SeVEP: Secure and Verifiable Electronic Polling System

Abstract

Electronic polling systems promise benefits to voters such as accessibility and convenience that enable them to cast their votes at any time, from any Internet-connected computing device anywhere in the world. However, unlike traditional paper-based voting systems, an e-polling system introduces several security risks such as privacy of vote, unlinkability of a voter, voter coercion, secrecy of partial election results, verifiability, and poll integrity. The authenticity of a voter is another security concern, i.e., a voter must be identified through an authentication mechanism that prevents voting of unauthorized voters or multiple voting from authorized voters. Another security concern is the manipulation of votes by an infected (e.g., virus, malware, and so on) voting device. Since the voters use their personal devices to cast votes in an unsupervised environment, a malware-hosted device could make unauthorized modifications to the voter's voting choices. Many e-voting systems have been proposed, however, to date, all these schemes either fail to provide all the required security properties or are not practically feasible on light-weight computing devices. In this paper, we present a secure and verifiable polling system, SeVEP, that employs well-known cryptographic primitives to provide vote and voter's privacy, and poll integrity, confirms the identity of voters through a multifactor authentication scheme, enables multiple voting within the allowed polling period, prevents double voting, and achieves verifiability and uncoercibility in the presence of untrusted voting device. The security, performance, and comparative analysis in terms of security properties and cryptographic costs show that SeVEP is secure, verifiable, and practical e-polling system.