An experiment on the security of the Norwegian electronic voting protocol

Even when using a provably secure voting protocol, an election authority cannot argue convincingly that no attack that changed the election outcome has occurred, unless the voters are able to use the voting protocol correctly. We describe one statistical method that, if the assumptions underlying the protocol’s security proof hold, could provide convincing evidence that no attack occurred for the Norwegian Internet voting protocol (or other similar voting protocols). To determine the statistical power of this method, we need to estimate the rate at which voters detect possible attacks against the voting protocol. We designed and carried out an experiment to estimate this rate. We describe the experiment and results in full. Based on the results, we estimate upper and lower bounds for the detection rate. We also discuss some limitations of the practical experiment.

[1]  Zhe Xia,et al.  Focus group views on Prêt à Voter 1.0 , 2011, 2011 International Workshop on Requirements Engineering for Electronic Voting Systems.

[2]  Michael D. Byrne,et al.  Straight-Party Voting: What Do Voters Think? , 2009, IEEE Transactions on Information Forensics and Security.

[3]  Kristian Gjøsteen,et al.  The Norwegian Internet Voting Protocol: A new Instantiation , 2015, IACR Cryptol. ePrint Arch..

[4]  Jeremy Clark,et al.  Scantegrity Mock Election at Takoma Park , 2010, Electronic Voting.

[5]  Melanie Volkamer,et al.  User study of the improved Helios voting system interfaces , 2011, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST).

[6]  Melanie Volkamer,et al.  Mental Models of Verifiability in Voting , 2013, VoteID.

[7]  Debbie Stone,et al.  User Interface Design and Evaluation , 2005 .

[8]  Kristian Gjøsteen,et al.  The Norwegian Internet Voting Protocol , 2011, VoteID.

[9]  Rolf Haenni,et al.  Attacking the Verification Code Mechanism in the Norwegian Internet Voting System , 2013, VoteID.

[10]  Kai A. Olsen,et al.  Internet elections: unsafe in any home? , 2012, CACM.

[11]  Yurong Yao,et al.  Remote electronic voting systems: an exploration of voters' perceptions and intention to use , 2007, Eur. J. Inf. Syst..

[12]  Kristian Gjøsteen,et al.  Analysis of an internet voting protocol , 2010, IACR Cryptol. ePrint Arch..

[13]  Melanie Volkamer,et al.  Usability Analysis of Helios - An Open Source Verifiable Remote Electronic Voting System , 2011, EVT/WOTE.