Skip to main content

Advertisement

SpringerLink
Log in

ESIV: an end-to-end secure internet voting system

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

Nowadays, with the growing popularity of e-Government services, security of client platforms and violation of citizen e-rights are of great concerns. Since Internet-voting protocols have no control over voter-side platforms, bribery/coercion and breaching vote’s privacy and voter’s anonymity are feasible. In fact, the voter-side platform (voter’s PC) is easily vulnerable to malicious software (cyber-attacks) and can totally breach security of the entire voting protocol. We have proposed ESIV: an end-to-end secure internet-voting system that highly guarantees: voter and server-side platform’s security, verifiability, fairness, resistance to bribery/coercion and voting authorities collusion besides simultaneous election support while preserving eligibility, anonymity, privacy and trust. In addition, we utilize Java Card 3 technology as an independent secure web-server which is connected directly to network in order to send/receive HTTP(S) requests using high-speed interfaces. This technology brings about independence from utilizing any trusted device at voter-side and provides end-to-end security. Finally, an implementation of ESIV is presented and ESIV security features are evaluated.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. Step 1 of blind-linked protocol.

  2. Step 2 of blind-linked protocol.

  3. Step 3 of blind-linked protocol.

References

  1. Al-Ameen, A., & Talab, S. A. (2012). E-voting systems vulnerabilities. In Information science and digital content technology (ICIDT), 2012 8th international conference on IEEE (Vol. 1, pp. 67–73):

  2. Cooke, R., & Anane, R. (2012). A service-oriented architecture for robust e-voting. Service Oriented Computing and Applications, 6(3), 249–266.

    Article  Google Scholar 

  3. Smith, R., & Shao, J. (2007). Privacy and e-commerce: A consumer-centric perspective. Electronic Commerce Research, 7(2), 89–116.

    Article  Google Scholar 

  4. Röhrig, S., & Knorr, K. (2004). Security analysis of electronic business processes. Electronic Commerce Research, 4(1–2), 59–81.

    Article  Google Scholar 

  5. Joaquim, R., Ferreira, P., & Ribeiro, C. (2013). EVIV: An end-to-end verifiable Internet voting system. Computers & Security, 32, 170–191.

    Article  Google Scholar 

  6. Hite, R. C. (2004). Elections electronic voting offers opportunities and presents challenges. Collingdale: Diane Publishing.

    Google Scholar 

  7. Gefen, D. (2000). E-commerce: the role of familiarity and trust. Omega, 28(6), 725–737.

    Article  Google Scholar 

  8. Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13, 319–340.

    Article  Google Scholar 

  9. Coleman, S. (2005). Just how risky is online voting? Information Polity, 10(1–2), 95–104.

    Google Scholar 

  10. Christian Schaupp, L., & Carter, L. (2005). E-voting: From apathy to adoption. Journal of Enterprise Information Management, 18(5), 586–601.

    Article  Google Scholar 

  11. Kenski, K. (2005). To i-vote or not to i-vote? Opinions about internet voting from Arizona voters. Social Science Computer Review, 23(3), 293–303.

    Article  Google Scholar 

  12. Baiardi, F., Falleni, A., Granchi, R., Martinelli, F., Petrocchi, M., & Vaccarelli, A. (2005). SEAS, a secure e-voting protocol: Design and implementation. Computers & Security, 24(8), 642–652.

    Article  Google Scholar 

  13. Haenni, R., & Koenig, R. E. (2013). A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes. Computers & Security, 33, 59–69.

    Article  Google Scholar 

  14. Mohammadpourfard, M., Doostari, M. A., Ghaznavi Ghoushchi, M. B., & Shakiba, N. (2014). A new secure Internet voting protocol using Java Card 3 technology and Java information flow concept. Security and Communication Networks, 8, 261.

    Article  Google Scholar 

  15. Based, M. A., & Mjølsnes, S. F. (2013). Security requirements for internet voting systems. In T. Sobh & K. Elleithy (Eds.), Emerging trends in computing, informatics, systems sciences, and engineering (pp. 519–530). New York: Springer.

    Chapter  Google Scholar 

  16. Chen, Y.-Y., Jan, J.-K., & Chen, C.-L. (2004). The design of a secure anonymous Internet voting system. Computers & Security, 23(4), 330–337.

    Article  Google Scholar 

  17. Fan, C.-I., & Sun, W.-Z. (2008). An efficient multi-receipt mechanism for uncoercible anonymous electronic voting. Mathematical and Computer Modelling, 48(9), 1611–1627.

    Article  Google Scholar 

  18. Nguyen, T. A. T., & Dang, T. K. (2013). Enhanced security in internet voting protocol using blind signature and dynamic ballots. Electronic Commerce Research, 13(3), 257–272.

    Article  Google Scholar 

  19. Walake, M. A., & Chavan, M. P. (2015). Receipt-free multi-authority voting system with (2, 2) secret sharing based authentication. International Journal of Emerging Trends in Science and Technology, 2(2), 1786–1791.

    Google Scholar 

  20. Liu, J. K., Wei, V. K., & Wong, D. S. (2004). Linkable spontaneous anonymous group signature for ad hoc groups. In H. Wang, J. Pieprzyk, & V. Varadharajan (Eds.), Information security and privacy. Berlin: Springer.

    Google Scholar 

  21. Joaquim, R., Zúquete, A., & Ferreira, P. (2003). REVS—A robust electronic voting system. IADIS International Journal of WWW/Internet, 1(2), 47–63.

    Google Scholar 

  22. Kremer, S., Ryan, M., & Smyth, B. (2010). Election verifiability in electronic voting protocols. Berlin: Springer.

    Book  Google Scholar 

  23. Fujioka, A., Okamoto, T., & Ohta, K. (1993). A practical secret voting scheme for large scale elections. In J. Seberry & Y. Zheng (Eds.), Advances in cryptology—AUSCRYPT’92 (pp. 244–251). Berlin: Springer.

    Google Scholar 

  24. Popoveniuc, S., & Hosp, B. (2006). An introduction to punchscan. In IAVoSS workshop on trustworthy elections (WOTE 2006) (pp. 28–30). Robinson College United Kingdom

  25. Popoveniuc, S., & Hosp, B. (2010). An introduction to punchscan. In D. Chaum, M. Jakobsson, R. L. Rivest, P. Y. A. Ryan, & J. Benaloh (Eds.), Towards trustworthy elections (pp. 242–259). Berlin: Springer.

    Chapter  Google Scholar 

  26. Rivest, R. L., & Smith, W. D. (2007). Three voting protocols: ThreeBallot, VAV, and Twin. In Proceedings of the USENIX workshop on accurate electronic voting technology, 2007 (Vol. 16): USENIX Association

  27. Benaloh, J., & Tuinstra, D. (1994). Receipt-free secret-ballot elections. In Proceedings of the twenty-sixth annual ACM symposium on theory of computing, 1994 (pp. 544–553). ACM

  28. Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., & Yoo, S. (2004). Providing receipt-freeness in mixnet-based voting protocols. In J.-I. Lim & D.-H. Lee (Eds.), Information security and cryptology-ICISC 2003 (pp. 245–258). Berlin: Springer.

    Chapter  Google Scholar 

  29. Juels, A., Catalano, D., & Jakobsson, M. (2005). Coercion-resistant electronic elections. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society, 2005 (pp. 61–70). ACM

  30. Chung, Y.-F., & Wu, Z.-Y. (2009). Approach to designing bribery-free and coercion-free electronic voting scheme. Journal of Systems and Software, 82(12), 2081–2090.

    Article  Google Scholar 

  31. Clarkson, M. R., Chong, S., & Myers, A. C. (2007). Civitas: A secure voting system. Cornell University.

  32. Simons, B., & Jones, D. W. (2012). Internet voting in the US. Communications of the ACM, 55(10), 68–77.

    Article  Google Scholar 

  33. Cobourne, S., Kyrillidis, L., Mayes, K., & Markantonakis, K. (2014). Remote e-voting using the smart card web server. International Journal of Secure Software Engineering (IJSSE), 5(1), 39–60.

    Article  Google Scholar 

  34. Cozzolino, S. (2014). How to Combine NFC Services and ID Leveraging on SIM Technology. Paper presented at the Cartes America 2014

  35. Pasquinucci, A. (2007). Web voting, security and cryptography. Computer Fraud & Security, 2007(3), 5–8.

    Article  Google Scholar 

  36. Adida, B. (2008). Helios: Web-based Open-Audit Voting. In USENIX security symposium, 2008 (Vol. 17, pp. 335–348)

  37. Joaquim, R., Ribeiro, C., & Ferreira, P. (2009). Veryvote: A voter verifiable code voting system. In P. Y. Ryan & B. Schoenmakers (Eds.), E-voting and identity (pp. 106–121). Berlin: Springer.

    Chapter  Google Scholar 

  38. Joaquim, R., Ribeiro, C., & Ferreira, P. (2010). Improving remote voting security with codevoting. In D. Chaum, M. Jakobsson, R. Rivest, P. Y. A. Ryan, J. Benaloh, M. Kutykoswski, & B. Adida (Eds.), Towards trustworthy elections (pp. 310–329). Berlin: Springer.

    Chapter  Google Scholar 

  39. Heiberg, S., Lipmaa, H., & Van Laenen, F. (2010). On e-vote integrity in the case of malicious voter computers. In D. Gritzalis & B. Preneel (Eds.), Computer security–ESORICS 2010 (pp. 373–388). Berlin: Springer.

    Chapter  Google Scholar 

  40. Zúquete, A., Costa, C., & Romao, M. (2007). An intrusion-tolerant e-voting client system. In WRAITS 2007

  41. Dichou, K., Tourtchine V., & Rahmoune F. (2014). An improved electronic voting machine using a microcontroller and a smart card. In 9th international design and test symposium (IDT), 2014 (pp. 219–224). IEEE.

  42. Almeshekah, M. & Kerr S. (2015) Electronic voting. Technical Report available at https://www.meshekah.com/research/publications_files/secure_e_voting_design.pdf.

  43. Sharma, I., & Dubey, S. K. (2015). E-voting system with physical verification using OTP algorithm. International Journal of Hybrid Information Technology, 8(8), 161–166.

    Article  Google Scholar 

  44. Laanes, L. (2011). Building an inclusive information society at the local level in Estonia. Values and Freedoms in Modern Information Law and Ethics (pp. 1160–1174).

  45. Sachdeva, K., H. K. Lu, & Krishna K. (2009) A browser-based approach to smart card connectivity. In IEEE Workshop on Web. Citeseer.

  46. Canard, S., & Sibert, H. (2001). How to fit cryptographic e-voting into smart cards. Fundamenta Informaticae, 21, 1001–1012.

    Google Scholar 

  47. Yang, C.-H., Tu, S.-Y., & Yen, P.-H. (2009). Implementation of an electronic voting system with contactless IC cards for small-scale voting. In Information assurance and security, 2009. IAS’09. fifth international conference on IEEE (Vol. 2, pp. 122–125).

  48. Chen, Z. (2000). Java card technology for smart cards: Architecture and programmer’s guide. Boston: Addison-Wesley Professional.

    Google Scholar 

  49. Vassilev, A., & Hutchinson, M. (2003). Authentication framework for smart cards. In BIOSIG (pp. 51–59)

  50. Gómez Oliva, A., Sánchez García, S., & Pérez Belleboni, E. (2006). Contributions to traditional electronic voting systems in order to reinforce citizen confidence (pp. 39–49).

  51. Rees, J., & Honeyman, P. (2000). Webcard: A Java Card web server. In J. Rees & P. Honeyman (Eds.), Smart card research and advanced applications (pp. 197–207). Berlin: Springer.

    Chapter  Google Scholar 

  52. Muller, C., & Deschamps, E. (2002). Smart cards as first-class network citizens. In 4th Gemplus developer conference, Singapore. Citeseer

  53. Urien, P. (2000). Internet card, a smart card as a true Internet node. Computer Communications, 23(17), 1655–1666.

    Article  Google Scholar 

  54. Guthery, S., Kehr, R., & Posegga, J. (2000). How to turn a GSM SIM into a web server. In J. Domingo-Ferrer, D. Chan, & A. Watson (Eds.), Smart card research and advanced applications (pp. 209–222). Berlin: Springer.

    Chapter  Google Scholar 

  55. Sterckx, M., Gierlichs, B., Preneel, B., & Verbauwhede, I. (2009). Efficient implementation of anonymous credentials on Java Card smart cards. In Information Forensics and Security, 2009. WIFS 2009. First IEEE International Workshop on IEEE (pp. 106–110)

  56. SUN Microsystem Inc (2006). Release Notes Java Card 3.0.1 Platform Specification,. http://www.oracle.com/technetwork/java/javacard/releasenotes-jsp-137685.html.

  57. SUN Microsystem Inc (2008). The Java Card 3 Platform. http://www.oracle.com/technetwork/…/javase/javacard3-whitepaper-149761.pdf.

  58. Allenbach, P. O. (2009). Java Card 3: Classic functionality gets a connectivity boost. http://www.oracle.com/technetwork/articles/javase/javacard3-142122.html.

  59. Hopkins, B. (2010). Deploying servlets on Smart Cards: Portable web servers with Java Card 3.0. http://www.oracle.com/technetwork/articles/java/javacard-servlets-136657.html.

  60. Ghaleh, H. R., & Doustari, M. (2008). A new approach for secure and portable OS. In Emerging Security Information, Systems and Technologies, 2008. SECURWARE’08. Second International Conference on IEEE (pp. 28–33)

  61. Alkassar, A., Sadeghi, A.-R., Schultz, S., & Volkamer, M. (2006)Towards trustworthy online voting. In Proceedings of the 1st Benelux Workshop on Information and System Security–WISSec (Vol. 6)

  62. MohamadiShakiba, N., Doostari, M.-A., & Norouzi, S. (2013). I-FOO: An Enhancement to FOO Protocol. International Journal of Computer Applications, 70(3), 27–36.

    Article  Google Scholar 

  63. Sasaki, R., Qing, S., Okamoto, E., & Yoshiura, H. (2005). Security and privacy in the age of ubiquitous computing. Boston: Springer.

    Book  Google Scholar 

  64. Javary, B., & Recape, F. (2014). Secure element access from a web browser. In W3C workshop on authentication, hardware tokens and beyond, Sept 10–11 2014

  65. Giesecke & Devrient SIM Applications as Smartcard Web Server. http://www.gi-de.com/en/products_and_solutions/products/mobile_communication/SIM-Applications-as-Smartcard-Web-Server-5444.jsp.

  66. Herschberg, M. A. (1997). Secure electronic voting over the world wide web. Massachusetts Institute of Technology

  67. DuRette, B. W. (1999). Multiple administrators for electronic voting. Bachelor thesis, Massachusetts Institute of Technology, Boston.

  68. Cetinkaya, O., & Doganaksoy, A. (2006) A practical privacy preserving e-voting protocol using dynamic ballots. In 2nd National Cryptology Symposium 2006

  69. Cortier, V., et al. (2015). Type-based verification of electronic voting protocols. In R. Focardi & A. Myers (Eds.), Principles of security and trust (pp. 303–323). Berlin: Springer.

    Google Scholar 

  70. Chen, G., Wu, C., Han, W., Chen, X., Lee, H., & Kim, K. (2008) A new receipt-free voting scheme based on linkable ring signature for designated verifiers. In Embedded software and systems symposia, 2008. ICESS Symposia’08. International conference on IEEE (pp. 18–23).

  71. Security, H.(2007). Antivirus protection worse than a year ago. http://www.honline.com/security/news/item/Antivirus-protection-worse-than-a-year-ago-735697.html.

  72. Bakker, B. (1999). Mutual authentication with smart cards. In Proceedings of USENIX workshop on smart card technology.

Download references

Acknowledgments

We thank Eric Vetillard—Product Manager, Java Card and Embedded Security at Oracle, Samia Bouzefrane—associate-professor at CNAM (Conservatoire National des Arts et Metiers, An institution dedicated to life-long higher education in Paris) and researcher at the CEDRIC Labo in embedded systems and smart card area in particular, Thierry Violleau—from oracle, Vincent GUERIN—from Oberthur Technologies and Pierre RICOURT—Mobile Embedded Systems engineer, for their helps in doing this research and implementing the proposed protocol.

Author information

Authors and Affiliations

  1. Information Security and E-Voting Research Laboratory, Department of Electronic and Computer Science, Shahed University, Tehran, Iran

    Nafise Mohammadi Shakiba & Mohammad-Ali Doostari

  2. School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran

    Mostafa Mohammadpourfard

Authors
  1. Nafise Mohammadi Shakiba
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad-Ali Doostari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mostafa Mohammadpourfard
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nafise Mohammadi Shakiba.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shakiba, N.M., Doostari, MA. & Mohammadpourfard, M. ESIV: an end-to-end secure internet voting system. Electron Commer Res 17, 463–494 (2017). https://doi.org/10.1007/s10660-016-9230-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-016-9230-y

Keywords

Search

Navigation