Remote E-Voting Using the Smart Card Web Server

Remote E-Voting Using the Smart Card Web Server

Sheila Cobourne (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK), Lazaros Kyrillidis (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK), Keith Mayes (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK) and Konstantinos Markantonakis (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK)
Copyright: © 2014 |Pages: 22
DOI: 10.4018/ijsse.2014010103

Abstract

Voting in elections is the basis of democracy, but voting at polling stations may not be possible for all citizens. Remote (Internet) e-voting uses the voter's own equipment to cast votes, but is potentially vulnerable to many common attacks, which affect the election's integrity. Security can be improved by distributing vote processing over many web servers installed in tamper-resistant, secure environments, using the Smart Card Web Server (SCWS) on a mobile phone Subscriber Identity Module (SIM). A generic voting model is proposed, using a SIM/SCWS voting application with standardised Mobile Network Operator (MNO) management procedures to process the votes cast. E-voting systems Prêt à Voter and Estonian I-voting are used to illustrate the generic model. As the SCWS voting application is used in a distributed processing architecture, e-voting security is enhanced: to compromise an election, an attacker must target many individual mobile devices, rather than a centralised web server.
Article Preview

Introduction

Voting in elections is generally regarded as a fundamental democratic right, but it can be a challenge to engage citizens and encourage them to vote. Participation in the democratic process could be improved by using remote e-voting systems, where a voter uses their own computer or mobile device to cast votes over the Internet. Examples of practical implementations of remote e-voting include elections in Estonia (Estonian National Electoral Committee, n.d.) and Switzerland (Geneva State Chancellery, n.d.).

The fundamental requirements for any voting system are that votes should be recorded as cast, counted as recorded and not linked to a specific voter. Only eligible voters should be allowed to vote, and they can only cast one vote each (Ryan, Bismark, Heather, Schneider, & Xia, 2009). Some e-voting systems are designed to address these requirements in the controlled environment of an election poll-site. Examples include fully electronic systems such as Votebox (Sandler, Derr, & Wallach, 2008), Direct Recording Electronic (DRE) machines (Appel et al., 2009; Kohno, Stubblefield, Rubin, & Wallach, 2004); and paper-based ballots such as Prêt à Voter (Xia et al., 2007) and the Scratch Card voting system (Randell & Ryan, 2006)

Remote e-voting systems, however, have to operate in unsupervised environments, leading to opportunities for denial of service and technical attacks on the voting infrastructure. For example, the voter’s equipment could be infected with malware that tampers with the vote, or a Voting Authority (VA)’s centralised web-servers could be attacked, as seen in the 2010 Washington D.C. election (Wolchok, Wustrow, Isabel, & Halderman, 2012) and the 2012 Canadian New Democratic Party Elections (Payton, 2012). These attacks can seriously undermine the credibility of an election. In the Washington D.C. case, the e-voting system was broken into within 48 hours of it becoming available, and by taking control of the election server, the attackers “changed every vote and revealed almost every secret ballot” (Wolchok et al.,2012). Coercion and vote-buying are also problems for remote e-voting. Anti-coercion measures are included in some e-voting systems e.g. Civitas (Clarkson, Chong, & Myers, 2008), but some schemes are specifically designed for use in low-coercion elections, such as Helios (Adida, 2008). Some e-voting schemes have been implemented on mobile devices: for example, SEAS (Baiardi et al., 2005) was implemented on a mobile phone and formally analysed by Campanelli et al. (2008).

Although many e-voting processes can be cryptographically protected to ensure the integrity and confidentiality of the votes cast, Rivest (2001) identified a critical problem with remote implementations, i.e. “interfacing the voter to the cryptography”. Security weaknesses in hardware, operating systems and software mean that equipment cannot be trusted. This is known as “the secure platform problem”. Several methods to address this have been proposed (Oppliger, 2002). One approach is code voting, when voting authorisation codes are sent to voters before the election, via a second channel such as the postal service: see (Helbach & Schwenk, 2007; Randell & Ryan, 2006; Ryan & Teague, 2009) for examples.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2018): Forthcoming, Available for Pre-Order
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing