Public Evidence from Secret Ballots

Elections seem simple---aren't they just counting? But they have a unique, challenging combination of security and privacy requirements. The stakes are high; the context is adversarial; the electorate needs to be convinced that the results are correct; and the secrecy of the ballot must be ensured. And they have practical constraints: time is of the essence, and voting systems need to be affordable and maintainable, and usable by voters, election officials, and pollworkers. It is thus not surprising that voting is a rich research area spanning theory, applied cryptography, practical systems analysis, usable security, and statistics. Election integrity involves two key concepts: convincing evidence that outcomes are correct and privacy, which amounts to convincing assurance that there is no evidence about how any given person voted. These are obviously in tension. We examine how current systems walk this tightrope.Comment: To appear in E-Vote-Id '1

Third-party verifiable voting systems: addressing motivation and incentives in e-voting

Voter-verifiable voting systems place significant demands of both effort and knowledge onto ordinary voters who have only limited incentives to participate. We suggest the use of third-party verifiable voting systems, harnessing the very strong incentives for candidates and observers to verify that votes are correctly counted. A generic modification enabling this via the use of pre-filled ballots and secure depositing is outlined and we demonstrate this modification by applying it to two major voter-verifiable voting systems. Additionally, potential vulnerabilities of this approach are discussed

Analysis Of Electronic Voting Schemes In The Real World

Voting is at the heart of a country’s democracy. Assurance in the integrity of the electoral process is pivotal for voters to have any trust in the system. Often, electronic voting schemes proposed in the literature, or even implemented in real world elections do not always consider all issues that may exist in the environment in which they might be deployed. In this paper, we identify some real - world issues and threats to electronic voting schemes. We then use the threats we have identified to present an analysis of schemes recently used in Australia and Estonia and present recommendations to mitigate threats to such schemes when deployed in an untrustworthy environment

Electronic voting: Methods and protocols

The act of casting a ballot during an election cycle has been plagued by a number of problems, both intrinsic and extraneous. The old-fashioned paper ballot solves a number of problems, but creates its own. The clear 21st Century solution is the use of an automated electronic system for collection and tallying of votes, but the attitude of the general populace towards these systems has been overwhelmingly negative, supported in some cases by fraud and abuse. The purpose of this thesis is to do a broad survey of systems available on the market now (both in industry and academia) and then compare and contrast these systems to an “ideal” system, which we attempt to define. To do this we survey academic and commercial literature from many sources and selected the most popular, current, or interesting of the designs—then compare the relative strengths and weaknesses of these designs. What we discovered is that devices presented by industry are not only closed-box (which makes them inherently untrustworthy), but also largely inept in security and/or redundancy. Conversely, systems presented by academia are relatively strong in security and redundancy, but lack in ease-of-use or miss helpful features found on industry devices. To combat these perceived weaknesses, we present a prototype of one system which has not previously been implemented, described in Wang [1]. This system brings together many ideas from academia to solve a significant number of the issues plaguing electronic voting machines. We present this solution in its entirety as open-source software for review by the cryptographic and computer science community. In addition to an electronic voting implementation this solution includes a graphical user interface, a re-encryption mix network, and several decryption methods including threshold decryption. All of these items are described in-depth by this thesis. However, as we discuss in the conclusion, this solution falls short in some areas as well. We earmark these problem areas for future research and discuss alternate paths forward

Model Checkers Are Cool: How to Model Check Voting Protocols in Uppaal

The design and implementation of an e-voting system is a challenging task. Formal analysis can be of great help here. In particular, it can lead to a better understanding of how the voting system works, and what requirements on the system are relevant. In this paper, we propose that the state-of-art model checker Uppaal provides a good environment for modelling and preliminary verification of voting protocols. To illustrate this, we present an Uppaal model of Pr\^et \`a Voter, together with some natural extensions. We also show how to verify a variant of receipt-freeness, despite the severe limitations of the property specification language in the model checker

What did I really vote for? On the usability of verifiable e-voting schemes

E-voting has been embraced by a number of countries, delivering benefits in terms of efficiency and accessibility. End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes during the election process. In particular, methods for cast-as-intended verification enable voters to confirm that their cast votes have not been manipulated by the voting client. A well-known technique for effecting cast-as-intended verification is the Benaloh Challenge. The usability of this challenge is crucial because voters have to be actively engaged in the verification process. In this paper, we report on a usability evaluation of three different approaches of the Benaloh Challenge in the remote e-voting context. We performed a comparative user study with 95 participants. We conclude with a recommendation for which approaches should be provided to afford verification in real-world elections and suggest usability improvements

Online Voting System based on Image Steganography and Visual Cryptography

This paper discusses the implementation of an onlinevoting system based on image steganography and visualcryptography. The system was implemented inJava EE on a web-based interface, with MySQL databaseserver and Glassfish application server as thebackend. After considering the requirements of an onlinevoting system, current technologies on electronicvoting schemes in published literature were examined.Next, the cryptographic and steganography techniquesbest suited for the requirements of the voting systemwere chosen, and the software was implemented. Wehave incorporated in our system techniques like thepassword hashed based scheme, visual cryptography,F5 image steganography and threshold decryptioncryptosystem. The analysis, design and implementationphase of the software development of the votingsystem is discussed in detail. We have also used aquestionnaire survey and did the user acceptance testingof the system

Implementation and Evaluation of Steganography based Online Voting

Though there are online voting systems available, the authors propose a new and secure steganography based E2E (end-to-end) verifiable online voting system, to tackle the problems in voting process. This research implements a novel approach to online voting by combining visual cryptography with image steganography to enhance system security without degrading system usability and performance. The voting system will also include password hashed-based scheme and threshold decryption scheme. The software is developed on web-based Java EE with the integration of MySQL database server and Glassfish as its application server. The authors assume that the election server used and the election authorities are trustworthy. A questionnaire survey of 30 representative participants was done to collect data to measure the user acceptance of the software developed through usability testing and user acceptance testing