Improving Remote Voting Security with CodeVoting

One of the major problems that prevents the spread of elections
with the possibility of remote voting over electronic networks, also
called Internet Voting, is the use of unreliable client platforms, such as
the voter’s computer and the Internet infrastructure connecting it to
the election server. A computer connected to the Internet is exposed to
viruses, worms, Trojans, spyware, malware and other threats that can
compromise the election’s integrity. For instance, it is possible to write
a virus that changes the voter’s vote to a predetermined vote on election’s
day. Another possible attack is the creation of a fake election web
site where the voter uses a malicious vote program on the web site that
manipulates the voter’s vote (phishing/pharming attack). Such attacks
may not disturb the election protocol, therefore can remain undetected
in the eyes of the election auditors.
We propose the use of CodeVoting to overcome insecurity of the client
platform. CodeVoting consists in creating a secure communication channel
to communicate the voter’s vote between the voter and a trusted
component attached to the voter’s computer. Consequently, no one controlling
the voter’s computer can change the his/her’s vote. The trusted
component can then process the vote according to a cryptographic voting
protocol to enable cryptographic verification at the server’s side.