Professional Documents
Culture Documents
EXECUTIVE SUMMARY
eVoting is considered to be one of the most challenging domains of modern eGovernment and one of the main
vehicles for increasing eParticipation among citizens. One of the main obstacles for its wide adoptionis the
reluctance of citizens to participate in electronic voting procedures. This reluctance can be partially attributed
to the low penetration of technology among citizens. However, the main reason behind this reluctance is the
lack of trust which stems from the belief of citizens that systems implementing an eVoting process will violate
their privacy. The departure point of this approach is that the emergence of such a belief can be consider-
ably facilitated by designing and building systems in a way that evidence about the system’s properties is
produced during the design process. In this way, the designers can demonstrate the respect in privacy using
this evidence that can be understood and checked by the specialist and the informed layman. These tools
and models should provide sufficient evidence that the target system handles privacy concerns and require-
ments that can remove enough of the fears towards eVoting. This paper presents the efforts of the authors‘
organization, the Computer Technology Institute and Press “Diophantus” (CTI), towards the design and
implementation of an eVoting system, called PNYKA, with demonstrable security properties. This system was
based on a trust-centered engineering approach for building general security critical systems. The authors‘
approach is pragmatic rather than theoretical in that it sidesteps the controversy that besets the nature of
trust in information systems and starts with a working definition of trust as people’s positive attitude towards
a system that transparently and demonstrably performs its operations, respecting their privacy. The authors
also discuss the social side of eVoting, i.e. how one can help boost its acceptance by large social groups tar-
geting the whole population of the country. The authors view eVoting as an innovation that must be diffused
to a population and then employ a theoretical model that studies diffusion of innovation in social network,
delineating structural properties of the network that help diffuse the innovation fast. Furthermore, the authors
explain how CTI’s current situation empowers CTI to realize its vision to implement a privacy preserving,
discussion and public consultation forum in Greece. This forum will link, together, all Greek educational
institutes in order to provide a privacy preserving discussion and opinion gathering tool useful in decision
making within the Greek educational system.
Keywords: Cryptographic Protocol, eVoting, Privacy, Risk Assessment, Security Architecture, Trust
DOI: 10.4018/jcit.2013040101
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
2 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 3
recently introduced as a complementary channel 10, October 2004.). However, eVoting, despite
for elections and referenda, with great success. the critique it has attracted, seems to be, still, a
One of the reasons might be that remote voting hot discussion issue and, possibly, a worldwide
was largely practiced through postal voting for reality in the future. Thus, any successful eVot-
many years. The introduction of Internet voting ing system should target at increasing citizen’s
came as an alternative and easier way to vote trust. Trust, however, is difficult to establish in
remotely and thus was rapidly accepted. In the eVoting domain since eVoting is necessar-
2005, Estonia carried out the first Nation Wide ily based on complex distributed information
online elections in the EU. It was the result of systems, involving complicated interactions
a bold political decision rather than a natural between computers, between humans, and
evolution as it came to be in Switzerland, but between humans and computers. A very inter-
it placed Estonia on the forefront of the eVot- esting recent survey was conducted by Beldad,
ing efforts in Europe. This, perhaps, would not et al. 2010, in relation to trust in e-services in
have been possible if the government had not several domains (eCommerce, eHealth, and
already implemented an advanced IT Strategy eGovernment) in order to discover what online
and a Nation Wide Digital ID scheme. In both elements increase the trust of people towards
cases, some basic conditions were met to allow these services. Many of their observations apply
for the fruitful deployment of such initiatives, also to the eVoting domain.
both in terms of the necessary infrastructures, In view of the considerations discussed
institutional measures and government policies above, our institute undertook the development
employed to support large scale deployment of an eVoting system based on formal methods of
of eVoting projects. Recent efforts to imple- risk assessment and management so as to handle
ment eVoting solutions in Greece, face in that systematically, from the initial system design
respect many challenges, such as the lack of phases, all the critical and sensitive requirements
a specific institutional framework that sup- of such a system. Such requirements include
ports the deployment of eVote applications at user confidence, system security, efficiency,
large scale (e.g. a national PKI Infrastructure) extensibility and the ability of re-using its
or the low ICT and Internet penetration rates components in other similar applications. This
(around 25%) and the resulting digital divide framework would focus on boosting potential
and “digital culture gap”. On top of these the users’ confidence towards the system and would
general lack of trust in ICTs and the Internet as cover the whole range of applications within
a safe medium to conduct secure transactions, the eVoting domain. Another successful effort
further hinders these efforts. This lack of trust taken previously by members of our institute
is clearly identified as a cause for the lack of is described in Bouras et al. (2003) which,
take-up of online purchases and online banking. however, was not accompanied by a publicly
It is apparent that voting is a fundamental available formal risk and security analysis and
process in any democratic system. Any effort relied on different cryptographic primitives.
to migrate from the conventional and long More specifically, our goals were the fol-
established voting procedures to an electronic lowing: (a) the design and implementation of
voting system is thus very seriously affected an electronic voting information system that
by this lack of trust in ICTs and the Internet. would be capable of supporting simple opinion
Moreover, the abundance of cases of misconduct polling procedure as well as national elections,
in electronic voting has resulted in severe de- (b) the application of formal design methods so
crease of trust among citizens (Gritzalis, 2003, that assurance would be, dynamically, built with
Mason, 2004, and The problems and potentials respect to keeping all important system require-
of voting systems, Communications of the ments, (c) the design of the system components
ACM, Special Issue on eVoting, Vol. 47, Iss. in such a way that they would be reusable, as
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
4 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 5
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
6 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 7
3.3. System Architecture of the Bouncy Castle Java crypto library (http://
and Components www.bouncycastle.org/), Open VPN (http://
openvpn.net/), OpenCA tool for building PKIs
In this section we will provide a high level view (http://www.openca.org/), and the use of the
of the architecture of the eVoting system that is PostgreSQL (http://www.postgresql.org/) data
based on the approach outlined in Section 4.2. base. This ensures that the system’s software
In Figure 2(a) we see the overall system’s can be independently audited and verified by
architecture. It consists of a number of local any interested third party (government agen-
Election Authorities (local EAs), which control cies, expert groups, researchers, industry etc.).
the election process at a local (e.g. municipal-
ity) level, a central Election Authority, which 3.4. The Cryptographic
controls all the local EAs and verifies their Voting Protocol
operation, a VPN over the Internet that handles
the communication among the EAs and the At the heart of the system lies a strong crypto-
clients, which are the computers accepting the graphic protocol given by Smith (2005). The
votes. In the same figure, there also appear the protocol employed in our system is based on
entities that may attempt interference with the strong cryptographic primitives, including zero-
system since, by taking the worst case scenario, knowledge proofs that, essentially, provide the
we assume their existence and their will to at- guarantees (without violating the vote secrecy
tempt disruption of normal operation. requirement) that votes are correctly received
In Figure 2(b) the components of an EA and included in the voting outcome. The pro-
are shown. Each EA implements, at its core, the tocol uses ElGamal homomorphic encryption
eVoting protocol described by Smith (2005), and it is based on multiparty computations and
which has guaranteed strong cryptographic threshold cryptography, involving mutually dis-
properties. The components of an EA are the trusting agents, called keyholders, who control
following (most of which directly dictated by the voting process.
the protocol): the registrar, which is responsible The ElGamal encryption function is de-
for checking the voter’s eligibility through a scribed in detail in many sources and, thus, we
connection to a database server containing the will not provide its details here (see, e.g., Len-
id’s of eligible voters, the voting server, which stra & Lenstra, 1990). We will, however, em-
accumulates and verifies the votes sent by the phasize one of its features that make this func-
clients over the VPN, the key holders, which tion attractive for cryptographic purposes: the
cooperatively provide the critical vote encryp- fact that it is homomorphic. A function M (x )
tion key, the tallier, which sums the votes and is called homomorphic, with respect to opera-
provides the election total, the bulletin board tion “ ”, if the following property holds:
manager, which makes publicly available proofs
that all votes are taken into account unchanged, M (x 1 x 2 ) = M (x 1 ) M (x 2 )
the loggers, which store critical information
about the election process, and the auditors
which use the information stored by the loggers From this definition, it easily follows (induc-
in order to provide publicly verifiable proof tively) that for any number of n > 2 arguments
of correctness of the election process. Finally, it holds:
there is the system administration block that is
responsible for the configuration, initialization E (x 1 x 2 x n ) = E (x 1 ) E (x 2 ) E (x n )
and coordination of all the other blocks.
With regard to the implementation choices,
we have adopted the use of as many free and For the purposes of eVoting, let us assume that
open source libraries as possible. Our choices x 1, x 2 , , x n are the votes cast during a voting
include the Java programming language, the use
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
8 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Figure 2. (a) The distributed architecture of the eVoting system (b) The EA block
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 9
running on the same computer as the eVoting in order to increase the transparency of the
system modules, (iii) the risks associated with implementation process of the eVoting system
the network components (e.g. malfunctioning leading, thus, in its wider system acceptance
routers), (iv) the physical threats to the system by technical and non-technical people alike.
infrastructure (e.g. broken communication Moreover, this documentation provides a view
lines or damage to the servers due to flooding of the system visible by the public, in contrast
in the building). with most “closed-design” commercial eVot-
The main risk analysis steps were carried ing systems.
out with the CORAS risk analysis methodology As for the eVoting protocol that is em-
and are presented in the following subsections. ployed, it is based on strong cryptographic
CORAS is a risk analysis framework (see Figure primitives, including zero-knowledge proofs.
3) that permeates the design process in all the These proofs, essentially, provide the guarantees
layers described above and aims at the precise, (without violating the vote secrecy requirement)
unambiguous, and efficient risk assessment of that votes are correctly received and included
general security critical systems, during their in the voting outcome. The protocol is based
design, implementation and operation phases. on multiparty computations and threshold
The framework focuses on the integration of cryptography, involving mutually distrusting
viewpoint-oriented UML-like modeling in the agents who control the voting process. The
risk assessment process. The integration of this interested reader may consult Smith (2005)
state-of-the-art modeling technology in the risk for the technical details and proofs of security
assessment process, referred to as model-based of the protocol.
risk assessment, is motivated by the need for With regard to our eVoting project status, it
cost reductions, efficiency improvement and is in the detailed design phase. The architectural
improved quality of risk assessment results. To design and the first steps of the CORAS meth-
achieve its goals, CORAS has four major anchor odology have been accomplished in conjunction
points: (1) a risk documentation framework with the system decomposition into the layers
based on the Reference Model for Open Distrib- of trust, currently focusing on the scientific
uted Processing (RM-ODP) (Putnam, 2000), (2) soundness layer (eVoting specific protocol).
a risk management process based on AS/NZS
4360 (Australian Standard: Risk Management, 3.5.1. Context Identification
AS/NZS 4360:1999, Strathfield: Standards
Australia.), (3) an integrated risk management This step involves a detailed description of the
and system development process based on the target system (application scenarios, assets, data
Unified Process (UP) (Krutchten, 1999) and (4) flows etc.) using the UML modeling language.
a platform for tool-integration based on XML The description uses various different types
(Grose et al., 2002). CORAS is a careful integra- of UML diagrams, depicting different system
tion of techniques and templates of risk analysis aspects. The aim is to gain a good understand-
methods, including failure modes, effects and ing of the system and document it using intui-
criticality analysis (FMEA/FMECA – Bouti & tive visual means. The diagrams that we used
Kadi, 1994), fault tree analysis (FTA), Hazard include Use case diagrams that show system
and operability analysis (HaZOP) (Kletz, 1999), functionality, Activity Diagrams that describe
Cause Consequence Analysis (CCA – Barber workflows, Time Sequence Diagrams that de-
& Davey, 1992), Markov analysis (e.g. Siu, scribe the exchange of data among stakeholders
1994), CRAMM (Barber & Davey, 1992) etc. over different time instances. System assets were
In addition, CORAS can produce detailed also evaluated with respect to their criticality. A
system documentation and a system security sample of the diagrams that were used during
policy based on the outputs of the tools that it the design phase of the system appears in Figure
employs. This documentation can be publicized 4, Figure 5, Figure 6, Figure 7, and Figure 8.
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
10 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
3.5.2. Risk Identification For the most critical threats among the
ones identified, a Fault Tree Analysis was
This step aims at the identification and documen- performed (using the ITEM Toolkit software,
tation of the threats that the system faces, using http://www.itemuk.com/) to identify events that
appropriate Threat Diagrams. A HazOp analysis cause the identified threats. Two examples of
is performed to provide a first level assessment the diagrams produced by this step are shown
of threats and propose initial countermeasures. in Tables 3 and 4.
As an example of the application of CO- This formal risk analysis process can be
RAS in the design phase, Table 1 summarizes complemented by error discovery methodolo-
the security critical assets we were identified gies such as the probabilistic approach proposed
using HAZOP. by Bradley, 2006, in which a Markov chain
In Table 2 we show a small fragment from based model is applied to the uncovering of
the HAZOP results which is focused on the ran- errors in the eVoting domain.
dom generation of the keys by the key generation
agents, called the key holders in the protocol 3.5.3. Risk Analysis
in Smith (2005). According to the protocol,
these keys are multiplied together in order to This step aims at estimating the risks that are
form the key that will be used for encrypting caused by the threats identified in the previous
the votes. This key is not known by the entities, step. At first, we defined the levels of scale of
who only know their own keys. Compromising the various measures that are used in the risk
the election key requires collaboration among analysis (i.e. likelihood of event occurrence,
all involved parties, which is highly unlikely consequence and risk). Then, we estimated the
since they most often have conflicting interests. amount of risk (quantitatively or qualitatively
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 11
using Fault Tree Analysis). Tables 5 and 6 are categorization. Specific countermeasures are
parts of the full tables compiled during our proposed for each risk, with emphasis on ex-
analysis. treme risks. In Table 8 an excerpt of the risk
treatment table is shown with some security
3.5.4. Risk Evaluation risks and the proposed treatment.
After the application of the CORAS
This step aims at the evaluation of system framework on the eVoting system, the follow-
risk, based on the previous analysis and the ing conclusions were reached: (1) In general,
risk levels defined. The evaluation results are the adopted voting protocol, as well as many
presented in the risk categorization matrix, as of the engineering decisions made during the
shown in Table 7. design of the system, proved to be reasonable
The numbers appearing on Table 7 corre- choices since they addressed satisfactorily all
spond to the risks (risk IDs) that were identified the potential threats discovered through the
and analyzed in the previous steps. The risks application of CORAS. The protocol employs
were classified from acceptable (white area) to threshold cryptography, suitably time-stamped
extreme (dark gray area). For instance, risk No multiple votes, use of Zero Knowledge Proofs
42 corresponds to “Multiple votes do not arrive for validating the encrypted votes etc. (2) The
in the same sequence they were submitted” (the analysis indicated aspects of the initial design
protocol allows multiple votes but only the one that were, subsequently, further enhanced (e.g.
most recently submitted is taken into account). web access vs. client server access, SSL vs. VPN
This risk is considered to be extreme, since it between the voter and the Election Authority,
has high occurrence likelihood and catastrophic etc.). Moreover, the analysis revealed the need
consequences. for emphasis on certain design choices, such
as the user interface, the clear communication
3.5.5. Risk Treatment
between the voter and EA through precise mes-
This last step of the methodology involves deci- sages, reasonable time intervals between two
sions to be taken about prioritizing and treating subsequent votes etc. (3) The need for extensive
the identified risks, based on the aforementioned checking for faults emerged, e.g. by a body
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
12 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 13
Figure 7. Time sequence diagram: Decryption/Calculation of voting results (see steps in the
Appendix)
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
14 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 15
of external auditors who should have at their was made apparent, in order to avoid malicious
disposal all the details of the system (including intervention with the proper system operation.
the source code and configuration information The analysis prompted us to take measures such
of all system components). Also, some elements as the use of secure USB tokens or smart cards,
were identified which were crucial for the for critical data storage such as the secret shares
overall system security which should receive of the global key.
special attention: use of certified servers for It should be noted that, before the system
time-stamping and cryptographically strong is ever used in order to conduct a real, critical
random number generators, cross-validation election process, the risk analysis process should
among different communication modules etc. be performed at a finer and deeper detail taking
(4) The need for taking physical and organiza- into account, also, and the infrastructure hosting
tional measures, apart from the technical ones, the eVoting system.
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
16 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
In summary, due to the precautions taken dur- • General/Universal: Any legal voter
ing the design, implementation, and installation should be allowed to cast his/her vote. This
phases, as well as due to the secure eVoting implies that any electronic voting system
protocol employed (see Appendix) the PNYKA
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 17
Effects
Failure
ID Function/Entity System Causes Consequences
Mode Local
Wide
The config file is
not properly
The size
updated by
parameter is The public
system Voting process
1 GenerateElGamalParameters(size) not available parameters may
administrator. may not start.
in the system not be created
Access to config
config file
file/database is
not possible.
The Bulletin
Board is not System Connection to
Voting process
2 Publish(ElGamalParameters) updated with initialization is database is not
may not start.
the public not possible possible.
parameters
should enhance the possibilities for a voter themselves in the Election center due,
to participate in an election, if he/she is e.g., to illness) to cast their votes using the
entitled to vote. In addition, an electronic system’s facilities;
voting system should complement, and not • Equal: All legal voters are entitled to
replace, the traditional voting procedures vote only once and their votes contribute
and/or existing IT systems supporting equally to the determination of the final
these procedures. This, for instance, allows voting result. This places an equal weight
people not trusting the electronic voting for each vote when included in the final
system to cast their votes in the traditional tallying process. The protocol implemented
Electoral centers using the existing election in our system (Smith’s protocol) first uses
procedures while allowing people trusting an authentication process based on OpenCA
the system (or people who cannot present (i.e. a PKI infrastructure) in order to as-
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
18 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Treatment Options -
Risk ID Description Risk Level
Measures
Risk with Regard to Partial Keys Disclosure or Non-Availability
The disclosure of partial
keys would be
catastrophic, as it would
Disclosure of some of Ki
2 Extreme allow the decryption of
by their keyholders
individual votes and the
final result by
unauthorized parties
Threshold cryptography
techniques are used as
a countermeasure. Such
techniques require for at
least t out of n
keyholders to collaborate
in order to initiate the
elections. Moreover clash
of interests among the
Some of the Ki are not
5 Extreme keyholders
available
discourage potential
malicious coalitions.
For ultimate security we
suggest that t = n which
implies that all keyholders
would need to form a
malicious coalition in
order to affect the
elections.
Risks with regard to votes submission order (they follow but not shown here for brevity)
certain that the voter is entitled to vote. In encrypts his/her vote using the ElGamal
addition, a (PKI certified, Network Time encryption scheme (which is randomized
Protocol – NTP) timestamp is used on the and, thus, precludes the extraction of
votes so as to allow multiple votes per information about the plaintext from the
voter (in order to avoid coercion – see the ciphertext) and the election key (which is
Freeness requirement below) while taking produced using n-out-of-n threshold cryp-
into account for the tallying only the most tography by a number of key shares kept
recent vote; secretly by a group of mutually distrusting
• Secret: No way should exist that allows the keyholders – e.g. representatives of the
establishment of a link between a voter and candidates). Thus the vote is submitted
his/her vote. This requirement safeguards in an encrypted form and remains forever
against two important issues: a) The dis- secret, unless all keyholders collude (which
closure of the preferences of voters, and b) is unlikely). Then the Election Authority
Vote selling. In the protocol implemented reencrypts the encrypted process using the
in our system (Smith’s protocol) there is homomorphic property of the ElGamal
a double-encryption process for satisfying scheme. This reencryption prevents the
the secrecy requirement. First the voter voter from selling his/her vote by unen-
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 19
crypting his encrypted vote to some vote handicapped people who are not in position
buyer. This double encryption process to present themselves at the election center.
is accompanied by two zero-knowledge The traditional means for facilitating this
proofs: one from the voter, in order to prove “distant” voting is to allow voters to cast
the validity of the vote (this is important their votes through the post-office, in a
in homomorphic-function based elections, specially designed and certified envelope.
contrary to the ones based on mixnets) and Not all countries, however, have constitu-
one from the Election Authority (which is tional provisions for supporting this kind
designated verifier, able to persuade the of voting. Our system supports Internet
particular voter and not some, e.g., vote based voting and, thus, fully supports
buyer) that the vote was re-encrypted this requirement by allowing anyone to
without alterations. Moreover, the protocol vote from wherever he/she happens to be
allows the tallying of the votes without at the election day. Thus, our system can
decrypting them, due to the homomorphic securely replace envelope ballots and, thus,
property of the ElGamal scheme; allow distant voting without the security
• Direct: The election results are determined and ease-of-use issues inherent in the use
only by the votes cast by the voters and by of these ballots (e.g. envelop loss, ballot
no other means. This implies that the final stains etc.).
election result should depend only on the
preferences of the voters and not on some, In support towards the fulfillment of all
for instance, complex procedure that at- the above requirements, we have installed the
tempts to “interpret” these preferences. Our Intrusion Detection System (IDS) HELENA
system, by design, simply adds the votes, that was developed as an open source product
homomorphically in encrypted form, and by the security research group of our institute.
produces a result that only contains the This system is able to monitor any designated
sums of votes received by each candidate of server, subnet, or local network and determine
the election. The tallying process precludes whether some suspicious event is taking, which
any form of interference in producing the be a signal for an ongoing attack effort. This IDS
final result; is able to send timely messages to a designated
• Free: Voters cast their votes freely, without console monitored by a security specialist so as
being subjected to external pressure and co- to judge whether the information provides by
ercion. Our system allows voters to vote as the IDS is sufficient to trigger an attack alarm
many times as they wish, with only the most which, in turn, will be evaluated by the elec-
recent (according to a certified timestamp tion officers in order to authorize appropriate
appended to all votes) taken into account in countermeasures (e.g. shutting-down some
the determination of the election result. In server or redirecting traffic).
this way, the voter is given several chances
to vote and, thus, evade efforts for coercion
(e.g. by pretending to follow the coercer’s 4. WHY BROAD ADOPTION OF
“advice” when the coercer is present and EVOTING HAS BEEN SLOW?
then voting, again, later after the coercer
has stopped prying on the voter); In the previous section we attempted to give
• Personal: Voters should be facilitated an idea of the magnitude of effort we went
in casting their votes regardless of their through in order to ascertain that the final eVot-
physical condition of place of residence. ing platform is, and also, appears secure to the
This is important, for instance, for people users. One may argue that the technological
living abroad who wish to cast their votes advances in software and hardware today are
but without traveling to their country or for impressive. Consequently, any security threat,
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
20 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
such as the ones our team dealt with during the 3. In field user assessment: After the end
design and the implementation of the PNYKA of the voting process, users/voters should
system, can be tackled, at a satisfactory level, be motivated to assess the system and
with the appropriate amount of care and effort. the whole procedure, in terms of various
aspects: user-friendliness, efficiency, per-
4.1. The Role of Trust as the ceived trust, etc. This feedback should be
Cornerstone in Adopting taken seriously into account for improving
and Diffusing Innovations the system and the organization of the
voting procedure, for further applications.
The application of IT security primitives and Apart from the in-field assessment process,
protocols as well as technologies lies at the heart users should receive later another assess-
of a reasonable eVoting implementation and ment form that the system stakeholders
deployment approach. While strong IT security should design so as to take into consid-
is a necessary condition for successful eVoting eration the in-field assessment process
systems, as described in the previous sections, as well as the fact that the users have had
it is by no means (unfortunately) sufficient. In some time at their disposal to think about
what follows we present the components of a the whole election process (off-line user
step-wise, trust-driven approach towards the assessment);
adoption of eVoting by people. The approach 4. Organize pre- and post- application
involves all stakeholders (see Figure 1 and information campaigns: Information
Figure 4) at the same time and is targeted at campaign before an eVoting event improves
convincing them of the usefulness and security stakeholders’ understanding of the system’s
of using the eVoting system. capabilities and operation as well as use,
The principal axes of the approach are the while information days after the eVoting
following: event help stakeholder understand each
other’s views and propose improvements
1. Proven technological excellence for the on the operation and usability of the system.
system components: The system should These information days should include
use strong technological tools and computer technical people, voters, legislation of-
science primitives, preferably scientifically ficials, social scientists etc.
proven and standard-based. This ensures
the sound operation of the system and its 4.2. The Role of Social
robustness against potential attacks. This Interactions in Adopting
aspect, though not easy to address, may be and Diffusing Innovations:
approached using the latest technological Closely-Knit Social Groups
advances, especially in the field of security;
2. Use of open source software technologies As we have said, the lack of trust has been the
and publicly available information: Sys- main obstacle in the broad adoption of eVoting
tem development and operation should be technologies. What if we make the assumption
based on open source technologies to allow that this lack is removed, in some way, and indi-
independence from existing vendors and viduals are neither positive nor negative towards
increase transparency (Neumann, 2004). eVoting? How could one plan the introduction
The system should be open to scrutiny of eVoting in a country so as to attain adoption
by experts and auditors. An open call for by as many citizens as possible?
attacks before productive operation is Our intuition was that the best way to intro-
also useful, with an aim to prove system’s duce the PNYKA system to the public, was to
robustness and attract citizens’ trust; target, initially, small groups of closely related
individuals which would, gradually, increase in
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 21
size and population coverage. It appeared to us the fraction). Thus, we have an interplay be-
futile to attempt to introduce an eVoting system tween two parameters in a way that keeps their
abruptly to the whole population of a country ratio at least r . In other words, we require, at
or even the citizens of a large city of a country. the same time, strong internal relationships and
Although we have not had the opportunity weak outside relationships.
to test this intuition in practice (a thing which It was shown in Young (2003) that for
we plan to do in the near future) we nevertheless social relationship graphs, which in our case
came across a theoretical result that appears to model some kind of acquaintance or daily in-
be applicable to support this intuition. This result teraction, which are r − close-knitted for some
was stated and proved in Young (2003) in the r , innovations spread fast, where by “fast” we
context of diffusion of innovations in popula- mean that the time taken for all community
tions. In our context, we have an innovation, members to adopt the innovation is bounded,
eVoting and the system that realizes it, and the independently of how large the communities
goal is to diffuse it in as many people as possible. are. In other words, if community members
There seems to be a similarity between the two have strong links among them and are affected
contexts that leads us to consider that it may by relatively few links to outsiders who are
be possible to draw conclusions for our context neutral towards an innovation accepted by the
drawing on the theoretical study conducted in community, then soon they will manage to
young (2003). To this end, in what follows we convert all population members into accepting
will briefly discuss the results given in that the innovation. A similar notion of “group
work and put them in perspective within our coherence” is the r-cohesiveness property. We
context, i.e. spreading eVoting to large country say that a set of individuals S is r − cohesive
populations. if every member of the set has at least r if its
Central to the ideas and the results given interactions with other members of the set. We
in Young (2003) is the concept of close-knitted observe that this property is weaker than the
sets of individuals. We assume that we deal property of close-knittedness since a r − close-
of sets of individuals who relate to each other knitted set is r − cohesive while the opposite
in some way, e.g. through their work, school, is not necessarily true. As it turns out, r −
professional interactions etc. Given a set of cohesiveness is not sufficient to guarantee fast
such individuals, the close-knittedness property spread of innovations in corresponding graphs.
quantifies how closely related they individuals In view of this result, our belief is that eVot-
of the set are relative (and this is important) ing has failed to gain much popularity in the
to their total relationships (this includes all various countries that it has been introduced (as
individuals, not only the ones in the given set). seen in isolation of the trust) because attempts
We say that a set of individuals is r − to introduce it were rather abrupt and targeted
close-knitted if the following condition holds: very large, virtually unrelated groups of indi-
viduals, even whole country populations. In
d (S ′, S ) other words, eVoting was introduced to groups
min ≥r of individuals that were not close-knitted and it
S ′⊆S
∑ i ∈s ′
di was, thus, difficult or impossible to adopt and
further diffuse the eVoting innovation. Putting
this observation in perspective, we believe that
Observe that by this condition not only do
eVoting has better chances of being diffused to
we require strong connectivity (i.e. many con-
large populations of individuals through a step-
nections) among individuals belonging to the
wise, gradual process that targets larger and
set (as reflected by the numerator of the frac-
larger sets of individuals that are close knitted.
tion) but we, also, require few outgoing con-
For instance, an eVoting system should
nections (as reflected by the denominator of
be applied, first, in closely related groups of
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
22 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
individuals in simple eVoting scenarios (e.g. We believe that following the “gradual
expression of opinion, polling etc.) and then introduction” approach outlined above, eventu-
applied to slowly increasing populations with ally eVoting will be adopted (as we believe) by
voting scenarios of increasing criticality and the majority of citizens in a country, something
complexity (e.g. election process in scientific which could not be achieved (and has not been
interest groups, elections in societies and or- achieved, as witness by documented cases of
ganizations, local elections for representatives, eVoting failures) if one attempted to diffuse, all
and finally to national elections). This gradual at once, eVoting technology to the whole popu-
adoption effort has a number of positive side lation of a country (say, by law enforcement).
effects too: first of all, it allows for thorough,
in-field evaluation of the system, using in-
creasingly more complex eVoting scenarios. 5. BEYOND EVOTING:
In addition, time is given to stakeholders to CURRENT CHALLENGES/
develop opinions and views about the system PROBLEMS FACING
that will contribute to its improvements in order THE ORGANIZATION
to face a more demanding eVoting procedure.
In this section we present CTI’s vision in shaping
This is exactly the approach that we followed,
the present and the future of the eParticipation
after the system was implemented and tested,
domain in Greece. CTI is in the fortunate posi-
in order to assess its appeal to users and try to
tion of combining two major ingredients, which
diffuse it to the Greek society. We would use a
are of considerable importance in realizing its
pilot operation in an election process in a small,
vision: it administers the Greek School Network
carefully selected group, as a vehicle towards a
and participates in a prominent European proj-
gradual introduction of the system to election
ect, called ABC4Trust, whose aim is to provide
scenarios of a larger scale. We engaged 200
a technical and legal framework for user-centric,
of the members of the Western sector of the
eIdentity management. We will, first, describe
Technical Chamber of Greece. This small group
briefly the Greek School Network, then the
was selected due to the easiness of conducting
ABC4Trust project and, finally, how these two
its members and the fact that, being engineers
elements combined can boost CTI’s role in the
themselves, they could, beyond voting, look at
eParticipation domain.
the security evidence produced as described in
Section 4, and pinpoint technical issues with the 5.1. ABCs and the
system. In addition, the Technical Chamber is ABC4Trust Project
interested in automating its voting procedures
and, thus, it was a good target for the system 5.1.1. Basic Concepts
trials. The overall impression was positive
and the feedback received is already under Attribute Based Credentials, or ABCs for short,
consideration for further improvements and can be viewed as a set of cryptographic protocols
enhancements of the system. Our goal, now, is which specify a user-controllable framework for
to enhance the PNYKA system so as to address defining and managing credential sets. These
our goals as they are stated in Section 6.2 and credential sets may be required for interac-
go to progressively larger groups of voters in tions with service providers (either private or
order to establish trust among as many people governmental) in order to access personalized
as possible. These people in turn, based on the services that require access only to a subset of the
theory of innovation diffusion outlined above, users’ credentials. Such services include simple
would help to further spread the word that the preferences management for e-commerce (e.g.
system can be trusted to even more people. book reading preferences), convincing of one’s
eligibility (e.g. age or occupation) in order to
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 23
access public information, and allowing govern- based on different number-theoretic problems
ment agencies access personal information that and also differ somewhat in the functionality
may reside in several other government agencies that they offer. There are two leading anonymous
(e.g. health information). The proposed creden- credentials systems: Idemix of IBM and U-
tial sets may include, except from assertions Prove of Microsoft. These two systems provide
about a user, hyperlinks to personal information functionality for supporting user credentials
residing elsewhere (e.g. government agencies), with the following requirements:
that the user desires to disclose to an eVoting
service provider (or prove something about this • Unforgeability (issuing);
information, not the information itself). • Selective disclosure with the user control-
Over the past 10-15 years, a number of ling the disclosed information set;
technologies have been developed to build ABC • Soundness (no false claims about the valid-
systems in a way that they can be trusted, like ity of a credential);
normal cryptographic certificates, while at the • No framing (showing transcript
same time protecting the privacy of their holder unforgeability);
(e.g., hiding the real holder’s identity). Such • Untraceability (showings wrt. issuing);
attribute-based credentials are issued just like • Unlinkability (between showings);
ordinary cryptographic credentials (e.g., X.509 • Limited-show unlinkability, untraceability.
credentials – see [X509]) using a digital (secret)
signature key. However, ABCs allow their These two systems provide nearly the
holder to uncover only a subset of the attributes same functionality, using different crypto-
contained in the original credential. Still, these graphic primitives. With regard to Idemix, it
transformed credentials verification procedure relies, mostly, on the hardness of the strong
just like ordinary cryptographic credentials RSA problem while U-prove is based, mostly,
(using the public verification key of the issuer) on the difficulty of discrete logarithms. Also,
and offer the same strong security. See Figure credentials are represented in different formats.
9 for a high-level view of the ABC concept.
In this figure we see a credentials holder/ 5.1.2. The Role of CTI in ABC4Trust
user who applies for issuance of a digital creden-
tial to the Identity Service Provider or ISP for Student evaluations of instructors and courses
short. The ISP issues a signed digital credential in higher education institutions are an impor-
to the user who, then, can present the credential tant tool for universities and governments for
to the verifier (most often a service provider correcting and adjusting the curricula so as to
to whom the users’ needs to prove something correspond best to students’ needs. Allowing
about himself/herself. Note that, in contrast evaluations over the Internet, through an eVoting
with a classical PKI authentication service, the platrofm, will facilitate greatly the evaluation
verifier (service provider) does not contact the process in two respects, as compared to the clas-
ISP (the analogous of the Certification Author- sical process based on paper evaluation forms:
ity – CA – in a PKI). In addition, the user can a) It allows the students to evaluate courses, b)
transform her credential and, thus, present to Automatically archives the evaluation results
each verifier a different credential form so that in electronic form allowing their further elec-
it is not possible for a party to link the differ- tronic processing, and c) Offers the possibility
ent credentials of the user together and, thus, of using strong cryptographic tools to ensure
uncover information (e.g. preferences when student anonymity and data confidentiality.
browsing on the Internet) about the user. However, the major challenge is to ensure
Research has put forth a number of different that only registered and eligible (i.e. to have
proposals how to realize anonymous credentials attended over 2/3 of the course classes) students
[Brands00, CamLys01, CamLys04] which are participate while not forcing them to provide
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
24 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 25
The meaning of the probabilities involved The normalizing constant. This is equal to
in this equation is summarized below: the sum of the quantities in the numerator for
all events Ek . Thus, Pr (B | Ei ) represents the
Pr (Ei ) likelihood of event Ei relative to all other ele-
ments of the partition of the sample space:
Prior distribution for the Ei ’s. It summa-
rizes the beliefs about the probability of event Pr (Ei | B )
Ei before Ei or B is observed:
The posterior distribution of Ei given B .
Pr (B | Ei ) It represents the probability of event Ei , after
event B been observed.
The conditional probability of B given In our context, Ei are the sets into which
Ei . It summarizes the likelihood of event B our voter population is partitioned based on a
particular attribute that characterizes them, e.g.
given Ei :
“occupation”, “sex”, “educational level” etc.
For simplicity, given a particular characteristic,
∑ k
Pr (Ek ) Pr (B | Ek ) we assume that no overlaps exist (e.g. for the
attribute “occupation”, there is no member of
the population that is both a “doctor” and a
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
26 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
“computer engineer”). Then the probabilities We will not expand on this issue but the benefits
reflect fractions of individuals of various pro- of using provable credentials can lead to very
files and behaviours. accurate conclusions about citizens’ opinion on
Let us assume that B is a question about major reform issues.
a reform in government policy making, for
instance “Do you agree with publicizing on a 5.2.2. Voter Profile
bulletin board the names and incomes of all Constrained eVoting
citizens (to aid transparency in financial ad-
ministration)?” Based on the attribute based A voter within a certain population possesses a
credentials eVoting model, each voter casts his/ set of attributes (e.g. “sex” and “occupation”)
her vote (“Yes” or “No”) and proves his/her and for each attribute there is a certain set of
occupation attribute. At the end of the voting allowed values (e.g. “male/female”, “doctor/en-
process, a situation like that in Figure 11 will gineer/accountant”). Classical PKI certificates
appear, where the figure assumes that the “oc- also provide a form of authentication (see, for
cupation” attribute has 4 possible values (that instance, [X509]) but the major drawback is
is citizen occupations) and the common areas that the authenticated individual is known to
of each of the “occupation” classes with B the certification authority after the authentica-
denotes the percentage of the class population tion process is completed (i.e. anonymity is
that agrees with B . not provided).
That is, based on the attribute based cre- The important assumption with regard to
dential proofs of occupation, we have a very these attributes, to be justified in Section 5, is
accurate picture of the percentage of population that each voter can prove the value of a certain
within each occupation class that agrees with characteristic (e.g. “sex”, “occupation”) with-
out revealing his/her real identity using only a
reform issue E1 , without violating citizen’s
pseudonym, which he/she may change for dif-
anonymity. This means that we know, accu- ferent situations so as to avoid linking together
rately, all probabilities appearing on the right- his/her different actions in different eParticipa-
hand side of Bayes’ formula. Let us consider a tion situations. Note that this assumption is not
particular occupation class, say E1 . Then is supported by current PKI technologies, even by
what information is conveyed by Pr (E1 | B ) , role based certificates since in order to prove
which is computed by the formula; It gives the possession of, say, a role within society (e.g.
percentage of the population of the occupation occupation) one has to reveal his/her identity.
PKI only guarantees that the person presenting
class E1 that will be satisfied if B is adopted,
a certificate is the person claimed to be. All the
where the percentage now is taken over all attributes of an individual are known by either
classes, and over all citizens that will be satis- the service provider or the PKI.
fied by B (shaded area in the figure). Note that
it is possible that this a priori percentage may 5.3. The Challenge: Strengthening
be different, in general, than the percentage of eParticipation and Supporting
population within class E1 that really agrees Governmental Decision Making
with B , thus additional information can be
derived which may affect governments’decision The Greek School Network (GSN) is the
to pass or not to pass B officially. educational intranet of the Greek Ministry of
The accuracy of the probabilities on the Education that interconnects all schools and
right-hand side of Bayes’ formula is tantamount a large number of educational administrative
to deciding numerous statistical properties units and organizations. It is the biggest pub-
related to a society composition (e.g. deciding lic network in the country, having the largest
distribution parameter, decision making etc.). number of users, and has been recognized
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 27
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
28 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
electronic evaluation of a course they have force to bring those elements close to the Greek
attended at the University. educator and student.
Today, CTI is facing a challenge: a set of
technologies and eParticipation vehicles. As
reflected in Figure 12 one of the major CTI’s REFERENCES
vision is to create a Panhellenic, privacy pre-
serving discussion forum where the educational Antoniou, A., Korakas, C., Manolopoulos, C., &
communities of all levels can discuss issues, Panagiotaki, A. Sofotassios, D., Spirakis, P., &.
Stamatiou, Y. C. (2007). A trust-centered approach
take part in referendums and public discussions, for building e-voting systems. In Proc. 6th Interna-
vote for important issues related to educational tional Conference on eGovernment (EGOV 2007)
reform – all in a way where everyone is able (pp. 366-377). Lecture Notes in Computer Science,
to prove, anonymously however, his/her status Springer-Verlag.
and eligibility to participate. Barber, B., & Davey, J. (1992). The use of the
CTI’s vision is to create a privacy preserv- CCTA risk analysis and management methodology
ing discussion forum where the educational CRAMM in health information systems. In K. C.
communities of all levels in Greece can discuss Lun, P. Degoulet, T. E. Piemme, & O. Rienhoff
(Eds.), MEDINFO 92 (pp. 1589–1593). North Hol-
issues, take part in referendums and public
land Publishing Co..
discussions, vote for important issues related to
educational reform – all in a way where everyone Beldad, A., de Jong, M., & Steehouder, M. (2010).
is able to prove, anonymously however, his/her How shall I trust the faceless and the intangible? A
literature review on the antecedents of online trust.
status and eligibility to participate. The ePar- Computers in Human Behavior, 26(5), 857–869.
ticipation platform (PNYKA) and the attribute doi:10.1016/j.chb.2010.03.013.
based credentials (ABC4Trust project innova-
tions) are some key technological elements to Bouras, C., Katris, N., & Triantafillou, V. (2003).
An electronic voting service to support decision-
implement our vision while the Greek School making in local government. Telematics and
Network, on the other hand, is the vehicle and Informatics, 20(3), 255–274. doi:10.1016/S0736-
the new legislation status of CTI is the enabling 5853(03)00017-0.
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 29
Bouti, A., & Kadi, D. A. (1994). A state-of-the-art Manolopoulos, C., Panagiotaki, A., Sofotasios, D.,
review of FMEA/FMECA. International Journal Spirakis, P., & Stamatiou, Y. C. (2008). Experiences
of Reliability Quality and Safety Engineering, 1(4), and benefits from the application of a formal risk
515–543. doi:10.1142/S0218539394000362. assessment framework in the evoting domain. In
Proceedings of the 7th International Conference on
Bradley, J. T., & Gilmore, S. T. (2006). Stochastic eGovernment (EGOV 2008).
simulation methods applied to a secure electronic
voting model. Electronic Notes in Theoretical Mason, S. (2004). Is there a future for Internet voting?
Computer Science, 151(3), 5–25. doi:10.1016/j. Computer Fraud & Security, (3): 6–13. Retrieved
entcs.2006.03.009. from http://www.votobit.org/lallave/mason.html
doi:10.1016/S1361-3723(04)00039-9.
Coleman, J. S. (1990). Foundations of social theory.
Cambridge, MA: The Belknap Press of Harvard Putman, J. R. (2000). Architecting with RM-ODP.
University Press. Prentice-Hall.
Gritzalis, D. A. (2003). Secure electronic vot- Sæbø, Ø., Rose, J., & Flak, L. S. (2008). The shape of
ing. Series: Advances in Information Security, 7. eParticipation: Characterizing an emerging research
Kluwer Academic Publishers. doi:10.1007/978-1- area. Government Information Quarterly, 25(3),
4615-0239-5. 400–428. doi:10.1016/j.giq.2007.04.007.
Grose, T. J., Doney, G. C., & Brodsky, S. A. (2002). Siu, N. (1994). Risk assessment for dynamic systems:
Mastering XMI: Java programming with XMI, XML, An overview. Reliability Engineering & System Safe-
and UML. Wiley. ty, 43, 43–73. doi:10.1016/0951-8320(94)90095-7.
Kletz, T. (1999). Hazop and hazan: Identifying and Smith, W. D. (2005). Cryptography meets voting,
assessing process industry hazards (4th ed.). Taylor September.
& Francis.
Stølen, K., den Braber, F., Dimitrakos, T., Fredrik-
Konstantinou, E., Liagkou, V., Spirakis, P., Stama- sen, R., Gran, B. A., Houmb, S.-H., et al. (2003).
tiou, Y. C., & Yung, M. (2004). Electronic national Model-based risk assessment in a component-based
lotteries. In Proc. Financial Cryptography (FC 2004, software engineering process: The CORAS approach
LNCS 3110) (pp.147-163). Springer Verlag. to identify security risks. In F. Barbier (Ed.), Business
component-based software engineering, Kluwer,
Konstantinou, E., Liagkou, V., Spirakis, P., Stamatiou, pp. 189-207). The CORAS framework is freely.
Y. C., & Yung, M. (2005). Trust engineering: From Retrieved from http://coras.sourceforge.net/
requirements to system design and maintenance – a
working national lottery system experience. In Proc. Susha, I., & Grönlund, Å. (2012). eParticipation
Information Security Conference (ISC 2005, LNCS research: Systematizing the field. Government In-
3650) (pp. 44-58). Springer Verlag. formation Quarterly, 29(3), 373–382. doi:10.1016/j.
giq.2011.11.005.
Krutchten, P. (1999). The rational unified process.
An introduction. Addison-Wesley. Young, P. (2003). The diffusion of innovations in
social network. In L. E. Blume, & S. N. Durlauf
Lenstra, A. K., & Lenstra, H. W., Jr. (1990). Algo- (Eds.), The economy as a complex evolving system
rithms in number theory. In J. van Leeuwen (Ed.), (Vol. III). Oxford University Press.
Handbook of theoretical computer science (pp. 673-
715). A North-Holland, Amsterdam.
Luhmann, N. (2000). Familiarity, confidence, trust:
Problems and alternatives. In D. Gambetta (Ed.),
Trust: Making and breaking cooperative relations
(pp. 94–107). Oxford, UK: Blackwell.
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
30 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
Christos Manolopoulos is a graduate of School of Law Economics and Political Sciences of the
National & Kapodistrian University of Athens (1983) and holds a PhD from the Psychology
Department of the Panteion University. He has been the Director of Public IT Projects Sector
of CTI since 1999 and has significant professional experience in the management of large infor-
mation systems projects. He is, also, Director of the eGovernment and Publications Sectors of
the Computer Technology Institute & Press “DIOPHANTUS”. His principal research interests
lie in the areas of game theory in economics and population dynamics as well as aspects of
eParticipation and the applications of ICT for governance reform.
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 31
Dimitrios P. Sofotassios received a B.E. degree in Computer Engineering and Informatics from
University of Patras in 1989 and a PhD in 2007. He is currently Deputy Director of eGovernment
and Publications Sectors of the Computer Technology Institute & Press “DIOPHANTUS”. His
research interests include Data Structures and Algorithms, Production Management Systems,
eGovernment Architectures, Standards & Services and IS security. He has published over 25
research articles in peer reviewed international journals and conferences and he is co-author of
a book on production management, a book chapter on privacy protection and a book chapter on
electronic voting. Since 1990, he supports various teaching activities in the Computer Engineer-
ing and Informatics Department of University of Patras and was involved in a number of R&TD
projects funded by the European Union, the General Secretariat for Research & Technology of
Greece and private contracts.
Paul Spirakis obtained his PhD from Harvard University, in 1982. He is currently the President
of the Computer Technology Institute & Press “DIOPHANTUS” and a Full Professor in Patras
University, Greece. Paul Spirakis has seriously affected the growth of the Computer Technology
Institute & Press “DIOPHANTUS”, which is now a major organization. Was acknowledged
between the top 50 scientists worldwide in Computer Science with respect to “The best Nurturers
in Computer Science Research”, published by B. Kumar and Y.N. Srikant, ACM Data Mining,
2005. His research interests include Algorithms and Complexity and interaction of Complexity
and Game Theory. Paul Spirakis has extensively published in most of the important Computer
Science journals and most of the significant refereed conferences. He was elected unanimously
as one of the two Vice Presidents of the Council of the EATCS. He is a member of Academia
Europaea, a member of the ACM Europe Council and has been appointed as a Member of the
Executive Body of the Polytechnic University of Cyprus. Paul Spirakis is a high level consul-
tant for the Greek Ministry of Education. Paul Spirakis has gained many European competitive
research funds and has served in several scientific bodies of the EU.
Yannis Stamatiou graduated from the University of Patras, Department of Computer Engineering
and Informatics. He is currently Associate Professor at the Department of Business Administra-
tion of the University of Patras, Greece and Consultant (with deputy director responsibilities)
on Cryptography and Security for the Security Sector of the Computer Technology Institute &
Press (“Diophantus”) in Patras, Greece. His interests lie in cryptography, modeling of computer
viruses/worms in computer networks, cryptanalysis and ICT security with a focus in eVoting and
eGovernement related security protocols and systems. He has extensive experience in theoretical
and applied computer science with a focus on cryptography and ICT security. He leads the R&D
efforts of the Security Sector of CTI and coordinates a team of more than 10 junior and senior
researchers in basic research as well as development of security solutions for various R&D
projects. He is, also, acting as a Program Committee member in several security/cryptography
related conferences as well as a reviewer for several peer reviewed scientific journals. He has
published over 50 research articles in peer reviewed international journals and conference
proceedings while he has given numerous invited lectures on cryptography and ICT security
related subjects. Finally, he has also participated as a reviewing expert three times in EU calls
for proposals in security related areas.
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
32 Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013
APPENDIX
We now provide, below, the basic steps involved in the eVoting protocol presented in Smith, 2005,
with italicized comments (where applicable) that briefly explain the security goals achieved by each
of them (see this paper for a detailed analysis of the protocol and its security properties). When
the term “Zero Knowledge Proof” is used it refers to an important cryptographic technique by
which a prover (voter in our case) proves to a verifier (Election Authoity or eVoting server in our
case) that he/she knows a secret value or a fact about a secret value without actually revealing it:
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Journal of Cases on Information Technology, 15(2), 1-33, April-June 2013 33
12. The EA adds the final, doubly signed, doubly encrypted, time stamped and doubly verified
(through the Zero-Knowledge proofs) on a publicly accessible bulletin board, besides the
name of the voter. The EA prints two copies of the stored vote in bar-code format. Then it
sends one to the voter (it may be sent electronically and the voter may print it) and keeps
one to itself for later cross-verification of the election result. The bar-code version of the
vote can be used by all the voters who participated in the election in order to collaborate in
reproducing (“universal verifiability”) the tallying result announced by the eVoting system
after the end of the voting procedure;
13. The voter checks the bar-code version of the vote against the vote appearing in the bulletin
board;
14. The voters may vote several times, if they wish, but only the last, according to the timestamp
value, vote counts. This is a defense against voter coercion;
15. When all votes are cast and stored, the EA (or an external tallier) uses the most recently cast
votes of the voters (in case they voted several times) and adds them, homomorphically,
multiplying element by element the ElGamal encryption pairs. The outcome of these opera-
tion is to have the election result, encrypted with the election key K ;
16. The s keyholders partially decrypt, in turn, using the ElGamal scheme the election results
using their keys K 1, K 2 , …, K s (delivering, at the same time, a Zero-Knowledge proof each,
showing that they used the same keys as the ones used in the beginning of the election) and
deliver the election result T (i.e. total sum of the votes) in the form iT . This step guards
against malicious key-holders;
17. One may use a discrete logarithm algorithm in order to recover T (e.g. Pollard’s λ and ρ
methods).
Copyright © 2013, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.