Government Information Quarterly 28 (2011) 239–251

Contents lists available at ScienceDirect

Government Information Quarterly

j o u r n a l h o m e p a g e : w w w. e l s e v i e r. c o m / l o c a t e / g o v i n f

Securing e-Government and e-Voting with an open cloud computing architecture

Dimitrios Zissis ⁎, Dimitrios Lekkas
Department of Product and Systems Design Engineering, University of the Aegean, Ermoupolis, Syros, GR-84100, Greece

a r t i c l e i n f o a b s t r a c t

Available online 12 March 2011 The idea, the concept, and the term, that is cloud computing, has recently passed into common currency and
the academic lexicon in an ambiguous manner, as cloud dust is being sprinkled on an excess of emerging
Keywords: products. Exorcising complexity and protecting against the caprice of the moment, this paper explores the
Cloud computing notion behind the hype of cloud computing and evaluates its relevance to electronic government and
Electronic voting electronic voting information systems. This paper explores increasing participation and sophistication of
Electronic government
electronic government services, through implementing a cloud computing architecture. From an Information
Information and communication security
and Communication Security perspective, a structured analysis is adopted to identify vulnerabilities, involved
in the digitalization of government transactions and the electoral process, exploring the notion of trust and
transparency within this context. In turn, adopting a cloud computing approach for electronic government
and electronic voting solutions is investigated, reviewing the architecture within the previously described
context. Taking a step further, this paper proposes a high level electronic governance and electronic voting
solution, supported by cloud computing architecture and cryptographic technologies, additionally identifying
issues that require further research.
© 2010 Elsevier Inc. All rights reserved.

1. Introduction numerous information policies and instruments have made electronic

governments a global reality. Since their initial introduction, electronic
In the 1960s, few could have predicted the impact that an government services have been continuously maturing, evolving in both
undersized academic network of four mainframe computers, residing availability and sophistication. e-Governments have been progressing
at different universities and research centers, would have on the from an “initial online presence, through a limited number of individual
future of communications. This was the predecessor to today's governmental pages,” towards a “totally integrated presence, which has
internet, which currently has approximately 1.4 billion users world- the ability to cross departments and layers of government” (Capgemini,
wide (Wolfram Alpha, 2009). High speed internet connections (i.e. 2009). The EU Ministerial Declaration of 2009 (EU Ministerial
broadband connections) are now being perceived as a basic Declaration on e-Government, 2009), in accordance with relevant
commodity in the global village's market, and are treated as key initiatives globally (e.g. U.S. Federal Cloud Computing Initiative, 2009; e-
economic indicators. Information Systems (IS) and technological Government Act of 2002, December 17, 2002; and Memorandum for
innovations have emerged as central actors responsible for storing, chief information officers, 2007), determines the next generation of e-
processing and providing accurate information on request. The global Government goals and objectives. This strategic plan is a multistep
economy is being shaped through the demand on technological process aimed at overcoming economic, social, and environmental
innovations and information systems, which in turn pressurizes the challenges, which, in turn, will lead to a more open, flexible, and
knowledge curve to constantly meet with the continuous shift in collaborative electronic government. Improving collaboration between
requirements. citizens and government agencies is critical to the success of these
At the dawn of the third millennium, countries and states around the initiatives, as it will lead to increasing the efficiency and effectiveness of
world are exploring new frontiers by attempting to connect with their its services. Fulfilling these goals will provide economies of scale and
citizens through novel technologies. In relation to technological knowledge for governments and society. Developing more inclusive
progress, exploring methods of increasing involvement in democracy services that will help bring down barriers experienced by digitally or
and sovereign institutions has taken center stage, as electronic socially excluded groups is identified as a necessity. These initiatives,
participation channels present a bi-directional communication gateway which aim to provide better public services, are delivered with fewer
between the “people” and their elected representation. In these years, resources by optimizing the use of available resources and instruments,
while improving organizational processes and promoting a sustainable
low-carbon economy.
⁎ Corresponding author. The goals and objectives identified by EU'09 (EU Ministerial
E-mail addresses: [email protected] (D. Zissis), [email protected] (D. Lekkas). Declaration on e-Government, 2009) serve as a framework for

0740-624X/$ – see front matter © 2010 Elsevier Inc. All rights reserved.
doi:10.1016/j.giq.2010.05.010
240 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251

achieving successful progression to the next generation of electronic Additionally this paper identifies issues related to cloud computing
governments. Fig. 1 represents the goals and objectives (soft goals) which require further research.
identified in the EU'09 initiative.
Following a goal-driven methodology, this paper is structured 2. Literature review
around accomplishing the main goals identified in the EU'09 initiative
and relevant regulations, including the improvement of collaboration Several concepts that are used throughout the manuscript are
in e-Government through increasing business interoperability and discussed in this section, including electronic democracy, electronic
citizen participation, while achieving the objectives of openness, voting and electronic participation. The first section of this paper then
flexibility, and sustainability. The first section of this paper introduces goes on to introduce a new technology and operational model for
a new technology and operational model for Information Systems (IS), Information Systems (IS), cloud computing, and systemically explore
cloud computing, and systemically explores the benefits gained from the benefits gained from its application to e-Government.
its application to e-Government. In the following section, electronic
voting is introduced as a critical element for improving citizen 2.1. Introduction of terms electronic democracy and e-Voting
collaboration through increasing citizen participation in the decision
making process. As security is identified as the main barrier to the Since the publication of “the nerves of government” (Deutsch, 1963),
wide deployment of electronic voting IS, the notion of security is information and communication technologies (ICT) have been consid-
investigated within this context. Following a deductive analysis and ered vital for political systems. Information and communication
extensive literature review, a number of information security threats technologies were recognized to have tremendous administrative
and vulnerabilities are documented, leading to specific design “potential” (Yildiz, 2007), and ICTs could help create a networked
principles essentially incorporated in a proposed solution. The structure for interconnectivity (McClure & Bertot, 2000), service delivery
research methodology that is adopted towards achieving this goal is (Bekkers & Zouridis, 1999), efficiency and effectiveness (Heeks, 2001a,b),
based on software engineering and information systems design interactivity (DiCaterino & Pardo, 1996), decentralization, transparency
approaches. The basic steps for designing the system architecture (La Porte, De Jong, & Demchak, 1999), and accountability (Ghere & Young,
include the collection of requirements and the analysis of abstract 1998; Heeks, 1998, 1999; McGregor, 2001).
functional specifications. The collection of requirements and related e-Government is defined as “utilizing the internet and the world-
functions is based on reviewing existing regulatory frameworks, such wide-web for delivering government information and services to
as those published by the National Institute of Standards and citizens” (UN&ASPA—United Nations/American Society for Public
Technology (NIST) and other organizations. A systematic analysis of Administration, 2002). In addition to the internet and the web, e-
cloud computing, once it is weighed against identified requirements, Government may also include using other ICTs such as “database,
leads to the proposal of a high level electronic governance and networking, discussion support, multimedia, automation, tracking
electronic voting solution, supported by cryptographic technologies. and tracing, and personal identification technologies.” (Jaeger, 2003,

Fig. 1. Goals and objectives (soft goals) identified in the EU'09 initiative.
 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251 241

p. 323). Electronic democracy is identified as the electronic represen- As an increasing number of countries and states consider
tation of democratic processes (Von Lucke & Reinermann, 2004), implementing e-Voting systems, electronic voting security has
which in turn are divided into three sub-processes (Parycek, 2003): become an all important issue, as concerns over privacy and
confidentiality issues are often raised. It is a common fact that back-
• Acquisition of information,
end computers are already an integral part of almost all elections held
• Formation of an opinion, and
internationally. Even in countries not officially exploring electronic
• The decision itself.
voting, back end computer systems are most possibly introduced at
Empowered by timely information and by deliberations of the some stage of the electoral process, either for ballot counting or for
discursive community, citizens may effectively participate in decision voter list generation. These back-end “uncertified” computers hold
making processes, for example e-Referenda. The internet can be more dangers than an efficiently designed and protected electronic
perceived as an evolution of current communication linkages between voting system. e-Government and e-Voting IS's handle an immense
political representatives and citizens. The process of using ICT to amount of critically sensitive information, which requires the
engage the public in democratic processes is named electronic preservation of data confidentiality, integrity, and availability, at all
participation. e-Participation can be understood as technology- costs. Additionally, system security should guard the principles of
mediated interaction, between the civil society sphere and the formal authenticity and uniqueness of data, and implement non-repudiation
politics sphere and between the civil society sphere and the of communications. Novel solutions are constantly explored to
administration sphere (Clive Sanford, 2007). The task of e-Participa- counteract these imminent threats.
tion is to empower people with ICT so as to be able to act in bottom-up
decision making processes, to make informed decisions, and to 2.2. Cloud computing
develop social and political responsibility. Therefore, e-Participation is
a means of empowering the political, socio-technological, and cultural Throughout computer science history, numerous attempts have
capabilities of individuals and affording people the opportunity to been made to shift users from computer hardware needs and from
involve and organize themselves in the information society (Fuchs, time-sharing utilities envisioned in the 1960s and the network
Bernhaupt, Hartwig, Kramer, & Maier, 2006). computers of the 1990s to the commercial grid systems of more
It is apparent that the terms electronic democracy and electronic recent years. This abstraction is steadily becoming a reality as a
voting are interoperably linked. Electronic voting is a vital and number of academic and business leaders in this field of science are
indispensable aspect of electronic democracy. Electronic voting has spiraling towards cloud computing. Cloud computing is an innovative
the capacity to engage citizens in a wider spectrum than what is IS architecture, visualized as what may be the future of computing, a
currently available in a conventional electoral process. Electronic driving force demanding from its audience to rethink their under-
voting (e-Voting) provides citizens with a means to express their standing of operating systems, client server architectures, and
timely opinion on civil affairs involving, for example, legislation, browsers.
election of representatives, etc. Currently, a universally acceptable Cloud computing is a model for enabling convenient, on-demand
definition for e-Voting is lacking. The term is being ambiguously used network access to a shared pool of configurable computing resources,
for a variety of IS with a wide spectrum of tasks, ranging from vote (e.g., networks, servers, storage, applications, and services) that can be
casting over electronic networks to electronic voter registration. rapidly provisioned and released with minimal management effort or
In general, two main types of e-Voting can be identified service provider interaction (National Institute of Standards and
(Buchsbaum, 2004): Technology (NIST), 2009). The name cloud computing was inspired by
the cloud symbol that is often used to represent the internet in flow
• e-Voting: Voting is physically supervised by representatives of
charts and diagrams. A distinct migration to the clouds has been taking
governmental or independent electoral authorities (e.g. electronic
place over recent years with end users maintaining a growing number of
voting machines at polling stations or municipal offices, or at
personal data, including bookmarks, photographs, music files, etc. on
diplomatic or consular missions abroad); and
remote servers accessible via a network.
• Remote e-Voting: Voting is within the voter's sole influence, and is
Cloud computing is empowered by virtualization technology, a
not physically supervised by representatives of governmental
technology that actually dates back to 1967, but that for decades was
authorities (e.g. voting from one's own or another person's
available only on mainframe systems. In its quintessence, a host
computer via the internet (i-voting), by touch-tone telephones, by
computer runs an application known as a hypervisor; this application
mobile phones (including SMS), or via Digital TV, or at public open-
creates one or more virtual machines, which simulate physical
air kiosks — which themselves are venues and frames for different
computers so faithfully, that the simulations can run any software,
machines, such as PCs or push-button voting machines, with or
from operating systems, to end-user applications (Naone, 2009). The
without smart card readers).
software “supposes” it has physical access to a processor, network, and
In this paper, the term e-Voting is used to represent remote electronic disk drive. Virtualization is a critical element of cloud implementations
voting performed within the voter's sole influence (remote internet and is used to provide the essential cloud characteristics of location
voting). independence, resource pooling, and rapid elasticity (explained in detail
Despite controversies surrounding e-Voting, electronic voting in the following section). Differing from traditional network topologies
systems are gradually replacing traditional paper-based ones, in (e.g. a client server), cloud computing is able to offer flexibility and
many countries. Numerous governments are currently in the process alleviate traffic congestion issues.
of evaluating electronic voting solutions. They are holding a At a low level, a hardware layer, a number of physical devices,
succession of trials and pilots to determine the benefits and including processors, hard drives and network devices, are located in
drawbacks offered by their deployment. Electronic voting enables data centers, independent from geographical location, which are
citizen deliberation, by providing a method for efficiently expressing responsible for storage and processing needs. The combination of
timely opinion on matters of state, thus improving citizen's software layers, the virtualization layer, and the management layer
participation in the democratic processes. e-Voting provides a allows for the effective management of servers. The virtualization
macroeconomic, cost-efficient method for increasing election accura- layer allows a single server to host many virtual servers, each of
cy and efficiency. Additionally, by escalating usability and accessibil- which can operate independently of the others. The management
ity, these Information Systems aim at increasing transparency and layer monitors traffic and responds to peaks or drops with the
openness in democracy. creation of new servers or the destruction of non-necessary ones.
242 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251

Beyond the software layers are the available service models, which 7) Sustainability. Sustainability comes about through improved
are: resource utilization, more efficient systems, and carbon neutrality.
8) Open free software. The need for openness and interoperability is a
1) Infrastructure as a Service (IaaS). IaaS provides the consumer with
driving force for designing and implementing cloud infrastruc-
the capability to provision processing, storage, networks, and
tures, and for moving towards open source software solutions. The
other fundamental computing resources, and allows the consumer
massive scale of many clouds, combined with the need for many
to deploy and run arbitrary software, which can include operating
software licenses, encourages the use of free software in the
systems and applications.
development of cloud architectures. To prevent vendor lock-in,
2) Platform as a Service (PaaS). PaaS provides the consumer with the
open APIs, open data formats, and standards implemented through
capability to deploy consumer-created or acquired applications,
open-source reference models are vital requirements.
which are produced using programming languages and tools
9) Advanced security technologies. Cloud implementations often
supported by the provider, onto the cloud infrastructure.
contain advanced security technologies, which are mostly avail-
3) Software as a Service (SaaS). SaaS provides the consumer with the
able due to the centralization of data and universal architecture.
capability to use the provider's applications running on a cloud
The homogenous, resource-pooled nature of the cloud enables
infrastructure. The applications are accessible from various client
cloud providers to focus all of their security resources on securing
devices, through a thin client interface, such as a web browser
the cloud architecture. At the same time, the automation
(e.g., web-based email).
capabilities within a cloud, combined with the large focused
Four deployment models have been identified for cloud architec- security resources, usually result in advanced security capabilities.
ture solutions and are described below.
Maintaining a perspicacious vision is essential in a field that is
1) Private cloud. The cloud infrastructure is operated for a private evolving exponentially. Cloud computing is not a panacea and many
organization. It may be managed by the organization or a third believe it to be little more than market-driven hype. Cautiousness is
party, and may exist on premise or off premise. necessary, so as not to be carried away by the caprice of the moment.
2) Community cloud. The cloud infrastructure is shared by several In its quintessence, cloud computing has the capability to address a
organizations and supports a specific community that has number of identified deficiencies of traditional architectures. Progress
communal concerns (e.g., mission, security requirements, policy, requires its audience to rethink their understanding of solid notions
and compliance considerations). It may be managed by the such as, the network and personal computers.
organizations or a third party, and may exist on premise or off
premise. 3. Meeting the first goal-increasing collaboration between
3) Public cloud. The cloud infrastructure is made available to the agencies and federal institutions
general public or a large industry group and is owned by an
organization selling cloud services. Public sector processes are often regarded as problematic, as
4) Hybrid cloud. The cloud infrastructure is a composition of two or concerns are expressed of delay, mismanagement, and dysfunction-
more clouds (private, community, or public) that remain unique ality, all of which contribute to the inefficiency of public services. The
entities, but are bound together by standardized or proprietary explosion of the internet and the rapid e-Government push brought
technology that enables data and application portability (e.g., many of these problems online. Diversity of tools and data formats
cloud bursting for load-balancing between clouds) (NISp & Peter between agencies and business partners led to the degeneration of
Mell, 2009). data quality and accuracy used in transactions with e-Governments.
In addition, the variety of tools employed deteriorated cooperation
Cloud computing is viewed as one of the most promising
and generated cross-agency collaboration barriers. Research has
technologies in computing today, inherently able to address a number
shown that these selections also took their toll on end users, as
of issues. A number of key characteristics of cloud computing have
usability of public services declined through their diversity and
been identified (Sun Microsystems, 2009; Reese, 2009; NISp and Peter
complexity (Wimmer, 2002; Verdegem & Verleye, 2009). There is a
Mell, 2009; Buyya, Yeo, & Venugopal, 2008; Buyya, Yeo, Venugopal,
growing expectation from citizens and businesses for their govern-
Broberg, & Brandic, 2009; Peter Mell, 2009):
ments to be more open, flexible, and collaborative. ICT has reached a
1) Flexibility/elasticity. Users can rapidly provision computing level of impact that goes well beyond technological boundaries; it is
resources, as needed, without human interaction. Capabilities identified as an important enabler capable of delivering policy goals
can be rapidly and elastically provisioned, in some cases across different sectors, widening collaboration, increasing adminis-
automatically, to quickly scale out or up. trative efficiency and effectiveness, and bridging social diversities.
2) Scalability of infrastructure. New nodes can be added or dropped Electronic government policies need to contribute to making the
from the network as can physical servers, with limited modifica- benefits of ICT reach the people, by providing more feasible and
tions to infrastructure set up and software. efficient solutions that improve citizen, intergovernmental and
3) Broad network access. Capabilities are available over the network business access to information, and services by supporting interop-
and accessed through standard mechanisms that promote use by erability and collaboration. A systemic approach is required, which
heterogeneous platforms (e.g., mobile phones, laptops, and PDAs). will ensure interoperability by implementing standards which enable
4) Location independence. There is a sense of location independence, cooperation, while supporting these attempts by incorporating into
in that the customer generally has no control or knowledge over the country's legal system suitable measures relating to ICT.
the exact location of the provided resources. Recently, the U.S. federal cloud computing initiative was pub-
5) Reliability. Reliability improves through the use of multiple lished, which is a service oriented approach, whereby common
redundant sites, which makes cloud computing suitable for infrastructure information and solutions can be shared across the U.S.
business continuity and disaster recovery. government (National Institute of Standards and Technology (NIST),
6) Economies of scale and cost effectiveness. Cloud implementations, 2009). The overall objective is to create a more agile federal enterprise
regardless of the deployment model, tend to be as large as possible using cloud computing architecture by which services can be reused
in order to take advantage of economies of scale. Large cloud and provisioned on demand to meet business needs. This endeavor
deployments can often be located close to cheap power stations can be viewed as an opening step into computing clouds, which is
and in low-priced real estate in order to lower costs. primarily focused on applications dealing with less sensitive data.
 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251 243

These initiatives hold the capacity to expand into the building blocks Table 1
of a universal e-Government solution supported by cloud infrastruc- An evaluation of cloud computing in relation to electronic government.

ture, whereby computing resources and tools can be uniformly shared Performance Product
between agencies and citizens while increasing participation. criteria
The U.S. federal cloud computing initiative provides a high-level Efficiency –Provides uniform access to data and applications
overview of the key functional components for cloud computing Effectiveness –Improves data quality
services for the government. –Improves quality of services
Strategic –Provides uniformity of solution
• Citizen adoption (Wikis, blogs, social networking, collaboration and benefits –Introduces new services
participatory tools) –Integrates existing infrastructure deployments
Transparency –Constant evaluation and control of services and application
• Government productivity (email/IM services, office automation usage, reduction of expenses
etc.)
• Government enterprise applications (business applications, core tasks can benefit from increased computational resources, available
mission applications, and legacy applications) due to the elasticity of cloud computing services. The architectural
As initiatives across the globe are attempting to improve characteristics can support the deployment of additional “citizen to
organizational processes and cooperation between federal institu- citizen” and “business to business” tools, which can increase
tions and businesses, it is crucial to unify tools and infrastructure into participation and electronic governance performance. The central-
a common platform. Cloud computing offers an operational model ization of data, improves data quality and availability, increasing the
that can digitally amalgamate geographically remote data centers into efficiency of related business processes.
a common infrastructure, providing a principal gateway to govern- 2) Cost efficiency. Cloud computing proposes many cost effective
ment related services and data. Cloud computing leverages existing gains and business drivers. Cloud computing deployments benefit
infrastructure and provides public services while using fewer from economies of scale, as purchasing hardware is performed in a
resources, reducing carbon emissions, and contributing to wider large scale and data centers can be deployed at geographical
carbon-reduction targets. locations, with lower overheads, (such as real estate, electricity,
Federal institutions adopting a cloud computing operating model etc.). Due to the elasticity of services provided, energy efficiency
benefit from the concentration of data; centralization leads to greater and power savings reduce overall expenditure. The cost of human
consistency and accuracy. Unifying remote data centers into a resources may additioally be reduced, as it will not be required for
universal solution overcomes problematic issues of data consistency, all agencies to staff technical teams and powerful management
(federal agencies maintaining out-dated archives, several data automation characteristics can alleviate the load put on adminis-
formats in use etc.). The risks that are involved with the adoption trative teams. Furthermore, the use of open source software
of proprietary software and data formats for the long term survival of solutions can minimize costs, which, in turn, can reduce the need
data are enormous. The adoption of proprietary standards and for multiple licenses in the cloud.
software models, which lock data into a specific model, can 3) Scalability. In addition to cloud infrastructure's ability to scale to
jeopardize system security, privacy, and interoperability. The demand, either horizontally or vertically though virtualization,
creation of a truly competitive computing marketplace that allows hardware servers can be added to the infrastructure in a complex
for portability and easy switching between providers requires a free manner.
triumph of open APIs, open data formats, and standards that are 4) Resiliency and business continuity. Deploying data centers at
implemented through open-source reference models (Wardley, multiple geographical locations – often referred to as availability
Goyer, & Barcet, 2009). zones – guarantees availability of services, if a specific data center
The centralization of data and application solutions holds the fails. In the instance of a disaster, sophisticated network rerouting
capacity to provide additional tools, thereby enhancing timely ensures business continuity.
communications and control. Reducing the time required to access 5) Maintainability. Centralization of IT infrastructure simplifies
both data and applications, not only across the federal structure but monitoring and maintenance tasks.
also between business partners, generates stronger collaboration. 6) Security. The cloud computing model provides a plethora of
Leveraging existing remote infrastructures into a common IS reduces information and communication security benefits, including
installation and monitoring time and expenses, and focuses on centralization and unification of the security infrastructure.
improving quality. By centrally managing, developing, implement-
ing, and assessing IS's costs can be amortized across the federal
4. Achieving the second goal: Increasing citizen participation by
structure.
enabling secure electronic voting
It is imperative to follow a methodological framework for the
assessment and analysis of electronic government proposals, as there
This section explores increasing citizen participation in governance
are many technical, organizational, and institutional elements to be
by enabling electronic voting. As electronic voting security is essentially
considered. This paper adopts a framework proposed by Montagna
identified as the main barrier to the wide deployment of electronic
(2005), which enhances previous works done by several scholars, that
allows determining whether proposed initiatives are suitable for
governmental action and determines the benefits provided in a Table 2
multidimensional approach. This framework also evaluates initiatives An evaluation of cloud computing in relation to electronic government from the
perspective of "time".
regarding the dimensions characterizing e-Government actions,
products (Table 1), time (Table 2), distance (Table 3), interactions Performance criteria Time
(Table 4), and procedures. Efficiency –Reduces time required to access applications and data
Adopting a cloud infrastructure for electronic government pre- –Reduces time required for installations and modifications
sents a number of business drivers. –Reduces monitoring time
Effectiveness –Applications and resources available on demand
1) Performance. The cloud computing model increases cross-agency Strategic benefits –Timely opinion and expression
collaboration, as tools and data can be deployed upon demand, –Possibility of real time cooperation across agencies
Transparency –Timely control
reducing any additional overhead. Business and citizen related
244 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251

Table 3 network. Clouds can enhance electronic participation by providing the

An evaluation of cloud computing in relation to electronic government from the means for wider citizen involvement, bringing down barriers
perspective of "distance".
experienced by digitally or socially excluded groups.
Performance Distance Cloud computing provides a single access point towards a gateway of
Criteria interaction with government information, personal information and
Efficiency –Overcomes geographical difficulties government representatives, presented through an online desktop
–Crosses agency and boundaries cooperation application for all citizens. Through SaS, a surplus of applications can be
–Reduces distribution and delivery cost
provided, including social networking and collaboration tools, crypto-
–Improves data quality due to centralization and uniformity
–Improves data accuracy due to centralization and uniformity graphic functions, electronic voting functions, information services, email,
Effectiveness –Improves communication and interaction etc., thereby linking supportive infrastructure with services supplied.
Strategic benefits –Introduces new services independent of geographical
location 4.2. The importance of enabling secure e-Voting
–Hybrid centralization
Transparency –Access services and data independently from geographical
location An abundance of global initiatives are focusing on increasing
citizen–government collaboration. Collaboration in this context is
defined as a recursive process where citizens and federal institutions
voting IS, the notion of security is investigated within this context. cooperate in an intersection of common goals. To achieve this goal,
Following a deductive analysis and extensive literature review, a mechanisms for effective citizen participation are constantly being
number of information security threats and vulnerabilities are docu- explored “in order to complement the know-how of government
mented, leading to specific design principles essentially incorporated in employees with the expertise and intelligence of the people” (Open
a proposed solution, along with recommendations of considerations Government Iniative, 2009).
that can assist in reducing these threats and vulnerabilities As e-Government solutions meet the initial needs of information
acquisition and formation of an opinion, a shift of focus is occurring
towards the next aim of e-Democracy: expression of opinion. What is
4.1. Increasing citizen participation with cloud computing currently lacking from most electronic government information
systems is the capacity to support effective citizen participation in the
Cloud computing has the capability to evolve beyond meeting the decision making process, beyond the electronic implementation of
business needs of e-Government agencies and towards providing to traditional bureaucratic services. Voting represents the most vital
numerous identified e-Citizens related shortages. In the 1960s John citizen participation process in democracy; it can inherently facilitate
McCarthy, speaking at the MIT Centennial, stated that computation the expression of general will. Enabling secure electronic voting
may someday be organized as a public utility “Cloud computing is a strengthens electronic democracy, as it targets increasing deliberation
reincarnation of the computing utility of the 1960s but is substantially in a bottom up method. The ultimate goal for all e-Government attempts
more flexible and larger scale than systems of the past”, says Google is the digitization of this process, so as to offer citizens a timely, location-
executive and internet pioneer Vint Cerf. The vision of computing, independent, and transparent means of participation in governance.
offered to all, when paired with initiatives such as e-Inclusion and One Electronic voting is envisioned as having the capacity to introduce
Laptop Per Child, presents an opportunity to overcome economic many advantages to the electoral process, which include widening
disparities and geographical differences in society, steering towards access to the voting process for people with disabilities, increasing
an all-inclusive digital e-Citizen platform. turnout, reducing time and cost of elections, and providing a more
The appearance of cloud computing demands that we rethink our reliable service (Council of Europe, Committee of Ministers, 2004).
current understanding of personal computers, operating systems, and Remote electronic voting offers the same advantages as (poll-site)
network architectures. Clusters of web servers assembling, conjuring electronic voting while adding (Riera & Brown, 2003) cost reductions
clouds of massive computational resources, could inevitably one day due to economies of scale and increased participation due to voter
meet all individuals' needs. The opportunities for e-Government are geographic independence.
enormous, and providing a personalized online desktop system, The security aspect in the context of the electoral process is
which would be accessible via a “web browser” or a custom-made referred to as one of the most important constraints in the adoption of
operating system, is just around the corner. Barriers to the wide electronic voting systems. The Caltech-MIT Voting Technology Project
adoption of e-Government solutions may be abolished all together, as states: “Security is as important as reliability in guaranteeing the
purchasing hardware to upgrade a personal computer to meet with integrity of the voting process and public confidence in the system.
growing requirements may one day be a remnant of the past, as all Losing confidence in elections means losing confidence in our system
computational needs could be met through a “dumb” terminal over a of government.” (MIT, 2001). The e-Government Act of 2002
recognized the importance of information security to the economic
and national security interests of the United States. Fuelling concerns,
Table 4 a report published by a panel of IT security experts, which reviewed
An evaluation of cloud computing in relation to electronic government from the the SERVE Interent Voting System, concluded that given the state of
perspective of "interactions". the internet and PC hardware, vulnerabilities existed that could not be
Performance criteria Interaction overcome, so the deployment of e-Voting should be aborted
Efficiency –Reduces deployment cost
(Jefferson, Rubin, Simons, & Wagner, 2004).
–Reduces interaction costs A vulnerability is a weakness in an IS system that can be exploited
–Increases cooperation by an attacker interested in penetrating a system. IS security blocks
–Increases participation threats on a system by controlling a vulnerability; this is a defensive
Effectiveness –Generates relationships
measure that reduces or eliminates a given vulnerability. Although a
–Enhances accessibility
Strategic –Builds new communication and operation channels single security mechanism is generally insufficient as no control must
benefits –Offers more information and increases the accuracy of be considered a gold standard, a layered solution is able to control a
information available plethora of vulnerabilities. Security mechanisms (defenses) need to
Transparency –Promotes active participation be layered so that compromise of a single security mechanism is
–Breaks down barriers
insufficient to compromise an entire host or network; this is referred
 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251 245

to as Defense in Depth. A number of controls and countermeasures Breaking down the concept of security and sequentially mapping
have been regulated by NIST, specifically for the protection of federal requirements to key trust characteristics, generates a list of require-
information systems. The e-Government Act 2002 (the full title for ments and vulnerabilities, which must be controlled by a proposed
which is the Federal Information Security Management Act of 2002 solution.
(FISMA)), tasked NIST with responsibilities for standards and guide-
lines, including the development of guidelines, the recommendation 1) Availability refers to the property of a system being accessible and
of types of information and information systems to be included in usable upon demand by an authorized entity. System availability
each category, and the recommendation of minimum information includes a system's ability to carry on operations even when some
security requirements (i.e., management, operational, and technical authorities misbehave. The system must have the ability to
controls) for information and information systems in each category continue operations, even during a security breach. In the context
(NIST SP 800-53, 2008; NIST SP 800-53A, 2008; NIST SP 800-59, of e-Voting systems, this property refers to legitimate voters
2003). provided with the means to cast their vote. Safeguarding this
Electronic voting security includes a wide spectrum of fields, security requirement denotes implementing the technological
procedures, issues, and actors which are relative to the technological solutions to protect the system against network attacks, which
approach taken. It effectively relates to the procedures and standards would make the system unavailable to end users.
that are put into place to overcome technological security short- 2) Confidentiality refers to only authorized parties or systems having
comings (Mohen & Glidden, 2001; Williams, 2004; Xenakis, 2004). the ability to access protected data. In the context of elections it
Decisions made regarding system characteristics and elements are refers to data and voter preferences remaining private. An election
crucial to the success of such systems and guide design through the is private, if neither the election authorities nor anyone else can
implementation of the identified technologies. Ultimately, the link any ballot to the voter who cast it, and no voter can prove that
identified security requirements and selected security controls are he or she voted in a particular way.1
introduced to the standard systems' engineering process to effectively 3) Integrity refers to data and system precision, accuracy, and
integrate the security controls with the information systems' consistency. Votes must be recorded correctly and safeguards
functional and operational requirements, as well as other pertinent must ensure that votes cannot be modified, forged or deleted,
system requirements (e.g., reliability, maintainability, supportability) without detection. In elections, all data involved in entering and
(NIST Special Publication 800-60, 2008). tabulating votes must be tamperproof. Reliability is fundamental,
Currently, a number of cryptographic schemes attempt to provide as it means that an election system should work robustly, without
a sense of security in e-Voting. Cryptographic protocols provide an the loss of any votes, as well as dependably and accurately.
opportunity to generate trust between involved parties of an election. Integrity refers to the system, data, and to personnel. People
Because it deals with the integrity, confidentiality, and authenticity of involved in developing, operating, and administering electronic
communications and data, cryptography is a crucial element in the voting systems must be of unquestionable integrity.
overall system security. Unfortunately, a wide number of threats to e- 4) Authenticity refers to the assurance that the involved data, transac-
Voting security can circumvent cryptographic solutions before they tions, communications, and/or documents (either electronic or
have been applied. With traditional hardware and software archi- physical) are genuine. It is also important for authenticity to validate
tectures, a malicious payload on a voting client can modify the voter's that both parties involved are who they claim to be. In elections it is
vote, without the voter or anyone else noticing and regardless of the vital that only registered voters are permitted to cast a vote. The
kind of encryption or voter authentication in place. Essentially, voting must be protected from external reading during the voting
because the malicious code can do its damage before the encryption process. Voter identity and preferences must be kept secret.
and authentication is applied to the data, the malicious module can 5) Accountability refers to information, selectively kept and protected,
then erase itself after doing its damage so that there is no evidence so that actions affecting security can be traced back to the
and no way to detect the fraud. Although strong encryption is a very responsible party (audit). Corrupt voters or personnel may
powerful tool for addressing issues of integrity, confidentiality and attempt to modify votes, the voting count, or the system. Also
authenticity, additional technological implementations are required related to accountability is system disclosure, which refers to
to address availability issues and enhance overall computer security. system software, hardware, microcode, and any custom circuitry
being open for random inspection and documentation at any time,
4.3. Identification of security requirements for electronic voting despite cries for secrecy from the system vendors. The property of
permitting an external auditing entity, but also a voter, to verify
e-Voting security is in effect a matter of trust. Deconstructing the that votes have been counted correctly, is crucial. All internal
perception of trust within the context of e-Voting IS leads to the operations must be monitored, without violating voter confiden-
formation of a framework for generating and maintaining the tiality, and all operator authentication operations must be logged.
necessary security properties. Essentially, software is believed to be
Together, availability, confidentiality, integrity, authenticity, and
“trusted” if the source code has been rigorously developed and
accountability refer to safeguarding a system against the threats listed
analyzed, both of which give us reason to believe that the code does
in Table 5.
what it is expected to do and nothing more. Within the boundaries of
e-Voting, a trusted IS needs to address the issues of:
4.4. Proposed solution
• Ensuring that the voter is provided with the means to cast his or her
In the field of computer and network security the principle of the
vote.
weakest link is often quoted. This principle states that overall system
• Ensuring that the voter is prevented from casting more than one
security cannot be stronger than its weakest link. As security is often
valid vote.
viewed as a chain, a single breaking point will crumple its efficiency.
• Ensuring that the cast ballot is confidential in the sense of not being
An intruder must be expected to use any available means of
linked to the voter who cast it.
• Ensuring that the vote may not be changed or faked. 1
An important confidentiality issue is the concern of coercion and prevention of
• Ensuring that votes are not lost. vote buying ensured by an e-voting system. Although solutions seem to have the
• Ensuring that no votes are entered that have not been cast by ability to address this issue, it is out of the scope of this paper and is not addressed.
authorized voters. Coercion must be addressed at an application and procedure level.
246 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251

Table 5
Protecting availability, confidentiality, integrity, authenticity, and accountability of a system refer to safeguarding against the threats listed in this table.

Availability Confidentiality Integrity Authenticity Accountability

Connection flooding x
DDOS x
DNS attack x x
Eavesdropping x x
Exposure within network x
Falsification of messages x
Hardware interception x x x x
Hardware modification x x x x
Hardware substitution x x x x
Impersonation/spoofing x x
Malicious code on client x x x
Man in the middle—Replay x x x
Misdelivery x
Software modification
ΕasterEggs x x x
Information leaks x x x
Logic bombs x x x
Trojan horse x x x
Virus x x x
Trapdoors x x x
Session hijacking x x
Software deletion x x
Software theft x x
Traffic flow analysis x
Traffic redirection x x
Wiretapping x x

penetration and shall attack a system at its most vulnerable point. The configured cloud access client software, eliminates a plethora of
client's personal computer is identified as the weakest point in an e- threats. A user can bypass loading a PCs vulnerable OS by inserting a
Voting environment (Jefferson et al., 2004; Gritzalis, 2002; Cranor, preconfigured OS on removable media, thereby overstepping both
2003). Voters' home computers are most likely to be less defended compromise and threat. Authenticating a client over a secure channel,
than corporate ones, as they often run outdated virus protection for a time-limited session required to perform vote casting, provides a
systems, misconfigured firewalls, unpatched operating systems, and control to a severe vulnerability.
contain numerous applications from various vendors, making these Cloud computing places the user's terminal within the systems'
machines especially susceptible to malicious attacks. The NIST guide “security perimeter”, which is maintained, updated, and monitored by
to “Enterprise Telework and Remote Access Security guide for Federal security experts. Due to its identified characteristics, cloud computing
IS” NIST SP 800-46 (2009) states that the primary threat against most architecture attempts to propose an effective and efficient way of
telework client devices is malware, including viruses, worms, countering a plethora of threats, identified as barriers to electronic
malicious mobile code, Trojan horses, rootkits, and spyware. Election voting. In collaboration with a deployed Public Key Infrastructure (PKI),
integrity is closely related to the integrity of the terminal over which which serves as an authentication and cryptographic layer, cloud
the voters vote is cast (Gritzalis, 2002). computing offers the benefits of placing the voter inside the “security
A number of requirements have previously been proposed to perimeter”. Enabling e-Voting through “desktop as a service” makes
guard the integrity of the client's terminal (Gritzalis, 2002): developing and maintaining common information security foundations
an achievable goal. Centralization of security is crucial, as it provides a
• Users should administer the system only from specific terminals,
uniform and consistent way to manage the risk to individuals,
within a predefined time window, using a combination of strong
organizational operations, organizational assets, whole organizations,
authentication means, such as biometrics or smart cards.
and entire nations, from the operation and use of information systems
• The minimum necessary software and hardware components
(NIST SP 800-53; NIST Draft SP 800-39, 2008). Additionally, by centrally
should be installed on the host of the voting system.
managing the development, implementation, and assessment of the
• The maximum possible level of operating system security enhance-
common security controls, designated by the organization, security
ment should be applied to all machines of the voting system.
costs can be amortized across multiple information systems.
Additionally, the NIST guide to enterprise telework and remote A cloud unique desktop as-a-service has the following characteristics:
access for Federal Information Systems states that, “telework client
devices should have the same local security controls as other client • It is centrally maintained and monitored as part of a uniform
devices in the enterprise — OS and application security updates protection scheme, which puts “client computers” behind profes-
applied promptly, unneeded services disabled, antimalware software sional security protection hardware, software, and personnel.
and a personal firewall enabled and kept up-to-date, etc” (NIST 800- • Only authorized and authenticated software can be executed on the
46, p. 4-2). desktop instance due to management restrictions that can prevent
This paper proposes enabling electronic vote casting by minimiz- many threats.
ing threats through offering “desktop as a service” (a container of a • Updates are rolled out centrally, increasing effectiveness and time of
collection of virtual objects, software, hardware, configurations etc., deployment.
residing on the cloud, used by a client to interact with remote • It is transparent and open to scrutiny.
services). Leveraging existing infrastructure into a dynamically • All source code used in the electoral process is contained for
responsive cloud overcomes several deficiencies of traditional inspection.
implementations. Providing citizens with “hardened” operating • Policies and procedures are in place to protect from insider attacks,
systems (OS), on a bootable read-only removable media, with pre- corruption, and hardware and software failures.
 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251 247

Documented below are recommendations of controls that can exploit security vulnerability in the software on a voter's computer.
assist in reducing a number of previously identified threats and One of the identified benefits of cloud computing is the centralization
vulnerabilities (Table 6) (Pfleeger & Pfleeger, 2006; National Institute of information and uniformity of security infrastructure, which can
of Standards and Technology (NIST), 2009; Sun Microsystems, 2009; offer the ability to accurately address identified vulnerabilities across
Reese, 2009; Peter Mell, 2009). These baseline security controls are, at all clients. In addition, providing a “desktop within the clouds,”
most, in accordance with the tailoring guidance provided in NIST makes it possible to overcome the exploitation of any vulnerability
Special Publication 800-53 (2007), NIST Draft SP 800-39 (2008) and, that could have been identified on a standard bootable OS or on the
generally speaking, they meet the OMB definition of adequate security application contained within it. Updates can be rolled out effectively,
for federal information systems, although a number of restrictions do as soon as the vulnerability has been identified, overcoming the
not apply in a cloud environment. During their initial publication, drawback of “publishing day to update”. The cloud provides a user
cloud computing deployment models had not been considered; to interface that allows both the user and the IT administrators to easily
amend this, NIST is planning a series of publications. manage the provisioned resources throughout the life cycle of the
Controls and countermeasures deployed through the adoption of service request, effectively changing the installed software; remov-
cloud computing architecture attempt to counter previously identi- ing servers; increasing or decreasing the allocated processing power,
fied threats. memory, or storage; and even starting, stopping, and restarting
servers. These are self-service functions that can be performed 24 h a
4.4.1. Controlling hardware-specific threats day and take only minutes to perform. By contrast, in a non-cloud
On many occasions, attacks on sophisticated information systems environment, it could take hours or days for someone to have a server
have boiled down to deliberate assaults on hardware equipment. An restarted or hardware or software configurations changed (IBM,
attack against an electronic election could essentially be carried out 2009).
by destroying the physical servers used in an election. A key An attacker could attempt to exploit a vulnerability identified in a
characteristic of cloud architecture is geographical independence. web server. In a traditional data center, rolling out security patches
The lack of knowledge of a server's location provides an interesting across an entire infrastructure is time consuming and risky. Due to
physical security benefit, as it becomes nearly impossible for a the virtualization characteristics of cloud computing, increased
motivated attacker to use a physical vector to compromise the efficiency is achieved. Virtual servers or instances are launched
system. Additionally, data dispersal in the cloud “slices” information from a machine image. A machine image is a prototype which is
through sophisticated algorithms and stores data across different copied onto a virtual server's hard drive every time an instance is
geographical locations. These technological characteristics contrib- launched. Updates and modifications are performed on a single
ute to high redundancy and availability achieved in the cloud (Reese, image, which is successfully used to re-launch the virtual servers. In
2009). the cloud, rolling out a patch or update across the infrastructure takes
High risk cloud infrastructures have the ability to realize distinct three steps:
but overlapping availability zones. An availability zone can be
• Patching of machine images with new security updates,
conceptually mapped to a physical data center, with the security
• Testing the results, and
feature of having distinct physical infrastructures. Spanning virtual
• Re-launching virtual serves.
servers on multiple availability zones achieves geographical redun-
dancy. Virtualization technology enables the inexpensive generation Virus attacks impose an immense threat to such a system and
of redundancies, which span data centers and enable rapid recovery in traditional antivirus software would not be able to efficiently defend
the occurrence of disaster. the system from such attacks. Specific antivirus tools can be
provided as an additional cloud service to enhance end users'
4.4.2. Controlling software-specific threats security coverage. A pure cloud antivirus solution relies on a
Personal computers are often overloaded with software, devel- detection set that resides on internet servers, or “in the cloud”. A
oped by many different vendors. At any point an employee could lightweight desktop agent is used to query this detection set. e-
consciously leave a backdoor, thereby creating opportunities for Voting systems are targets of system-specific viruses; it is imperative
attacks against an electronic voting system. Backdoors, when placed that effective solutions are created that can immediately deal with
in software, could be activated when a user tries to cast a vote (time- identified malicious code, preventing the propagation throughout
bombs), thereby invisibly monitoring or subverting the voting the system. Cloud antivirus programs reduce the publishing delay to
process. Providing a certified hardened OS on a bootable media, zero and allow for quicker innovation. They are more efficient and
creates a secure thin client, open to extensive audits, generating faster, providing security experts the ability to fine-tune their
unparalleled client side trust. This thin client would then be used to detection logic. After the identification of malicious code, server
access the remote cloud desktop. In the cloud, it is possible to forbid images can be hardened to protect against it and new server
uncertified software modifications, as updates and installations would instances loaded. A proposed solution makes use of a Network
be performed centrally to avoid threatening the systems integrity. Identification System and a centralized Host Intrusion Detection
Additionally, software installations can be restricted at a management System which respectively monitors the system servers and network
level, eliminating the threat of installing malicious software on the for anything unusual.
system. In the event of a successfully deployed attack that modifies/
deletes a voter's vote, all implicated software is contained and open to 4.4.3. Controlling network specific threats
extensive audits. It is a fundamental requirement of an e-Voting Attacks can be directed at a network's availability, or one of its
system that all operations related to electronic voting, be logged and services, but normally such attacks are focused on any IT services of
monitored (Gritzalis, 2002). A remote desktop on a cloud computing which the network is an agent. Common attacks falling into this
infrastructure (virtual instance), government owned and centrally category include denial of service attacks, attempts to breach a
monitored, would be open to extensive audits and to public scrutiny firewall, and attempts to breach a router. Denial of Service (DoS) and
due to the adoption of open APIs, open data formats and open source Distributed Denial of Service (DDoS) attacks, involve attempts to
models (Wardley at al., 2009). make a computer resource unavailable to its intended users.
In addition to the risk from pre-installed applications, there is a Commonly, these attacks involve simply saturating the target
threat from remote attackers. Such an attacker might gain control of a machine with external internet requests. One of the most critical
computer without being detected. For example, an attacker could characteristics of cloud computing is its elasticity due to the
 248
Table 6
Controls and countermeasures deployed through the adoption of cloud computing architecture, which attempt to counter previously identified threats.

Characteristics of cloud computing architecture

Centralization/unified security architecture Economies Location Open free Reliability

of scale independence software/
centralization

AC: access control, IA: identification and authentication, SC: systems and CP: contingency planning AU: audit and CP: contingency planning
communications protection, AU: audit and accountability, CP: contingency planning accountability

On-demand Controlled Encryption Perimeter Hypervisor Real-time Advanced Low-cost Provision of Disclosability/ Data Fault tolerance Rapid re- Automated VLAN
user security execution at rest and security (IDS, protection detection honeynet disaster data zones transparency fragmentation and reliability constitution replication capabilities
controls environment transit firewall, one against of system capabilities recovery (e.g., by and dispersal of services

D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251

time network tampering and data country)
authentications) attacks storage
solutions

Identified Hardware modification x x x x

Treats Hardware substitution x x x x
e-Voting Hardware interception x x x x
Software modification
• Trapdoors x x x x x x x x x x
• EasterEggs x x x x x x x x x x
• Logic bombs x x x x x x x x x x
• Information leaks x x x x x x x x x x
• Virus x x x x x x x x x x
• Trojan horse x x x x x x x x x x
Software deletion x x x x x x x x x x
Software theft x x x x x x x x x x x
Malicious code on x x x x x x x
client
Man in the x x
middle—Replay
Impersonation/ x x x
spoofing
Falsification of x x x x
messages
DNS attack x x x x x x x
DDOS x x x x x x x
Connection flooding x x x x x
Traffic redirection x x
Session hijacking x
Eavesdropping x x x x x
Wiretapping x x x x x
Misdelivery x x
Exposure within x x x x x x
network
Traffic flow analysis x x x x x
 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251 249

virtualization of servers. Information systems using a cloud comput- racy. By providing more inclusive services, the social, geographical, and
ing infrastructure are able to respond to peaks in traffic with the digital barriers experienced by numerous citizens are reduced.
creation of additional virtual servers. Elasticity, in combination with As cloud computing is still in an embryonic stage, a number of
network filtering techniques available through a uniform security identified challenges must still be overcome in order for it to succeed
solution, can provide an effective and efficient response to network in the long run. These include the following:
attacks such as DDoS. Network intrusion detection systems can
• Legal complications of global data fragmentation. As data spans
provide adequate protection on the “systems perimeter”.
across diverse geographical locations and physical borders, legal
Digital signatures and blind signatures based on PKI infrastructure
barriers present themselves. Privacy and security has to be
allow for a horizontal infrastructure for both authentication and
safeguarded with a regulatory legal framework. The cloud model,
integrity features. PKI and encryption applications can make use of the
raises serious jurisdiction issues.
cloud feature of the architecture, to provide hybrid solutions, enhanced
• Political issues. The cloud spans many borders and may be the
by back-end security modules such as Hardware Security Module
ultimate form of globalization. Specific political groups may oppose
(HSM) devices. As a whole, PKI infrastructures and cryptography can
this model.
benefit significantly from the cloud architecture, as an abstraction now
• Security of virtual OSs in the cloud.
exists between local security devices and network devices. Public key
• Issues of cryptography.
encryption is used to encrypt data in transit, ephemeral data on virtual
instances, data storages, and network traffic. Cloud computing has emerged as one of the most promising
The Serve security report (Jefferson et al., 2004, 2007) summarized innovations of recent times in the field of information technology,
a number of specific threats to electronic voting systems and points with many advantages over traditional methods and models. In the
out the inefficiency of traditional architecture countermeasures to long run, cloud computing's ability to overcome the previously
control these. In the following table the threats identified are weighed identified challenges will define its acceptance and success.
against the controls imposed by a cloud computing infrastructure.
A Cloud computing approach, complemented by several crypto- 6. Conclusion
graphic technologies and supplementary controls, can assist in
reducing previously identified threats and vulnerabilities (Table 7). In the future, cloud computing will inevitably support a surplus of
information systems, as the benefits, specifically in the field of
5. Assessment and future development Information and Communication security, outnumber its shortcom-
ings. Cloud computing offers a deployment architecture, which has
The cloud computing model offers a number of benefits, security and the ability to address a number of vulnerabilities recognized in
operational related, economic and business drivers, as opposed to traditional IS. Cost effectiveness, geographical location independence,
traditional models. Leveraging existing IT infrastructure by adopting a scalability, reliability, elasticity, and security are crucial aspects to the
cloud model, achieves a number of goals identified by initiatives and success of any information system, particularly e-Government. By
global regulations. e-Governments succeed in implementing a totally reaping these benefits, e-Government can target a broader audience
integrated presence, which has the ability to cross departments and with a more inclusive, effective, and efficient platform. e-Voting is an
layers of government, thereby increasing effectiveness and efficiency of element of electronic democracy which has previously fuelled
services provided. In addition, organizational processes are improved concerns about privacy and security. It is becoming clear that
while promoting a sustainable low carbon economy. Enabling secure electronic voting systems can enhance trust, as today's voting
electronic voting reinforces electronic democracy, as it targets at processes lack transparency and audit ability. As Information Systems
increasing deliberation in a bottom up method. It also increases and Communication Technologies are silently being integrated into
efficiency and effectiveness of the electoral process and provides a different stages of the electoral process globally, it has become a
macroeconomic, cost-efficient method for increasing election accuracy. necessity that we explore methods that enable secure electronic
In addition to increasing usability and accessibility, these Information voting, while researching controls with the ability to reduce threats.
Systems also aim at increasing transparency and openness in democ- The basic question in electoral administration no longer focuses on

Table 7
A Cloud computing approach, complemented by several cryptographic technologies and supplementary controls, can assist in reducing previously identified threats and
vulnerabilities.

Threat Traditional architecture countermeasures Cloud architecture proposed solution controls

Trojan horse attack on PC to Can mitigate risk with careful control of PC software; reason for failure may Contained environment/software modifications disabled/client
prevent voting never be diagnosed security applications/HIDS/auditability
On screen Voter can do nothing to prevent this; requires new law On screen electioneering can be prevented by making it technically
electioneering infeasible to gain access onto the voter's terminal
Disabled though desktop as a service, only encrypted
communications permitted
Spoofing of system (various None exist; likely to go undetected; launchable by anyone in the world Encryption/authentication/digital signatures/perimeter security/
kinds) client desktop is within security perimeter
Client tampering None exist for all possible mechanisms. Too difficult to anticipate all attacks; Client environment centrally protected monitored/contained/
most likely never diagnosed within security perimeter/auditability
Insider attack on system None within SERVE architecture; voter verified ballots needed; likely Transparency, openness, data fragmentation and dispersal,
servers undetected cryptography
System-specific virus Virus checking software can catch known viruses, but not new ones; likely to Real time detection of system tampering/on demand user security
go undetected controls
Trojan horse attack on PC to Can mitigate risk with careful control of PC software; harder to control at Real time detection of system tampering/client environment
change votes or spy on cybercafe, or other institutionally managed networks; attack likely to go centrally protected monitored/contained/within security
them undetected perimeter/auditability
DDOS Network filtering Elasticity in combination with network filtering techniques,
management layer is able to monitor traffic 24/7, centralized
approach
250 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251

whether ICT should be accepted in the electoral process, but rather on Gritzalis, D. (2002). Principles and requirements for a secure e-voting system.
Computers & Security, 21(6), 539−556.
what kind of technology should be implemented, to what extent and Heeks, R. (1998). Information systems and public sector accountability. The
what protection mechanisms should be applied. A combination of University of Manchester, Institute for Development, Policy and Management
cloud computing and cryptography can address a number of the Information, Systems, Technology and Government: Working Papers Series,
Number 1/1998.
identified threats in cloud computing (i.e. integrity, confidentiality, Heeks, R. (1999). Information technology, government and development: Workshop
authenticity, and availability of data and communications), effectively report.
enabling secure electronic voting. Electronic voting can greatly benefit Heeks, R. (2001a). Building e-governance for development: A framework for national and
donor action.The University of Manchester, Institute for Development, policy and
from the cloud computing model and hybrid architecture. The proposed management information, systems, technology and government: Working papers
e-Citizen cloud system includes the following identified characteristics: series Retrieved December 15, 2010 from. http://www.man.ac.uk/idpm/idpm_dp.
htm#ig.
• Centralization of security that would provide a uniform and Heeks, R. (2001b). Understanding e-governance for development. The University of
consistent way to manage risk. Manchester, Institute for Development, policy and management information,
systems, technology and government: Working papers series, number
• Adoption of a common security foundation throughout the federal 11/2001.
institutions and citizens information systems. IBM (2009). Seeding the clouds: Key infrastructure elements for cloud computing.: IBM
• Government-owned private cloud infrastructure offering desktop as Retrieved December 1, 2010, from. http://www-35.ibm.com/services/in/cio/pdf/
oiw03022usen.pdf.
SaS and a plethora of other tools including, email, security tools, etc. Jaeger, P. T. (2003). The endless wire: E-Government as a global phenomenon.
• Encrypted access to service using PKI-based cryptography. Government Information Quarterly, 20(4), 323−331.
• Encryption of data at rest and in flight to the clouds. Jefferson, D., Rubin, A. D., & Simons, B. (2007). A comment on the May 2007 DoD report
on voting technologies for UOCAVA citizens. Retrieved December 1, 2010, from.
• Data replicated over the clouds (on and off clouds) and across http://www.servesecurityreport.org/SERVE_Jr_v5.3.pdf.
availability zones for data redundancy. Jefferson, D., Rubin, A. D., Simons, B., & Wagner, D. (2004). A security analysis of the
• Network intrusion detection on the system perimeter and real time secure electronic registration and voting experiment (SERVE). Retrieved December
1, 2010, from. http://www.servesecurityreport.org/paper.pdf.
detection of system tampering, (centralized Host Intrusion Detec-
La Porte, T. M., De Jong, M., & Demchak, C. C. (1999). Public organizations on the World
tion Systems), providing a single access point based on PKI to all e- Wide Web: Empirical correlates of administrative openness. Retrieved December 1,
Government services. 2010, from. http://www.cyprg.arizona.edu/publications/correlat.rtf.
McClure, C. R., & Bertot, J. C. (2000). The Chief Information Officer (CIO): Assessing its
• Centrally maintained and monitored, updates rolled out uniformly.
impact. Government Information Quarterly, 17(1), 7−12.
McGregor, E. B., Jr. (2001). Web page accountability: The case of public schools.
This paper investigated the advantages and disadvantages of Bloomington, IN: Paper presented at the National Public Management Research
adopting a cloud solution for electronic government deployed informa- Conference.
tion systems. Following a thorough analysis of electronic voting security Memorandum for chief information officers (2007). Planning guidance for Trusted
Internet Connections (TIC). Washington, United States..
issues and vulnerabilities, the countermeasures offered by the adoption MIT (2001). Voting: What is, what could be, report of the CalTech MIT Voting Technology
of a cloud architecture were reported. A proposed hybrid solution of Project.
electronic voting, making use of the described architecture, overcomes a Mohen, J., & Glidden, J. (2001). The case for internet voting. Communications of the ACM,
44(1), 72−85.
number of IS security issues and has the capacity to reestablish trust in Montagna, J. M. (2005). A framework for the assessment and analysis of electronic
all Government election processes. It is crucial that further research is government proposals. Electronic Commerce Research and Applications, 4(3),
conducted in the field of electronic voting security, through official trials 204−219.
Naone, E. (2009). Technology overview: Conjuring clouds. MIT Technology Review,
and pilots, before any solution is adopted for binding elections, as the
July/August. Retrieved December 15, 2010, from. http://www.technologyreview.
integrity of the electoral system is at stake. com/computing/22606/?a=f.
National Institute of Standards and Technology (NIST) (2009). US Federal Cloud
References Computing Initiative RFQ (GSA). U.S. government.
NISp, & Peter Mell, T. G. (2009). The NIST definition of cloud computing. National Institute
of Standards and Technology, Information Technology Laboratory.
Bekkers, V. J., & Zouridis, S. (1999). Electronic service delivery in public administration: NIST Draft SP 800-39 (2008). Managing risk from information systems: An organization
Some trends and issues. International Review of Administrative Sciences, 65(2), perspective. National Institute of Standards and Technology.
183−196, doi:10.1177/0020852399652004. NIST Draft SP 800-53 (2007). Recommended Security Controls for Federal Information
Buchsbaum, T. M. (2004). E-voting: International developments and lessons learnt. Systems and Organizations: National Institute of Standards and Technology.
Electronic Voting in Europe Technology, Law, Politics and Society, 31−34. NIST SP 800-53 (2008). Recommended security controls for federal information systems.
Buyya, R., Yeo, C. S., & Venugopal, S. (2008). Market-oriented cloud computing: Vision, National Institute of Standards and Technology.
hype, and reality for delivering IT services as computing utilities. Computing NIST SP 800-53A (2008). Guide for assessing the security controls in federal information
Research Repository - CORR, 5−13. systems. National Institute of Standards and Technology.
Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and NIST SP 800-59 (2003). Guideline for identifying an information system as a national
emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th security system. National Institute of Standards and Technology.
utility. Future Generation Computer Systems, 25(6), 599−616. NIST Special Publication 800-60 (2008). Guide for mapping types of information and
Capgemini (2009). 8th benchmark measurement, November 2009. European Commis- information systems to security categories. Volume I. National Institute of Standards
sion, Directorate General For Information Society And Media. and Technology.
Clive Sanford, J. R. (2007, Decemberr). Characterizing e-participation. International NIST SP 800-46 (2009). Guide to enterprise telework and remote access security. National
Journal of Information Management, 27(6), 406−421. Institute of Standards and Technology.
Council of Europe, Committee of Ministers (2004). Recommendation Rec(2004)11 of Open Government Iniative (2009). Memorandum for the heads of executive departments
the Committee of Ministers to member states on legal, operational and technical and agencies, Washington, US. .
standards for e-voting. Parycek, P. S. (2003). Electronic democracy: Chances and risks for municipalities. E-
Cranor, L. (2003). In search of the perfect voting technology: No easy answers. In D. A. Democracy: Technology, right and politics. Vienna: OCG.
Gritzalis (Ed.), Secure electronic voting: Advances in information security Peter Mell, T. G. (2009). Effectively and securely using the cloud computing paradigm. :
(pp. 17−30). Norwell, MA: Kluwer Academic Publishers. NIST, Information Technology Laboratory.
Deutsch, K. W. (1963). The nerves of government: Mode/s of political communication and Pfleeger, C., & Pfleeger, S. (2006). Security in computing. Upper Saddle River, NJ: Prentice
control. New York: Free Press. Hall.
DiCaterino, A., & Pardo, T. A. (1996). The World Wide Web as a universal interface to Reese, G. (2009). Cloud application architectures: Building applications and infrastructure
government services. E-Government Act of 2002. Retrieved May 10, 2003, from,. in the cloud. Sebastopol, CA: O'Reilly Media.
http://www.ctg.albany.edu/resources/abstract/itt96-2.html. Riera, A., & Brown, A. R. (2003). Bringing confidence to electronic voting. Electronic
EU Ministerial Declaration on e-Government. (2009). Malmö, Sweden. Journal of e-Government, 1(1), 1−64.
Fuchs, C., Bernhaupt, R., Hartwig, C., Kramer, M. A., & Maier, U. (2006). Broadening Sun Microsystems (2009). Introduction to cloud computing architecture. White paper.
eParticipation: Rethinking ICTs and participation. Internet Research 7.0. Brisbane, Retrieved from,. http://webobjects.cdw.com/webobjects/media/pdf/Sun_Cloud-
Australia: Association of Internet Researchers. Computing.pdf.
Ghere, R. K., & Young, B. A. (1998). The cyber-management environment: Where U.S. Federal Cloud Computing Initiative (July 30, 2009). Retrieved December 1, 2010,
technology and ingenuity meet public purpose and accountability. Public from. http://www.scribd.com/doc/17914883/US-Federal-Cloud-Computing-Initia-
Administration and Management: An Interactive Journal, 3(1) Retrieved December tive-RFQ-GSA.
1, 2010 from:. http://www.pamij.com/gypaper.html. U.S. Public Law 107 - 347 - E-Government Act of 2002, H.R. 2458, December 17, 2002.
 D. Zissis, D. Lekkas / Government Information Quarterly 28 (2011) 239–251 251

UN&ASPA—United Nations/American Society for Public Administration (2002). Dimitris Zissis holds a BSc in Computer Science, an MSc in Computing and
Benchmarking e-Government: A global perspective. http://unpan1.un.org/intra- Information Systems, and an MBA in General Management; he is currently pursuing
doc/groups/public/documents/un/unpan021547.pdf. a PhD in Information and Communication Security at the University of the Aegean in
Verdegem, P., & Verleye, G. (2009). User-centered e-Government in practice: A Greece. He has been involved in a number of EU funded research projects, mostly in
comprehensive model for measuring user satisfaction. Government Information the research area of IT Security, involving the development of e-Governance solutions
Quarterly, 26(3), 487−497. and deploying public key infrastructures cryptography.
Von Lucke, J., & Reinermann, H. (2004). Definition of electronic government. Retrieved
December 1, 2010, from. http://foev.dhv-speyer.de/ruvii.
Wardley, S., Goyer, E., & Barcet, N. (2009). Ubuntu Enterprise Cloud Architecture.
Technical White Paper. Canonical. Assistant Professor Dimitrios Lekkas holds a Ph.D. in the area of Information
Williams, B. J. (2004). Implementing voting systems — The Georgia method. Systems Security, an MSc in Information Technology and a BSc in Mathematics. He is
Communications of the ACM, 47(10), 39−42. a lecturer at the Department of Product and Systems Design Engineering of the
Wimmer, M. A. (2002). Integrated service modeling for online one-stop government. University of the Aegean, Greece. He has participated in many research projects
Electronic Markets, 12(3), 149−156. funded nationally and by the European Union and published several papers in
Wolfram Alpha (2009). Wolfram alpha. Retrieved November 4, 2009, from Wolfram international journals and presented several papers at conferences. He is a member
Alpha. http://www.wolframalpha.com/input/?i=internet+users. of the Greek National Educational Network (EDUnet) technical committee and
Xenakis, A. (2004). Procedural security in electronic voting. 37th Hawaii International coordinator of the e-School and the e-University Public Key Infrastructure (PKI). His
Conference on System Sciences. current research interests include design of information infrastructures, computer
Yildiz, M. (2007). E-government research: Reviewing the literature, limitations, and security, incident response, public key cryptography and digital signatures, and
ways forward. Government Information Quarterly, 24(3), 646−665. database management systems.