0

I'm studying and preparing a document for implementing an online voting system (internet based system) which can be used for governmental voting purposes. I would like to ask for your advise and suggestions regarding threats, weaknesses, risks and challenges that such a system can have. If you are not agree for using of such systems, it would be great to have your comments as well. Also please let me know about related articles / blog posts. :)

Question: What are the risks / challenges that might affect system's reliability and user's trust?

For clarifications of question I see following items as a matter of threats, weaknesses, risks or challenges which should be cared and considered. I'm not sure if it is a complete list:

  1. Data Security (Application Layer)
  2. Physical Security (Data Center Security)
  3. Personnel Security
  4. Identity Validation, Verification and Authentication
  5. Anonymity

Basic requirements are:

  1. People can vote only one time.
  2. Votes must be confidential and no one should be able to find about who voted for what.

Related / similar projects:

  1. Smartmatic: https://www.smartmatic.com
  2. Scytl Secure Electronic Voting, S.A: https://www.scytl.com/en/
  3. Polyas: https://www.polyas.com
  4. Intelivote: http://www.intelivote.com

I found a question asked about 5 years ago about the possibility of Online Government Elections System. I believe it is possible now and also most of the challenges mentioned there still are valid but I'm wondering if there is any changes from then and if the vision for the future is still same. Online Government Elections System - Is it possible?

Payam Mohajeri
  • 1
  • 2
  • problem is mainly _where_ people vote: phones and laptops are not exactly trustworthy these days, so a fake browser could pretend to vote for your choicees but actually cast a vote for the other guys. I think that issue is _worse_ than 5 years ago frankly. – dandavis Jan 08 '18 at 05:06
  • @dandavis Thanks for your comment. I agree with you. That's another challenge that we need to consider. I would name it as: **Personal Device Security**. Also to continue go for next levels I would say let's assume that we can have a specific purpose _protocols_ and _applications_ to solve this issue. – Payam Mohajeri Jan 08 '18 at 08:01

2 Answers2

1

IMHO authentication over Internet with a security level compatible with a governemental election requires strong authentication (certificate) where the private key is securerly locked into a physical device to prevent any copy. That means that we need a national PKI system where each citizen has a smartcard. BTW, that would de-facto exclude voting from a smartphone.

Then any citizen is normally allowed to vote, even if they own no computer or have an out of use computer at time of vote. So the system should make provision for public voting point for example in town halls.

Once these two points are solved, the next and probably harder one is how to prove that the system does what it is supposed to do. Develepment of a system able to:

  • identify a voter
  • note that he/she has voted to prevent multiple votes
  • store the vote in a way that it is impossible to know at the end who voted what

is probably not a real challenge, but proving that it contains no trap (be it volunteer or not) is at the limit of what I can imagine, because only IT security experts could do it, and I currently know no comitee that would have both the knowledge and competence and the legitimity for it.

And after the election, it would be necessary to again prove that the system has not been hacked during the operation, with the same question on competence and legitimity.

Lawyers generally say that small is beautiful. When you have thousands of vote point each with some people mandated by the different candidates to control the regularity, it is admitted that there will be problem here and there, but not enough to change the result of a vote. Hacking a global system would certainly be harder than adding some paper bulletins, but the consequences could certainly change the result of an election.

That's probably the reason why, while plenty of people would be able to build nice voting system, few countries use them

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
0

Electronic voting is a very broad and complex field and building such a system usually is not as easy as thinking about it. Problems and risks regarding an Internet voting system are (obviously) even more threatening for the security and the integrity of an electronic voting system that doesn't use Internet.

Apart from the points listed above, there are many other problems you should deal with if you decide to implement a voting system that uses Internet. For example, DoS and DDoS attacks are another big issue with today's Internet voting systems and seems they will be in the foreseeable future too. Thus, Availability is one of the other fundamental security requirements that have to take into account during the implementation and that hasn't been mentioned above (particularly relevant during political elections). For better description of the requirements an electronic vote system should have, I suggest to visit the following links.

Additionally, as in part suggested by @dandavis there's also the possibility that the browser's behaviour (or, device's behaviour) used for cast the vote is compromised by one or more malicious software executed by the latter. I think thats what you called Personal Device Security. Problem here is that you cannot predict nor avoid (from a WebApp's programmer point of view) if a device is compromised by one or more malware, in contrast to your assumption written in the comment. You should trust Antivirus and more advanced software but sometimes they fail too: new attack patterns and new malware infection or propagation techniques is what make this one a problem with still no complete solution.

Some of the problems that I mentioned have been partial solved by systems that satisfy a particular property: the so called Cryptographic End-to-End Verifiability. Requirement that should be listed in your list, from most experts point of views and from mine too.

Finally, I think the answer to your last question should be not really. With a bit more researches you will find that Internet-based electronic voting systems exist, and some of them have been used during political elections in different countries. (Estonia's citizens has voted online for several political elections, for example) So this systems are obviously 'possible' but, most of the times, they're not secure enough. Hope I've been helpful and please forgive my not so good English.

ssh3ll
  • 1