Top

Published in:

2019 | OriginalPaper | Chapter

Comparing “Challenge-Based” and “Code-Based” Internet Voting Verification Implementations

Authors : Oksana Kulyk, Jan Henzel, Karen Renaud, Melanie Volkamer

Published in: Human-Computer Interaction – INTERACT 2019

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Internet-enabled voting introduces an element of invisibility and unfamiliarity into the voting process, which makes it very different from traditional voting. Voters might be concerned about their vote being recorded correctly and included in the final tally. To mitigate mistrust, many Internet-enabled voting systems build verifiability into their systems. This allows voters to verify that their votes have been cast as intended, stored as cast and tallied as stored at the conclusion of the voting period. Verification implementations have not been universally successful, mostly due to voter difficulties using them. Here, we evaluate two cast as intended verification approaches in a lab study: (1) “Challenge-Based” and (2) “Code-Based”. We assessed cast-as-intended vote verification efficacy, and identified usability issues related to verifying and/or vote casting. We also explored acceptance issues post-verification, to see whether our participants were willing to engage with Internet voting in a real election. Our study revealed the superiority of the code-based approach, in terms of ability to verify effectively. In terms of real-life Internet voting acceptance, convenience encourages acceptance, while security concerns and complexity might lead to rejection.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Comparative Evaluation of Node-Link and Sankey Diagrams for the Cyber Security Domain

next chapter Mouse Behavior as an Index of Phishing Awareness

Note that this search is performed via cryptographic anonymisation techniques, so that vote secrecy remains intact.

The main difference is that the verified vote in the Estonian voting system does not have to be discarded and can be cast post-verification. We refer to [15, 17] for more details.

All the screenshots provided in the paper are translated from German. The study itself was conducted in German.

This was achieved by modifying the local hosts on the laptop. In order to communicate website credibility, a SSL certificate was issued by creating a new certificate chain starting with a new certificate authority. The SSL certificate was imported into the browser, so that the participants of the study could see the reassuring green lock in the browser address bar.

Note, that even though the population in Switzerland is much smaller than Germany’s, the code length allows for the generation of \(36^{7}\) unique codes, which makes the system suitable for the population of ca. 62 million. The code sheet resembled the original voting system’s code sheets.

German Social-Democratic Party.

Note, re-casting is mandated by the challenge-based approach.

German Free Democratic Party.

Acemyan, C.Z., Kortum, P., Byrne, M.D., Wallach, D.S.: Usability of voter verifiable, end-to-end voting systems: baseline data for Helios, Prêt à Voter, and Scantegrity II. USENIX J. Election Technol. Syst. 2(3), 26–56 (2014)

Acemyan, C.Z., Kortum, P., Byrne, M.D., Wallach, D.S.: From error to error: why voters could not cast a ballot and verify their vote with Helios, Prêt à Voter, and Scantegrity II. USENIX J. Election Technol. Syst. (JETS) 3(2), 1–19 (2015)

Acemyan, C.Z., Kortum, P., Byrne, M.D., Wallach, D.S.: Summative usability assessments of STAR-vote: a cryptographically secure e2e voting system that has been empirically proven to be easy to use. Hum. Factors (2018). https://doi.org/10.1177/0018720818812586

Adida, B.: Helios: web-based open-audit voting. In: USENIX Security Symposium, vol. 17, pp. 335–348. USENIX Association, Berkeley (2008)

Bär, M., Henrich, C., Müller-Quade, J., Röhrich, S., Stüber, C.: Real world experiences with bingo voting and a comparison of usability. In: IAVoSS Workshop on Trustworthy Elections (WOTE 2008) (2008)

Benaloh, J.: Simple verifiable elections. In: Electronic Voting Technology Workshop EVT 2006 (2006)

Benaloh, J.: Ballot casting assurance via voter-initiated poll station auditing. In: Electronic Voting Technology Workshop EVT 2007 (2007)

Budurushi, J., Renaud, K., Volkamer, M., Woide, M.: An investigation into the usability of electronic voting systems for complex elections. Ann. Telecommun. 71(7–8), 309–322 (2016)CrossRef

Chang-Fong, N., Essex, A.: The cloudier side of cryptographic end-to-end verifiable voting: a security analysis of Helios. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 324–335. ACM (2016)

10.

Distler, V., Zollinger, M.L., Lallemand, C., Roenne, P., Ryan, P., Koenig, V.: Security-visible, yet unseen? How displaying security mechanisms impacts user experience and perceived security. In: Proceedings of ACM CHI Conference on Human Factors in Computing Systems (CHI 2019) (2019)

11.

Fuglerud, K.S., Røssvoll, T.H.: An evaluation of web-based voting usability and accessibility. Univ. Access Inf. Soc. 11(4), 359–373 (2012)CrossRef

12.

Galindo, D., Guasch, S., Puiggalí, J.: 2015 Neuchâtel’s cast-as-intended verification mechanism. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_1CrossRef

13.

Gharadaghy, R., Volkamer, M.: Verifiability in electronic voting-explanations for non security experts. In: Electronic Voting, pp. 151–162 (2010)

14.

Halderman, J.A., Teague, V.: The New South Wales iVote system: security failures and verification flaws in a live online election. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 35–53. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_3CrossRef

15.

Heiberg, S., Martens, T., Vinkel, P., Willemson, J.: Improving the veriability of the Estonian Internet Voting scheme. In: International Joint Conference on Electronic Voting, pp. 92–107. Springer (2016)

16.

Heiberg, S., Parsovs, A., Willemson, J.: Log analysis of estonian internet voting 2013–2014. In: Haenni, R., Koenig, R.E., Wikström, D. (eds.) VOTELID 2015. LNCS, vol. 9269, pp. 19–34. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22270-7_2CrossRef

17.

Heiberg, S., Willemson, J.: Verifiable internet voting in Estonia. In: 6th International Conference on Electronic Voting, Verifying the Vote (EVOTE), pp. 1–8. IEEE, October 2014

18.

Karayumak, F., Olembo, M.M., Kauer, M., Volkamer, M.: Usability analysis of Helios-An open source verifiable remote electronic voting system. In: Proceedings of the 2011 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, EVT/WOTE 2011. USENIX Association, Berkeley (2011)

19.

Kiayias, A., Zacharias, T., Zhang, B.: Ceremonies for end-to-end verifiable elections. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10175, pp. 305–334. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54388-7_11CrossRef

20.

Kulyk, O., Neumann, S., Budurushi, J., Volkamer, M.: Nothing comes for free: how much usability can you sacrifice for security? IEEE Secur. Priv. 15(3), 24–29 (2017)CrossRef

21.

Kulyk, O., Volkamer, M.: Usability is not enough: lessons learned from ‘human factors in security’ research for verifiability. In: E-Vote-ID 2018, p. 66 (2018)

22.

Langone, A.: An 11-Year-Old Hacked Into a U.S. Voting System, 14 August 2018. http://time.com/5366171/11-year-old-hacked-into-us-voting-system-10-minutes/

23.

Mac Namara, D., Gibson, P., Oakley, K.: A preliminary study on a dualvote and prêt à voter hybrid system. In: CeDEM 2012 Conference for E-Democracy and Open Government 3–4 May 2012 Danube-University Krems, Austria, p. 77. Edition-Donau-Univ. Krems (2012)

24.

Mac Namara, D., Scully, T., Gibson, P.: DualVote addressing usability and verifiability issues in electronic voting systems (2011). http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.399.7284

25.

Marky, K., Kulyk, O., Renaud, K., Volkamer, M.: What Did I Really Vote For? In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, p. 176. ACM (2018)

26.

Marky, K., Schmitz, M., Lange, F., Mühlhäuser, M.: Usability of code voting modalities. In: CHI Conference on Human Factors in Computing Systems, Glasgow, Scotland UK. ACM (2019). Late Breaking Work

27.

Neumann, S., Olembo, M.M., Renaud, K., Volkamer, M.: Helios verification: to alleviate, or to nominate: is that the question, or shall we have both? In: Kő, A., Francesconi, E. (eds.) EGOVIS 2014. LNCS, vol. 8650, pp. 246–260. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10178-1_20CrossRef

28.

Olembo, M.M., Renaud, K., Bartsch, S., Volkamer, M.: Voter, what message will motivate you to verify your vote. In: Workshop on Usable Security, USEC (2014)

29.

Olembo, M.M., Bartsch, S., Volkamer, M.: Mental models of verifiability in voting. In: Heather, J., Schneider, S., Teague, V. (eds.) Vote-ID 2013. LNCS, vol. 7985, pp. 142–155. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39185-9_9CrossRef

30.

Oostveen, A.M., Van den Besselaar, P.: Users’ experiences with e-voting: a comparative case study. J. Electron. Gov. 2(4), 357–377 (2009)

31.

Puiggalí, J., Cucurull, J., Guasch, S., Krimmer, R.: Verifiability experiences in government online voting systems. In: Krimmer, R., Volkamer, M., Braun Binder, N., Kersting, N., Pereira, O., Schürmann, C. (eds.) E-Vote-ID 2017. LNCS, vol. 10615, pp. 248–263. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68687-5_15CrossRef

32.

Schneider, S., Llewellyn, M., Culnane, C., Heather, J., Srinivasan, S., Xia, Z.: Focus group views on Prêt à Voter 1.0. In: 2011 International Workshop on Requirements Engineering for Electronic Voting Systems (REVOTE), pp. 56–65. IEEE (2011)

33.

Serdült, U., Germann, M., Harris, M., Mendez, F., Portenier, A.: Who are the internet voters? Innov. Public Sect. 27, 27–41 (2015)

34.

Serdult, U., Germann, M., Mendez, F., Portenier, A., Wellig, C.: Fifteen years of internet voting in Switzerland [History, Governance and Use]. In: 2nd International Conference on eDemocracy & eGovernment, ICEDEG 2015, pp. 126–132. IEEE, April 2015

35.

Stenerud, I.S.G., Bull, C.: When reality comes knocking. Norwegian experiences with verifiable electronic voting. Electron. Voting 205, 21–33 (2012)

36.

Weber, J.L., Hengartner, U.: Usability study of the open audit voting system Helios (2009). http://www.jannaweber.com/wpcontent/uploads/2009/09/858Helios.pdf. Accessed 22 Dec 2017

37.

Winckler, M., et al.: Assessing the usability of open verifiable e-voting systems: a trial with the system Prêt à Voter. In: Proceedings of ICE-GOV, pp. 281–296 (2009)

Title: Comparing “Challenge-Based” and “Code-Based” Internet Voting Verification Implementations
Authors: Oksana Kulyk
Jan Henzel
Karen Renaud
Melanie Volkamer
Publisher: Springer International Publishing
Book: Human-Computer Interaction – INTERACT 2019
Print ISBN: 978-3-030-29380-2

Electronic ISBN: 978-3-030-29381-9

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-29381-9_32

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"