Election-Dependent Security Evaluation of Internet Voting Schemes

  • Stephan NeumannEmail author
  • Manuel Noll
  • Melanie Volkamer
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 502)


The variety of Internet voting schemes proposed in the literature build their security upon a number of trust assumptions. The criticality of these assumptions depends on the target election setting, particularly the adversary expected within that setting. Given the potential complexity of the assumptions, identifying the most appropriate Internet voting schemes for a specific election setting poses a significant burden to election officials. We address this shortcoming by the construction of an election-dependent security evaluation framework for Internet voting schemes. On the basis of two specification languages, the core of the framework essentially evaluates election-independent security models with regard to expected adversaries and returns satisfaction degrees for security requirements. These satisfaction degrees serve election officials as basis for their decision-making. The framework is evaluated against requirements stemming from measure theory.



The research that led to these results has been funded from a project in the framework of Hessen Modell Projekte (HA project no. 435/14-25), financed with funds of LOEWE Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz, Förderlinie 3: KMU-Verbundvorhaben (State Offensive for the Development of Scientific and Economic Excellence). The second author is grateful to the F.R.S.- FNRS for a doctoral grant (1.A.320.16F).


  1. 1.
    Adida, B.: Helios: web-based open-audit voting. In: USENIX Security Symposium, pp. 335–348 (2008)Google Scholar
  2. 2.
    Bannister, F., Connolly, R.: A risk assessment framework for electronic voting. Int. J. Technol. Policy Manag. 7(2), 190–208 (2007)CrossRefGoogle Scholar
  3. 3.
    Budurushi, J., Neumann, S., Olembo, M.M., Volkamer, M.: Pretty understandable democracy-a secure and understandable internet voting scheme. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), pp. 198–207. IEEE (2013)Google Scholar
  4. 4.
    Buldas, A., Mägi, T.: Practical security analysis of e-Voting systems. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 320–335. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-75651-4_22 CrossRefGoogle Scholar
  5. 5.
    Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: a secure voting system. Technical report, Cornell University (2007)Google Scholar
  6. 6.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17, 435–487 (2009)CrossRefzbMATHGoogle Scholar
  7. 7.
    EAC Advisory Board and Standards Board: Threat trees and matrices and threat instance risk analyzer (TIRA) (2009)Google Scholar
  8. 8.
    Grimm, R., Krimmer, R., Meißner, N., Reinhard, K., Volkamer, M., Weinand, M., Helbach, J., et al.: Security requirements for non-political internet voting. Electron. Voting 86, 203–212 (2006)Google Scholar
  9. 9.
    Lambrinoudakis, C., Gritzalis, D., Tsoumas, V., Karyda, M., Ikonomopoulos, S.: Secure electronic voting: the current landscape. In: Gritzalis, D.A. (ed.) Secure Electronic Voting. Advances in Information Security, vol. 7. Springer, New York (2012)Google Scholar
  10. 10.
    Hazewinkel, M.: Encyclopedia of Mathematics. Springer, Dordrecht (2001)Google Scholar
  11. 11.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 61–70. ACM (2005)Google Scholar
  12. 12.
    Kim, H.M., Nevo, S.: Development and application of a framework for evaluating multi-mode voting risks. Internet Res. 18(1), 121–135 (2008)CrossRefGoogle Scholar
  13. 13.
    Metropolis, N., Ulam, S.: The Monte Carlo method. J. Am. Stat. Assoc. 44(247), 335–341 (1949)CrossRefzbMATHGoogle Scholar
  14. 14.
    Mitrou, L., Gritzalis, D., Katsikas, S.: Revisiting legal and regulatory requirements for secure e-Voting. In: Ghonaimy, M.A., El-Hadidi, M.T., Aslan, H.K. (eds.) Security in the Information Society. IAICT, vol. 86, pp. 469–480. Springer, Boston (2002). doi: 10.1007/978-0-387-35586-3_37 CrossRefGoogle Scholar
  15. 15.
    Neumann, S., Volkamer, M.: A holistic framework for the evaluation of internet voting systems. In: Design, Development, and Use of Secure Electronic Voting Systems, pp. 76–91 (2014)Google Scholar
  16. 16.
    Neumann, S., Volkamer, M., Budurushi, J., Prandini, M.: Secivo: a quantitative security evaluation framework for internet voting schemes. Ann. Telecommun. 71(7–8), 337–352 (2016)CrossRefGoogle Scholar
  17. 17.
    Nevo, S., Kim, H.M.: How to compare and analyse risks of internet voting versus other modes of voting. EG 3(1), 105–112 (2006)CrossRefGoogle Scholar
  18. 18.
    Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM Workshop on Quality of Protection, QoP 2006, pp. 31–38. ACM, New York (2006)Google Scholar
  19. 19.
    Pardue, H., Landry, J.P., Yasinsac, A.: E-voting risk assessment: a threat tree for direct recording electronic systems. Int. J. Inf. Secur. Priv. (IJISP) 5(3), 19–35 (2011)CrossRefGoogle Scholar
  20. 20.
    Pardue, H., Yasinsac, A., Landry, J.: Towards internet voting security: a threat tree for risk assessment. In: 2010 International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1–7. IEEE Computer Society (2010)Google Scholar
  21. 21.
    Ryan, P.Y.A., Teague, V.: Pretty good democracy. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 111–130. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36213-2_15 CrossRefGoogle Scholar
  22. 22.
    Salamon, D.A.: Measure and Integration. EMS Textbook series (2016, to appear)Google Scholar
  23. 23.
    Schryen, G., Volkamer, M., Ries, S., Habib, S.M.: A formal approach towards measuring trust in distributed systems. In: 2011 Annual ACM Symposium on Applied Computing (SAC), pp. 1739–1745. ACM (2011)Google Scholar
  24. 24.
    Volkamer, M., Grimm, R.: Determine the resilience of evaluated internet voting systems. In: 2009 International Workshop on Requirements Engineering for e-Voting Systems (RE-VOTE), pp. 47–54. IEEE Computer Society (2009)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  • Stephan Neumann
    • 1
    Email author
  • Manuel Noll
    • 2
  • Melanie Volkamer
    • 1
    • 3
  1. 1.Technische Universität DarmstadtDarmstadtGermany
  2. 2.Université de LiègeLiègeBelgium
  3. 3.Karlstad UniversityKarlstadSweden

Personalised recommendations