19 CHAPTER 2 LITERATURE REVIEW This chapter presents a review of related works in the area of E- voting system. It also highlights some gaps which are required to be filled up in this respect. Chaum et al (1981) discussed about voting entails a democratic apparatus used to enthrone democratic leaders and in some quarters it is regarded as one of the most effective methods for individuals to express their opinions on a given topic. Nurmi et al (1991) developed two agency protocols. In this two agency protocols, the electronic validator distributes a secret identification tag to each voter just prior to the election. The validator then sends the tallier a list of all identification tags, with no record of the corresponding voters. Each voter sends the tallier his / her identification tag and an encrypted file contacting a copy of the tag and the voted ballot. At this point the tallier can make sure the identification tag is valid, but the program has no way of examining the contents of the ballot. The tallier publishes the encrypted file, and the voter responds by sending the tallier the key necessary to decrypt it. When the election is over, the tallier publishes a list of all voted ballots and the corresponding encrypted files. This protocol also has several problems. Most importantly it doesn t protect the voter s privacy if the tallier and validator collude.
20 Fujioka et al (1992) developed a practical voting scheme using blind signatures. Blind signatures allow a document to be signed without revealing its contents. The effect is similar to placing a document and a sheet of carbon paper inside of the envelope. If somebody signs the outside of the envelope, they also sign the document on the inside of the envelope. The signature remains attached to the document, even when it is removed from the envelope. The voter prepares a voted ballot, encrypts it with a secret key, and blinds it. The voter then signs the ballot and sends it to the validator. The validator verifies that the signature belongs to registered voter who has not yet voted. If the ballot is valid, the validator signs the ballot and returns it to the voter. The voter removes the blinding encryption layer, revealing an encrypted ballot signed by the validator. The voter then sends the resultant encrypted ballot to the tallier. The tallier checks the signature on the encrypted ballot. If the ballot is valid, the tallier places it on a list that is published after all voters vote. After the list has been published, voters verify that their ballots are on the list and send the tallier the decryption keys necessary to open their ballots. The tallier uses these keys to decrypt the ballots and add the votes to the election tally. Neumann et al (1993) gives a list of suggestions for "generic voting criteria" which suggests that a voting system should be so hard to tamper with and so resistant to failure that no commercial system is likely to ever meet the requirements, and developing a suitable custom system would be extremely difficult and prohibitively expensive. Philip Klein et al (1995) presents a remote voting scheme that applies the technique of blinded signature to a voter's ballot so that it is impossible for anyone to trace the ballot back to the voter. They achieve the desired properties of privacy, universal verifiability, convenience and untraceability, but at the expense of receipt-freeness.
21 Sako et al (1995) introduces the concept of universal verifiability to emphasize the importance of auditing of overall election by categorizing the verifiability as individual variability and universal verifiability. In their approach, a sender can verify whether or not his message has reached its destination, but cannot determine if this is true for the other voters and also in the course of the protocol the participants broadcast information that allows any voter or interested third party to at a later time verify that the election was performed properly or not. A very first attempt was designed by Cranor et al (1996) without employing any cryptographic techniques. In this, voters would submit their vote along with a unique identification number to a validator who would then take their name off on a list of registered voters. Then the validator would then strip off the Unique Identification number and submit just the votes to the tallier who would count the votes. Although this system has the advantages of being flexible, convenient and mobile, this system is far from secure. If the validator is compromised votes can be easily traced back to the voter or votes could be changed. Both privacy and accuracy lack with this protocol. There is no way to ensure the voter s privacy and the tallier accurately records the votes. Cranor et al (1997) proposed and implemented a protocol based on Fujioka s scheme called Sensus. One of the drawbacks of the Blind Signature protocol is the voter has to wait till the voting has ended before the voter can verify the casted vote was the correct one, which is not in line with the property of flexibility. Sensus system is closely based on the Blind Signature protocol. The major difference between the schemes emerges after the voter has submitted the encrypted ballot to the tallier. Instead of waiting till the voting ends the tallier sends a receipt to the voter when his/her ballot has been received. This receipt is no more than a confirmation the vote has been
22 transferred to the tallier correctly. The voter may submit the decryption key immediately after receiving this receipt, completing the entire voting process in one session. The implemented Sensus system employs a pollster agent that performs all cryptographic functions and transactions with the election programs on the voter s behalf. Tests conducted with a prototype implementation of Sensus indicate that the entire voting process can be completed within a few minutes. Yahuda Lindell et al (2000) discussed the comparison of Symmetric key and public key cryptosystem. It also discussed about how to achieve authentication using Symmetric key Cryptosystem and Asymmetric key Cryptosystem. Symmetric key encryption algorithms are suitable for providing high security in smart card applications when compared to Public key algorithm. But, Asymmetric encryption provides more functionality than symmetric encryption, at the expense of speed and hardware cost. Aviel et al (2002) discusses the security considerations for remote electronic voting in public elections. In particular, he examines the feasibility of running national federal elections over the Internet. The focus of his paper is on the limitations of the current deployed infrastructure in terms of the security of the hosts and the Internet itself. He finally concluded that at present, the infrastructure is inadequate for remote Internet voting. Gritzalis et al (2002) expresses that voting is a process at the heart of a democratic society. He therefore stressed that in recent democratic elections using voting machines have shown that the winning margins could be less than the error margins of the voting systems themselves, making election an error prone task. Hence the use of electronic voting has the potential to reduce or remove unwanted human errors. In addition to its reliability, e-voting can handle multiple modalities such as voice assistance for handicap, and provide better scalability for large elections. He stated that
23 e-voting is also an excellent mechanism that does not require geographically proximity of the voters. Mercuri et al (2002) invented the Mercuri method for electronic voting. A critical component of this method is very similar to the Caltech/MIT proposal: a voting machine must produce human readable hardcopy paper results, which can be verified by the voter before the vote is cast, and manually recounted later if necessary. Her philosophy and Neumann s are very similar. Peter et al (2003) discusses a secure PKI based system for e-voting that was developed. They tested the application, several organizational aspects, and usability in fourteen field trials. In their paper they describe the method and findings. What they learn about turnout, about the logistics of organizing e-voting, and about usability and reliability of the system in practice. Alexander et al (2004) in his paper discusses what threats e-voting faces. The purpose of his paper is to give a systematically ordered overview of attacks against e-voting and to show one solution to the issues. The challenge is to provide identification and anonymity at the same time and to exclude the possibility of fraudulent manipulations by the server administration, the voter, and any third party. Kohno et al (2004) discusses on the criticism in the Direct Recording Electronic (DRE) voting systems in which they pointed out that due to various deficiencies and security vulnerabilities it has being widely criticized. Therefore they believe is that the software undergoes insufficient scrutiny during qualification and certification; that DREs are especially vulnerable to various form of insider programmer attacks; and that DREs have no voter-verified audit trails paper or otherwise that could largely
24 circumvent these problems. All of these criticisms of DREs apply directly to SERVE as well. Liaw et al (2004) discussed the properties of electronic voting system and how their proposed electronic voting scheme try to satisfy these properties is also mentioned. The main principle of e-voting is that it must be as similar to regular voting as possible, complaint with election legislation and principles and be at least as secure as regular voting. Therefore e-voting must be uniform and secret, only eligible persons must be allowed to vote, a voter must not be able to prove in favor of whom he/she voted. In addition to this the collecting of votes must be secure, reliable and accountable. Sonja Hof et al (2004) reported about biometric approaches to e-voting. There are different biometrics approaches i.e., fingerprint, iris, face, voice, signature, DNA analysis and multi biometric systems are discussed. He discussed about how biometrics concepts can be used in e-voting. It does not interact in any way with the biometric characteristics of the actual users, authenticates the user with the help of user s authentication certificate as present on the card. Kalaichelvi et al (2005) developed a new technique for encryption & decryption. It used the substitution and inverse substitution table for encryption & decryption. These tables constructed based on ASCII value and the key value. And it also discussed the three types folding technique. Karlof et al (2005) took a different approach from the other researchers as they do not distinguishing universal or individual verifiability. So their definition states that verifiability means each voter should be able to verify his ballot accurately represents the vote he cast. Verifiability countedas-cast means everyone should be able to verify that the final is an accurate count of the ballots. Therefore it can be seen from the definitions arrived at by
25 the different researchers that individual verifiability and universal verifiability basically are centered on the fact that every voter can check if his vote has been properly counted and anyone can check that the calculated result is correct and election is performed correctly. Sampigethaya et al (2006) looks at the numerous e-voting protocols proposed which are meant to fulfill different requirement sets using cryptographic tools and primitives, these underlying primitives are mainly blind signatures and homomorphic encryption. Chetinkaya et al (2007) reported the verification and validation in e-voting and gave the proper definitions for verifiability and validity. It describes about verification and validation activities and explains the relationship between and core requirements to any e-voting system. It also stated that some problems for designing and developing secure e-voting systems. Sarah et al (2008) reported about the comparison of efficiency of the DRE with the with traditional machines. (paper ballots, punch cards, and lever machines). Results indicate that there were little differences between the DRE and these older methods in efficiency or effectiveness. However, in terms of user satisfaction, the DRE was significantly better than the older methods. Paper ballots also perform well, but participants were much more satisfied with their experiences voting on the DRE. It indicates that there were little differences between DRE and traditional methods in efficiency. From the above literature review, it could be understood that the published information on Secured Electronic Voting Systems is very scanty. However, the topic is gaining more importance very recently among the researchers and this indicates the high priority of researchers towards this topic.