Advertisement

VSPReP: Verifiable, Secure and Privacy-Preserving Remote Polling with Untrusted Computing Devices

  • Amna Qureshi
  • David Megías
  • Helena Rifà-Pous
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 878)

Abstract

Internet-based polling systems allow voters to cast their votes at any time during the polling period, from any Internet-connected computing device anywhere in the world. Security is an important feature of such systems that should address inherent concerns, such as secrecy of vote, anonymity and unlinkability of voter, voter coercion, secrecy of intermediate results, verifiability, auditability, and poll integrity. Another major concern is that an infected voting device with a malicious program (e.g., virus, malware) could take control over the vote casting process and make unauthorized and potentially undetected modifications to the voter’s voting choices, and, hence, should not be trusted. In this paper we present VSPReP, a verifiable, secure and privacy-preserving remote polling (e-poll) system, which provides vote’s privacy and poll integrity, prevents double voting, enables multiple voting (within the allowed polling period), and achieves verifiability (cast-as-intended and tallied-as-recorded) and uncoercibility in the presence of an untrusted voting device. This paper presents a general design of VSPReP and describes its workflow during three polling phases: pre-polling, polling and post-polling. It also analyzes the security properties of VSPReP and evaluates its performance in terms of computational and cryptographic costs. The experimental results show that the average time a voter takes to cast his/her vote is less than 45 secs, thus demonstrating the practicality of VSPReP.

Keywords

Remote polling Malware detection Privacy Verifiability 

Notes

Acknowledgment

This work was partly funded by the INCIBEC-2015-02491 “Ayudas para la excelencia de los equipos de investigacin avanzada en ciberseguridad” and TIN2014-57364-C2-2-R “SMARTGLACIS”.

References

  1. 1.
    Adida, B.: Helios: web-based open-audit voting. In: SS 2008, pp. 335–348 (2008)Google Scholar
  2. 2.
    Allepuz, J.P., Castelló, S.G.: Cast-as intended verification in Norway. In: EVOTE 2012, pp. 49–63 (2012)Google Scholar
  3. 3.
    Allepuz, J.P., Castelló, S.G.: Internet voting system with cast as intended verification. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 36–52. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32747-6_3CrossRefGoogle Scholar
  4. 4.
    B\(\ddot{o}\)ck, J.: RSA-PSS provable secure RSA signatures and their implementation (2011). https://rsapss.hboeck.de/rsapss.pdf
  5. 5.
    Benaloh, J., Rivest, R., Ryan, P.Y.A., Stark, P., Teague, V., Vora, P.: End-to-end verifiability (2013). https://www.microsoft.com/en-us/research/publication/end-end-verifiablity/
  6. 6.
    Brelle, A., Truderung, T.: Cast-as-intended mechanism with return codes based on PETs. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 264–279. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-68687-5_16CrossRefGoogle Scholar
  7. 7.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-48071-4_7CrossRefGoogle Scholar
  8. 8.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12CrossRefGoogle Scholar
  9. 9.
    Galindo, D., Guasch, S., Puiggalí, J.: 2015 Neuchâtel’s cast-as-intended verification mechanism. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 3–18. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-22270-7_1CrossRefGoogle Scholar
  10. 10.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. J. Cryptol. 20(1), 51–83 (2007)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Gjøsteen, K.: The Norwegian internet voting protocol. In: Kiayias, A., Lipmaa, H. (eds.) Vote-ID 2011. LNCS, vol. 7187, pp. 1–18. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32747-6_1CrossRefGoogle Scholar
  12. 12.
    Joaquim, R., Ribeiro, C., Ferreira, P.: VeryVote: a voter verifiable code voting system. In: Ryan, P.Y.A., Schoenmakers, B. (eds.) Vote-ID 2009. LNCS, vol. 5767, pp. 106–121. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04135-8_7CrossRefGoogle Scholar
  13. 13.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication (1997). https://tools.ietf.org/html/rfc2104
  14. 14.
    Mulligan, G.: Has the time now come for internet voting? (2017). http://www.bbc.com/news/business-39955468
  15. 15.
    Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and KDCs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_23CrossRefGoogle Scholar
  16. 16.
    Qureshi, A., Megías, D., Rifà, H.: Framework for preserving security and privacy in P2P content distribution systems. ESWA 42(3), 1391–1408 (2015)Google Scholar
  17. 17.
    Ryan, P.Y.A., Bismark, D., Heather, J., Schneider, S., Xia, Z.: Prêt à voter: a voter-verifiable voting system. IEEE Trans. Inf. Forensic Secur. 4(4), 662–673 (2009)CrossRefGoogle Scholar
  18. 18.
    Schneider, A., Meter, C., Hagemeister, P.: Survey on remote electronic voting. CoRR (2017). http://arxiv.org/abs/1702.02798
  19. 19.
    Schnor, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)MATHGoogle Scholar
  20. 20.
    Terelius, B., Wikström, D.: Proofs of restricted shuffles. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 100–113. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-12678-9_7CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Amna Qureshi
    • 1
  • David Megías
    • 1
  • Helena Rifà-Pous
    • 1
  1. 1.Internet Interdisciplinary Institute (IN3)Universitat Oberta de Catalunya (UOC)BarcelonaSpain

Personalised recommendations