Electronic Voting
Which one do you prefer, traditional or electronic voting? If your preference is the latter one, read this post to know the requirements and potential threats of electronic voting.
The advances in Information technology have led many societies to automate their fundamental activities, such as holding elections. Electronic voting is the process of voting in which electronic hardware or software is adopted to automate the process. The USA was the first country to use electronic voting in 2000. Then, France, the UK, Spain, Ireland, and Estonia were the countries that started to hold electronic voting.
Electronic voting has several advantages, such as being efficient, cost-effective, and attractive to specific groups of societies such as people with physical disabilities or young people. Registration, authentication, voting, and tallying are the minimum phases that each electronic voting system should include. First, voters should be registered and then, while voting, they must be verified and authenticated. Then, eligible voters can vote. A vote must be encrypted, verifiable, confidential, anonymous, and accurate. The next step is to count the votes.
Any electronic voting system should conform to the following considerations:
- It must be ensured that votes are not tampered with.
- The voter's identity and the person to whom a voter is voting must be protected.
- Votes should be encrypted, shuffled, and decrypted correctly.
- Reliability and robustness must be guaranteed, which means there should not be any loss of votes, and also, the software used for voting must be ensured to be non-malicious.
- Counting votes correctly for each voter should be verifiable.
- The system should prevent voters from voting more than once.
- Only registered voters should be allowed to vote.
- Any information regarding the preliminary results affecting voters' decisions should not be revealed.
- No receipt indicating the choice of the voter should not be generated.
- Audit log containing vote records should be supported by the voting system so that errors can be detected.
- Votes must be counted precisely.
As for any other technology, there are several attacks against electronic voting systems. Some of the critical attacks of this domain include:
- Voting for more than one time
- Having access to administrative privileges
- Modifying the configuration of a voting system
- Modifying ballot definition
- Tampering configuration so that votes are not counted correctly
- Creating, modifying, or deleting votes
- Linking voters and their votes
- Making changes on audit logs
- Using backdoors in the code used for voting
Voting through the Internet also has great importance and brings significant advantages. However, several major threats must be considered before opting for this solution. A denial of service attack is a category of attacks through which an adversary tries to prevent legitimate voters from voting by disrupting voting servers. Injecting malware (usually trojan horses, viruses, and worms) is another threat that aims to affect the election web servers or voters' computers. In addition, the voting process can be effected through a Man-in-the-Middle attack in which the communication between client and server is controlled.
Several measures can be adopted to provide security in electronic voting. Some of the suggestions to tackle security threats are using open-source software for electronic voting, voter-verifiable audit trails (VVAT), using the SSL protocol, and adopting digital signature schemes.
References
- Javaid, Adeel. (2014). Electronic Voting System Security. SSRN Electronic Journal. 10.2139/ssrn.2393158.
- Taş, Ruhi & Tanrıöver, Ömer. (2020). A Systematic Review of Challenges and Opportunities of Blockchain for E-Voting. Symmetry. 12. 1328. 10.3390/sym12081328.
- Gritzalis, Dimitris. (2002). Principles and Requirements for a Secure E-voting System. Computers & Security. 21. 539-556. 10.1016/S0167-4048(02)01014-3.