02:25 PM
Connect Directly

How To Make Internet Voting Secure

To be effective, an Internet voting system has to auditable every step of the way, a new study says.

Public elections conducted over the Internet need to be end-to-end verifiable in order to be truly effective, a team of election officials, systems engineers, cryptographers, and election watchdogs said in report outlining a set of recommendations for Internet voting.

The 65-page report, released today, highlights several fundamental challenges that need to be overcome before Internet voting can become a reality on a mass scale. Key among them is finding a way to guarantee the integrity of election data, protect voter information, secure systems against attacks, and make the systems user-friendly enough to be accepted broadly.

"As election technology evolves and more states evaluate Internet voting, caution on compromises to integrity and security is warranted," the U.S. Vote Foundation, which commissioned the report said in a statement Friday. "Existing proprietary systems that meet only a subset of the requirements cannot be considered secure enough for use in the U.S."

Remote voting, including voting over the Internet, is becoming increasingly common in the U.S., the reported noted. It is has typically been used to enable military personnel and American citizens based overseas to participate in the election process, but is beginning to be used more broadly. As a result, more attention needs to be placed on ensuring speed, security, and integrity of such voting systems.

One of the major problems currently is that no existing commercially available Internet voting system is truly open for public review. As a result, there is no way to verify if the systems are functioning in the intended manner, the report's authors said.

For Internet voting to be truly effective, the system needs to ensure that the ballot received by and displayed to the voter matches the ballot sent out originally by election officials. It also needs to make sure that the computer used by the voter accurately records the voter's intention and that the filled in ballot received by election officials is the same one that was submitted by the voter.

Because the voting takes place on the public Internet, the voting system also needs to have a way to ensure that intermediary systems and networks do not have an opportunity to intercept, modify, or peek at, the ballot.

Another concern that has to be addressed is malware. Voters often may not be aware of malware on their systems that could potentially change the way the ballot is displayed or the way the vote is recorded.

"Internet voting substantially exacerbates the risk of remote voting by making it possible for small problems to be magnified and replicated on a large scale," Josh Beneloh, senior cryptographer at Microsoft, wrote in the report. "Careless or malicious errors, intrusive malware, and unforeseen omissions – all of which can be caused by individuals or very small groups – can cause very large numbers of votes to be changed and the privacy of large numbers of voters to be compromised."

According to the report’s authors, who include technologists from Lawrence Livermore, IBM, and NIST as well, there are 10 technical requirements that need to be met for truly end-to-end verifiable Internet voting. Among them are:  functionality, usability, security, authentication, auditability, and interoperability.

Functionally for instance, an Internet voting system must ensure that recorded ballots and voters listed as having voted must correspond with each other. Similarly, the system must maintain voter anonymity and make it impossible for election officials or anyone to link an individual vote back to the source.

On the security and authentication front, a truly verifiable Internet voting system should ensure that no voting data is ever lost even in the event of a system failure. It should have a way to properly authenticate voters to ensure that individuals are properly identified and to protect against attackers impersonating voters even if the entire database used for authentication becomes compromised.

"There is tremendous pressure to build Internet voting systems and use them in public elections," the report said. But the use of such systems "without end-to-end verifiability—including all Internet voting systems that jurisdictions are experimenting with and using at the time of this writing—is irresponsible."


Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/14/2015 | 11:25:06 AM
Re: Excited, but problematic

While you might be correct about getting those people (who absolutely live in Cyberspace) to do that very arduous task of "voting", which is a plus, it absolutely frightens the hell out of me that we as a society want to move in this direction. Why you ask... well I can go on for a while with multiple reasons but since this is a blog on information security I say this. We haven't proven that we can secure the simplest of data stored, connected to or traversing the Internet so why would we want to trust something as precious as our rights to determine our own future to these very technologies that have proven unequal to the task or more often, why should we trust people to maintain, manage and care for those systems in a responsible way? If the plan is to get more people to vote, then make the current system we have easier, but not by saying "since you don't want to leave the house you can vote on-line".

Personally, I think on-line voting is a major hack or even an inside job of biblical proportions just waiting to happen. But that's just me, I tend not to trust.
User Rank: Ninja
7/13/2015 | 7:54:44 AM
Excited, but problematic
I'm really excited by the prospect of internet based voting, as I think it will not only make a lot more people vote, but specifically young people who have grown up with an interenet based culture - the ease of it will bring about a lot more involvement and interest in voting in general.

However we're unlikely to see that here in the UK. The prevailing right-wing government knows that its supporters are mainly older and unlikely to use a digital voting system, so I don't expect to see it come in to play until well into the 2020s, which is embarassingly slow. 
Register for Dark Reading Newsletters
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio