Verification and Validation Issues in Electronic Voting

Electronic democracy (e-democracy) is a necessity in this era of computers and information technology. Electronic election (e-election) is one of the most important applications of e-democracy, because of the importance of the voters’ privacy and the possibility of frauds. Electronic voting (e-voting) is the most significant part of e-election, which refers to the use of computers or computerised voting equipment to cast ballots in an election. Due to the rapid growth of computer technologies and advances in cryptographic techniques, e-voting is now an applicable alternative for many non-governmental elections. However, security demands become higher when voting takes place in the political arena. Requirement analysis is an important part of the system design process and it is impossible to develop the right system in the right way without a correct and complete set of requirements. In this manner all e-voting studies mention e-voting requirements somewhere, and different sets of requirements are defined. Almost all researchers state verifiability as an e-voting requirement by narrowing the definition of verification. Unfortunately the definitions for verifiability are inadequate and unclear and it is categorised as individual verifiability and universal verifiability, where they are generally misused in the literature. Nowadays the researchers have started to discuss deeply the verification in e-voting. However there is no obvious consensus about the definitions. Moreover, validation has not been discussed properly yet. This paper focuses on the importance of the verification and validation (V&V) in e-voting and gives proper definitions for verifiability and validity. Then it describes some V&V activities and explains the relationship between V&V and core requirements that any e-voting system should satisfy. This paper also states some problems for designing and developing secure e-voting systems.

[1]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[2]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[3]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[4]  Josh Benaloh,et al.  Receipt-Free Secret-Ballot Elections , 1994, STOC 1994.

[5]  Kazue Sako,et al.  Receipt-Free Mix-Type Voting Scheme - A Practical Solution to the Implementation of a Voting Booth , 1995, EUROCRYPT.

[6]  Lorrie Faith Cranor,et al.  Sensus: a security-conscious electronic polling system for the Internet , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[7]  Andreu Riera,et al.  An Uncoercible Verifiable Electronic Voting Protocol , 1998 .

[8]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[10]  David A. Wagner,et al.  Cryptographic Voting Protocols: A Systems Perspective , 2005, USENIX Security Symposium.

[11]  Alan T. Sherman,et al.  An Examination of Vote Verification Technologies: Findings and Experiences from the Maryland Study , 2006, EVT.

[12]  Radha Poovendran,et al.  A framework and taxonomy for comparison of electronic voting schemes , 2006, Comput. Secur..

[13]  France T́elécom,et al.  Verifying Properties of Electronic Voting Protocols , 2006 .

[14]  Deniz Cetinkaya,et al.  Towards Secure E-Elections in Turkey: Requirements and Principles , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[15]  Dominique Cansell,et al.  Formal verification of tamper-evident storage for e-voting , 2007, Fifth IEEE International Conference on Software Engineering and Formal Methods (SEFM 2007).

[16]  Aggelos Kiayias,et al.  An Authentication and Ballot Layout Attack Against an Optical Scan Voting Terminal , 2007, EVT.