DOCSLIB.ORG

Engineering Practical End-To-End Verifiable Voting Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

ABSTRACT Title of Dissertation: Engineering Practical End-to-End Verifiable Voting Systems Richard T. Carback III, Doctor of Philosophy, 2010 Dissertationdirected by: Alan T. Sherman, Associate Professor Department of Computer Science and Electrical Engineering We designed, built, tested, and fielded a vote counting system called Scantegrity. Scan- tegrity is part of a new class of end-to-end (E2E) verifiable voting systems. E2E verifiable systems are designed to solve chain of custody problems in elections by providing a privacy-preserving receipt to each voter. The voter can use the receipt to check a public record and verify that his or her ballot is counted without revealing the selected candidate. The public record gives election officials the ability to provide a strong, universally-accessible audit of the results, enabling transparent, verifiable elections that maintain privacy expectations. E2E systems offer radical improvements to integrity and transparency of election systems, and the adoption of E2E systems in public-sector elections can improve outcome integrity. In our design, we carefully considered the balance between usability and security issues, and we discuss the changes we made to implement the system. We examined the implementation through the results of a practical test of Scantegrity in a mock election in April 2009, which evaluated the system’s performance and surveyed the election participants about their experience with the system. We describe a number of changes we made to the system as a result of this test. For example, Scantegrity required better printing technology and a tally reconciliation system. We evaluated the modified system a second time by fielding it in the Takoma Park, Maryland, November 2009 municipal election, where we were able to survey voters and observe events throughout election day. In addition to examining the performance of the system during election day, we analyzed the survey results and found that most voters felt positively about the system despite some problems when taking advantage of the new features. We suggest further improvement to the usability of Scantegrity by proposing and ana- lyzing the addition of an automatic receipt printer in different configurations. To design the receipt printer, we took advantage of protections provided by the Trusted Computing platform that improve the reliability and robustness of the component. The final system automatically provides each voter a privacy-preserving receipt that can be used to verify each ballot has been counted properly. Engineering Practical End-to-End Verifiable Voting Systems by Richard T. Carback III Dissertation submitted to the Faculty of the Graduate School of the University of Maryland, Baltimore County in partial fulfillment of the requirements for the degree of Doctor of Philosophy 2010 c Copyright Richard T. Carback III 2010 To my wife, Alice, who continues to provide endless support and patience. ii ACKNOWLEDGMENTS First, I am grateful to the many people who made the studies of Scantegrity possible, especially Anne Sergeant (Chair, Takoma Park Board of Elections), other members of the Board, Jessie Carpenter (City Clerk), and the Takoma Park voters. I would also like to thank the auditors—Lillie Coney, Ben Adida, and Filip Zagorski—who´ independently created election authentication software and performed other auditing activities. Not only did they verify our work, but they helped spread the word about end-to-end (E2E) verifiable voting. Alan Sherman was already my master’s thesis advisor, and he continues to be a source of helpful advice and feedback. It has been a pleasure to work with him for all of these years, and I will miss the interaction. Poorvi Vora has been a close mentor and friend. She has provided advice, encouragement, and new books to satisfy my curiosity. She has also been a very important guide and contributor during our research calls, often playing the voice of reason and practicality. David Chaum, who is behind a substantial number of cryptographic breakthroughs, has been a long-distance mentor for the last five years. His presentation on the interface he invented for Punchscan originally inspired my interest in voting, and he is an endless source of new ideas, including the Scantegrity system. Jeremy Clark, Aleksander Essex, and Stefan Popoveniuc—along with David and I— made up the core research team who made both Punchscan and Scantegrity a reality, and iii without them these systems might not have made it past the proposal stage. They are all brilliant and each have specific invaluable strengths, and I hope to work with them on future projects. Likewise, the newer research team members have had significant impacts on the Scanteg- rity system. Ronald Rivest, who is my grand advisor and is also behind many cryptographic breakthroughs, and his student, Emily Shen, provided incredible insight into and analysis of the Scantegrity proposals. My programming partners, John Conway and Travis Mayberry, made many improvements to the Scantegrity system, and in turn provided many new ideas and process improvements to the rest of the team. For the mock and municipal election studies, Paul Herrnson, a social scientist and leader in voting technology analysis, provided critical expertise and advice when conducting our observational studies, and taught me everything I know about survey analysis. Bimal Sinha also contributed his substantial knowledge of applied statistics and helped me make sure that we were on track in our analysis. During the mock election studies, Lynn Baumeister led the focus groups and offered numerous practical suggestions. Brian Strege and Fahad Alduraibi observed voters. Russell Fink, Douglas Jones, Sharon Laskowski, and Svetlana Lowry provided useful feedback. During the municipal election, Vivek Relan and Bhushan Sonawane timed voters as they voted and helped assemble the privacy sleeves. Lynn Baumeister interviewed some voters as they left the precinct. Cory Jones provided general assistance and Alex Florescu and Jan Rubio assisted with ink creation. For the receipt printer design, I wish to acknowledge Ronald Rivest for suggesting the kernel of the image duplicator design, Christina Wnuk-Fink for discussions on the practicality of receipt printing for Scantegrity, and members of the University of Maryland, Baltimore County (UMBC) Cyber Defense Lab and Johns Hopkins University Applied iv Physics Laboratory for review of the manuscript. Russell Fink and Sherman were my collaborators when creating the receipt printer designs. Lindley Ashline proofread and offered editorial assistance for most of the chapters in this dissertation. Esther Haynes offered editorial suggestions on the manuscript for the mock election publication. During part of this research, I was supported by UMBC with teaching assistantships, and Sherman also provided some summer work on cyber defense lab exercises through the Department of Defense Information Assurance Scholarship Program (DoD IASP). When not supported by UMBC, I thank my current employer, Convergent Technologies, Inc., for being flexible enough to allow me to take the time I needed to complete my research. Sherman was supported in part by the DoD under IASP grants H98230-08-1-0334 and H98230-09-1-0404. Vora was supported in part by the National Science Foundation under grant CNS 0831149. Jeremy Clark and Aleksander Essex were supported in part by the Natural Sciences and Engineering Research Council of Canada (NSERC). v Contents 1 Introduction1 1.1 The Voting Problem..............................3 1.2 Motivation...................................4 1.3 Scope.....................................5 1.4 Contributions of this Dissertation.......................5 1.4.1 A Free, Open-Source E2E Voting System Implementation.....6 1.4.2 Scantegrity Mock Election at Takoma Park............. 10 1.4.3 Scantegrity in the 2009 Municipal Election at Takoma Park..... 11 1.4.4 A Trusted Receipt Printer for E2E Voting.............. 12 1.5 Outline.................................... 13 2 Background 15 2.1 A Brief History of Election Verification................... 15 2.1.1 Ancient Elections........................... 16 2.1.2 Early Modern Democratic Elections................. 17 2.1.3 Introduction of the Secret and Australian Ballots.......... 18 2.2 Verification in Modern Day Elections.................... 20 2.2.1 Direct Recording Electronic (DRE) Equipment........... 21 vi 2.2.2 Optical Scanners........................... 29 2.3 Election System Requirements and Properties................ 32 2.3.1 General Requirements for Voting Systems.............. 33 2.3.2 E2E Election Verifiability...................... 36 2.3.3 Software Independence........................ 38 2.3.4 Coercion Resistance and Receipt-Freeness............. 39 2.4 Different Approaches to End-to-End Voting Systems............ 40 2.4.1 Non-Cryptographic Protocols.................... 41 2.4.2 Homomorphic............................ 42 2.4.3 Mix Network............................. 42 2.5 Implementations and Studies of Vote Verification Systems......... 45 2.5.1 Helios................................. 47 2.5.2 Pretˆ a` Voter.............................. 48 2.5.3 RIES................................. 49 2.5.4 DRE Vote Verification Systems................... 50 2.5.5 The Punchscan Studies........................ 52 2.6 Punchscan Overview............................. 53 2.6.1 Voter Experience........................... 53 2.6.2 System Architecture......................... 55 2.6.3 Punchboard.............................
Recommended publications
  • Improving and Analysing Bingo Voting

    Improving and Analysing Bingo Voting

    Improving and Analysing Bingo Voting zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften von der Fakultät für Informatik des Karlsruher Instituts für Technologie (KIT) genehmigte Dissertation von Christian Henrich aus Marburg Tag der mündlichen Prüfung: 5. Juli 2012 Erster Gutachter: Prof. Dr. Jörn Müller-Quade Zweiter Gutachter: Juniorprof. Dr. Dennis Hofheinz KIT – University of the State of Baden-Wuerttemberg and National Laboratory of the Helmholtz Association www.kit.edu Contents Abstract 9 Zusammenfassung 11 1 Introduction 15 1.1 Contribution of this Work . 16 1.2 Structure of this Work . 16 2 Preliminaries 19 2.1 About Elections . 19 2.1.1 Election Types . 19 2.1.2 Voting Procedure . 20 2.1.3 Electoral Systems . 21 2.1.4 Properties of Elections . 22 2.1.5 Attacks on Voting Schemes . 23 2.1.6 Paper vs. Machine . 24 2.1.6.1 Paper Ballots . 24 2.1.6.2 Optical Scan Voting System . 25 2.1.6.3 Voting Machines . 25 2.1.7 Presence vs. Remote Voting . 26 2.2 Terminology and Notions . 27 2.2.1 Roles in an Election . 27 2.2.2 Phases of an Election . 27 2.2.3 Tally and Result . 28 2.3 Security Notions . 29 2.3.1 Correctness . 29 2.3.1.1 Software Independence . 29 2.3.1.2 End-to-end Security . 30 2.3.2 Ballot Secrecy . 30 2.3.2.1 Receipt Freeness . 31 2.3.2.2 Coercion Resistance . 31 2.3.3 Practical Requirements . 32 2.3.3.1 Dispute Freeness . 32 2.3.3.2 Robustness .
  • Electronic Voting: Methods and Protocols Christopher Andrew Collord James Madison University

    Electronic Voting: Methods and Protocols Christopher Andrew Collord James Madison University

    James Madison University JMU Scholarly Commons Masters Theses The Graduate School Spring 2013 Electronic voting: Methods and protocols Christopher Andrew Collord James Madison University Follow this and additional works at: https://commons.lib.jmu.edu/master201019 Part of the Computer Sciences Commons Recommended Citation Collord, Christopher Andrew, "Electronic voting: Methods and protocols" (2013). Masters Theses. 177. https://commons.lib.jmu.edu/master201019/177 This Thesis is brought to you for free and open access by the The Graduate School at JMU Scholarly Commons. It has been accepted for inclusion in Masters Theses by an authorized administrator of JMU Scholarly Commons. For more information, please contact [email protected]. Electronic Voting: Methods and Protocols Christopher A. Collord A thesis submitted to the Graduate Faculty of JAMES MADISON UNIVERSITY In Partial Fulfillment of the Requirements for the degree of Master of Science InfoSec 2009 Cohort May 2013 Dedicated to my parents, Ross and Jane, my wife Krista, and my faithful companions Osa & Chestnut. ii Acknowledgements: I would like to acknowledge Krista Black, who has always encouraged me to get back on my feet when I was swept off them, and my parents who have always been there for me. I would also like to thank my dog, Osa, for sitting by my side for countless nights and weekends while I worked on this thesis—even though she may never know why! Finally, I would also like to thank all who have taught me at James Madison University. I believe that the education I have received will serve me well for many years to come.
  • Carback, R.T.: Security Innovations In

    Carback, R.T.: Security Innovations In

    APPROVAL SHEET Title of Thesis: Security Innovations in the Punchscan Voting System Name of Candidate: Richard T. Carback III Master of Science, 2008 Thesis and Abstract Approved: Alan T. Sherman Associate Professor Department of Computer Science and Electrical Engineering Date Approved: April 18th, 2008 Curriculum Vitae Name: Richard T. Carback III. Permanent Address: 2819 Manoff Rd, Halethorpe, MD 21227. Degree and date to be conferred: Master of Science, August 2007. Date of Birth: March 27, 1983. Place of Birth: Baltimore, Maryland. Secondary Education: Chesapeake High School, Pasadena, Maryland, 2001. Collegiate institutions attended: University of Maryland Baltimore County, Master of Science, Computer Science, 2008. Bachelor of Science, Computer Science, 2005. Major: Computer Science. Minor: None. Professional publications: • David Chaum, Richard Carback, Jeremy Clark, Aleksander Essex, Stefan Popoveniuc, Ronald L. Rivest, Peter Y.A. Ryan, Emily Shen, and Alan T. Sherman. Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes. Submitted to USENIX EVT 2008. • Russell A. Fink, Alan T. Sherman, and Richard Carback. TPM Meets DRE: Reducing the Trust Base for Electronic Voting using Trusted Platform Modules. Submitted to USENIX EVT 2008. • David Chaum, Aleksander Essex, Richard Carback, Jeremy Clark, Stefan Popoveniuc, Alan T. Sherman, and Poorvi Vora. Scantegrity: End-to- end voter verifiable optical-scan voting. Accepted for publication in IEEE Security and Privacy, volume May/June, 2008. • Stefan Popoveniuc, Jeremy Clark, Richard Carback, and Aleksander Essex. Securing optical-scan voting. Presented at Dagstuhl. To be published in Towards Trustworthy Election Systems in the Lecture Notes in Computer Science series by Spinger-Verlag, date unknown.
  • Performance Evaluation of the Bingo Electronic Voting Protocol

    Performance Evaluation of the Bingo Electronic Voting Protocol

    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 2, Ver. 1 (Mar – Apr. 2015), PP 89-102 www.iosrjournals.org Performance Evaluation of the Bingo Electronic Voting Protocol Waleed A. Naji, Sherif Khattab and Fatma A. Omara Department of Computer Science, Faculty of Computers and Information Cairo University, Egypt Abstract: Research in e-voting aims at designing usable and secure electronic voting systems. This paper provides an empirical analysis of the computational performance of a prototype implementation of the Bingo electronic voting protocol. Bingo is a receipt-based end-to-end verifiable electronic voting protocol that claims the property of coercion resistance. According to this work, a prototype of the Bingo design has been described in terms of sequence and class diagrams. Also, its operation has been demonstrated using a case study of a sample election. Four main operations have been analyzed; initialization of cyclic groups, generation of dummy votes, zero-knowledge proof of fair vote distribution over candidates, and zero-knowledge proof of receipt correctness. The performance was affected by the cyclic group order, number of candidates, and number of voters. Keywords: E-voting, Bingo voting, coercion resistance, zero-knowledge proof, commitments. I. Introduction Voting plays an essential role in a democracy. The result of voting determines the future of a country. Voting must achieve a set of requirements. On the other hands, an e-voting system must achieve technical requirements, user interaction requirements, integration requirements, and (most critically) security requirements [1-4]. Security requirements of the e-voting system are classified into two group; voter-related requirements and voting-related requirements.
  • An Implementation of Dual (Paper and Cryptographic) Voting System

    An Implementation of Dual (Paper and Cryptographic) Voting System

    Tel Aviv University Raymond and Beverly Sackler Faculty of Exact Sciences The Blatavnik School of Computer Sciences An Implementation of Dual (Paper and Cryptograhic) Voting System Submitted as a partial fulfillment of the requirements towards the Master of Science degree by Niko Farhi The research work has been conducted under the supervision of Prof. Amnon Ta-Shma March 2013 Abstract This thesis reports on the design and implementation of a cryptographic voting system, named Wombat. The system is designed to retain the ”look and feel” of standard paper- based plurality voting, while enhancing security using methods from modern electronic voting literature. To achieve this, the system executes two voting processes in parallel: one is electronic and end-to-end verifiable, while the other is paper based and emulates more traditional processes (to which the voters are accustomed). Consistency between the two processes is enforced by means of a new specially-tailored paper ballot format. In addition, this work examines the practicality of the Wombat protocol through im- plementation and field testing in two student council elections with over 2000 voters and party premiership elections with almost 900 voters. During these field test the usabilty, performance and voter satisfaction was examined. Overall, voters trusted the system and found it comfortable to use. Parts of this work were presented in EVote2012. ii Acknowledgments I wish to thank my advisor, Prof. Amnon Ta-Shma for his patience with me. I also wish to thank Mr. Ben Riva for providing aid when it was needed. iii Contents Abstract ii Acknowledgments iii 1 Introduction 1 1.1 ThesisOutline................................
  • The Scantegrity Voting System and Its Use in the Takoma Park Elections

    The Scantegrity Voting System and Its Use in the Takoma Park Elections

    The Scantegrity Voting System and Its Use in the Takoma Park Elections The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation Carback, Richard T. et al. "The Scantegrity Voting System and Its Use in the Takoma Park Elections." Real-World Electronic Voting: Design, Analysis and Deployment, edited by Feng Hao and Peter Y. A. Ryan, Auerbach Publications, 2016, 264-304. As Published http://dx.doi.org/10.1201/9781315371290 Publisher Auerbach Publications Version Author's final manuscript Citable link https://hdl.handle.net/1721.1/128360 Terms of Use Creative Commons Attribution-Noncommercial-Share Alike Detailed Terms http://creativecommons.org/licenses/by-nc-sa/4.0/ The Scantegrity Voting System and its Use in the Takoma Park Elections David Chaum Richard T. Carback Jeremy Clark Aleksander Essex Travis Mayberry Stefan Popoveniuc Ronald L. Rivest Emily Shen Alan T. Sherman Poorvi L. Vora John Wittrock Filip Zagórski 1 Introduction The Scantegrity project began with a simple question: is it possible to design a voting system offering the strong security properties of cryptographic end-to-end (E2E) election verification with the intuitive look and feel of a paper optical-scan ballot? This chapter recounts a decade-long research effort toward answering this question, from the design of Scantegrity’s precursor Punchscan, all the way to the first governmental election run by an E2E voting system. The main focus of this chapter is on the Scantegrity II voting system (hereafter referred to as simply Scantegrity) and its use in the municipal elections of Takoma Park, MD in 2009 and 2011.
  • The Scantegrity Voting System and Its Use in the Takoma Park Elections

    The Scantegrity Voting System and Its Use in the Takoma Park Elections

    The Scantegrity Voting System and its Use in the Takoma Park Elections David Chaum Richard T. Carback Jeremy Clark Aleksander Essex Travis Mayberry Stefan Popoveniuc Ronald L. Rivest Emily Shen Alan T. Sherman Poorvi L. Vora John Wittrock Filip Zagórski 1 Introduction The Scantegrity project began with a simple question: is it possible to design a voting system offering the strong security properties of cryptographic end-to-end (E2E) election verification with the intuitive look and feel of a paper optical-scan ballot? This chapter recounts a decade-long research effort toward answering this question, from the design of Scantegrity’s precursor Punchscan, all the way to the first governmental election run by an E2E voting system. The main focus of this chapter is on the Scantegrity II voting system (hereafter referred to as simply Scantegrity) and its use in the municipal elections of Takoma Park, MD in 2009 and 2011. To our knowledge, the Takoma Park election of 2009 was the first use of an E2E-verifiable voting system in an in-person secret-ballot governmental election anywhere in the world, as well as being the first governmental election held in the United States to run on open-source software. We also describe the Punchscan voting system and its use in the 2007 election of the the University of Ottawa Graduate Students Association/Association Étudiant(e)s Diplômé(e)s (GSAÉD), which, to our knowledge, is the first time an E2E voting system was used in a binding election.1 Additionally, this chapter describes the remote voting system Remotegrity and accessible Scantegrity variant Audiotegrity, and their use in the 2011 Takoma Park election.
  • Demtech Research Security Analysis of Scantegrity System

    Demtech Research Security Analysis of Scantegrity System

    DemTech Research Security Analysis of Scantegrity System DemTech Technical Report Series TR-2012-1 May 2012 Copyright c 2012, DemTech Research Project IT University of Copenhagen All rights reserved. Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. Copies may be obtained by contacting: DemTech Project IT University of Copenhagen Rued Langgaards Vej 7 DK-2300 Copenhagen S Denmark Telephone: +45 72 18 50 00 Telefax: +45 72 18 50 01 Web www.demtech.dk This work is supported in part by DemTech grant 10-092309 awarded by the Danish Council for Strategic Research, Programme Commission on Strategic Growth Technologies. Security Analysis of Scantegrity System Amir Rached Submitted in partial fulfillment for the degree of Bachelor of Science. Committee: • Professor Carsten Schurmann¨ • Professor Joseph Kiniry 1 Contents 1 Introduction 3 2 Scantegrity 3 2.1 Basic Idea . 3 2.2 Scantegrity System . 4 2.3 Scantegrity Back-end . 5 2.4 Voting Experience . 7 2.5 Security . 8 2.5.1 Integrity . 8 2.5.2 Privacy . 9 3 Implementation 9 4 Deployment 10 4.1 Election Setting . 10 4.1.1 Meeting 1 . 10 4.1.2 Meeting 2 . 11 4.1.3 Meeting 3 . 11 4.1.4 Meeting 4 . 11 4.2 Back-end Architecture . 11 5 Evaluation 15 5.1 Douglas Wikstroem Attacks . 15 5.1.1 The Duplicates Thread . 15 5.1.2 The Duplicates Thread and The Inconsistency of Opened Commitments with a Permutation Thread . 16 5.1.3 The Inconsistency of Unrevealed Commitments with a Permutation Thread 16 5.1.4 Universal Verfiability When Checking Is Performed at the End of the Mixing 17 5.2 Initial Automated Language-based Security Analysis .
  • SCV End to End Verifiable Internet Voting -- System Perspective

    SCV End to End Verifiable Internet Voting -- System Perspective

    SCV end to end voting over the Internet Mirosław Kutyłowski, Filip Zagórski Institute of Mathematics and Computer Science Faculty of Fundamental Problems of Technology Wrocław University of Technology Abstract. We present Scratch, Click & Vote remote voting scheme. The scheme is end-to-end verifiable and allows for voting over the Internet. It guarantees se­ curity against malicious hardware and software used by a voter; a voter’s com­ puter does not get any knowledge about the voter’s choice. Moreover, it can blindly change the voter’s ballot with a small probability only. As a side result, we present a modification of the ThreeBallot that eliminates Strauss’-like attacks on this scheme. Keywords: Internet voting, e-voting, E2E, verifiable voting scheme, ThreeBallot, Punchscan 1 Introduction There are two main scenarios of e-voting: advanced voting procedures at polling places and remote electronic voting. Polling station voting Recently it has became evident that badly designed e- voting machines can be extremely dangerous to a voting process [8,10,14]. For­ tunately, a number of end-to-end auditable voting systems (E2E) has been pre­ sented recently. Interestingly, some recent designs implement electronic voting without any electronic voting machines [3,6,5,4]. Moreover, for these schemes each voter gets a receipt, which may be used to check if the voter’s ballot has been included in the tally. It is also possible to verify correctness of the results. On the other hand, the receipt cannot be used even by the voter to prove how she voted. So they cannot help to sell or buy votes.
  • Building Reliable Voting Machine Software

    Building Reliable Voting Machine Software

    Building Reliable Voting Machine Software Ka-Ping Yee Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2007-167 http://www.eecs.berkeley.edu/Pubs/TechRpts/2007/EECS-2007-167.html December 19, 2007 Copyright © 2007, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Acknowledgement I am grateful to many people who helped make this dissertation possible. My advisors: David Wagner, Marti Hearst. My committee members: Henry Brady, Joe Hellerstein. Advice: Steve Bellovin, Candy Lopez, Scott Luebking, Noel Runyan, Joseph Hall. Security review: Matt Bishop, Ian Goldberg, Tadayoshi Kohno, Mark Miller, Dan Sandler, Dan Wallach. Funding: National Science Foundation, through ACCURATE. Thanks also to Scott Kim, La Shana Porlaris, Lisa Friedman, and my parents. Building Reliable Voting Machine Software Ka-Ping Yee B. A. Sc. (University of Waterloo) 1998 A dissertation submitted to the Graduate Division of the University of California, Berkeley in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Committee in charge: Professor David Wagner, Co-chair Professor Marti Hearst, Co-chair Professor Henry Brady Professor Joseph Hellerstein Fall 2007 The dissertation of Ka-Ping Yee is approved.
  • An E-Voting System That Ensures Voter Confidentiality and Candidate Privacy

    An E-Voting System That Ensures Voter Confidentiality and Candidate Privacy

    Enhanced Name and Vote Separated E‐voting System: An E‐voting System That Ensures Voter Confidentiality and Candidate Privacy __________________________________________ ©2014 Wiley. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder. Citation: Haijun Pan, Edwin S.H. Hou, and Nirwan Ansari, “Enhanced Name and Vote Separated E‐voting System: An E‐voting System That Ensures Voter Confidentiality and Candidate Privacy,” Wiley Security and Communication Networks, DOI: 10.1002/sec.944, vol. 7, no. 12, pp. 2335– 2344, Dec. 2014. URL: http://onlinelibrary.wiley.com/doi/10.1002/sec.944/abstract E-NOTE: An E-voting System That Ensures Voter Confidentiality and Candidate Privacy Haijun Pan, Edwin Hou, and Nirwan Ansari Abstract—In this paper, we propose an improved E-voting system based on our previous work (Name and vOte separaTed E-voting system, NOTE). The proposed E-voting system, referred to as Enhanced NOTE (E-NOTE), is enhanced with a new protocol design and a watchdog hardware device to ensure voter confidentiality and voting accuracy.
  • Survey on End-To-End Verifiable Cryptographic Voting Systems

    Survey on End-To-End Verifiable Cryptographic Voting Systems

    International Journal of Computer Applications (0975 – 8887) Volume 100 – No.16, August 2014 Survey on End-to-End Verifiable Cryptographic Voting Systems Labeeb Ahmed Qubati Sherif Khattab Ibrahim Farag Computer Science Dept., Computer Science Dept., Computer Science Dept., Faculty Of Computer And Faculty Of Computer And Faculty Of Computer And Information, Cairo University, Information, Cairo University, Information, Cairo University, Egypt Egypt Egypt ABSTRACT system (whether the voting system achieves the whole Electronic voting refers to the using of computers or characteristics or a part of them). The electoral process passes computerized voting equipments to cast ballots in the election. in three basic stages, the first stage is the registration stage, The e-voting has been developed for more than 20 years. In when the preparation of electoral is done, the second stage is the electronic voting, there are three stages: the registration the voting stage when the voters cast their votes, and finally stage, the voting stage, and the tally stage. Verifiable the tallying stage when the votes are compiled and counted cryptographic voting systems use encryption technology to then announce the results. The e-voting system can be secure electorate’s votes and to avoid coerce them to vote for represent in two subsystems, the first one includes the any particular candidate or to buy their votes, and any another registration stage and the second one includes the other two threats. This research aims to obtain an electronic voting stages. system could be used easily in the third world countries. In There are many electronic voting systems classified in several this research ten of existing cryptography verifiable voting ways, for example, HAVA classification which voting systems have been studied, and especially focused on End-to- systems are classified into four categories one of the four End verifiable voting systems, which is considered as the categories is E2E cryptographic-based, which is consider as newest class of voting systems.