Melanie Volkamer

E-Voting and Identity

Overview on Remote Electronic Voting.- The Development of Remote E-Voting Around the World: A Review of Roads and Directions.- Remote Voting Schemes: A Comparative Analysis.- Internet-Voting: Opportunity or Threat for Democracy?.- Evaluation of Electronic Voting Systems.- Assessing Procedural Risks and Threats in e-Voting: Challenges and an Approach.- Compliance of RIES to the Proposed e-Voting Protection Profile.- Compliance of POLYAS with the BSI Protection Profile - Basic Requirements for Remote Electronic Voting Systems.- Electronic Voting in Different Countries.- Electronic Voting in Belgium: Past and Future.- The Digital Voting Pen at the Hamburg Elections 2008: Electronic Voting Closest to Conventional Voting.- The Security Analysis of e-Voting in Japan.- E-Voting and Trust.- Bingo Voting: Secure and Coercion-Free Voting Using a Trusted Random Number Generator.- Enhancing the Trust and Perceived Security in e-Cognocracy.- Improvements/Extensions of Existing Approaches.- Simulation-Based Analysis of E2E Voting Systems.- A Simple Technique for Safely Using Punchscan and Pret a Voter in Mail-In Elections.- Threat Analysis of a Practical Voting Scheme with Receipts.- Code Voting.- Secure Internet Voting with Code Sheets.- CodeVoting Protection Against Automatic Vote Manipulation in an Uncontrolled Environment.

The development of remote e-voting around the world: a review of roads and directions

Democracy and elections have more than 2.500 years of tradition. Technology has always influenced and shaped the ways elections are held. Since the emergence of the Internet there has been the idea of conducting remote electronic elections. In this paper we reviewed 104 elections with a remote e-voting possibility based on research articles, working papers and also on press releases. We analyzed the cases with respect to the level where they take place, technology, using multiple channels, the size of the election and the provider of the system. Our findings show that while remote e-voting has arrived on the regional level and in organizations for binding elections, on the national level it is a very rare phenomenon. Further paper based elections are here to stay; most binding elections used remote e-voting in addition to the paper channel. Interestingly, providers of e-voting systems are usually only operating in their own territory, as out-of-country operations are very rare. In the long run, for remote e-voting to become a reality of the masses, a lot has to be done. The high number of excluded cases shows that not only documentation is scarce but also the knowledge of the effects of e-voting is rare as most cases are not following simple experimental designs used elsewhere.

Why Doesn’t Jane Protect Her Privacy?

End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper “Why Johnny Can’t Encrypt”. Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research.

User study of the improved Helios voting system interfaces

There is increasing interest in cryptographic verifiability in remote electronic voting schemes. Helios is one example of an open-source implementation. In previous work, we proposed an improved version of the original Helios interface in version 3.1 for vote casting and individual verifiability. We now test this interface in a mock mayoral election set up with 34 users. Users are given instructions and fill out questionnaires before and after the vote casting process. Data on mouse movements and time is collected and a modified helmet with eye tracking lenses is used to capture eye movement data. The study shows that the interface is easy to use while people have difficulty understanding the motivation for and the concept of verifiability.

A formal approach towards measuring trust in distributed systems

Emerging digital environments and infrastructures, such as distributed security services and distributed computing services, have generated new options of communication, information sharing, and resource utilization in past years. However, when distributed services are used, the question arises of to what extent we can trust service providers to not violate security requirements, whether in isolation or jointly. Answering this question is crucial for designing trustworthy distributed systems and selecting trustworthy service providers. This paper presents a novel trust measurement method for distributed systems, and makes use of propositional logic and probability theory. The results of the qualitative part include the specification of a formal trust language and the representation of its terms by means of propositional logic formulas. Based on these formulas, the quantitative part returns trust metrics for the determination of trustworthiness with which given distributed systems are assumed to fulfill a particular security requirement.

Determine the Resilience of Evaluated Internet Voting Systems

Internet voting gets more and more popular. It is generally accepted that an Internet voting system needs to be evaluated. The existing evaluation frameworks try to be as system-independent as possible. Because of that distributed trust concepts like separation of duty for the voting servers, four eyes principle for administrators and the election commission, as well as the multiplicity of control functions like for the counting of votes cannot be demanded precisely. This article proposes to extend the evaluation of Internet voting systems by the computation of a so called k-resilience value. This value defines the robustness of a system and helps to identify vulnerabilities. Besides the introduction and discussion of this value, it is computed for existing Internet voting

Requirements and Evaluation Procedures for eVoting

Only the most trivial computer system can be expected to meet its requirements if those requirements are not specified. Despite the widespread use of electronic voting (evoting), no requirements catalogue exists that expresses the requirements for evoting systems with enough precision to be checkable. Nor do existing catalogues take evaluation techniques and certification procedures into account. This paper takes the first step towards the development of a new catalogue with corresponding assessment procedures, concentrating on a strict subset of evoting systems

A Taxonomy Refining the Security Requirements for Electronic Voting: Analyzing Helios as a Proof of Concept

Over the past years an approved set of security requirements for electronic voting has been established. However, there is no consistent perception of the exact content and scope of these requirements. Therefore, the corner stone for a comprehensive taxonomy refining the security requirements for electronic voting was laid in [1]. In order to verify the validity of this taxonomy, we apply it to the voting schemes Helios 1.0 and 2.0. We provide amendments to the original taxonomy and demonstrate that it successfully distinguishes between different, but related voting schemes, thus supporting its relevance for the study of electronic voting systems.

Transparency and technical measures to establish trust in norwegian internet voting

The short history of e-voting has shown that projects are doomed to fail in the absence of trust among the electorate. The first binding Norwegian Internet elections are scheduled for fall 2011. Notably, transparency is taken as a guideline in the project. This article discusses transparency and other measures the Norwegians apply that are suited to establish profound trust, i.e. trust that grounds on the systems technical features, rather than mere assertions. We show whether at all, how and to which degree these measures are implemented and point out room for enhancements. We also address general challenges of projects which try to reach a high level of transparency for others as lessons learned.

Measures to establish trust in internet voting

Technical research has achieved strong advances in addressing security concerns in internet voting, yet the solutions are complicated and difficult to explain to the public. Accordingly, internet voting commonly faces opposition despite the benefits voters and authorities may expect. It appears that security features are only one premise underlying a systems acceptance among the electorate. The other challenge is to exploit these features at establishing the required trust among the public. In this paper we introduce a number of measures meant to help at gaining trust. We hereby emphasize the importance of taking the exposition of a systems security features and the remaining risks as the foundation of any strategy. After describing the proposed measures and discussing both their advantages and pitfalls, we relate them to four commonly known applied internet voting systems.