Researchers, including one of Indian-origin, have developed a new technique to allow people to cast their vote online — even if their home computers are suspected of being infected with viruses
Taking inspiration from the security devices issued by some banks, a research group at the University of Birmingham, has developed a system that allows people to vote by employing independent hardware devices in conjunction with their personal computers (PCs).
The technique offers a fresh contribution to the debate surrounding e-voting and could be ready for use in time for the 2020 or 2025 General Election in the UK, researchers said.
“This system works by employing a credit card-sized device similar to those used in online banking. It is called Du-Vote, and we have been developing it over the past two years. From the voter’s perspective, it’s straightforward: you receive a code on the device and type it back into the computer,” said Professor Mark Ryan, who led the study.
“The main advantage of this system is that it splits the security between the independent security device and a voter’s computer or mobile device. A computer is a hugely powerful, all-purpose machine running billions of lines of code that no one really understands, whereas the independent security device has a much, much smaller code base and is not susceptible to viruses,” said Ryan.
Online voting carries a strong security requirement because of the possibility of undetectable interference in an election by foreign governments, criminal gangs, or petty fraudsters.
Malware affects an estimated 20-40% of PCs globally, and specific election-targeting malware could be developed to attempt to alter votes cast or compromise ballot secrecy.
“This is currently the only piece of work that addresses a core problem of e-voting — namely, that someone may have viruses or other malware on their computer,” said Gurchetan Grewal, who is part of the project team and recently completed a PhD in online voting at Birmingham.
“For example, the system in Estonia, where they have already introduced online voting, does not deal with this potentially undetectable source of vote manipulation or breach of voter privacy,” said Grewal.The system being developed at Birmingham aims to bypass and detect malware by using a separate security device. But the system achieves even greater security than those used by banks by allowing for the possibility that the security devices themselves have been manufactured under the influence of a hostile adversary.