Secure Voter Registration and Eligibility Checking for Nigerian Elections Nicholas Akinyokun Second International Joint Conference on Electronic Voting (E-Vote-ID 2017) Bregenz, Austria October 24, 2017
Introduction Over the last decade, a number of countries have adopted different techniques to accurately identify eligible voters and increase democratic participation among their citizens during legally binding elections. On the one hand, biometric identification cards have been the most commonly used technique for identifying eligible voters during elections. Typical examples include the Belgian and Estonian national ID cards, as well as the Nigerian biometric voter cards, amongst others. On the other hand, voters have also been identified through mobile phones embedded with special SIM cards. A very common example is the Mobile-ID system used in Estonia for Internet voting. Image credits: http://www.smartcities.info/electronic-identity-card-integrated-municipal-websites https://gds.blog.gov.uk/2013/10/31/government-as-a-data-model-what-i-learned-in-estonia/ http://www.inecnigeria.org/wp-content/uploads/2015/02/election-manual-2015-.pdf
Research Motivation Accurate identification of eligible voters is a fundamental requirement in election administration. The majority of electronic voting schemes that have been proposed in the cryptographic literature have been designed specifically to prevent electoral fraud during the ballot casting phase of elections in developed countries. While these schemes and their various extensions claim to provide receiptfreeness and end-to-end verifiability, none of them effectively counter coercion. In addition, these voting schemes typically assume that the computer/ smartphones used by voters to cast their vote is trustworthy. Evidently, this assumption is rather naïve, because a voter s device might be infected by a malware that could manipulate votes, subvert a voting session or even execute denial-of-service and replay attacks intended to disenfranchise a certain group of voters.
Problems with Voter Identification in Nigeria Unavailability of a secure and reliable national ID infrastructure. Relative ease with which biometric voter cards can be forged or stolen. Coercion of voters to sell or voluntarily relinquish their voter cards. Security vulnerabilities in biometric voter card readers. Inaccurate and incomplete voter register. Ineffective and uncoordinated distribution of voter cards to remote areas. Poor quality of biometric data captured and stored in biometric voter cards. Undocumented collection of biometric voter cards by proxies. Dishonest polling officials colluding to allow ineligible voters to vote.
Research Objectives The primary aim of this research is to investigate how we could improve the integrity of the voter identification process in Nigeria. To accomplish this, we will explore the techniques that can be used to design a provably secure and verifiable cryptographic protocol that will uniquely identify voters in the presence of malicious adversaries and colluding polling officials. In addition, we will investigate how we can reduce the incidences of voter coercion during the voter registration and eligibility checking phases on election day. Once we have a fully functional protocol, we will formally verify the protocol in order to assess its overall security and performance. We are also considering the implementation of a voter identification system that can be used to evaluate the usability of the protocol.
Related Work
Progress made so far We have been able formulate the security properties and trust assumptions of the cryptographic protocol. In addition, we have outlined the protocol s adversarial model. In doing so, we have now reasonably specified the following: How an adversary will try to subvert the protocol's functionality. The potential attacks that can be launched against the protocol. A list of the goals, capabilities and possible limitations of each adversary. The security, trust and privacy implications of each adversary s influence on the protocol s functionality. At the moment, we are currently working on the high-level security proofs that will form the basis of the key security properties of the protocol s specification, notably receipt-freeness and participation privacy.
Security Requirements of the Protocol Eligibility: Only registered voters may vote. A voter can attempt to verify their identity at most once. After this attempt, the polling place officials have to be contacted to resolve any discrepancies. Individual verifiability: Each voter should be able to check that their voter ID has been accurately recorded on the bulletin board. Universal verifiability: The final list of eligible voters should be verifiable by any third party. Accuracy (Integrity): The announced list of eligible voters should reflect the true count of all legitimate voters. Participation privacy: The protocol should not disclose any information that will give a passive adversary the opportunity to know that an individual voter has participated in the election.
Security Requirements of the Protocol (contd.) Receipt-freeness: A voter should not be able to prove that they have verified their identity and subsequently voted. Coercion resistance: All voters should be able to verify their true identity and cast their ballot, even while appearing to cooperate with the coercer. Robustness: The protocol should be able to deliver the correct results even in the event of certain, suitably defined levels of failure or compromise. Availability: All eligible voters should be able to access all features of a fullyfunctioning voter registration system during the election. Vote secrecy: An adversary should not be able to know whether a particular voter has registered to vote at the polling place, based on the publicly available information on the bulletin board. From the viewpoint of the users of electronic voting systems, a major concern is whether the privacy claims of these systems can be trusted.
Components of the Protocol
Message Sequence Chart of the Protocol
How to Verify the Protocol s Security Formal analysis will be used to evaluate the possibility of adversarial attacks on the protocol s specification while formal verification will be used to verify the correctness of the protocol s specification and our security proofs. Moreover, since our protocol involves the use of the Fiat-Shamir heuristic, the security of all aspects of the protocol will be proven in a computationally-sound sense.
Contribution to Knowledge Upon successful completion, our main deliverable will be a provably secure and verifiable cryptographic protocol for voter registration and eligibility checking in Nigerian elections. With this protocol, we aim to: Reduce voter coercion, impersonation and disenfranchisement. Significantly reduce electoral fraud due to multiple voting. Disincentivise the collusion of political party representatives and election officials' to collectively subvert the electoral process. As the problems pertaining to the voter identification process in Nigeria resonates across a number of countries like Argentina, Brazil, Columbia and India, amongst others, it is envisaged that this research will provide a viable solution that can be studied to understand how to minimize voter coercion and electoral fraud during the voter registration and eligibility checking phases of elections in developing countries.
Questions?
References 1. A. Juels, D. Catalano, and M. Jakobsson. Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, Alexandria VA, USA, 7-10 November 2005, pp. 61 70. 2. M.R. Clarkson, S. Chong, and A.C. Myers. Civitas: toward a secure voting system. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy, Oakland CA, USA, 18-21 May 2008, pp. 354 368. 3. S. Bursuc, G.S. Grewal, and M.D. Ryan. Trivitas: voters directly verifying votes. In: Proceedings of the 2011 International Conference on E-Voting and Identity (VOTE-ID2011),Talinn, Estonia, 28-30 September 2011, pp. 190 207. 4. B. Adida. Helios: web-based open-audit voting. In: Proceedings of the 17th USENIX Security Symposium, San Jose CA, USA, 28 July-1 August 2008, pp. 335 348. 5. G.S. Grewal et al. Du-Vote: remote electronic voting with untrusted computers. In: Proceedings of the 28th Computer Security Foundations Symposium, Verona, Italy, 13-17 July 2015, pp. 155 169.