02:25 PM
Connect Directly

How To Make Internet Voting Secure

To be effective, an Internet voting system has to auditable every step of the way, a new study says.

Public elections conducted over the Internet need to be end-to-end verifiable in order to be truly effective, a team of election officials, systems engineers, cryptographers, and election watchdogs said in report outlining a set of recommendations for Internet voting.

The 65-page report, released today, highlights several fundamental challenges that need to be overcome before Internet voting can become a reality on a mass scale. Key among them is finding a way to guarantee the integrity of election data, protect voter information, secure systems against attacks, and make the systems user-friendly enough to be accepted broadly.

"As election technology evolves and more states evaluate Internet voting, caution on compromises to integrity and security is warranted," the U.S. Vote Foundation, which commissioned the report said in a statement Friday. "Existing proprietary systems that meet only a subset of the requirements cannot be considered secure enough for use in the U.S."

Remote voting, including voting over the Internet, is becoming increasingly common in the U.S., the reported noted. It is has typically been used to enable military personnel and American citizens based overseas to participate in the election process, but is beginning to be used more broadly. As a result, more attention needs to be placed on ensuring speed, security, and integrity of such voting systems.

One of the major problems currently is that no existing commercially available Internet voting system is truly open for public review. As a result, there is no way to verify if the systems are functioning in the intended manner, the report's authors said.

For Internet voting to be truly effective, the system needs to ensure that the ballot received by and displayed to the voter matches the ballot sent out originally by election officials. It also needs to make sure that the computer used by the voter accurately records the voter's intention and that the filled in ballot received by election officials is the same one that was submitted by the voter.

Because the voting takes place on the public Internet, the voting system also needs to have a way to ensure that intermediary systems and networks do not have an opportunity to intercept, modify, or peek at, the ballot.

Another concern that has to be addressed is malware. Voters often may not be aware of malware on their systems that could potentially change the way the ballot is displayed or the way the vote is recorded.

"Internet voting substantially exacerbates the risk of remote voting by making it possible for small problems to be magnified and replicated on a large scale," Josh Beneloh, senior cryptographer at Microsoft, wrote in the report. "Careless or malicious errors, intrusive malware, and unforeseen omissions – all of which can be caused by individuals or very small groups – can cause very large numbers of votes to be changed and the privacy of large numbers of voters to be compromised."

According to the report’s authors, who include technologists from Lawrence Livermore, IBM, and NIST as well, there are 10 technical requirements that need to be met for truly end-to-end verifiable Internet voting. Among them are:  functionality, usability, security, authentication, auditability, and interoperability.

Functionally for instance, an Internet voting system must ensure that recorded ballots and voters listed as having voted must correspond with each other. Similarly, the system must maintain voter anonymity and make it impossible for election officials or anyone to link an individual vote back to the source.

On the security and authentication front, a truly verifiable Internet voting system should ensure that no voting data is ever lost even in the event of a system failure. It should have a way to properly authenticate voters to ensure that individuals are properly identified and to protect against attackers impersonating voters even if the entire database used for authentication becomes compromised.

"There is tremendous pressure to build Internet voting systems and use them in public elections," the report said. But the use of such systems "without end-to-end verifiability—including all Internet voting systems that jurisdictions are experimenting with and using at the time of this writing—is irresponsible."


Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/14/2015 | 11:25:06 AM
Re: Excited, but problematic

While you might be correct about getting those people (who absolutely live in Cyberspace) to do that very arduous task of "voting", which is a plus, it absolutely frightens the hell out of me that we as a society want to move in this direction. Why you ask... well I can go on for a while with multiple reasons but since this is a blog on information security I say this. We haven't proven that we can secure the simplest of data stored, connected to or traversing the Internet so why would we want to trust something as precious as our rights to determine our own future to these very technologies that have proven unequal to the task or more often, why should we trust people to maintain, manage and care for those systems in a responsible way? If the plan is to get more people to vote, then make the current system we have easier, but not by saying "since you don't want to leave the house you can vote on-line".

Personally, I think on-line voting is a major hack or even an inside job of biblical proportions just waiting to happen. But that's just me, I tend not to trust.
User Rank: Ninja
7/13/2015 | 7:54:44 AM
Excited, but problematic
I'm really excited by the prospect of internet based voting, as I think it will not only make a lot more people vote, but specifically young people who have grown up with an interenet based culture - the ease of it will bring about a lot more involvement and interest in voting in general.

However we're unlikely to see that here in the UK. The prevailing right-wing government knows that its supporters are mainly older and unlikely to use a digital voting system, so I don't expect to see it come in to play until well into the 2020s, which is embarassingly slow. 
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.