The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election

In the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community

Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

Usable Verifiable Secrecy-Preserving E-Voting

In this paper we propose the usage of QR-Codes to enable usable veriable e-voting schemes based on code voting. The idea { from a voter\u27s perspective { is to combine code voting proposed by Chaum with the cast-as-intended verication mechanism used e.g. in Switzerland (using a personal initialization code, return codes per option, a conrmation code and a nalisation code); while all codes to be entered into the e-voting system by voters are available as QR-Code (i.e. one personalised QR voting code per voting option and one personal conrmation QR-Code). We conduct a user study to evaluate the usability and user experience of such an approach: both the code sheets and the election webpage are based on usability research in this area but adopted for our idea. As our proposal performs good wrt. usability, we discuss how such usable front-ends enable more secure e-voting systems in respect to end-to-end veriability and vote secrecy

Potential and challenges of e-voting in the European Union

European Union Democracy Observatory (EUDO)This study was commissioned and supervised by the European Parliament’s Department for Citizens’ Rights and Constitutional Affairs at the request of the AFCO Committee. It addresses the potentials and challenges of the implementation of Internet voting in European Parliament elections. It considers the social, political, legal, and technological implications of its introduction as an alternative to on-paper ballot and builds on the recent experience of previous trials and successful e-enabled elections to issue technical recommendations regarding Internet voting in the European Union

A formal analysis of the Neuchâtel e-voting protocol

International audienceRemote electronic voting is used in several countries for legally binding elections. Unlike academic voting protocols, these systems are not always documented and their security is rarely analysed rigorously. In this paper, we study a voting system that has been used for electing political representatives and in citizen-driven referenda in the Swiss canton of Neuchâtel. We design a detailed model of the protocol in ProVerif for both privacy and verifiability properties. Our analysis mostly confirms the security of the underlying protocol: we show that the Neuchâtel protocol guarantees ballot privacy, even against a corrupted server; it also ensures cast-as-intended and recorded-as-cast verifiability, even if the voter's device is compromised. To our knowledge, this is the first time a full-fledged automatic symbolic analysis of an e-voting system used for politically-binding elections has been realized

A formal analysis of the Neuchâtel e-voting protocol

Remote electronic voting is used in several countries for legally binding elections. Unlike academic voting protocols, these systems are not always documented and their security is rarely analysed rigorously. In this paper, we study a voting system that has been used for electing political representatives and in citizen-driven referenda in the Swiss canton of Neuchâtel. We design a detailed model of the protocol in ProVerif for both privacy and veri-fiability properties. Our analysis mostly confirms the security of the underlying protocol: we show that the Neuchâtel protocol guarantees ballot privacy, even against a corrupted server; it also ensures cast-as-intended and recorded-as-cast verifiability, even if the voter's device is compromised. To our knowledge, this is the first time a full-fledged automatic symbolic analysis of an e-voting system used for politically-binding elections has been realized

Blockchain based voting system for Jordan parliament elections

Covid-19 pandemic has stressed more than any-time before the necessity for conducting election processes in an electronic manner, where voters can cast their votes remotely with complete security, privacy, and trust. The different voting schema in different countries makes it very difficult to utilize a one fits all system. This paper presents a blockchain based voting system (BBVS) applied to the Parliamentary elections system in the country of Jordan. The proposed system is a private and centralized blockchain implemented in a simulated environment. The proposed BBVS system implements a hierarchical voting process, where a voter casts votes at two levels, one for a group, and the second for distinct members within the group. This paper provides a novel blockchain based e-Voting system, which proves to be transparent and yet secure. This paper utilizes synthetic voter benchmarks to measure the performance, accuracy and integrity of the election process. This research introduced and implemented new algorithms and methods to maintain acceptable performance both at the time of creating the blockchain(s) for voters and candidates as well as at the time of casting votes by voters

Pretty Understandable Democracy 2.0

The technological advance is entering almost all aspects of our everyday life. One interesting aspect is the possibility to conduct elections over the Internet. However, many proposed Internet voting schemes and systems build on unrealistic assumptions about the trustworthiness of the voting environment and other voter-side assumptions. Code voting -- first introduced by Chaum [Cha01] -- is one approach that minimizes the voter-side assumptions. The voting scheme Pretty UnderstandableDemocracy [BNOV13] builds on the idea of code voting while it ensures on the server-side an arguably practical security model based on a strict separation of duty, i.e. all security requirements are ensured if any two components do not collaborate in order to violate the corresponding requirement. As code voting and strict separation of duty realizations come along with some challenges (e.g. pre-auditing phase, usability issues, clearAPIs), the goal of our research was to implement Pretty UnderstandableDemocracy and run a trial election. This paper reports about necessary refinements of the original scheme, the implementation process, and atrial election among the different development teams (each team being responsible for one component)