Election-Dependent Security Evaluation of Internet Voting Schemes

The variety of Internet voting schemes proposed in the literature build their security upon a number of trust assumptions. The criticality of these assumptions depends on the target election setting, particularly the adversary expected within that setting. Given the potential complexity of the assumptions, identifying the most appropriate Internet voting schemes for a specific election setting poses a significant burden to election officials. We address this shortcoming by the construction of an election-dependent security evaluation framework for Internet voting schemes. On the basis of two specification languages, the core of the framework essentially evaluates election-independent security models with regard to expected adversaries and returns satisfaction degrees for security requirements. These satisfaction degrees serve election officials as basis for their decision-making. The framework is evaluated against requirements stemming from measure theory.

[1]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[2]  Frank Bannister,et al.  A Risk Assessment Framework for Electronic Voting , 2007, ECEG.

[3]  Ahto Buldas,et al.  Practical Security Analysis of E-Voting Systems , 2007, IWSEC.

[4]  Costas Lambrinoudakis,et al.  Secure Electronic Voting: the Current Landscape , 2003 .

[5]  Melanie Volkamer,et al.  Pretty Understandable Democracy - A Secure and Understandable Internet Voting Scheme , 2013, 2013 International Conference on Availability, Reliability and Security.

[6]  Melanie Volkamer,et al.  Security Requirements for Non-political Internet Voting , 2006, Electronic Voting.

[7]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[8]  N. Metropolis,et al.  The Monte Carlo method. , 1949 .

[9]  Henry M. Kim,et al.  How to compare and analyse risks of internet voting versus other modes of voting , 2006, Electron. Gov. an Int. J..

[10]  Jeffrey P. Landry,et al.  E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems , 2011, Int. J. Inf. Secur. Priv..

[11]  Peter Y. A. Ryan,et al.  Pretty Good Democracy , 2009, Security Protocols Workshop.

[12]  Michael R. Clarkson,et al.  Civitas: A Secure Voting System , 2007 .

[13]  Henry M. Kim,et al.  Development and application of a framework for evaluating multi-mode voting risks , 2008, Internet Res..

[14]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[15]  Jeffrey P. Landry,et al.  Towards Internet voting security: A threat tree for risk assessment , 2010, 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS).

[16]  Melanie Volkamer,et al.  A formal approach towards measuring trust in distributed systems , 2011, SAC.

[17]  Melanie Volkamer,et al.  A Holistic Framework for the Evaluation of Internet Voting Systems , 2014 .

[18]  D. Salamon,et al.  Measure and Integration , 2016 .

[19]  James Stuart Tanton,et al.  Encyclopedia of Mathematics , 2005 .

[20]  Lilian Mitrou,et al.  Revisiting Legal and Regulatory Requirements for Secure E-Voting , 2002, SEC.

[21]  Sushil Jajodia,et al.  A weakest-adversary security metric for network configuration security analysis , 2006, QoP '06.

[22]  Melanie Volkamer,et al.  Determine the Resilience of Evaluated Internet Voting Systems , 2009, 2009 First International Workshop on Requirements Engineering for e-Voting Systems.

[23]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[24]  Melanie Volkamer,et al.  SecIVo: a quantitative security evaluation framework for internet voting schemes , 2016, Annals of Telecommunications.