On the Necessity of Auditing for Election Privacy in e-Voting Systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The importance of voter auditing in order to ensure election integrity has been extensively studied in the e-voting literature. On the other hand, the necessity of auditing to protect voter privacy in an e-voting system has been mostly overlooked. In this work, we investigate election privacy issues that appear in the state-of-the-art implementations of e-voting systems that apply threshold public key encryption (TPKE) in the client like Helios and use a bulletin board (BB). More specifically, we show that without PKI support or -more generally- authenticated BB “append” operations, such systems are vulnerable to attacks where the malicious election server can act as a man-in-the-middle between the election trustees and the voters, hence it can learn how the voters have voted. We suggest compulsory trustee auditing as countermeasure for this type of man-in-the-middle attacks. Furthermore, we propose a list of guidelines to avoid some common, subtle, yet important problems that may appear during the implementation of any TPKE-based e-voting system.
Original languageEnglish
Title of host publicationE-Democracy -- Citizen Rights in the World of the New Computing Paradigms: 6th International Conference, E-Democracy 2015, Athens, Greece, December 10-11, 2015, Proceedings
EditorsSokratis K. Katsikas, Alexander B. Sideridis
Place of PublicationCham
PublisherSpringer International Publishing
Pages3-17
Number of pages15
ISBN (Electronic)978-3-319-27164-4
ISBN (Print)978-3-319-27163-7
DOIs
Publication statusPublished - Dec 2015

Publication series

NameLecture Notes in Computer Science (LNCS)
PublisherSpringer International Publishing
Volume570
ISSN (Print)0302-9743

Fingerprint Dive into the research topics of 'On the Necessity of Auditing for Election Privacy in e-Voting Systems'. Together they form a unique fingerprint.

Cite this