Secure Voting in the Cloud Using Homomorphic Encryption and Mobile Agents

While governments are transitioning to the cloud to leverage efficiency, transparency and accessibility advantages, public opinion - the backbone of democracy - is being left behind. Statistics show that traditional paper voting is failing to reach the technological-savvy generation, with voter turnout decreasing every election for many first-world countries. Remote electronic voting is a possible solution facilitator to this problem, but it still faces several security, privacy and accountability concerns. This paper introduces a practical application of partially homomorphic encryption to help address these challenges. We describe a cloud-based mobile electronic voting scheme, evaluating its security against a list of requirements, and benchmarking performance on the cloud and mobile devices. In order to protect voter privacy, we propose moving away from a public bulletin board so that no individual cipher votes are saved, while still allowing vote verification. As the majority of the security threats faced by electronic voting are from the underlying system, we also introduce the novel concept of using a dedicated hardware server for homomorphic tallying and decryption.

[1]  Urs Gasser,et al.  Three Case Studies from Switzerland : E-Voting , 2009 .

[2]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[3]  Ivan Damgård,et al.  Secure Multiparty Computation and Secret Sharing , 2015 .

[4]  Nicole Goodman,et al.  Internet Voting in a Local Election in Canada , 2014 .

[5]  Ryan K. L. Ko Cloud computing in plain English , 2010, ACM Crossroads.

[6]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[7]  J. Alex Halderman,et al.  Security Analysis of the Estonian Internet Voting System , 2014, CCS.

[8]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[9]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[10]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[11]  Feng Hao,et al.  Self-enforcing Electronic Voting , 2012, Security Protocols Workshop.

[12]  Tim Storer,et al.  Electronic Voting in the UK: Current Trends in Deployment , Requirements and Technologies , 2005, PST.

[13]  Horng-Twu Liaw,et al.  A secure electronic voting protocol for general elections , 2004, Comput. Secur..

[14]  G.-J. Schrijen,et al.  Physical Unclonable Functions and Public-Key Crypto for FPGA IP Protection , 2007, 2007 International Conference on Field Programmable Logic and Applications.

[15]  I. Damgård,et al.  A Generalisation, a Simplification and some Applications of Paillier’s Probabilistic Public-Key System , 2000 .

[16]  Jacques Stern,et al.  Practical multi-candidate election system , 2001, PODC '01.

[17]  Helger Lipmaa,et al.  On the CCA1-Security of Elgamal and Damgård's Elgamal , 2010, Inscrypt.

[18]  Thad E. Hall,et al.  Internet Voting in Comparative Perspective: The Case of Estonia , 2009, PS: Political Science & Politics.

[19]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[20]  R. Cramer,et al.  Secure Multiparty Computation and Secret Sharing: Preliminaries , 2015 .

[21]  Eric Wustrow,et al.  Attacking the Washington, D.C. Internet Voting System , 2012, Financial Cryptography.

[22]  Dimitrios Zissis,et al.  Securing e-Government and e-Voting with an open cloud computing architecture , 2011, Gov. Inf. Q..

[23]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[24]  David Pointcheval,et al.  Threshold Cryptosystems Secure against Chosen-Ciphertext Attacks , 2001, ASIACRYPT.

[25]  Chun-I Fan,et al.  An efficient multi-receipt mechanism for uncoercible anonymous electronic voting , 2008, Math. Comput. Model..

[26]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[27]  Arne Ansper,et al.  Security and Trust for the Norwegian E-Voting Pilot Project E-valg 2011 , 2009, NordSec.

[28]  Mark Will,et al.  Real-time image processing , 2013, Nature Methods.

[29]  Dimitris Gritzalis Principles and requirements for a secure e-voting system , 2002 .

[30]  Jeremy Clark,et al.  Selections: Internet Voting with Over-the-Shoulder Coercion-Resistance , 2011, Financial Cryptography.

[31]  Dimitris Gritzali,et al.  Principles and requirements for a secure e-voting system , 2002, Comput. Secur..

[32]  Feng Hao,et al.  Analysis of Issues and Challenges of E-Voting in the UK , 2012, Security Protocols Workshop.

[33]  Dimitris Gritzalis,et al.  Assessing Privacy Risks in Android: A User-Centric Approach , 2013, RISK@ICTSS.

[34]  Matthew K. Franklin,et al.  Multi-Autority Secret-Ballot Elections with Linear Work , 1996, EUROCRYPT.

[35]  Byoungcheon Lee,et al.  Receipt-free Electronic Voting through Collaboration of Voter and Honest Verifier , 2000 .

[36]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[37]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[38]  Feng Hao,et al.  Every Vote Counts: Ensuring Integrity in Large-Scale DRE-based Electronic Voting , 2010, IACR Cryptol. ePrint Arch..

[39]  Sheng-De Wang,et al.  A secure and practical electronic voting scheme , 1999, Comput. Commun..

[40]  Rolf Haenni,et al.  Attacking the Verification Code Mechanism in the Norwegian Internet Voting System , 2013, VoteID.

[41]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[42]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[43]  Jean-Pierre Seifert,et al.  Cloning Physically Unclonable Functions , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[44]  Tommy Färnqvist Number Theory Meets Cache Locality – Efficient Implementation of a Small Prime FFT for the GNU Multiple Precision Arithmetic Library , 2005 .

[45]  Ryan K. L. Ko,et al.  A guide to homomorphic encryption , 2015, The Cloud Security Ecosystem.

[46]  Dimitris Gritzalis,et al.  Smartphone security evaluation The malware attack case , 2011, Proceedings of the International Conference on Security and Cryptography.

[47]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[48]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[49]  Ying Liu,et al.  An FPGA-Based Web Server for High Performance Biological Sequence Alignment , 2009, 2009 NASA/ESA Conference on Adaptive Hardware and Systems.