ORIENTAL JOURNAL OF ISSN: 0974-6471

COMPUTER SCIENCE & TECHNOLOGY December 2012,

An International Open Free Access, Peer Reviewed Research Journal Vol. 5, No. (2):
Published By: Oriental Scientific Publishing Co., India. Pgs. 161-168
www.computerscijournal.org

A Secure and Robust Prototype for Electronic Voting System

ASHRAF DARWISH, MAGIDALGENDY and EMAN MOHAMED

Faculty of Science, Helwan University, Cairo, Egypt.

(Received: November 05, 2012; Accepted: November 25, 2012)

ABSTRACT

Electronic voting (EV) refers to the use of computers or computerized voting equipments to
cast ballots in an election EV has been in development for more than 20 years, during which it has
produced outstanding results both in theory and in practice. This paper presents a new secure
preferential e-voting scheme. In this paper we will present an e-voting scheme that covers most of
the e-voting requirements were implemented to guarantee voter’s privacy and authentication.
A prototype implementation of EV protocol over the Internet which fulfils some electronic voting
system requirements such as efficiency, transparency and mobility has been presented.

Key words: Electronic voting, Cryptography, Blind signatures.

INTRODUCTION increase the number of participating voters, (3) e-

voting saves a lot of time for voters and reduce a
Varity kinds of application technologies are cost when counting the voted ballots.
tending towards digitization, such as e-commerce,
e-democracy, or e-government, etc due to the rapid Different electronic voting systems have been
development of technologies and popularity of the suggested to support elections and voting
internet. namely
Computer counting
To minimize costs and red tape in public Is a way that enables voters to mark their
departments, the contemporary states are seeking choice on a paper with a pencil or marker. Then ballot
to provide people have the ability to participate and cards are examined and counted in a central
benefit from online services by increasing the computer site.
number of activities associated to this new medium.
Direct-recoding electronic voting machine (DRE)
Electronic voting is one of the most Is an implementation of an electronic voting
important Internet-related activities. Recently the system. Where the voter chooses the candidate by
contemporary states moved to electronic voting marking the choice of possible options on the
instead of a traditional one for more than one reason electronic storage device. All votes are stored on a
for example: (1) use of electronic voting has the memory cartridge, smart card, or a floppy disk. Then
ability to reduce or eliminate undesirable human they moved to a central location to be counted and
errors, (2) in addition to its reliability, e-voting does get the result.
not need geographical proximity of voters which
162 DARWISH et al., Orient. J. Comp. Sci. & Technol., Vol. 5(2), 161-168 (2012)

On line-voting: this system encompasses three and home banking, as they allow people to vote far
types from where they usually live.
Poll Site Internet Voting: this kind of election
requires the presence of the polling stations where On the other hand, internet voting system
voters go there to cast their ballots by using suitable is encountered by some problems that many prevent
computers and the officials supervise the election. this system from being wide spread today (CIVTF
At counting stage, a network is used to transfer 2000, CALTECH-MIT 2001, Cranor 2001, IPI 2001,
ballots from each polling place to a center location, Rivest 2001, Rubin 2002). There are three main
where votes are counted and election results are categories by which we can divide these problems.
posted. The first class contains security and fault tolerance
issues inherited from nowadays internet architecture.
Remote e-voting system: indicates casting The users of internet can be forged to be deceived
of ballots from any computer or digital device in the vital services such as DNS name resolution
connected to Internet. This type of open network is (Lioy et al., 2000). The assumptions which come
related to neither time nor place but the associated out of protocols about execution environment leads
risks are great. to the second class of assumption, namely voters
must trust the client machines which they use so as
Kiosk e-voting system: in this model, to act as trusted agents” in personal or multi user
polling station were controlled by election officials computers with different hard to be ensured.
where located in suitable locations such as offices,
schools, etc .The observers oversee and cameras The voting process’s controlling servers
monitor the kiosk voting to overcome the security cannot be unsuccessful, inaccessible or distort the
vulnerabilities and prevent coercion. Challenges voting protocols. Reacting properly to client requests
related to kiosk voting system are considered less or trying to effect the election by acting as a voter
threat than those associated with remote voting. can do protocol distortion. The problems of
communication or machine failures don’t prejudice
At the present time electronic voting has the voting protocol. The third category of problems
become more popular in all over the world. Some includes the difficulties that may arise due to specific
countries that used electronic voting are: the United attacks against a voting protocol or a running
States of America, Brazil, Australia, Canada, election. Useful results may be got from such attacks
Belgium, Germany, Romania, France, Venezuela, by undermining the voting protocol, or damage an
the Philippines, and the European Union, election using DoS (Denial of Service) attacks
Switzerland, Italy, Norway, Romania and the United against the involving machines or applications.
Kingdom. 3
On the other hand, there is another type of
Chaum (Chaum, 1981[9, 10] was the first attack that may happen is the coercion of voters;
person who proposed e-voting and there were such attack is due to the lack of supervision of
several experiences have been done in the last few electoral commissions.
years to facilitate the voting process in elections Because Internet is insecure medium and
besides the traditional paper based, for example of this causes incorrect implementations, many secure
the new voting interfaces and systems are touch electronic voting schemes have been suggested18,
22,25,28,30
screens, SMS messages from cellular phones and to achieve a real electronic voting. 4
distributed voting system using the Internet
(Monteiro 2001, UK-e-Democracy 2003). The prototype that mentioned in this paper
claims to be secure and practical over a network
Internet voting systems are more whereas designed to tackle these problems.
acceptable than the traditional one for more than
one reason for example: people are getting more This paper identifies the requirements of a
used to work with computers to do all kinds of things, secure electronic voting such as: only eligible voters
especially sensitive operations such as shopping should be able to vote, an eligible voter should not
 DARWISH et al., Orient. J. Comp. Sci. & Technol., Vol. 5(2), 161-168 (2012) 163

vote more than once, no one should be able to know is as follows: the voters authenticate and display
how another one vote. encrypted vote then the votes are sent through the
mix-network which in turn doing permuting and
EV system is a blind signature electronic shuffling processes the votes by doing specific
voting system based on RSA and national Public operations to conceal the relationship between the
Key Infrastructure (PKI), which improved the vote and its voter [12]. The major problem in mix-
Estonian e-voting system (2007) but the voters in network’s server is efficiency of proof technique as
EV system insert an e-token for the authentication the servers suffer from cost of calculation for proving
(instead of a Smart card), which has public and that their mixing is true. The 5 blind signature based
private keys, then type their own password to be on voting scheme divides the election authority in
identified by the authentication server and the to two parts, the first is named as an administrator
eligible voters receive an e-certificate from a and the second is named as a tallier, the
certificated authority (CA) server. This would be administrator is allowed to authenticate a voter by
stored in the voter machine to be used in vote casting signing the encrypted vote by the administrator’s
to digitally sign the vote. The using of the e-token signature. The voter then unblinds the signed vote
and e-certificate make the design faster and more and sends it to the tallier who is responsible for
secure. counting the votes through an anonymized
channel7, 23-24.
In this paper we review the major current
approach for the electronic voting systems. Then Several models of electronic voting have
offer a new design that improves the previous work. been proposed in the last few years. The most
In section 2 the related work is stated. In section 3 important features of some of them will be mentioned
the requirements for a secure election system is in here. The first implemented electronic voting
discussed. In section 4 the proposed protocol is system is named SENSUS system (Cranor 1997).
explained. In section 5 the details of new EV protocol The protocol is based upon a scheme proposed by
is explained. Finally conclusions are displayed and Fujioka et al., (1992). Sensus is based on a blind
future work is proposed. signature scheme known as FOO92 21. The main
problem for the Sensus is the vulnerability which
Related Work enables one of the entities participated in the
There are three types of the cryptographic election process refrain to vote and this leads to the
electronic voting scheme which is identified by their fall of these illegal votes into the final tally. Seas
privacy policy as follows: protocols using mix-nets, protocol was proposed by Fabrizio et.al 2005 to
protocols using homomorphic encryption and overcome this weakness but it was proved to be
protocols using blind signature (Forsythe 2005). On inefficient and unrealistic by a protocol is named as
the other hand most of them are not practical and “ Secure Electronic Voting Protocol Based On
unworkable over internet (Sampigethaya 2006). Bilinear Pairings (2005)” 14 . EVOX is another
Here we remember a few examples of each type. implementation depend on the Fujioka et al., ,
scheme Herschberg described the first version in
The main idea of the voting scheme based his Master’s thesis3, and then the EVOX system was
on the homomorphic encryption is to encrypt the improved by EVOX Multiple Administrators (Durette
total votes (using some procedure) and then decrypt (1999)), it was proved that the robustness of EVOX-
the sum without decrypting individual votes16,27. MA is higher than the one of EVOX because of the
weakness of authentication protocol it is not as good
The homomorphic voting is incompetent as it could. There was another version of EVOX that
for election widely due to the cost of calculation and is presented by Ko_er, Krimmer and Prosser in 2003
communication in order to demonstrate and validate which is the main basis of an e-voting system
the vote is relatively high. By the way the voting improved at the Vienna University for Business
scheme depends on homomorphic encryption is far Administration and Economics (Austria) [KKP03].
from real life because the lack of secure. The main This proposal is depending on the blind signature
idea in the voting scheme based on the mix-network technique and divides the voting protocol into two
164 DARWISH et al., Orient. J. Comp. Sci. & Technol., Vol. 5(2), 161-168 (2012)

parts: the registration part and the voting part. REVS which participated in the electoral process. ADDER
(Robust Electronic Voting System) (Joaquim et al.,, system [1] is a free and open source electronic voting
(2003)) extends EVOX-MA to overcome the failed system which is a free open source electronic voting
of distributed components, but does not deal with system which based on homomorphic encryption.
coercion26, 29. Votopia project19 is proposed for the Adder system consists of bulletin board server, an
Soccer World Cup 2002. It is based on PKI, is used authentication server which is done by a Kerberos
to distribute key pairs for each server, using java such as the gatekeeper and client software. In
applet for cryptographic process, but it has been Adder system, it is possible that the authentication
proved that the Votopia project has problems in server is disrupted by an adversary and causing a
proving non-disclosure of the identity of voter. vote- buying and coercion. A prototype of DynaVote
Another project is the Serve (Secure Electronic e-Voting protocol used PVID (Pseudo-Voter Identity)
Registration And Voting Experiment) 13 which is scheme (Cetinkaya 2007-1) is based on blind
based on a PKI, but the project was cancelled signature. The counter authority of DynaVote e-
because problem in anonymity (Schwartz, 2004). Voting prototype may be corrupted if an adversary
GNU.FREE (Free Referenda and Elections can know the voter’s IP over the internet causing
Electronically (GNU, 1999)) 17 which is stand-alone coercion. The electronic voting schemes which
I-voting system and based on java program and based on mix-net schemes are: (1) VoteHere [4]
Blowfish encryption algorithm, but it is showed which is built using the VHTi’s cryptography (Neff,
security vulnerability. ElectMe [5] is based on blind 2001). However this implementation was keen on
signatures and claims to be coercion resistant, but voter-verifiability, the voter couldn’t verify that the
it is showed that an enemy is able to damage the voting machine did not exchange candidates before
election authority because if the enemy learns the providing the codes to him. (2) Scytl Pnyx [6] (Riera
ciphertext of a voter’s ticket, the scheme is not able and Brown, 2004) was implemented in some
to be receipt free. It is showed that ElectMe is not government systems in Europe but a source code
verified in 6 a universal way because the voters can that used in the implementation is not accessible to
verify their votes are registered properly but the the public and (3) SureVote[11] (Chaum, 2004; Vora,
computation of the tally is not verified overtly. The 2004) is introduced by Chaum (2004) which does
Qatari government began working to develop E- not have to permit voters to demonstrate how they
voting system (Khalaf and Luciani, 2008; BTI, 2010). voted, but they can verify that their vote was
Qatar I-voting project [2] based on blind signature. registered in the election system. Homomorphic
It was proved that failure of the counting stage in encryption was implemented in many European
providing evidence that all the votes were counted, Union projects (e.g. CyberVote (2008). It has been

Fig. 1: Indicates to the previous steps

 DARWISH et al., Orient. J. Comp. Sci. & Technol., Vol. 5(2), 161-168 (2012) 165

showed that CyberVote[8] is vulnerable to attack prove that he or she voted in a particular way
from the client side and such attacks lead to loss of (receipt-freeness).
privacy of voters, vote buying Which affects on the
integrity of the election.and E-Vote [15](Gilberg, Vote Verifiability
2003) which is based on Paillier homomorphic votes must be verified independently by
encryption (Damgård, Groth and Salomonsen, 2003. their voters that were inserted in final tally and must
be counted correctly.
Requirements for an election system
Researchers have identified a set of No coercion
requirements for a secure electronic voting protocol: it occurs when an adversary ordered the
voter who may relate to him to vote in a certain way,
Security Requirements the voter can deceive the adversary. Even if the
The security has an important role in any adversary forced the voter to reveal his keys or to
voting process and as especially e-voting process refrain from voting, the adversary cannot be able to
because the internet seems to be unsecure determine whether the voter cast according to the
environment. adversary’s instruction or not.

In order to that the electronic voting system Democracy

works without vulnerabilities, it must be implemented Each eligible voter has the right to cast his
according to safe design. Despite the complexity of vote and is not allowed for anyone to vote for others.
the design and 7 implementation of this system, it
appears that some standards are accepted Robustness
completely as the basic security requirements for The system must be secure and non-
e-voting. infiltrated by adversaries by preventing any harmful
behavior of voters, authorities or strangers. A token
Voter authentication is necessary to participate in the voting protocol.
It must be ensured that only eligible voter
is allowed to vote and that just one vote per voter is There are additional requirements that deal
tallied. with public security properties of the system
´ implementation. For example the system should be
Voter privacy trusted, user friendly, transparency, based on open
While it must be ensured that a just the computer architectures and open source software etc.
eligible voters can cast a ballot, it must be impossible
to connect the voter identity with the content of his/ Some of the above mentioned
her cast vote. requirements are contradicting each other. For
example, in the voter privacy the ballot cannot be
Accuracy of the Election Results connected to the voter. This contradicts with the
The system is accuracy when all caste verifiability property which is requiring that each
votes cannot be modified, copied, validated votes voter can verify his/her vote is counted.
cannot be removed from the final result and invalid
votes should not be counted from the final result. System Wide requirements
Digital signature is used to prevent any attack on In this section the system wide
the votes. For accuracy, uniqueness should be requirements is mentioned that are related to the
applied in the election system by using a token which implementing voting protocols.
is unique.
Voter convenience
Intermediate result privacy The voters should vote without reference
A system is private if no casted ballot can to the voting authorities complete the voting
be linked to its voter (anonymity) neither by election procedures. This must happen with the existence a
authorities nor by anyone else, and no voter can minimum of skills and equipments8.
166 DARWISH et al., Orient. J. Comp. Sci. & Technol., Vol. 5(2), 161-168 (2012)

Voter mobility is eligible or not. A Certificate Authority (CA) server

The voter can participate in an election sends an e-certificate to the eligible voters. The e-
from any location without constrains. certificate would be stored in the voting machine to
be used in vote casting to digitally sign the vote.
Flexibility
A flexible system is achieved if a variety The authentication of e-voting system and
ballot question formats is permitted with the voter’s digital signature are applied by using the EV’s
existence of different languages and the possibility Public Key Infrastructure.
of dealing with many types of election processes. ´ An authenticated voter selects his candidate
from the network server
Efficiency ´ The EV system encrypts the vote by using
The system is effective if the number of his public key.
voters and the participation of the authorities in the ´ The voter signs the encrypted ballot by using
protocols is equivalent to the amount of computer his private key in the token.
and communications. ´ Network Server compares whether the
session owner is the same person who had
Proposed protocol signed the encrypted ballot and in case of
The proposed protocol in this paper can positive acknowledgment, transfers the
explain the stages of the electronic voting are as signed and encrypted ballot to Votes Storing
follow: Server. Votes Storing Server connects to the
´ Voter Registration Certification Authority and provides the
´ Voter Authentication attestation of digital signature validation. The
´ Voting process system replies to each correctly cast vote with
´ Counting Phase a receipt Response. Response is a text type
file and consists of the information about
The electronic voting system must meet the reception of ballots.
requirements of the voting so the proposed EV ´ The EV system received the signed and the
system will try to focus on solving security encrypted votes to the counting server
requirement such as integrity, authentication, ´ The counting server decrypts the signed and
confidentiality and verifiability by implementing some the encrypted votes by using his private key
protocols that guarantee a more secure and stable ´ Non-accepted encrypted votes are saved into
e-voting system. the log file.
´ The counting server counts the valid votes
The EV system is based on blind signature, and saves it into the log file.
which is not associated with the real identity of the ´ After that the counting server outputs the final
voter to achieve anonymity in electronic voting result of the election.
protocol. The basic scenario of the protocol over
Internet is as follows: Prototype
´ Voter obtains a token from the CA In section 3, we briefly described the
government. Voting token like a secure USB, requirements of e-voting system and note that there
this is valid for the voting process only that are some contradictions between the requirements,
contains the voter name, his public and so we try to overcome these difficulties by
private key. The verification code is different implementing EV system. In this section, we created
for every voting token. a prototype for this scheme. The prototype imitates
´ He accesses to the voting web page to make user interaction with the remote authority and with
the registration. the local voting machine. VS was fully implemented
´ He enters the token to the voting machine to in java, enabling it to be installed and executed on
provide his personal data for authentication. an computational platform .In order to implement
this scenario we have developed a client/server web
The authentication server checks if the voter application with java.
 DARWISH et al., Orient. J. Comp. Sci. & Technol., Vol. 5(2), 161-168 (2012) 167

For encryption we used RSA based CONCLUSION

national public key infrastructure (PKI) and we used
also a database namely MySQL5.0 to store election In this paper we have proposed a secure
data. electronic voting scheme. The prototype has been
developed that implements the entire EV protocol
For authentication, a voter connects to NS over Internet. The prototype includes implementation
by using https protocol. After election times out, all of EV scheme component as well. In addition, the
election data in server databases are exported by scheme also meets all the electronic voting
authorities. These exported data are sent to counter requirements: anonymity of voters, accuracy of
server in an offline way. Counter server starts voters, collision freedom, tally correctness,
counting process and after tabulation process it verifiability, and double voting detection. So far, there
opens a pop window that show the winner and the are few methods to meet all the electronic voting
number of cast votes for each candidates and their requirements, especially double voting detection.
percentage. Moreover, the scheme is suitable for large-scale
elections and does not require any special voting
channel.

REFERENCES

1. Aggelos Kiayias, Michael Korman and David Scheme for Large Scale Elections. In
Walluck. An Internet Voting System International Conference on the Theory and
Supporting User Privacy. In Annual Computer Applications of Cryptographic Techniques
Security Applications Conference, pages (EUROCRYPT), pages 244–251,
165–174, Miami Beach, Florida, (2006). Balatonfured, Hungary, (1992).
2. Alkhelaifi, M, Alja‘am, J. and Al-Sayrafi, M. 8. CyberVote, Deliverable D6: Report on Review
Towards an Electronic Voting System for the of Cryptographic Protocols and Security
State of Qatar (2009). Techniques for Electronic Voting” Version 1.0,
3. A.M. Shubina and S.W. Smith. Design and European Commission Research Contract
prototype of a coercion resistant, voter IST-1999-20338, 55 (2002).
verifiable electronic voting system. In Proc. 9. D.Chaum, Blind signature systems, in
of Conference on Privacy, Security and Trust, Proceedings of Advances in Crypto’83, New
pages 29–39 (2004). York, USA, p.153 (1983).
4. A. Neff and J. Adler, Verifiable e-Voting, 10. D.Chaum, Election with unconditional-secret
www.votehere.net/vhti/ documentation/ ballots and distribution equivalent to breaking
verifiable e-voting.pdf (2003). RSA, in Proceedings of Advances in EURO-
5. Anna M. Shubina and Sean W. Smith. Design CRYPT’83, Davos, Switzerrland, pp.177-182
and Prototype of a Coercion-Resistant, Voter (1988).
Verifiable Electronic Voting System. In Proc. 11. D. Chaum. Secret-Ballot Receipts: True Voter-
of Conference on Privacy, Security and Trust, Verifiable Elections. IEEE Security & Privacy,
pages 29–39, Fredericton, New Brunswick, 2(1): 38-47 (2004).
Canada (2004). 12. D.Chaum, Untraceable electronic mail, return
6. A. Riera and P. Brown. Bringing Confidence addresses and digital pseudonyms,
to Electronic Voting. EJEG, 2(1), CHAUM, D. Communications of the ACM, 24(2): pp.84-
Secret ballot receipts: true voter-verifiable 88 (1981).
elections. IEEE: Security and Privacy 13. D. Jefferson, A.D. Rubin, B. Simons, D.
Magazine 2(1): 38-47 (2004). Wagner. A Security Analysis of the Secure
7. Atsushi Fujioka, Tatsuaki Okamoto and Electronic Registration and Voting
Kazuo Ohta. A Practical Secret Voting Experiment (SERVE). 2004.
168 DARWISH et al., Orient. J. Comp. Sci. & Technol., Vol. 5(2), 161-168 (2012)

14. F. Baiardi, A. Falleni, R. Granchi, F. Martinelli, without untappable channels. In: 13E. Kluwer;
M. Pet-rocchi and A. Vaccarelli, SEAS, a p. 683-94 (2001).
Secure e-Voting Protocol: Design and 23. Miyako Ohkubo, Fumiaki Miura, Masayuki
Implementation, Computers & Security, Vol. Abe, Atsushi Fujioka and Tatsuaki Okamoto.
2, No. 8, 2005, pp. 642-652. doi:10.1016/ An Improvement on a Practical Secret Voting
j.cose.2005.07.008. Scheme. In Information Security Workshop,
15. J. Gilberg. E-VOTE: An Internet-based pages 225–234, Kuala Lumpur, Malaysia,
Electronic Voting System: Consolidated (1999).
Prototype 2 Documentation. Technical Report 24 Tatsuaki Okamoto. Receipt-Free Electronic
e VOTE/WP 7/D7.4/3.0/29-05-2003, May Voting Schemes for Large Scale Elections.
2003. http://www.instore.gr/evote/evote end/ In Security Protocols Workshop, pages 25–
htm/ 3public/doc3/public/public deliverables/ 35, Paris, France (1997).
d7 4/Consolidated Docu final.zip. 25. Ray I, Narasimhamurthi N. An anonymous
16. Josh Daniel Cohen Benaloh. Verifiable electronic voting protocol for voting over the
Secret-Ballot Elections. Ph.D. Thesis, Yale internet. In: Proceedings of WECWIS’01.
University, September 1987. IEEE;. p. 188-91 (2001).
17. J. Kitcat , GNU, 1999, Gnu. free referenda 26. Ricardo Lebre, Rui Joaquim, Andr´e
and elections electronically. Available on: Z´uquete, and Paulo Ferreira. Internet Voting:
h t t p : / / w w w. g n u . o r g / s o f t w a r e / f r e e / Improving Resistance to Malicious Servers
(abandoned). in REVS. In Proc. of IADIS International
18. Karro J, Wang J. Towards a practical, secure, Conference on Applied Computing, Lisbon,
and very largescale online election. In: Portugal, (2004).
Proceedings of ACSAC’99. IEEE; p. 161e9 27. Ronald Cramer, Rosario Gennaro and Berry
(1999). Schoenmakers. A Secure and Optimally
19. K. Kim. Killer Application of PKI to Internet Efficient Multi-Authority Election Scheme. In
Voting. In IWAP 2002. Springer Verlag, International Conference on the Theory and
Lecture Notes in Computer Science No. 1233 Applications of Cryptographic Techniques
(2002). (EUROCRYPT), pages 103–118, Konstanz,
20. K. Sako and J. Kilian. Secure Voting Using Germany, (1997).
Partially Compatible Homomorphisms. In 28. Rubin AD. Security considerations for remote
International Cr yptology Conference electronic voting Communications of the
(CRYPTO), pages 411–424, Santa Barbara, ACM 45(12): 39-44 (2002).
California, (1994). 29. Rui Joaquim, Andr´e Z´uquete, and Paulo
21. L. F. Cranor and R. K. Cytron. Sensus: A Ferreira. REVS—A Robust Electronic Voting
security-conscious electronic polling system System. In Proc. of IADIS International
for the Internet. In Proc. of IEEE Hawaii Conference on e-Society, Lisbon, Portugal,
International Conference on Systems (2003).
Science, 561-570 (1997). 30. Ryan P, Bryans J. Security and trust in digital
22. Magkos E, Burmester M, Chrissikopoulos V. voting systems. In: Proceedings of FAST’03.
Receipt-freeness in large-scale elections Tech Rep. IIT TR-10/2003; p. 113e20 (2003).