Privacy and coercion-resistance in voting
Date
2022-04-19
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Üheks demokraatia nurgakiviks on inimeste õigus osaleda vabadel ja ausatel valimistel ning seeläbi määrata endale esindajad. Seetõttu on valimiste turvamine kriitilise tähtsusega, kuid selle ülesande muudavad keerukaks valimistele rakendatavad vastuolulised turvanõuded. Valimisvabaduse tagamiseks peab valijal olema võimalik anda oma hääl ilma välise mõjutuseta. Samaaegselt on vaja tagada, et korrektselt antud hääled võetakse häältelugemisel arvesse ning kajastuvad valimistulemuses.
Postihääletamine ja internetihääletamine toovad esile valijate mõjutamisega seonduvad probleemid. Seetõttu uurisime internetihääletussüsteemide mõjutuskindluse saavutamiseks vajalikke meetmeid ning analüüsime nende praktilist rakendatavust. Uurimistöö tulemusena selgus, et hääle kontrollitavuse ja valija mõjutamatuse samaaegseks saavutamiseks võetakse sageli aluseks mitmeid eeldusi, mida on praktikas raske täita.
Võrreldes internetihääletussüsteemidega on traditsiooniliste paberhääletussüsteemide turvalisust tänapäevase tehnoloogia kontekstis oluliselt vähem uuritud. Teadustööd näitavad, et valijate privaatsusega seonduvad riskid on olemas ka paberhääletussüsteemides. Meie poolt läbiviidud uurimuse tulemusena selgus, et valimissedeli täitmise käigus tekkiv heli lekitab infot valija poolt tehtud valiku kohta. Leiu illustreerimiseks ehitasime kaks prototüüpi, mis kasutasid mikrofone, et sedeli täitmisel tekkivaid signaalne kinni püüda.
Sarnaselt teistele valimissüsteemidele oli ka Eestis kasutusel olevas internetihääletussüsteemis vaja leida tasakaal mõjutuskindluse ja terviklusomaduste vahel. Turvanõuetes olevate vastuolude tõttu ei saa kõiki riske maandada. Uurimistöö ühe osana kirjeldasime Eesti internetihääletussüsteemis olevaid nõrkusi ning pakkusime välja meetmed tuvastatud probleemide lahendamiseks. Viimase aspektina analüüsisime nutitelefonil hääletamisega kaasnevaid turvariske.
The cornerstone of democracy is the right for voters to participate in fair and free elections. However, securing elections is a non-trivial task due to the conflicting security requirements. On the one hand, to provide the freedom to vote, it should not be possible to coerce voters into voting for a specific candidate. On the other hand, to guarantee fair elections, it must be possible to verify that the election result is correctly determined. Remote voting systems, like postal voting and remote online voting, highlight these issues as votes are cast in an uncontrolled environment. Therefore, we studied how different online voting systems attempt to bridge the gap between coercion-resistance and verifiability. It turns out that most of the studied online voting schemes rely on non-trivial assumptions to protect voters against coercion. Regardless of the used anti-coercion measures, it is difficult to protect voter’s privacy if the vote is cast in an uncontrolled environment. However, researchers have shown that vote privacy can also be violated in paper-based voting systems. We built and tested two new proof-of-concept attacks that target vote privacy in paper-based voting systems. These attacks rely on one or more microphones being placed at the voting booth, allowing the sound of filling in the ballot to leak information about voter's choice. Similarly to many other voting systems, the designers of the Estonian i-voting system also had to find a balance between coercion-resistance and verifiability properties. As a consequence, compromises had to be made. We studied the Estonian i-voting system to identify the security issues related to the voting and vote verification protocol. As a result of the analysis, we proposed possible improvements to the Estonian i-voting system. As the final contribution, we analysed whether a smartphone-based voting application would introduce new security risks.
The cornerstone of democracy is the right for voters to participate in fair and free elections. However, securing elections is a non-trivial task due to the conflicting security requirements. On the one hand, to provide the freedom to vote, it should not be possible to coerce voters into voting for a specific candidate. On the other hand, to guarantee fair elections, it must be possible to verify that the election result is correctly determined. Remote voting systems, like postal voting and remote online voting, highlight these issues as votes are cast in an uncontrolled environment. Therefore, we studied how different online voting systems attempt to bridge the gap between coercion-resistance and verifiability. It turns out that most of the studied online voting schemes rely on non-trivial assumptions to protect voters against coercion. Regardless of the used anti-coercion measures, it is difficult to protect voter’s privacy if the vote is cast in an uncontrolled environment. However, researchers have shown that vote privacy can also be violated in paper-based voting systems. We built and tested two new proof-of-concept attacks that target vote privacy in paper-based voting systems. These attacks rely on one or more microphones being placed at the voting booth, allowing the sound of filling in the ballot to leak information about voter's choice. Similarly to many other voting systems, the designers of the Estonian i-voting system also had to find a balance between coercion-resistance and verifiability properties. As a consequence, compromises had to be made. We studied the Estonian i-voting system to identify the security issues related to the voting and vote verification protocol. As a result of the analysis, we proposed possible improvements to the Estonian i-voting system. As the final contribution, we analysed whether a smartphone-based voting application would introduce new security risks.
Description
Keywords
informatics, elections, electoral systems, polling, e-voting, information security, security measures, verification