Vulnerability analysis of three remote voting methods

📝 Abstract

This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities.

💡 Analysis

This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities.

📄 Content

Enguehard, C., Lehn R. Vulnerability analysis of three remote voting methods. XXI IPSA World Congress of Political Science, RC10 Electronic Democracy - Dilemmas of Change? Santiago, Chile, July 13, 2009. Vulnerability analysis of three remote voting methods Chantal Enguehard & Rémi Lehn Université de Nantes Laboratoire d’Informatique Nantes Atlantique 2, rue de la Houssinière BP 92208 44322 Nantes Cedex 03 France with the support of the European Computer and Communication Security Institute Bruxelles, Belgique Resume This article analyses three methods of remote voting in an uncontrolled environment: postal voting, internet voting and hybrid voting. It breaks down the voting process into different stages and compares their vulnerabilities considering criteria that must be respected in any democratic vote: confidentiality, anonymity, transparency, vote unicity and authenticity. Whether for safety or reliability, each vulnerability is quantified by three parameters: size, visibility and difficulty to achieve. The study concludes that the automatisation of treatments combined with the dematerialisation of the objects used during an election tends to substitute visible vulnerabilities of a lesser magnitude by invisible and widespread vulnerabilities. Key-words : Internet voting, remote voting, postal remote voting, hybrid remote voting, democracy, transparency, fraud, anonymity, authenticity, unicity, visibility, virus, worms. Introduction Remote voting procedures have been renewed recently with the introduction of optical scanners to automatically read the ballots or to completely dematerialise the objects used to vote by an internet voting process. This article studies three methods of remote voting (postal voting, hybrid voting and Internet voting). It describes the various phases. Technical vulnerabilities of internet voting are set out in part three, while the fourth part compares the vulnerabilities of each type of vote. I. Remote voting I.1 - Definition Depending on the country, remote voting may consist of two separate concepts: — Voting is supervised but takes place outside the normal location (e.g in an embassy); — Voting takes place in an uncontrolled environment and in the absence of any electoral officer. We are interested here in remote voting outside the control of an electoral officer in the following three forms: Internet voting, postal voting and hybrid voting. 1 Enguehard, C., Lehn R. Vulnerability analysis of three remote voting methods. XXI IPSA World Congress of Political Science, RC10 Electronic Democracy - Dilemmas of Change? Santiago, Chile, July 13, 2009. The scope of a study of the elections may include the preparation of voter lists, the candidates’ campaign up until the announcement of results. We focus here only on the ballots that we observe from their delivery to the voters until the counting of votes. We do not present questions relating to paper voting procedure that have already been studied (see [7] and [15]), or aspects of the digital divide and accessibility (see [3], [14]). I.2 - Three ways to vote remotely in an uncontrolled environment For each mode of remote voting, we define a model represented by a real application widely used and which we consider as representative of the practices. — Internet voting: Internet voting procedure used in the canton of Geneva in 2007 [10]. — Postal voting: as used in the canton of Geneva in 2007 [31]. — Hybrid voting: hybrid voting procedure used in the elections of the Comité National de la Recherche Scientifique (CNRS) in France in 2008. Internet voting Internet voting (i-voting) is part of a broader package called electronic voting (e-voting). Under the latter are grouped all forms of voting involving an electronic device to cast or count votes. There are drafts of standards and international norms but they lack precision in their definition of the necessary organizational, legal and technological models. There are, therefore, many different Internet voting procedures. However, it is possible to expose a general pattern that is more or less respected by the usual procedures of Internet voting that are said to be secure. Information relevant to authentication are provided to voters by mail. Voters log on an official web site to vote from any computer connected to the Internet and equipped with a browser compatible with the application running on the official web site. Each voter uses the information that she had previously received to be identified (login and password), and then she express her choice. It is encrypted and sent to the server hosting the official web site that collects the votes, stores them until the close of the poll and produces the results of the vote at the close of the poll. Because all the voters do not have a computer with an Internet connection, this method of voting is always an addition to a postal voting procedure1. Postal voting Each voter rece

This content is AI-processed based on ArXiv data.