Abstract
One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter’s computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election’s integrity. For instance, it is possible to write a virus that changes the voter’s vote to a predetermined vote on election’s day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter’s vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors.
We propose the use of CodeVoting to overcome insecurity of the client platform. CodeVoting consists in creating a secure communication channel to communicate the voter’s vote between the voter and a trusted component attached to the voter’s computer. Consequently, no one controlling the voter’s computer can change the his/her’s vote. The trusted component can then process the vote according to a cryptographic voting protocol to enable cryptographic verification at the server’s side.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CERT: Vulnerability remediation statistics (2007), http://www.cert.org/stats/vulnerability_remediation.html
USCERT: Cyber security bulletins (2007), http://www.us-cert.gov/cas/bulletins/
Wikipedia: Pharming (2007), http://en.wikipedia.org/wiki/Pharming
Stamm, S., Ramzan, Z., Jakobsson, M.: Drive-by pharming (2006), http://www.symantec.com/avcenter/reference/Driveby_Pharming.pdf
Gaudin, S.: Pharming attack slams 65 financial targets. InformationWeek (2007), http://www.informationweek.com/showArticle.jhtml?articleID=197008230
Kirk, J.: Pharming attack hits 50 banks. IDG News Service, TechWorld (2007), http://www.techworld.com/security/news/index.cfm?newsid=8102
Council of Europe: Family voting. Congress of Local and Regional Authorities of Europe session (2002), http://www.coe.int/T/E/Com/Files/CLRAE-Sessions/2002-06-Session/family_voting.asp
Volkamer, M., Grimm, R.: Multiple casts in online voting: Analyzing chances. In: Robert Krimmer, R. (ed.) Electronic Voting 2006, Castle Hofen, Bregenz, Austria. LNI, vol. P-86, pp. 97–106. GI (2006)
California Internet Task Force: A report on the feasibility of internet voting (2000), http://www.ss.ca.gov/executive/ivote
Internet Policy Institute: Report of the national workshop on internet voting: Issues and research agenda (2001), http://www.diggov.org/archive/library/dgo2000/dir/PDF/vote.pdf
Jefferson, D., Rubin, A.D., Simons, B., Wagner, D.: A security analysis of the secure electronic registration and voting experiment (serve) (2004), http://www.servesecurityreport.org/paper.pdf
Rivest, R.L.: Electronic voting. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, p. 243. Springer, Heidelberg (2001)
Rubin, A.D.: Security considerations for remote electronic voting. Commun. ACM 45(12), 39–44 (2002)
Joaquim, R., Ribeiro, C.: Codevoting: protecting against malicious vote manipulation at the voter’s pc. In: Chaum, D., Kutyłowski, M., Rivest, R.L., Ryan, P.Y.A. (eds.) Frontiers of Electronic Voting, no. 07311 in Dagstuhl, Germany. Dagstuhl Seminar Proceedings, Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2007)
Joaquim, R., Ribeiro, C.: CodeVoting protection against automatic vote manipulation in an uncontrolled environment. In: Alkassar, A., Volkamer, M. (eds.) VOTE-ID 2007. LNCS, vol. 4896, pp. 178–188. Springer, Heidelberg (2007)
Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)
Joaquim, R., Zúquete, A., Ferreira, P.: Revs - a robust electronic voting system (extended). IADIS International Journal of WWW/Internet 1(2), 47–63 (2003)
Ohkubo, M., Miura, F., Abe, M., Fujioka, A., Okamoto, T.: An improvement on a practical secret voting scheme. In: Zheng, Y., Mambo, M. (eds.) ISW 1999. LNCS, vol. 1729, pp. 225–234. Springer, Heidelberg (1999)
Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)
Clarkson, M., Chong, S., Myers, A.: Civitas: A secure remote voting system. In: Chaum, D., Kutylowski, M., Rivest, R.L., Ryan, P.Y.A. (eds.) Frontiers of Electronic Voting, Dagstuhl, Germany. Dagstuhl no. 07311 in Seminar Proceedings, Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2007)
Neff, C.A.: Verifiable mixing (shuffling) of elgamal pairs (2004), http://votehere.com/vhti/documentation/egshuf-2.0.3638.pdf
Park, C.-s., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/Nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994)
Benaloh, J.C.: Verifiable Secret-Ballot Elections. PhD thesis, Yale University (1987)
Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)
Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)
Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000)
Estonian National Electoral Commitee: Internet voting in estonia (2007), http://www.vvk.ee/engindex.html
Lee, B., Kim, K.: Receipt-free electronic voting scheme with a tamper-resistant randomizer. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 389–406. Springer, Heidelberg (2003)
Oppliger, R.: How to address the secure platform problem for remote internet voting. In: Erasim, E., Karagiannis, D. (eds.) 5th Conference on “Sicherheit in Informationssystemen” (SIS 2002), Vienna, Austria, pp. 153–173. vdf Hochschulverlag (2002)
Zúquete, A., Costa, C., Rom ao, M.: An intrusion-tolerant e-voting client system. In: 1st Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2007), Lisbon, Portugal (2007)
TGC: Trusted computing group (2007), https://www.trustedcomputinggroup.org/home
Sadeghi, A.R., Selhorst, M., Stüble, C., Wachsmann, C., Winandy, M.: Tcg inside?: a note on tpm specification compliance. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, Alexandria, Virginia, USA, pp. 47–56. ACM, New York (2006)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Pftzmann, B., Liu, P. (eds.) CCS 2004: Proceedings of the 11th ACM conference on Computer and Communications Security, Washington DC, USA, pp. 132–145. ACM, New York (2004)
Volkamer, M., Alkassar, A., Sadeghi, A.R., Schulz, S.: Enabling the application of the open systems like pcs for online voting. In: Frontiers in Electronic Elections Workshop (FEE 2006), Hamburg, Germany (2006)
Chaum, D.: Surevote (2001) International patent WO 01/55940 A1, http://www.surevote.com/home.html
UK’s Electoral Commission: Technical report on the may 2003 pilots (2003), http://www.electoralcommission.org.uk/about-us/03pilotscheme.cfm
UK’s National Technical Authority for Information Assurance: e-voting security study (2002), http://www.ictparliament.org/CDTunisi/ict_compendium/paesi/uk/uk54.pdf
Helbach, J., Schwenk, J.: Secure internet voting with code sheets. In: Alkassar, A., Volkamer, M. (eds.) VOTE-ID 2007. LNCS, vol. 4896, pp. 166–177. Springer, Heidelberg (2007)
Kutyłowski, M., Zagórski, F.: Verifiable internet voting solving secure platform problem. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 199–213. Springer, Heidelberg (2007)
Skagestein, G., Haug, A.V., Nødtvedt, E., Rossebø, J.E.Y.: How to create trust in electronic voting over an untrusted platform. In: Krimmer, R. (ed.) Electronic Voting 2006, Castle Hofen, Bregenz, Austria. LNI, vol. P-86, pp. 107–116. GI (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Joaquim, R., Ribeiro, C., Ferreira, P. (2010). Improving Remote Voting Security with CodeVoting. In: Chaum, D., et al. Towards Trustworthy Elections. Lecture Notes in Computer Science, vol 6000. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12980-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-12980-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12979-7
Online ISBN: 978-3-642-12980-3
eBook Packages: Computer ScienceComputer Science (R0)