research effort has been spent on designing and building voting voting protocols that can support the voting process, while fulfilling the security requirements (design criteria). However, not much attention has been paid in the administrative part of an electronic voting system that supports the actors of the system to set-up the election. Possible security security gaps in the administrative workflow of the system may result in deteriorating the overall security level of the system. 20

Workflow 21

Identified System Actors Actors Election Organizers Election Personnel Judicial Officers Party Representatives Independent Third Parties Voters Description People responsible for organizing the election process and ensuring that it is properly conducted. People actually performing the system use-cases, under the supervision of Election Organizers. People responsible for monitoring the election process and ensuring that it is carried out in a legal way. People appointed by parties to monitor the election process. People neutral from participating parties, responsible for monitoring the election process and for providing reasonable assurance with regard to the integrity of it. People eligible to participate in the voting process. 22

Actors participation in e-voting: Authorization and Validation Use cases can only be performed by authorized actors ("roles") An additional validation phase is employed before committing the outcome of a use case The validation phase is implemented through a separate use case, namely the "Validate Action" 23

Actors participation in e-voting Use Case Validate Action Use Case activation Participating Roles Election Organizer Party Representative Election Personnel Voter Judicial Officer Independent Third Party Authenticate Actor A A A A A A Validate Action N/A A A A A Modify System State A V V Manage Election Districts Provide Election System Parameters V A V A V 24

Actors participation in e-voting Use Case Validate Action Use Case activation Election Organizer Party Representative Participating Roles Election Personnel Voter Judicial Officer Independent Third Party Manage Voters V A Provide Authentication Means V A Manage Parties V A Manage Candidates V A Preview Ballots A A A Cast Vote A Tally Votes A V V V Verify Result Integrity A V V 25

(Secure) Electronic voting: (instead of) Conclusions Description of actor roles together with clear indication of what each actor is allowed to do with the system, formulate an operational framework that complements the technological security features of the system Rapidly emerging issue... Of a socio-technical nature... Contradicting views... Further experimentation is needed in the meantime, as complementary only! 26

The debate is still going on... The shining lure of this hype-tech voting schemes is only a technological fool s gold that will create new problems far more intractable than those they claim to solve. P. Newmann (SRI) (2002) An Internet voting system would be the first secure networked application ever created in the history of computers. B. Schneier (Counterpane) (2002) At least a decade of further research and development on the security of home computers is required before Internet voting from home should be contemplated. Ron Rivest (MIT) (2001) 27

Something like a moto... Electronic voting: Between pessimism (bureaucracy) and optimism (technology) we choose realism (democracy)! 28

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback