CodeVoting: protecting against malicious vote manipulation at the voter\u27s PC

Voting in uncontrolled environments, such as the Internet comes with a price, the price of having to trust in uncontrolled machines the collection of voter\u27s vote. An uncontrolled machine, e.g. the voter\u27s PC, may be infected with a virus or other malicious program that may try to change the voter\u27s vote without her knowledge. Here we present CodeVoting, a technique to create a secure communication channel to a smart card that prevents vote manipulation by the voter\u27s PC, while at the same time allows the use of any cryptographic voting protocol to cast the vote

On Some Incompatible Properties of Voting Schemes

In this paper, we study the problem of simultaneously achieving several security properties, for voting schemes, without non-standard assumptions. More specifically, we focus on the universal veriability of the computation of the tally, on the unconditional privacy/anonymity of the votes, and on the receipt-freeness properties, for the most classical election processes. Under usual assumptions and efficiency requirements, we show that a voting system that wants to publish the final list of the voters who actually voted, and to compute the number of times each candidate has been chosen, we cannot achieve: - universal verifiability of the tally (UV) and unconditional privacy of the votes (UP) simultaneously, unless all the registered voters actually vote; - universal verifiability of the tally (UV) and receipt- freeness (RF), unless private channels are available between the voters and/or the voting authorities

Electronic voting systems

Ovaj rad daje prikaz elektroničkog glasovanja, koje sve veći broj država testira i implementira, s više ili manje uspjeha. Dosadašnje metode glasovanja, kao što su glasački listići, bušene kartice, optičko skeniranje i strojevi s polugom, sadrže određene nedostatke, primjerice sigurnosne rizike ili velike troškove, zbog čega se sve više pozornosti pridaje elektroničkom glasovanju kao novoj metodi glasovanja. Kako bi elektroničko glasovanje u određenoj državi bilo što učinkovitije, razna tijela poput Vijeća Europe objavila su smjernice i standarde za njegovo uvođenje, pri čemu se naglasak stavlja na pristupačnost, transparentnost te ponajviše na sigurnost sustava. Ispravno implementirani sustavi za elektroničko glasovanje mogu uvelike pridonijeti brzini i učinkovitosti izbornog procesa; međutim, na konkretnim su primjerima neispravnost uređaja i simulirani, ali i stvarni napadi pokazali da ni ova metoda ne može u potpunosti štititi tajnost glasovanja i integritet izbora. Od triju država čije je korištenje elektroničkog glasovanja opisano u ovom radu (Sjedinjene Američke Države, Estonija i Belgija) jedino ga Estonija koristi uspješno i učinkovito; razlog vjerojatno leži u činjenici da Estonija dugi niz godina koristi internet za vladine usluge te je elektroničko glasovanje bilo logičan potez. Elektroničko glasovanje u Hrvatskoj na državnoj razini trenutačno postoji jedino kao tema medijskih rasprava; telekomunikacijski stručnjaci, međutim, tvrde da potrebna infrastruktura postoji, stoga preostaje vidjeti hoće li i Hrvatska u budućnosti implementirati, ili barem testirati elektroničko glasovanje.This paper gives an overview of electronic voting, which is being tested and implemented by an increasing number of countries, with varying degrees of success. Voting methods that have been used so far, such as paper ballots, punch cards, optical scanning and mechanical lever voting machines, each have their own drawbacks, such as safety risks or high financial costs, which is the reason why more attention is being paid to electronic voting as a new voting method. In order for electronic voting to be as efficient as possible, various organizations, such as the Council of Europe, have published guidelines and standards for its implementation, with the focus set on accessibility, transparency and, mainly, the security of the system. Properly implemented electronic voting systems can significantly improve the speed and efficiency of the electoral process; however, concrete examples show how device malfunction and simulated and real cyberattacks can decrease the secrecy and integrity of elections. Out of the three countries whose electronic voting system use has been described in this paper (the United States of America, Estonia, and Belgium), Estonia seems to be the only one using it successfully and efficiently. The underlying reason may be the fact that Estonia has been using the Internet to provide governmental services for a number of years; therefore, the transition to electronic voting was the logical next step. National-level electronic voting in Croatia currently only exists as a public debate topic. Telecommunication experts, however, claim that the country possesses the required infrastructure; whether Croatia will implement, or at least try out electronic voting in the future, remains to be seen

Electronic voting systems

Ovaj rad daje prikaz elektroničkog glasovanja, koje sve veći broj država testira i implementira, s više ili manje uspjeha. Dosadašnje metode glasovanja, kao što su glasački listići, bušene kartice, optičko skeniranje i strojevi s polugom, sadrže određene nedostatke, primjerice sigurnosne rizike ili velike troškove, zbog čega se sve više pozornosti pridaje elektroničkom glasovanju kao novoj metodi glasovanja. Kako bi elektroničko glasovanje u određenoj državi bilo što učinkovitije, razna tijela poput Vijeća Europe objavila su smjernice i standarde za njegovo uvođenje, pri čemu se naglasak stavlja na pristupačnost, transparentnost te ponajviše na sigurnost sustava. Ispravno implementirani sustavi za elektroničko glasovanje mogu uvelike pridonijeti brzini i učinkovitosti izbornog procesa; međutim, na konkretnim su primjerima neispravnost uređaja i simulirani, ali i stvarni napadi pokazali da ni ova metoda ne može u potpunosti štititi tajnost glasovanja i integritet izbora. Od triju država čije je korištenje elektroničkog glasovanja opisano u ovom radu (Sjedinjene Američke Države, Estonija i Belgija) jedino ga Estonija koristi uspješno i učinkovito; razlog vjerojatno leži u činjenici da Estonija dugi niz godina koristi internet za vladine usluge te je elektroničko glasovanje bilo logičan potez. Elektroničko glasovanje u Hrvatskoj na državnoj razini trenutačno postoji jedino kao tema medijskih rasprava; telekomunikacijski stručnjaci, međutim, tvrde da potrebna infrastruktura postoji, stoga preostaje vidjeti hoće li i Hrvatska u budućnosti implementirati, ili barem testirati elektroničko glasovanje.This paper gives an overview of electronic voting, which is being tested and implemented by an increasing number of countries, with varying degrees of success. Voting methods that have been used so far, such as paper ballots, punch cards, optical scanning and mechanical lever voting machines, each have their own drawbacks, such as safety risks or high financial costs, which is the reason why more attention is being paid to electronic voting as a new voting method. In order for electronic voting to be as efficient as possible, various organizations, such as the Council of Europe, have published guidelines and standards for its implementation, with the focus set on accessibility, transparency and, mainly, the security of the system. Properly implemented electronic voting systems can significantly improve the speed and efficiency of the electoral process; however, concrete examples show how device malfunction and simulated and real cyberattacks can decrease the secrecy and integrity of elections. Out of the three countries whose electronic voting system use has been described in this paper (the United States of America, Estonia, and Belgium), Estonia seems to be the only one using it successfully and efficiently. The underlying reason may be the fact that Estonia has been using the Internet to provide governmental services for a number of years; therefore, the transition to electronic voting was the logical next step. National-level electronic voting in Croatia currently only exists as a public debate topic. Telecommunication experts, however, claim that the country possesses the required infrastructure; whether Croatia will implement, or at least try out electronic voting in the future, remains to be seen

Receipt-Freeness and Coercion Resistance in Remote E-Voting Systems

Abstract: Remote electronic voting (E-voting) is a more convenient and efficient methodology when compared with traditional voting systems. It allows voters to vote for candidates remotely, however, remote E-voting systems have not yet been widely deployed in practical elections due to several potential security issues, such as vote-privacy, robustness and verifiability. Attackers' targets can be either voting machines or voters. In this paper, we mainly focus on three important security properties related to voters: receipt-freeness, vote-selling resistance, and voter-coercion resistance. In such scenarios, voters are willing or forced to cooperate with attackers. We provide a survey of existing remote E-voting systems, to see whether or not they are able to satisfy these three properties to avoid corresponding attacks. Furthermore, we identify and summarise what mechanisms they use in order to satisfy these three security properties

Expressing Receipt-Freeness and Coercion-Resistance in Logics of Strategic Ability: Preliminary Attempt

ABSTRACT Voting is a mechanism of utmost importance to social processes. In this paper, we focus on the strategic aspect of information security in voting procedures. We argue that the notions of receipt-freeness and coercion resistance are underpinned by existence (or nonexistence) of a suitable strategy for some participants of the voting process. In order to back the argument formally, we provide logical "transcriptions" of the informal intuitions behind coercion-related properties that can be found in the existing literature. The transcriptions are formulated in the modal game logic ATL * , well known in the area of multi-agent systems

Efficient, Coercion-free and Universally Verifiable Blockchain-based Voting

Most electronic voting systems today satisfy the basic requirements of privacy, unreusability, eligibility and fairness in a natural and rather straightforward way. However, receipt-freeness, incoercibility and universal verifiability are much harder to implement and in many cases they require a large amount of computation and communication overhead. In this work, we propose a blockchain-based voting system which achieves all the properties expected from secure elections without requiring too much from the voter. Coercion resistance and receipt-freeness are ensured by means of a randomizer token -- a tamper-resistance source of randomness which acts as a black box in constructing the ballot for the user. Universal verifiability is ensured by the append-only structure of the blockchain, thus minimizing the trust placed in election authorities. Additionally, the system has linear overhead when tallying the votes, hence it is scalable and practical for large scale elections