Practical Security Analysis of E-Voting Systems

  • Ahto Buldas
  • Triinu Mägi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4752)


We adapt game theoretic methods for studying the security of two e-voting systems: the Estonian E-Voting System (EstEVS) and Secure Electronic Registration and Voting Experiment (SERVE) performed in the United States of America. While these two systems are quite similar from technical side, security experts have made totally different decisions about their security—EstEVS was indeed used in practical elections while SERVE was decided to be insecure. The aim of this work is to clarify if the minor technical differences between these two systems were indeed a sufficient reason to distinguish between their security. Our analysis is oriented to practical security against large-scale attacks. We define a model for the real-life environment in which voting takes place and analyze the behavior of adversaries. We show that in our model EstEVS is secure and SERVE is not. The reliability of the results is still questionable because of our limited knowledge about many of the parameters. It turns out though that our main results are quite robust with respect to the choice of parameters.


Malicious Code Attack Tree Security Expert Eligible Voter Inside Threat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Jefferson, D., Rubin, A.D., Simons, B., Wagner, D.: A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE) (2004)Google Scholar
  2. 2.
    Ansper, A., Buldas, A., Oruaas, M., Priisalu, J., Veldre, A., Willemson, J., Kivinurm, K.: The Security of Conception of E-voting: Analysis and Measures. E-hääletamise kontseptsiooni turve: analüüs ja meetmed (2003)Google Scholar
  3. 3.
    Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational Choice of Security Measures via Multi-Parameter Attack Trees. In: Lopez, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)Google Scholar
  4. 4.
    Estonian National Electoral Committee home page,
  5. 5.
    Schneier, B.: Attack Trees. Dr. Dobb’s Journal, Modeling Security Threats (December 1999)Google Scholar
  6. 6.
    Geer, D., Hoo, K.S., Jaquith, A.: Information Security: Why the Future Belongs to the Quants? IEEE Security and Privacy, 32–40 (July/August 2003)Google Scholar
  7. 7.
    Interview with Estonian public prosecutor Mr. Margus KurmGoogle Scholar
  8. 8.
    Surf, M., Shulman, A.: How safe is it out there? Zeroing in on the vulnerabilities of application security. Imperva Application Defense Center (2004)Google Scholar
  9. 9.
    The elections’ atlas of the USA,
  10. 10.
    The Parlimental Elections in Estonia (2003),
  11. 11.
    Department of Defense Washington Headquarters Services Federal Voting assistance Program. Voting Over the Internet Pilot Project Assessment Report (2001)Google Scholar
  12. 12.
    E-voting System: Overview. Estonian National Electoral Committee (2005),
  13. 13.
    Triinu Mägi. Practical Security Analysis of E-voting Systems. Msc Thesis. Tallinn University of Technology (2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Ahto Buldas
    • 1
    • 2
    • 3
  • Triinu Mägi
    • 4
  1. 1.Cybernetica AS. Akadeemia tee 21, 12618 TallinnEstonia
  2. 2.Tallinn University of Technology, Raja 15, 12618 TallinnEstonia
  3. 3.University of Tartu, Liivi 2, 50409 TartuEstonia
  4. 4.Estonian Ministry of Justice, Center of Registers and Information Systems. Lõkke 4, 19081 TallinnEstonia

Personalised recommendations