Online voting a step closer thanks to breakthrough in security technology

April 30, 2015
Credit: George Hodan/Public Domain

Researchers at the University of Birmingham have developed a technique to allow people to cast their election vote online - even if their home computers are suspected of being infected with viruses.

Taking inspiration from the security devices issued by some banks, the security and privacy research group at Birmingham, led by Professor Mark Ryan, has developed a system that allows people to vote by employing independent hardware devices in conjunction with their PCs.

The new technique offers a fresh contribution to the debate surrounding e-voting and could be ready for use in time for the 2020 or 2025 General Election.

Professor Ryan said: 'This system works by employing a credit card-sized device similar to those used in online banking. It is called Du-Vote, and we have been developing it over the past two years. From the voter's perspective, it's straightforward: you receive a code on the device and type it back into the computer.

'The main advantage of this system is that it splits the security between the independent and a voter's computer or mobile device. A computer is a hugely powerful, all-purpose machine running billions of lines of code that no one really understands, whereas the independent security device has a much, much smaller code base and is not susceptible to viruses.'

Online voting carries a strong security requirement because of the possibility of undetectable interference in an election by foreign governments, criminal gangs, or petty fraudsters. Malware affects an estimated 20% to 40% of PCs globally, and specific election-targeting malware could be developed to attempt to alter votes cast or compromise ballot secrecy.

Gurchetan Grewal, who is part of the project team and recently completed a PhD in online voting at Birmingham, said: 'This is currently the only piece of work that addresses a core problem of e-voting - namely, that someone may have viruses or other malware on their computer. For example, the system in Estonia, where they have already introduced online voting, does not deal with this potentially undetectable source of vote manipulation or breach of voter privacy.'

The system being developed at Birmingham aims to bypass and detect malware by using a separate security device. But the system achieves even greater security than those used by banks by allowing for the possibility that the devices themselves have been manufactured under the influence of a hostile adversary.

Paradoxically, the researchers succeed in proving that even if a hostile adversary controls the entire computing infrastructure, voters and election officials can still detect electoral fraud.

The research paper, titled 'Du-Vote: Remote Electronic Voting with Untrusted Computers', will be presented at the 28th IEEE Computer Security Foundations Symposium in Verona, Italy, in July.

Explore further: New advanced e-voting system selected for Australian state election

Related Stories

E-Voting: Risky technology or great improvement?

November 28, 2014

On this forthcoming weekend the Australian state election takes place, and in Victoria State they will be using a new e-voting system to improve secrecy, reliability and user-friendliness. But how secure are such systems? ...

Recommended for you


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (3) Apr 30, 2015
IIRC the main problem with e-voting is not virus, but rather insuring both accountability and anonymity. Neither of them seem addressed in this article.
1 / 5 (1) Apr 30, 2015
What goes on behind the scenes?

Look up "rob georgia" and "diebold".
5 / 5 (1) May 01, 2015
I have zero confidence in this system. If it actually worked the way they said, it would be the first secure anything involving the Internet, computers, or any combination thereof. The first secure technology in defiance of all previous observation.

Proving this will require extraordinary demonstrations, which they wont do, because too few people will demand it and it wouldn't pass anyway. It'll be implemented into our lives like the cloud, in spite of people who know better all saying it's a terrible idea (like they did with the cloud). It'll be a terrible idea that will be exploited (like the cloud) and everyone else will act surprised and wonder why no one warned them.
5 / 5 (2) May 01, 2015
In today's world possessed by the spirit of the transitory and the corruptible, does not matter for who you vote, but who counts the votes. As usual the main focus is placed on the wrong place.
1 / 5 (1) May 01, 2015
Look up "rob georgia" and "diebold". See how we got Dubya and the others.
5 / 5 (1) May 04, 2015
whereas the independent security device has a much, much smaller code base and is not susceptible to viruses.

Whereas hardware backdoors (like weak random number generators, weak hashing, etc. ) are still an issue.

I can see that making voting easier is important. First of all it would increase voter turnout and second of all it could lead to more direct democracy where people can start voting on all kinds of major and minor issues with relative ease.

That said: Electronic voting is not intrinsically safer than making a cross on a slip of paper or punching a card. There is no paper trail. There is no guarantee that the tallied number in the end has not been manipulated (or just is reported incorrectly). There is no guarantee that politically motivated hackers will not make sure that some voters' votes do not get out.

Adding a paper trail (printout at the voter's home as well as the server farm) may sound old fashioned - but I see it as the only way to get this to work
1 / 5 (1) May 04, 2015
Ask Saxby Chambliss about Diebold and Rob Georgia.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.