Vous êtes sur la page 1sur 9




2/4 2/4

Department of Computer Science and Engineering

Gudlavalleru Engineering College
1. ABSTRACT free and open source e-voting system based on state

Internet voting systems, catering to different of-the-art cryptographic design.

requirements, have been widely implemented and

used. Some have been successful, while others have 3. APPLICATION FIELDS
experienced unexpected problems. This paper Seminal application fields for online elections are
overviews the concerns of using Internet voting and especially large-scale ballots with a tremendous
tries to give solutions. Tradeoffs between the organizational work. Polls in small communities like
advantages and disadvantages of employing Internet schools or for municipal councils are regarded to a
voting are also addressed. This study reveals that the lesser extend, rather political elections like diet
main concerns of adopting Internet voting for critical elections, votes at stockholders’ meetings or other
elections are not cryptographic tools, but hardware annual meetings, or committee elections at
and software reliability, and social and political universities and schools. Remarkably there is a broad
issues. After discussing possible concerns about consensus that political online voting is not meant to
Internet voting and possible solutions or comments, be substitutional rather complementary to traditional
we propose steps to enable Internet voting to be voting procedures. There is no such consensus about
adopted even for critical elections. nonpolitical polls.
3.1. Political elections
2.INTRODUCTION Security concerns are surely high when voting online
Electronic voting is currently one of the most within political range. Not only poll specific laws
intensely debated subjects in Information must be observed but also constitutional principles.
Technology. Although no system can claim to solve Up to now no such election has taken place.
every problem facing electronic voting today, we In 2000 approx. 250 soldiers could use a “certified
suggest that the most obvious course of action is to virus-free” computer to participate in the US-
develop free and open source electronic voting presidential election. Unfortunately, there is only few
systems. information about the Internet voting procedure. As
In order to protect commercial interests, most current mentioned above in 2000 about 40,000 entitled voters
e-voting systems do not have used the opportunity to cast their vote online during
publicly available source code. In some cases, code is Democratic Party’s Presidential Primary election .
concealed to avoid the discovery of embarrassing This vote has been accompanied by election.com .
security flaws. Even proprietary systems that reveal Several security problems occurred, e.g. denial-of-
source code often leave several critical components service attacks as well as the uncertainty of the voter,
hidden. In order to ensure true democratic elections, if his vote was really counted.
voting software must be independently auditable and 3.2. Non-political elections
verifiable by any interested third party. For this Elections at universities and schools are also
reason, free and open source e-voting systems can be classified as non-political ones although they might
a catalyst for positive developments in the area. To have a political facet.
the best of our knowledge, ADDER is the one of the
4.PRONS AND CONS station at any time there are several persons

Substantial general arguments for the implementation belonging to different parties, and the counting takes

of online elections are the following ones: place at another location by other people. In
endangered countries with young democracies the
confidence in these mechanisms is lower, and a shift
4.1 Increasing turnout: As Internet voting is an
from organizational security precautions to technical
additional channel for eligible voters the turnout
ones (e.g. cryptographic coding) might be helpful.
might increase substantially. Especially for older,
However, it is necessary to mention that the
handicapped, or sick people or those who cannot go
coexistent use of organizational and technical
or travel to their polling station it is a voting option.
security precautions features a gradual character, i.e.
4.2 Cost reduction: Cost savings can occur, if
the securest technology can always be annulled, if all
less personnel for performing absentee voting and for
organizational units involved cooperate corruptingly.
counting is necessary or if travel activities are
4.5 Support of basis democracy: As soon as
reduced. On the other hand building up and operating
an Internet based poll infrastructure is built up basis-
the poll infrastructure as well as equipping the voters
democratic voting processes become more feasible.
with essential hardware cause cost . Furthermore, in
On the other hand there is strong concern about
the foreseeable future of political elections no polling
online elections
stations will become obsolete. The discussion
whether and at which elections cost savings will 4.6 Security: Ranking first is security doubt. In
occur is presently speculative. traditional elections it is obvious for anyone that a
mapping of voters on the votes is impossible, because
4.3 Decrease of invalid votes: Invalid votes
the voting process itself takes place behind physical
can be produced consciously or unconsciously.
barriers and each voter drops his “locked“ envelope
Consciously producing invalid votes are presumably
into the voting box, which also contains the
protest against politics in general, therefore they must
envelopes of many other voters. The voter himself
be provided in online elections. Unconsciously
monitors the adherence of the principle of secrecy.
produced invalid votes could be already identified at
However, regarding absentee voting which is
“feeding time“ with plausibility checks, so that the
socially, political and legally accepted this looks
voting software could point out this mistake. This
different: There is no guarantee to the voter that his
means a difference to traditional polling booths.
vote won’t be changed, he just trusts in the integrity
Whether this kind of restricting the democratic
of the involved persons and organizations as well as
“principle of equality” is tolerable has to be
in the sanctity of the mail. These and many further
examined legally.
aspects of election security like the warranty of the
4.4 Lower election fraud in endangered
ballot paper’s “arrival” don’t come up to discussion,
countries: The security of traditional elections
probably for habit reasons or as they are implicitly
bases on the confidence in persons and in the
sensed as realized. Rightfully, in the context of
independence of election committees. For example,
Internet polls security aspects are addressed again
in the context of German political polls in any polling
4.6 Low Transparency: Obviously, personal identification number (PIN) and compare a
implementing security requirements with information security symbol with the one they received in the
technology is not trivial, even if cryptography offers mail.
a rich bundle of methods and instruments. Anyway,
using complex security procedures leads to increased
in transparency to the voter, so that problems
regarding elector’s acceptance are likely.
4.7 Cost: It is yet unknown, to what extend and
when cost for establishing and operating an Internet-
based poll infrastructure redeems. Disputants of
Internet elections deny its’ potential to medium-term
cost savings.
When the term Internet voting is used, it generally
Figure . Sample e-voting screen.
refers to remote Internet voting, where the client
A menu indicates which issues are up for e-
software communicates over the Internet to the server
voting(left). In this case, 1a is the referendum, 1b is
software, say, from a voter’s PC. However, there are
the alternative government proposal, and1c is the
at least two other ways to implement voting over the
supplementary question. Voters click on yes or no
Internet: kiosk voting and poll-site voting. Each of
three times and then click forward to go to the next
these three ways has its own particular security
screen.If the two match, the system accepts the vote.
Two-step encryption protects voter confidentiality.
Remote. In this scenario, a third party, or the voter
The voter’s client computer first encrypts the votes
himself (rather than election officials) has control
and identification and authentication characteristics,
over the voting client and operating environment.
and the e-voting system then checks the incoming
Kiosk. In this scenario, the voting client may be
votes for their structure and integrity before once
installed by election officials, but the voting
again encrypting them. Two redundant subsystems
environment is out of election officials’ control.
then store the cast votes in a database. On voting day,
Poll-site. In this scenario, election officials have the communities enter the results from the regular
control over the voting client and the operating
ballot box into the vote registration software. As soon
as the regular voting ballot box is closed, the e-voting
6.0 VOTING PROCESS system transfers the e-votes to the computer system
To vote through the Internet, voters log onto the e- that handles the regular votes. An overview of the
voting website using their identification numbers and total results—regular votes and e-votes—is available
follow the site’s instructions for vote casting. Figure immediately.
below gives a sample screen from the simulation
software. After casting their votes, voters enter a
appropriate laws and have been primarily addressed
with organizational measures so far. For example,
physical barriers contribute to ballots’ secrecy and
the legally prescribed temporal restriction of vote
casting is implemented with opening times of the
polling stations. Absentee voting already requires a
special treatment and had to be legally anchored. In
order to guarantee a ballot’s secrecy the sanctity of
the mail was consulted, but the legal anchorage of
Internet elections will probably become even harder.
Information technology opens a new dimension,
which has to accommodate legal general conditions.
In other words, these basic conditions and laws must
be technologically implemented in Internet elections.
Technological efforts may not be an end in itself, but
they make for implementation of those basic
The E-voting process has six main steps:
conditions. One can also call it a mapping of basic
(1)Communities send a list of those eligible to vote
conditions on technological components. Beyond that
further requirements occur, in particular economic
(2) Voters receive a list of system codes for
and ergonomic ones, i.e. Internet elections should be
identifying themselves and the referenda or
as inexpensive and user-friendly as possible (see
candidates they are voting for, as well as codes for
figure below).
entering “yes” and “no” responses.
(3) Voters cast their vote using their preferred digital
medium. At present only Internet and mobile phone
options are active, although the system is designed to
handle iTV and PDA/WAP as well. The e-voting
ballot box closes 24 hours before the regular ballot
(4) The communities send the paper ballot results to
the vote registration software.
(5) Finally, Canton Zurich’s Statistical Office counts
all votes (electronic and paper) and
(6) produces the final vote count.
Figure : System of requirements
7.0 SECURITY REQUIREMENTS In the context of integrating Internet elections in
Legal, political science based, and social society and comprehensive requirements for them
requirements on elections are deep-seated in Kubicek et al. use the expression “interdisciplinary
connectivity”. Already in 1996 Cranor formulated discussion of Ruess one can bridge from law to
general requirements for electronic elections. Figure technology:
doesn’t show all dependencies, but the arrows 7.1 General election: The basic principle
indicate the most important ones. The technological “generality” assures the option to vote to all eligible
security requirements are part of the critical voters. Since voting via Internet represents an
technological requirements, as legal requirements additional way to voting, there seems to arise no
take effect especially on them. They are focused problem. However, it has to be discussed whether the
below. The necessity to systematically analyze breakdown of technical system components limits the
security requirements is substantiated by the security general right to vote, if five minutes before the end of
problems arisen in practical pilot schemes. The voters’ time slot no connection to the polling server
accurate security conditions depend on the concrete can be established due to its capacity overload.
election. For example, a country-wide political ballot Thinking in terms of a client server-architecture the
requires different instruments than a local or regional following requirements result: On the client side the
student parliament election. Nevertheless at least the voting software and hardware (card reader, for
election-oriented democratic principles as fixed in the instance) must work properly. The voter is partially
German “Grundgesetz” (constitutional law) can be in charge for this, as he has to ensure that on its
consulted as starting point for the formulation of computer no disturbing software runs, which makes
securitytechnological requirements. Supplementing, the network device fail, e.g. The same applies to the
at each case further legal basic conditions are to be server side, but it might be easier to handle this due
considered, e.g. electoral laws (horizontal expansion to the controllable environment. One of the largest
of requirements). It is conceivable that for certain problems is the disturbance of a network connection
ballot types different sets of requirements will be set basing on a (partial) Internet breakdown. For
up. It should be stressed that concrete security example, denial of service attacks can paralyze
arrangements of an election aim at accomplishing a routers and polling servers. The author claims that an
ballot-specific security level (vertical expansion of absolute reliability of all assigned systems cannot be
requirements), since getting at absolute security guaranteed. Yet, due to the coexistence of traditional
seems to be impossible. Even in polling stations the voting channels the question whether such a
corrupting cooperation of the canvassers cannot be reliability has to be guaranteed at all arises.
ruled out reliably. Furthermore, sending the vote via 7.2Direct election: The ballot’s directness means
mail the voter cannot be sure that his vote will arrive that between casting of votes and their counting only
and be considered. In the German “Grundgesetz” the mathematical determination may occur, thus no
they say (translated): ”In the counties and townships electors may be instituted. This is a matter of no
the people must have representatives which have importance in the context of Internet elections, even
been elected in general, direct, free, equal, and secret though the implementation of election processes has
elections.” They also say:” The representatives of the to fulfill this requirement. Free election: According to
‘Bundestag’ are voted in direct, free, equal, and this principle the poll procedure must not be affected
secret elections.” Including the juridical-oriented by public force or private pressure. In this regard, to
the Internet elections the same items and doubts this regard, accepting absentee voting a compromise
apply as in case of absentee voting, because was already made. Compromising attacks can occur
preventing an influencing control technologically is at the same spots already discussed above: Malicious
impossible. Lodging the claim that the voter receives software scanning data possibly run on the voter’s
a proof that his vote was counted unchanged one can computer. Also remote administration software can
think of a receipt mechanism, which however must intervene here. The transmission of all data to voting
not show the vote’s content. Lacking provable ness is servers must be encoded. On vote servers’ side is has
against extortion and paid votes. to be ensured that no mapping from voter on his vote
7.3 Equal election: The principle of equality decision is possible. Beyond public key
subsumes two aspects: (1) All voting cards are to be infrastructures this also requires organizational
granted some status, so that those in the Internet must measures. For instance, there is a strict necessity to
have the same appearance and the same structure as have at least two entities: a voting host controlling
all other voting cards. Demanding the use of authorization and authentication, not being able to
dedicated hardware (chipcard reader with integrated read the vote, making it anonymous, and forwarding
display and input device), consequently the same votes to a voting box (or many) which just counts the
requirements are to be made against this hardware. (anonymous) votes. If one considers further aspects
Particularly, the voting card as a whole has to be of various electoral laws, then additional
displayed and may not be implicitly weighted by the requirements appear.
“scrolling feature”. Although these are no 8..0 FRAMEWORK FOR VOTING
technological security requirements, but only SYSTEMS
technological ones, it discloses that legal implications Although voting protocols are the core of voting
shown in figure 1 do not only refer to security systems they cannot work without corresponding
aspects. (2) Regarding the individual voter it must organizations (e.g. voting authorities), data (e.g.
apply strictly that each vote has same weight. This digital certificates), functions (e.g. encoding and
means first that any eligible voter may only vote once decoding algorithms), and computers (special
(authentication is necessary). In order to implement hardware and software). Together with Protocols and
authentication (and authorization) digital signatures their linking function they form an abstract
can be applied. Secondly, it means that any vote has framework that might be seen as a reference
to be supplied unaltered (integrity). It must be framework (figure given below).
assured that no malfunctioning or cankered software
(viruses, worms, Trojan horses etc.) changes the vote
notelessly. This can probably only be ensured if
secure auxiliary hardware featuring a peculiar display
and input device (e.g. keyboard) is applied.
7.4 Secret election: The keeping of vote secrecy
together with the consideration of equality and the
aligned integrity belong to the most difficult tasks. In
Functions: Core aspects are algorithms for
encoding and decoding (including key length),
signature algorithms as well as algorithms for blind
signatures and anonymous channels. Where
applicable, precise biometric identification
algorithms must be applied.
Authorities: Different authorities have been
proposed for making a ballot secure. Many voting
protocols in literature integrate a validator, a psephor,
and a certification authority (see section five).
Beyond the question which authorities are involved
in elections their responsibilities, rights, and even
Framework for electronic voting systems
protection precautions regarding rooms, servers, etc.
As security requirements always have to apply to the
have to be specified.
whole system – any insecure element can
Hardware and Software: At each side security
compromise the entire (voting) system – design tasks
requirements for hardware and software are
and security analysis of voting systems have to
important. Regarding the voter’s PC at home think
account for each element; a security specification of a
about malfunctioning software (viruses, worms,
voting system can become operationalized by
Trojan horses, etc.) that could change, delete or read
specifications of the five elements.
the voting decision unnoticed. A solution might be
Data: Different kind of data appear during an
external devices like smart card readers with a
election and content as well as structure have to be
keyboard and/or display that work as an interface to
defined. First, there is the electronic ballot paper
smart cards (with own memory and microprocessor).
sometimes signed by a voting authority to make it
Approved or certified software can be stored on the
valid. Secondly, we have digital certificates which
smart card which is responsible for secure encoding
allow to prove identities and encode data in order to
and signing. Moreover on all computers only
make it readable only for a selected person or
approved or certified software should be applied.
institution. Unfortunately, there are many
Organization: The core element of electronic
incompatible standards for digital certificates, e.g.
voting systems are the (static) infrastructure and the
X.509 , SPKI , and OpenPGP. If biometric data is
(dynamic) protocol subsumed as organization, as they
used for identification one has to define how
integrate and combine all other elements. The
fingerprints, facial recognition data, or/and iris scan
protocol (see sectionfive) determines the voting
data are stored. Thirdly, the votes itself must be
process: who does what with which data and how?
stored. Fourth, a big problem are vote receipts. If
The infrastructure determines which devices and
used, should they contain the voter’s decision or
software reside where (e.g. how many voting servers
mustn’t they?
exist, level of redundancy) and how they are linked to
each other including technical protocols. One of the System for the Internet. In Proceedings of
most challenging security requirement is protection the Hawai`i International Conference on
against DOS (denial of service) attacks. Only if each System Sciences, January 7-10, 1997,
element accomplishes specified security requirements Wailea, Hawai`i, USA. IEEE Computer
we can get a secure voting system. Society Press, pp. 561-570, Available from
8.0CONCLUSION: http://lorrie.cranor.org/pubs/hicss/

During the past years many pilot projects were  Mohen, J., and Glidden , J., 2001. The Case
conducted, which examined Internet elections for Internet Voting. In Communications of
coming upon large commitment. However, Internet the ACM, Vol. 44, No. 1, pp. 72- 85.
ballots make high demands on security and
theoretical research has to be done regarding security Election.com, 2000. Arizonans register
aspects of data, functions,hardware and software, overwhelming support for online voting. Online Vote
authorities, and protocols and infrastructure. For More than Triples 1996 Returns. Available from
example, it is still open how casted votes should be http://www.election.com/us/pressroom/pr2000/0312.
receipted and which voting protocols should be used htm
in which case.There is also a strong need for
empirical research: not much experience is available
concerning the practical implementation of Internet
voting and its acceptance.Many problems will
probably be detected first in the course of further
pilot projects.
Talking about Internet elections and security we
should keep a trade-off in mind: Enlarging security
also means an increase of effort, costs, and
complexity. For that reason, we will carefully have to
specify the level of security of each voting system.

 Cranor, L.F., 1996. Electronic Voting.
Computerized polls may save money,
protect privacy. In ACM Crossroads Student
Magazine Vol. 2, No. 4, Available from
 Cranor, L.F.; Cytron, R.K., 1997. Sensus: A
Security- Conscious Electronic Polling