Abstract
Nowadays, with the growing popularity of e-Government services, security of client platforms and violation of citizen e-rights are of great concerns. Since Internet-voting protocols have no control over voter-side platforms, bribery/coercion and breaching vote’s privacy and voter’s anonymity are feasible. In fact, the voter-side platform (voter’s PC) is easily vulnerable to malicious software (cyber-attacks) and can totally breach security of the entire voting protocol. We have proposed ESIV: an end-to-end secure internet-voting system that highly guarantees: voter and server-side platform’s security, verifiability, fairness, resistance to bribery/coercion and voting authorities collusion besides simultaneous election support while preserving eligibility, anonymity, privacy and trust. In addition, we utilize Java Card 3 technology as an independent secure web-server which is connected directly to network in order to send/receive HTTP(S) requests using high-speed interfaces. This technology brings about independence from utilizing any trusted device at voter-side and provides end-to-end security. Finally, an implementation of ESIV is presented and ESIV security features are evaluated.
Similar content being viewed by others
Notes
Step 1 of blind-linked protocol.
Step 2 of blind-linked protocol.
Step 3 of blind-linked protocol.
References
Al-Ameen, A., & Talab, S. A. (2012). E-voting systems vulnerabilities. In Information science and digital content technology (ICIDT), 2012 8th international conference on IEEE (Vol. 1, pp. 67–73):
Cooke, R., & Anane, R. (2012). A service-oriented architecture for robust e-voting. Service Oriented Computing and Applications, 6(3), 249–266.
Smith, R., & Shao, J. (2007). Privacy and e-commerce: A consumer-centric perspective. Electronic Commerce Research, 7(2), 89–116.
Röhrig, S., & Knorr, K. (2004). Security analysis of electronic business processes. Electronic Commerce Research, 4(1–2), 59–81.
Joaquim, R., Ferreira, P., & Ribeiro, C. (2013). EVIV: An end-to-end verifiable Internet voting system. Computers & Security, 32, 170–191.
Hite, R. C. (2004). Elections electronic voting offers opportunities and presents challenges. Collingdale: Diane Publishing.
Gefen, D. (2000). E-commerce: the role of familiarity and trust. Omega, 28(6), 725–737.
Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13, 319–340.
Coleman, S. (2005). Just how risky is online voting? Information Polity, 10(1–2), 95–104.
Christian Schaupp, L., & Carter, L. (2005). E-voting: From apathy to adoption. Journal of Enterprise Information Management, 18(5), 586–601.
Kenski, K. (2005). To i-vote or not to i-vote? Opinions about internet voting from Arizona voters. Social Science Computer Review, 23(3), 293–303.
Baiardi, F., Falleni, A., Granchi, R., Martinelli, F., Petrocchi, M., & Vaccarelli, A. (2005). SEAS, a secure e-voting protocol: Design and implementation. Computers & Security, 24(8), 642–652.
Haenni, R., & Koenig, R. E. (2013). A generic approach to prevent board flooding attacks in coercion-resistant electronic voting schemes. Computers & Security, 33, 59–69.
Mohammadpourfard, M., Doostari, M. A., Ghaznavi Ghoushchi, M. B., & Shakiba, N. (2014). A new secure Internet voting protocol using Java Card 3 technology and Java information flow concept. Security and Communication Networks, 8, 261.
Based, M. A., & Mjølsnes, S. F. (2013). Security requirements for internet voting systems. In T. Sobh & K. Elleithy (Eds.), Emerging trends in computing, informatics, systems sciences, and engineering (pp. 519–530). New York: Springer.
Chen, Y.-Y., Jan, J.-K., & Chen, C.-L. (2004). The design of a secure anonymous Internet voting system. Computers & Security, 23(4), 330–337.
Fan, C.-I., & Sun, W.-Z. (2008). An efficient multi-receipt mechanism for uncoercible anonymous electronic voting. Mathematical and Computer Modelling, 48(9), 1611–1627.
Nguyen, T. A. T., & Dang, T. K. (2013). Enhanced security in internet voting protocol using blind signature and dynamic ballots. Electronic Commerce Research, 13(3), 257–272.
Walake, M. A., & Chavan, M. P. (2015). Receipt-free multi-authority voting system with (2, 2) secret sharing based authentication. International Journal of Emerging Trends in Science and Technology, 2(2), 1786–1791.
Liu, J. K., Wei, V. K., & Wong, D. S. (2004). Linkable spontaneous anonymous group signature for ad hoc groups. In H. Wang, J. Pieprzyk, & V. Varadharajan (Eds.), Information security and privacy. Berlin: Springer.
Joaquim, R., Zúquete, A., & Ferreira, P. (2003). REVS—A robust electronic voting system. IADIS International Journal of WWW/Internet, 1(2), 47–63.
Kremer, S., Ryan, M., & Smyth, B. (2010). Election verifiability in electronic voting protocols. Berlin: Springer.
Fujioka, A., Okamoto, T., & Ohta, K. (1993). A practical secret voting scheme for large scale elections. In J. Seberry & Y. Zheng (Eds.), Advances in cryptology—AUSCRYPT’92 (pp. 244–251). Berlin: Springer.
Popoveniuc, S., & Hosp, B. (2006). An introduction to punchscan. In IAVoSS workshop on trustworthy elections (WOTE 2006) (pp. 28–30). Robinson College United Kingdom
Popoveniuc, S., & Hosp, B. (2010). An introduction to punchscan. In D. Chaum, M. Jakobsson, R. L. Rivest, P. Y. A. Ryan, & J. Benaloh (Eds.), Towards trustworthy elections (pp. 242–259). Berlin: Springer.
Rivest, R. L., & Smith, W. D. (2007). Three voting protocols: ThreeBallot, VAV, and Twin. In Proceedings of the USENIX workshop on accurate electronic voting technology, 2007 (Vol. 16): USENIX Association
Benaloh, J., & Tuinstra, D. (1994). Receipt-free secret-ballot elections. In Proceedings of the twenty-sixth annual ACM symposium on theory of computing, 1994 (pp. 544–553). ACM
Lee, B., Boyd, C., Dawson, E., Kim, K., Yang, J., & Yoo, S. (2004). Providing receipt-freeness in mixnet-based voting protocols. In J.-I. Lim & D.-H. Lee (Eds.), Information security and cryptology-ICISC 2003 (pp. 245–258). Berlin: Springer.
Juels, A., Catalano, D., & Jakobsson, M. (2005). Coercion-resistant electronic elections. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society, 2005 (pp. 61–70). ACM
Chung, Y.-F., & Wu, Z.-Y. (2009). Approach to designing bribery-free and coercion-free electronic voting scheme. Journal of Systems and Software, 82(12), 2081–2090.
Clarkson, M. R., Chong, S., & Myers, A. C. (2007). Civitas: A secure voting system. Cornell University.
Simons, B., & Jones, D. W. (2012). Internet voting in the US. Communications of the ACM, 55(10), 68–77.
Cobourne, S., Kyrillidis, L., Mayes, K., & Markantonakis, K. (2014). Remote e-voting using the smart card web server. International Journal of Secure Software Engineering (IJSSE), 5(1), 39–60.
Cozzolino, S. (2014). How to Combine NFC Services and ID Leveraging on SIM Technology. Paper presented at the Cartes America 2014
Pasquinucci, A. (2007). Web voting, security and cryptography. Computer Fraud & Security, 2007(3), 5–8.
Adida, B. (2008). Helios: Web-based Open-Audit Voting. In USENIX security symposium, 2008 (Vol. 17, pp. 335–348)
Joaquim, R., Ribeiro, C., & Ferreira, P. (2009). Veryvote: A voter verifiable code voting system. In P. Y. Ryan & B. Schoenmakers (Eds.), E-voting and identity (pp. 106–121). Berlin: Springer.
Joaquim, R., Ribeiro, C., & Ferreira, P. (2010). Improving remote voting security with codevoting. In D. Chaum, M. Jakobsson, R. Rivest, P. Y. A. Ryan, J. Benaloh, M. Kutykoswski, & B. Adida (Eds.), Towards trustworthy elections (pp. 310–329). Berlin: Springer.
Heiberg, S., Lipmaa, H., & Van Laenen, F. (2010). On e-vote integrity in the case of malicious voter computers. In D. Gritzalis & B. Preneel (Eds.), Computer security–ESORICS 2010 (pp. 373–388). Berlin: Springer.
Zúquete, A., Costa, C., & Romao, M. (2007). An intrusion-tolerant e-voting client system. In WRAITS 2007
Dichou, K., Tourtchine V., & Rahmoune F. (2014). An improved electronic voting machine using a microcontroller and a smart card. In 9th international design and test symposium (IDT), 2014 (pp. 219–224). IEEE.
Almeshekah, M. & Kerr S. (2015) Electronic voting. Technical Report available at https://www.meshekah.com/research/publications_files/secure_e_voting_design.pdf.
Sharma, I., & Dubey, S. K. (2015). E-voting system with physical verification using OTP algorithm. International Journal of Hybrid Information Technology, 8(8), 161–166.
Laanes, L. (2011). Building an inclusive information society at the local level in Estonia. Values and Freedoms in Modern Information Law and Ethics (pp. 1160–1174).
Sachdeva, K., H. K. Lu, & Krishna K. (2009) A browser-based approach to smart card connectivity. In IEEE Workshop on Web. Citeseer.
Canard, S., & Sibert, H. (2001). How to fit cryptographic e-voting into smart cards. Fundamenta Informaticae, 21, 1001–1012.
Yang, C.-H., Tu, S.-Y., & Yen, P.-H. (2009). Implementation of an electronic voting system with contactless IC cards for small-scale voting. In Information assurance and security, 2009. IAS’09. fifth international conference on IEEE (Vol. 2, pp. 122–125).
Chen, Z. (2000). Java card technology for smart cards: Architecture and programmer’s guide. Boston: Addison-Wesley Professional.
Vassilev, A., & Hutchinson, M. (2003). Authentication framework for smart cards. In BIOSIG (pp. 51–59)
Gómez Oliva, A., Sánchez García, S., & Pérez Belleboni, E. (2006). Contributions to traditional electronic voting systems in order to reinforce citizen confidence (pp. 39–49).
Rees, J., & Honeyman, P. (2000). Webcard: A Java Card web server. In J. Rees & P. Honeyman (Eds.), Smart card research and advanced applications (pp. 197–207). Berlin: Springer.
Muller, C., & Deschamps, E. (2002). Smart cards as first-class network citizens. In 4th Gemplus developer conference, Singapore. Citeseer
Urien, P. (2000). Internet card, a smart card as a true Internet node. Computer Communications, 23(17), 1655–1666.
Guthery, S., Kehr, R., & Posegga, J. (2000). How to turn a GSM SIM into a web server. In J. Domingo-Ferrer, D. Chan, & A. Watson (Eds.), Smart card research and advanced applications (pp. 209–222). Berlin: Springer.
Sterckx, M., Gierlichs, B., Preneel, B., & Verbauwhede, I. (2009). Efficient implementation of anonymous credentials on Java Card smart cards. In Information Forensics and Security, 2009. WIFS 2009. First IEEE International Workshop on IEEE (pp. 106–110)
SUN Microsystem Inc (2006). Release Notes Java Card 3.0.1 Platform Specification,. http://www.oracle.com/technetwork/java/javacard/releasenotes-jsp-137685.html.
SUN Microsystem Inc (2008). The Java Card 3 Platform. http://www.oracle.com/technetwork/…/javase/javacard3-whitepaper-149761.pdf.
Allenbach, P. O. (2009). Java Card 3: Classic functionality gets a connectivity boost. http://www.oracle.com/technetwork/articles/javase/javacard3-142122.html.
Hopkins, B. (2010). Deploying servlets on Smart Cards: Portable web servers with Java Card 3.0. http://www.oracle.com/technetwork/articles/java/javacard-servlets-136657.html.
Ghaleh, H. R., & Doustari, M. (2008). A new approach for secure and portable OS. In Emerging Security Information, Systems and Technologies, 2008. SECURWARE’08. Second International Conference on IEEE (pp. 28–33)
Alkassar, A., Sadeghi, A.-R., Schultz, S., & Volkamer, M. (2006)Towards trustworthy online voting. In Proceedings of the 1st Benelux Workshop on Information and System Security–WISSec (Vol. 6)
MohamadiShakiba, N., Doostari, M.-A., & Norouzi, S. (2013). I-FOO: An Enhancement to FOO Protocol. International Journal of Computer Applications, 70(3), 27–36.
Sasaki, R., Qing, S., Okamoto, E., & Yoshiura, H. (2005). Security and privacy in the age of ubiquitous computing. Boston: Springer.
Javary, B., & Recape, F. (2014). Secure element access from a web browser. In W3C workshop on authentication, hardware tokens and beyond, Sept 10–11 2014
Giesecke & Devrient SIM Applications as Smartcard Web Server. http://www.gi-de.com/en/products_and_solutions/products/mobile_communication/SIM-Applications-as-Smartcard-Web-Server-5444.jsp.
Herschberg, M. A. (1997). Secure electronic voting over the world wide web. Massachusetts Institute of Technology
DuRette, B. W. (1999). Multiple administrators for electronic voting. Bachelor thesis, Massachusetts Institute of Technology, Boston.
Cetinkaya, O., & Doganaksoy, A. (2006) A practical privacy preserving e-voting protocol using dynamic ballots. In 2nd National Cryptology Symposium 2006
Cortier, V., et al. (2015). Type-based verification of electronic voting protocols. In R. Focardi & A. Myers (Eds.), Principles of security and trust (pp. 303–323). Berlin: Springer.
Chen, G., Wu, C., Han, W., Chen, X., Lee, H., & Kim, K. (2008) A new receipt-free voting scheme based on linkable ring signature for designated verifiers. In Embedded software and systems symposia, 2008. ICESS Symposia’08. International conference on IEEE (pp. 18–23).
Security, H.(2007). Antivirus protection worse than a year ago. http://www.honline.com/security/news/item/Antivirus-protection-worse-than-a-year-ago-735697.html.
Bakker, B. (1999). Mutual authentication with smart cards. In Proceedings of USENIX workshop on smart card technology.
Acknowledgments
We thank Eric Vetillard—Product Manager, Java Card and Embedded Security at Oracle, Samia Bouzefrane—associate-professor at CNAM (Conservatoire National des Arts et Metiers, An institution dedicated to life-long higher education in Paris) and researcher at the CEDRIC Labo in embedded systems and smart card area in particular, Thierry Violleau—from oracle, Vincent GUERIN—from Oberthur Technologies and Pierre RICOURT—Mobile Embedded Systems engineer, for their helps in doing this research and implementing the proposed protocol.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Shakiba, N.M., Doostari, MA. & Mohammadpourfard, M. ESIV: an end-to-end secure internet voting system. Electron Commer Res 17, 463–494 (2017). https://doi.org/10.1007/s10660-016-9230-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10660-016-9230-y