Improving Remote Voting Security with Code Voting

One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter's computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election's integrity. For instance, it is possible to write a virus that changes the voter's vote to a predetermined vote on election's day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter's vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors. We propose the use of Code Voting to overcome insecurity of the client platform. Code Voting consists in creating a secure communication channel to communicate the voter's vote between the voter and a trusted component attached to the voter's computer. Consequently, no one controlling the voter's computer can change the his/her's vote. The trusted component can then process the vote according to a cryptographic voting protocol to enable cryptographic verification at the server's side.

EVIV: An end-to-end verifiable Internet voting system

Traditionally, a country's electoral system requires the voter to vote at a specific day and place, which conflicts with the mobility usually seen in modern live styles. Thus, the widespread of Internet (mobile) broadband access can be seen as an opportunity to deal with this mobility problem, i.e. the adoption of an Internet voting system can make the live of voter's much more convenient; however, a widespread Internet voting systems adoption relies on the ability to develop trustworthy systems, i.e. systems that are verifiable and preserve the voter's privacy. Building such a system is still an open research problem. Our contribution is a new Internet voting system: EVIV, a highly sound End-to-end Verifiable Internet Voting system, which offers full voter's mobility and preserves the voter's privacy from the vote casting PC even if the voter votes from a public PC, such as a PC at a cybercafe or at a public library. Additionally, EVIV has private vote verification mechanisms, in which the voter just has to perform a simple match of two small strings (4-5 alphanumeric characters), that detect and protect against vote manipulations both at the insecure vote client platform and at the election server side. (c) 2012 Elsevier Ltd. All rights reserved.