Skip to main content
SpringerLink
Log in
Book cover

Towards Trustworthy Elections pp 310–329Cite as

Improving Remote Voting Security with CodeVoting

  • Chapter

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6000))

Abstract

One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter’s computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election’s integrity. For instance, it is possible to write a virus that changes the voter’s vote to a predetermined vote on election’s day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter’s vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors.

We propose the use of CodeVoting to overcome insecurity of the client platform. CodeVoting consists in creating a secure communication channel to communicate the voter’s vote between the voter and a trusted component attached to the voter’s computer. Consequently, no one controlling the voter’s computer can change the his/her’s vote. The trusted component can then process the vote according to a cryptographic voting protocol to enable cryptographic verification at the server’s side.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CERT: Vulnerability remediation statistics (2007), http://www.cert.org/stats/vulnerability_remediation.html

  2. USCERT: Cyber security bulletins (2007), http://www.us-cert.gov/cas/bulletins/

  3. Wikipedia: Pharming (2007), http://en.wikipedia.org/wiki/Pharming

  4. Stamm, S., Ramzan, Z., Jakobsson, M.: Drive-by pharming (2006), http://www.symantec.com/avcenter/reference/Driveby_Pharming.pdf

  5. Gaudin, S.: Pharming attack slams 65 financial targets. InformationWeek (2007), http://www.informationweek.com/showArticle.jhtml?articleID=197008230

  6. Kirk, J.: Pharming attack hits 50 banks. IDG News Service, TechWorld (2007), http://www.techworld.com/security/news/index.cfm?newsid=8102

  7. Council of Europe: Family voting. Congress of Local and Regional Authorities of Europe session (2002), http://www.coe.int/T/E/Com/Files/CLRAE-Sessions/2002-06-Session/family_voting.asp

  8. Volkamer, M., Grimm, R.: Multiple casts in online voting: Analyzing chances. In: Robert Krimmer, R. (ed.) Electronic Voting 2006, Castle Hofen, Bregenz, Austria. LNI, vol. P-86, pp. 97–106. GI (2006)

    Google Scholar 

  9. California Internet Task Force: A report on the feasibility of internet voting (2000), http://www.ss.ca.gov/executive/ivote

  10. Internet Policy Institute: Report of the national workshop on internet voting: Issues and research agenda (2001), http://www.diggov.org/archive/library/dgo2000/dir/PDF/vote.pdf

  11. Jefferson, D., Rubin, A.D., Simons, B., Wagner, D.: A security analysis of the secure electronic registration and voting experiment (serve) (2004), http://www.servesecurityreport.org/paper.pdf

  12. Rivest, R.L.: Electronic voting. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, p. 243. Springer, Heidelberg (2001)

    Google Scholar 

  13. Rubin, A.D.: Security considerations for remote electronic voting. Commun. ACM 45(12), 39–44 (2002)

    Article  Google Scholar 

  14. Joaquim, R., Ribeiro, C.: Codevoting: protecting against malicious vote manipulation at the voter’s pc. In: Chaum, D., Kutyłowski, M., Rivest, R.L., Ryan, P.Y.A. (eds.) Frontiers of Electronic Voting, no. 07311 in Dagstuhl, Germany. Dagstuhl Seminar Proceedings, Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2007)

    Google Scholar 

  15. Joaquim, R., Ribeiro, C.: CodeVoting protection against automatic vote manipulation in an uncontrolled environment. In: Alkassar, A., Volkamer, M. (eds.) VOTE-ID 2007. LNCS, vol. 4896, pp. 178–188. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993)

    Google Scholar 

  17. Joaquim, R., Zúquete, A., Ferreira, P.: Revs - a robust electronic voting system (extended). IADIS International Journal of WWW/Internet 1(2), 47–63 (2003)

    Google Scholar 

  18. Ohkubo, M., Miura, F., Abe, M., Fujioka, A., Okamoto, T.: An improvement on a practical secret voting scheme. In: Zheng, Y., Mambo, M. (eds.) ISW 1999. LNCS, vol. 1729, pp. 225–234. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  19. Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 25–35. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  20. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  21. Clarkson, M., Chong, S., Myers, A.: Civitas: A secure remote voting system. In: Chaum, D., Kutylowski, M., Rivest, R.L., Ryan, P.Y.A. (eds.) Frontiers of Electronic Voting, Dagstuhl, Germany. Dagstuhl no. 07311 in Seminar Proceedings, Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2007)

    Google Scholar 

  22. Neff, C.A.: Verifiable mixing (shuffling) of elgamal pairs (2004), http://votehere.com/vhti/documentation/egshuf-2.0.3638.pdf

  23. Park, C.-s., Itoh, K., Kurosawa, K.: Efficient anonymous channel and all/Nothing election scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994)

    Google Scholar 

  24. Benaloh, J.C.: Verifiable Secret-Ballot Elections. PhD thesis, Yale University (1987)

    Google Scholar 

  25. Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)

    Google Scholar 

  26. Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  27. Hirt, M., Sako, K.: Efficient receipt-free voting based on homomorphic encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 539–556. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  28. Estonian National Electoral Commitee: Internet voting in estonia (2007), http://www.vvk.ee/engindex.html

  29. Lee, B., Kim, K.: Receipt-free electronic voting scheme with a tamper-resistant randomizer. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 389–406. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  30. Oppliger, R.: How to address the secure platform problem for remote internet voting. In: Erasim, E., Karagiannis, D. (eds.) 5th Conference on “Sicherheit in Informationssystemen” (SIS 2002), Vienna, Austria, pp. 153–173. vdf Hochschulverlag (2002)

    Google Scholar 

  31. Zúquete, A., Costa, C., Rom ao, M.: An intrusion-tolerant e-voting client system. In: 1st Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2007), Lisbon, Portugal (2007)

    Google Scholar 

  32. TGC: Trusted computing group (2007), https://www.trustedcomputinggroup.org/home

  33. Sadeghi, A.R., Selhorst, M., Stüble, C., Wachsmann, C., Winandy, M.: Tcg inside?: a note on tpm specification compliance. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, Alexandria, Virginia, USA, pp. 47–56. ACM, New York (2006)

    Chapter  Google Scholar 

  34. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Pftzmann, B., Liu, P. (eds.) CCS 2004: Proceedings of the 11th ACM conference on Computer and Communications Security, Washington DC, USA, pp. 132–145. ACM, New York (2004)

    Chapter  Google Scholar 

  35. Volkamer, M., Alkassar, A., Sadeghi, A.R., Schulz, S.: Enabling the application of the open systems like pcs for online voting. In: Frontiers in Electronic Elections Workshop (FEE 2006), Hamburg, Germany (2006)

    Google Scholar 

  36. Chaum, D.: Surevote (2001) International patent WO 01/55940 A1, http://www.surevote.com/home.html

  37. UK’s Electoral Commission: Technical report on the may 2003 pilots (2003), http://www.electoralcommission.org.uk/about-us/03pilotscheme.cfm

  38. UK’s National Technical Authority for Information Assurance: e-voting security study (2002), http://www.ictparliament.org/CDTunisi/ict_compendium/paesi/uk/uk54.pdf

  39. Helbach, J., Schwenk, J.: Secure internet voting with code sheets. In: Alkassar, A., Volkamer, M. (eds.) VOTE-ID 2007. LNCS, vol. 4896, pp. 166–177. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  40. Kutyłowski, M., Zagórski, F.: Verifiable internet voting solving secure platform problem. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 199–213. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  41. Skagestein, G., Haug, A.V., Nødtvedt, E., Rossebø, J.E.Y.: How to create trust in electronic voting over an untrusted platform. In: Krimmer, R. (ed.) Electronic Voting 2006, Castle Hofen, Bregenz, Austria. LNI, vol. P-86, pp. 107–116. GI (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ISEL - Technical University of Lisbon - INESC-ID,  

    Rui Joaquim, Carlos Ribeiro & Paulo Ferreira

Authors
  1. Rui Joaquim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carlos Ribeiro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paulo Ferreira
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Independent researcher,  

    David Chaum

  2. Palo Alto Research Center, CA, USA

    Markus Jakobsson

  3. Massachusetts Institute of Technology, Cambridge, MA, USA

    Ronald L. Rivest

  4. University of Luxembourg, Luxembourg

    Peter Y. A. Ryan

  5. Microsoft Research Center, Redmond, WA, USA

    Josh Benaloh

  6. Wroclaw University of Technology, Poland

    Miroslaw Kutylowski

  7. Harvard Center for Research on Computation and Society, Boston, MA, USA

    Ben Adida

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Joaquim, R., Ribeiro, C., Ferreira, P. (2010). Improving Remote Voting Security with CodeVoting. In: Chaum, D., et al. Towards Trustworthy Elections. Lecture Notes in Computer Science, vol 6000. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12980-3_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12980-3_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12979-7

  • Online ISBN: 978-3-642-12980-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation