Abstract
Even when using a provably secure voting protocol, an election authority cannot argue convincingly that no attack that changed the election outcome has occurred, unless the voters are able to use the voting protocol correctly. We describe one statistical method that, if the assumptions underlying the protocol’s security proof hold, could provide convincing evidence that no attack occurred for the Norwegian Internet voting protocol (or other similar voting protocols). To determine the statistical power of this method, we need to estimate the rate at which voters detect possible attacks against the voting protocol. We designed and carried out an experiment to estimate this rate. We describe the experiment and results in full. Based on the results, we estimate upper and lower bounds for the detection rate. We also discuss some limitations of the practical experiment.
Similar content being viewed by others
References
Campbell BA, Byrne MD (2009) Straight-party voting: what do voters think? IEEE Trans Inf Forensics Secur 4(4):718–728. doi:10.1109/TIFS.2009.2031947
Gjøsteen K Analysis of an internet voting protocol. Cryptology ePrint Archive, Report 2010/380 (2010). http://eprint.iacr.org/
Gjøsteen K The Norwegian internet voting protocol. Cryptology ePrint Archive, Report 2013/473 (2013). http://eprint.iacr.org/
Gjøsteen K, Lund AS The Norwegian internet voting protocol: a new instantiation. Cryptology ePrint Archive, Report 2015/503 (2015). http://eprint.iacr.org/
Karayumak F, Kauer M, Olembo MM, Volk T, Volkamer M (2011) User study of the improved Helios voting system interfaces. In: 1st workshop on socio-technical aspects in security and trust, STAST 2011, Milan, pp 37–44. doi:10.1109/STAST.2011.6059254
Karayumak F, Olembo MM, Kauer M, Volkamer M (2011) Usability analysis of Helios - an open source verifiable remote electronic voting system. In: 2011 electronic voting technology workshop / workshop on trustworthy elections, EVT/WOTE ’11, San Francisco. https://www.usenix.org/conference/evtwote-11/usability-analysis-helios-%E2%80%94-open-source-verifiable-remote-electronic-voting
Koenig RE, Locher P, Haenni R (2013) Attacking the verification code mechanism in the Norwegian internet voting system. In: Heather J, Schneider SA, Teague V (eds) Proceedings of 4th international conference of e-voting and identify. Vote-ID 2013. Lecture Notes in Computer Science, vol 7985. Springer, Guildford, pp 76–92. doi:10.1007/978-3-642-39185-9_5
Olembo MM, Bartsch S, Volkamer M (2013) Mental models of verifiability in voting. In: Proceedings of 4th international conference of e-voting and identify, Vote-ID 2013, Guildford, pp 142–155. doi:10.1007/978-3-642-39185-9_9
Olsen KA, Nordhaug HF (2012) Internet elections: unsafe in any home? Commun ACM 55(8):36–38. doi:10.1145/2240236.2240251
Schneider S, Llewellyn M, Culnane C, Heather J, Srinivasan S, Xia Z (2011) Focus group views on Prêt à Voter 1.0. In: 2011 international workshop on requirements engineering for electronic voting systems, REVOTE 2011, Trento, pp 56–65. doi:10.1109/REVOTE.2011.6045916
Sherman AT, Carback R, Chaum D, Clark J, Essex A, Herrnson PS, Mayberry T, Popoveniuc S, Rivest RL, Shen E, Sinha B, Vora PL (2010) Scantegrity mock election at Takoma park. In: 4th international conference of electronic voting 2010, EVOTE 2010. Co-organized by Council of Europe, Gesellschaft für Informatik and E-Voting.CC. Castle Hofen, Bregenz, pp 45–61. http://subs.emis.de/LNI/Proceedings/Proceedings167/article5683.html
Stone D, Jarrett C, Woodroffe M, Minocha S (2005) User interface design and evaluation. Morgan Kaufmann
Weber JL, Hengartner U (2009) Usability study of the open audit voting system Helios. http://www.jannaweber.com/wp-content/uploads/2009/09/858Helios.pdf
Yao Y, Murphy LD (2007) Remote electronic voting systems: an exploration of voters’ perceptions and intention to use. EJIS 16(2):106–120. doi:10.1057/palgrave.ejis.3000672
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Gjøsteen, K., Lund, A.S. An experiment on the security of the Norwegian electronic voting protocol. Ann. Telecommun. 71, 299–307 (2016). https://doi.org/10.1007/s12243-016-0509-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-016-0509-8