Initial Report

COMP1161 Undergraduate Final Year Project

Initial Report

Discussion of the online society Incorporate secret ballot

voting technology to improve electoral environments
using web services

Initial Report

Abdul Azim Shahid Malik

0004684478

16 November 2009

A dissertation submitted in partial fulfilment of the University of Greenwich’s

BSc Software Engineering

Word Count
[1837]

1
 Initial Report

Keywords
Internet based voting, e-voting pilot schemes, security, applicable law, standards,
accessibility, maintainability

2
 Initial Report

Table of Contents

Initial Report ............................................................................................................ 4

1 Current Situation ................................................................................................. 4
1.1 Changes to Proposal ................................................................................................................. 4
1.3 Research ................................................................................................................................... 4
Key Research areas .................................................................................................. 5
Introduction to Cryptography .............................................................................................................. 5
Cryptographic algorithms for Voter Security ..... .......................................................5
RSA ............................................................................................................................ 5
Mix Networks ............................................................................................................ 5
Visual Cryptography .................................................................................................. 6
Identity Based Encryption Systems ........................................................................... 6
Homomorphic Encryption ......................................................................................... 6
Pre-encrypted Ballots ................................................................................................. 6
1.4 Development............................................................................................................................. 7
2 Problem Areas ..................................................................................................... 8
3 Key Work during the Next Period .................... Error! Bookmark not defined.
Background .............................................................................................................. 10
Problem identification .............................................................................................. 10
Key Research areas ................................................................................................10
Introduction to Cryptography ............................................................................................................ 10
Cryptographic algorithms for Voter Security .......................................................... 11
RSA .......................................................................................................................... 11
Mix Networks .......................................................................................................... 11
Visual Cryptography ................................................................................................ 11
Identity Based Encryption Systems ......................................................................... 11
Homomorphic Encryption ....................................................................................... 12
Pre-encrypted Ballots ............................................................................................... 12

3
 Initial Report

Initial Report
1 Current Situation
Key areas of work completed or in process of being developed
A historical development of electronic and online voting systems have been
investigated which indicate the most common technologies and systems that have
been implemented in them. Further studies have been conducted to investigate the
future of online voting from renowned sources such as IEEE, etc.

The current types of voting schemes that are currently used in voting systems have
been identified. These are visual cryptography, homomorphic encryption and mix
network encryption as explained in the literature review.

A key area that is currently in the process of being developed is an understanding of

the idea of online voting within the surrounding universities of Greenwich University.
An interview template had been prepared but a suitable member of each university is
required to be interviewed.

UCL university have agreed to be interviewed by telephone and the process will be
completed with the next week after the deadline for the inital report.

1.1 Changes to Proposal

Aims / objectives changed? – still to be discussed

Tasks added or dropped? – still to be discusses

1.3 Research
After the 2000 elections in America, the vast problem areas of current voting practices
were exposed and the Help America Vote Act was introduced in 2002. This Act
would enable the government to invest in other approaches to develop secure and
reliable voting systems.

"In the election industry today, there are many different election systems and a wide
variety of components used for many different functions, so the need for easier
integration of different system components has never been greater"
Dr. Ron Rivest, E-Vote: Election Markup Language 5.0 Approved as OASIS
Standard, Jan 29, 2008, News Report

Voting systems are many and undefined. Important improvements to online voting
had been introduced since the early years of the internet, given the rapid speeds at
which the internet was growing, it was apparent that it would be a place for businesses
to trade goods on a global scale with security of transactions being the main factor for
its use.

4
 Initial Report

It became increasingly beneficial with the advancements in internet security

introduced by R. Rivest, to enable emails to be sent over the internet in an encrypted
form.

Key Research areas

The area in which the research will be conducted will investigate the techniques and
approaches used to design a successful online voting system that operates over the
internet, and to ascertain the most effective online voting design development process.
It will explore cryptographic techniques related to the issues concerned with security
of voter information, to ensure voter confidence in online voting and voter secrecy.

Introduction to Cryptography

The areas that will be explored are those concerned with cryptographic principles and
processes. This will support the design decisions when recommending security
protocols, voter verification and candidate visibility to ensure ease of use prior to
voting. Also when determining the technological tools and software that will be in
effect, when developing the web content.

It will also investigate and explore the relationship of voters and their machines,
aiming to understand the benefits of online voting with the perception of the voter
commitment from remote area. Other research will assess work relating to project
management and the approaches used in organising, managing and implementing a
successful software engineering project.

Cryptographic algorithms for Voter Security

The general encryption protocols that were identified in almost all forms of
technological voting systems were 4 broad protocols:

RSA

To use blind signature and encryption methods to ensure that public keys cannot be
identified with the corresponding private key due to the use of the blind signature
method. R. Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital
Signature and Public Key Cryptosystems, Comm. of ACM, 21 (1978), pp. 120-126.

Mix Networks

to exploit anonymous channels to ensure the voter is anonymous D. Chaum,

“Untraceable Electronic Mail, Return Address and Digital Pseudonyms,” Comm.
ACM, vol. 24, no. 2, 1981, pp. 84-88.

5
 Initial Report

Visual Cryptography

to present a receipt of voting to the voter as proposed by M. Naor and A. Shamir,

“Visual Cryptography,” Advances in Cryptology, Eurocrypt 94, Springer, vol. 950,
1995, pp. 1–12

Identity Based Encryption Systems

Introduced secure certificate handling for emails.

A. Shamir, \Identity-based cryptosystems and signature schemes", in Advances
in Cryptology{ Crypto '84, Lecture Notes in Computer Science, Vol. 196,
Springer-Verlag, pp. 47{53, 1984.

Recent work includes :

J. Camenisch, M. Kohlweiss, A. Rial, and C. Sheedy. Blind and Anonymous Identity-

Based Encryption and Authorised Private Searches on Public Key Encrypted Data. In
Public Key Cryptography-Pkc 2009: 12th International Conference on Practice
and Theory in Public Key Cryptography Irvine, Ca, USA, March 18-20, 2009
Proceedings, page 196.Springer, 2009

And

M. Green and S. Hohenberger. Blind identity-based encryption and simulatable

oblivious transfer. In ASIACRYPT, pages 265–282, 2007.

Homomorphic Encryption

to decrypt votes using shared keys J. Benaloh and D. Tuinstra, “Receipt-Free Secret-
Ballot Elections,” Proc. 26th Ann. ACM Symp. Theory of Computing, 1994, ACM
Press, pp. 544–553.

Pre-encrypted Ballots

There is another voting system scheme that is very different to the ones mentioned
above which has very recently been developed called pre-encrypted ballot, where the
voter enters the voting code that corresponds to a specific candidate. V. Morales-
Rocha, M. Soriano, J. Puiggali, “New Voter Verification scheme using pre-encrypted
ballots”, Computer Communications 32 (2009) 1219-1227. This method is found to
be difficult to understand and use by users but it is eventually accepted.

Technology has been used to automate every aspect of daily life including tax
assessments, national security intelligence, opinion polls, and assistive technologies
for CCTV operations.

All of these voting methods have been modified and many innovative
implementations of each of them have been developed in an attempt to produce a

6
 Initial Report

flawless electronic voting system that could become the standard for global use, but
that has not been the case due to the vast security breaches that can take place.

Security for voting systems is generally based on blind signature that was developed
by David Chaum in his conference report in 82. This is the basis on which current
research is conducted using the now established method of blind signatures and recent
development in areas of online voting such as ease of use and HCI aspects that have
also been researched to allow easy integration of voting technologies.

Since Chaum’s original paper in 82 he has further developed his proposals and has
been pioneering his ideas in 2004, 2005 up to 2008 papers. This indicates that the
matter of security has not yet been resolved in online votes since Chaum is still
carrying out research in this area of interest. The latest technologies that were
identified in all forms of technological voting systems were 3 broad technologies:

In chaum’s work it is seen that attempts were made to ensure voter verification checks
were achieved to allow openness of electronic voting, by issuing voter receipts per
voter, but it is achieved by not fully incorporating the aspect of coercion.

1.4 Development
It was discovered through current events governmental reports that various pilot
schemes had been initiated in order to understand the different avenues in which
electronic voting would be perceived in.

In the UK there has been a great deal of interest in online voting and various pilot
schemes for online voting systems have been developed by Accenture, which were
successful in proving that online voting would be a success if it went perfectly. (May
2007 electoral modernisation pilots and statutory orders - Ministry of Justice
(2007)).The test was aimed at the functionality of online voting and not the targeting
the core problems of security and hacking of systems. The results found that serious
security risks were breached and in the current state of technological advancements
the scheme was not to be perused any further (The Government’s response to the
Electoral Commission’s recommendations on the May 2007 electoral pilot schemes)
unless the architecture of the internet was improved.

Clearly this shows that the UK government and the US were taking a serious look at
online voting to improve voter security and to produce rapid results.

Also new developments in open source technology have instigated the British
government to investigate the suggestion of implementing open source software to
improve the security areas of online voting. (2007)

A recently new strategy for online voting has been used to take advantage of the web
developments that have taken place using open source languages such as xml and http
to create large scale voting websites through web services. This allows voters to vote
on an international level although the security issues are much greater than traditional

7
 Initial Report

voting systems, but the benefits could out way the drawbacks using xml and EML
(Oasis open source consortium).

2 Problem Areas
Delays?
Documentation for the previous java prototype could not be obtained upon request
because the documentation had been misplaced so it was decided to visually inspect
the prototype in isolation of documentation and was forced to make realistic
assumptions.

The design was not started until there was enough understanding of the scope which
was required to fulfil the project requirements, so that took much longer than
expected.

The requirements analysis at the present time has not been undertook with much
consideration to the client requirements and it was found difficult to identify smart
requirements as it did not feel as if any interest was being taken in the project by the
supervisor. Thus, the requirements have not been fully completed.

Unable to get hold of…?

At present the network of resources and personnel have recently been good and as
such there is no one that cannot be contacted through the correct channels. It is a
matter of time management and openness from me to become clear in the goals that
need to be achieved.

Refer to schedule in appendix B

3 Key Work during the Next Period

Open source voting systems have been a new development in the current year and
with the Microsoft .net material that is being taught in the course there is a strong
initiative to develop an open source system using XML and open source database.
This will be a very interesting route to online voting as it has not been considered
before.

There will need to be time set aside to search for open source cryptography APIs and
ensure blind signatures are in place to allow anonymity of users.

There will need to be an API that shuffles the encrypted voter so that it can be
decrypted by another server and the candidate that was voted for identified, but no
relation must exist of the voter to the candidate.

Identify how voters with disabilities can vote including physically blind voters.
Set up the marketing aspects of the project which includes the candidate websites.

8
 Initial Report

Set up the login registration for the voter and authenticate the voter registration
verification procedure using key encryption techniques.

Provide the voter with interactive information about candidate details and up to date
news feeds. News feeds are optional.

Refer to schedule in appendix B

9
 Initial Report

Appendix A
Literature Review
[Approx 3,000 words]

Background

This literature review will discuss issues surrounding security techniques that will be
the main focus throughout the development of the online voting process. It will
describe the work that was gathered on the specific area of research and also assess
the validity and depth of this research.

Problem identification

"In the election industry today, there are many different election systems and a wide
variety of components used for many different functions, so the need for easier
integration of different system components has never been greater"
Dr. Ron Rivest, E-Vote: Election Markup Language 5.0 Approved as OASIS
Standard, Jan 29, 2008, News Report

Voting systems are many and undefined. Important improvements to online voting
had been introduced since the early years of the internet, given the rapid speeds at
which the internet was growing, it was apparent that it would be a place for businesses
to trade goods on a global scale with security of transactions being the main factor for
its use.

It became increasingly beneficial with the advancements in internet security

introduced by R. Rivest, to enable emails to be sent over the internet in an encrypted
form.

Key Research areas

The area in which the research will be conducted will investigate the techniques and
approaches used to design a successful online voting system that operates over the
internet, and to ascertain the most effective online voting design development process.
It will explore cryptographic techniques related to the issues concerned with security
of voter information, to ensure voter confidence in online voting and voter secrecy.

Introduction to Cryptography

The areas that will be explored are those concerned with cryptographic principles and
processes. This will support the design decisions when recommending security
protocols, voter verification and candidate visibility to ensure ease of use prior to
voting. Also when determining the technological tools and software that will be in
effect, when developing the web content.

10
 Initial Report

It will also investigate and explore the relationship of voters and their machines,
aiming to understand the benefits of online voting with the perception of the voter
commitment from remote area. Other research will assess work relating to project
management and the approaches used in organising, managing and implementing a
successful software engineering project.

Cryptographic algorithms for Voter Security

The general encryption protocols that were identified in almost all forms of
technological voting systems were 4 broad protocols:

RSA

To use blind signature and encryption methods to ensure that public keys cannot be
identified with the corresponding private key due to the use of the blind signature
method. R. Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital
Signature and Public Key Cryptosystems, Comm. of ACM, 21 (1978), pp. 120-126.

Mix Networks

to exploit anonymous channels to ensure the voter is anonymous D. Chaum,

“Untraceable Electronic Mail, Return Address and Digital Pseudonyms,” Comm.
ACM, vol. 24, no. 2, 1981, pp. 84-88.

Visual Cryptography

to present a receipt of voting to the voter as proposed by M. Naor and A. Shamir,

“Visual Cryptography,” Advances in Cryptology, Eurocrypt 94, Springer, vol. 950,
1995, pp. 1–12

Identity Based Encryption Systems

Introduced secure certificate handling for emails.

B. Shamir, \Identity-based cryptosystems and signature schemes", in Advances
in Cryptology{ Crypto '84, Lecture Notes in Computer Science, Vol. 196,
Springer-Verlag, pp. 47{53, 1984.

Recent work

J. Camenisch, M. Kohlweiss, A. Rial, and C. Sheedy. Blind and Anonymous Identity-

Based Encryption and Authorised Private Searches on Public Key Encrypted Data. In
Public Key Cryptography-Pkc 2009: 12th International Conference on Practice
and Theory in Public Key Cryptography Irvine, Ca, USA, March 18-20, 2009
Proceedings, page 196.Springer, 2009

11
 Initial Report

And

M. Green and S. Hohenberger. Blind identity-based encryption and simulatable

oblivious transfer. In ASIACRYPT, pages 265–282, 2007.

Homomorphic Encryption

to decrypt votes using shared keys J. Benaloh and D. Tuinstra, “Receipt-Free Secret-
Ballot Elections,” Proc. 26th Ann. ACM Symp. Theory of Computing, 1994, ACM
Press, pp. 544–553.

Pre-encrypted Ballots

There is another voting system scheme that is very different to the ones mentioned
above which has very recently been developed called pre-encrypted ballot, where the
voter enters the voting code that corresponds to a specific candidate. V. Morales-
Rocha, M. Soriano, J. Puiggali, “New Voter Verification scheme using pre-encrypted
ballots”, Computer Communications 32 (2009) 1219-1227. This method is found to
be difficult to understand and use by users but it is eventually accepted.

Technology has been used to automate every aspect of daily life including tax
assessments, national security intelligence, opinion polls, and assistive technologies
for CCTV operations.

All of these voting methods have been modified and many innovative
implementations of each of them have been developed in an attempt to produce a
flawless electronic voting system that could become the standard for global use, but
that has not been the case due to the vast security breaches that can take place.

Security for voting systems is generally based on blind signature that was developed
by David Chaum in his conference report in 82. This is the basis on which current
research is conducted using the now established method of blind signatures and recent
development in areas of online voting such as ease of use and HCI aspects that have
also been researched to allow easy integration of voting technologies.

Since Chaum’s original paper in 82 he has further developed his proposals and has
been pioneering his ideas in 2004, 2005 up to 2008 papers. This indicates that the
matter of security has not yet been resolved in online votes since Chaum is still
carrying out research in this area of interest. The latest technologies that were
identified in all forms of technological voting systems were 3 broad technologies:

In chaum’s work it is seen that attempts were made to ensure voter verification checks
were achieved to allow openness of electronic voting, by issuing voter receipts per
voter, but it is achieved by not fully incorporating the aspect of coercion.

In the UK there has been a great deal of interest in online voting and various pilot
schemes for online voting systems have been developed by Accenture, which were
successful in proving that online voting would be a success if it went perfectly. (May

12
 Initial Report

2007 electoral modernisation pilots and statutory orders - Ministry of Justice

(2007)).The test was aimed at the functionality of online voting and not the targeting
the core problems of security and hacking of systems. The results found that serious
security risks were breached and in the current state of technological advancements
the scheme was not to be perused any further (The Government’s response to the
Electoral Commission’s recommendations on the May 2007 electoral pilot schemes)
unless the architecture of the internet was improved.

Clearly this shows that the UK government and the US were taking a serious look at
online voting to improve voter security and to produce rapid results.

A recently new strategy for online voting has been used to take advantage of the web
developments that have taken place using open source languages such as xml and http
to create large scale voting websites through web services. This allows voters to vote
on an international level although the security issues are much greater than traditional
voting systems, but the benefits could out way the drawbacks using xml and EML
(Oasis open source consortium).

13
 Initial Report

Appendix B
Revised Project Schedule

14