Development, Formal Verification, and Evaluation of an E-Voting System With VVPAT

The use of new technologies to support voting has been and is the subject of great debate. Several people advocate the benefits it can bring-such as improved speed and accuracy in counting, accessibility, voting from home-and as many are concerned with the risks it poses, such as unequal access (dig...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on information forensics and security Vol. 4; no. 4; pp. 651 - 661
Main Authors Villafiorita, A., Weldemariam, K., Tiella, R.
Format Journal Article
LanguageEnglish
Published New York IEEE 01.12.2009
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Design engineering
Development
E-voting
Elections
Electronic voting
electronic voting (e-voting)
Electronic voting systems
Electronics
Formal method
formal specification and verification
Formal verification
Law
Legal factors
Logic
Nominations and elections
Protection
ProVotE
Security
security assessment
Source code
Switches
Voters
Voting
Voting machines
Welding
Online AccessGet full text

Cover

Abstract The use of new technologies to support voting has been and is the subject of great debate. Several people advocate the benefits it can bring-such as improved speed and accuracy in counting, accessibility, voting from home-and as many are concerned with the risks it poses, such as unequal access (digital divide), violation to secrecy and anonymity, alteration of the results of an election (because of malicious attacks, bad design/coding, or procedural weaknesses). The attitude of different governments towards electronic voting (e-voting) varies accordingly. In this paper, we present the activities related to the development and formal verification of an e-voting system, called ProVotE. ProVotE is an end-to-end e-voting system with a voter verified paper audit trial, developed within the framework of a larger initiative whose goal is assessing the feasibility of introducing e-voting in the Autonomous Province of Trento. ProVotE has been used in trials and elections with legal value in Italy. What we believe to be of interest is the approach we took for its development, which has been based on a participatory design for the definition of the voter interface, on the usage of formal methods and model checking for the validation of the core logic of the machine, on open source components, and on the formal analysis of some critical procedures related to the usage of the machine during the election.
AbstractList Several people advocate the benefits it can bring-such as improved speed and accuracy in counting, accessibility, voting from home-and as many are concerned with the risks it poses, such as unequal access (digital divide), violation to secrecy and anonymity, alteration of the results of an election (because of malicious attacks, bad design/coding, or procedural weaknesses).
The use of new technologies to support voting has been and is the subject of great debate. Several people advocate the benefits it can bring-such as improved speed and accuracy in counting, accessibility, voting from home-and as many are concerned with the risks it poses, such as unequal access (digital divide), violation to secrecy and anonymity, alteration of the results of an election (because of malicious attacks, bad design/coding, or procedural weaknesses). The attitude of different governments towards electronic voting (e-voting) varies accordingly. In this paper, we present the activities related to the development and formal verification of an e-voting system, called ProVotE. ProVotE is an end-to-end e-voting system with a voter verified paper audit trial, developed within the framework of a larger initiative whose goal is assessing the feasibility of introducing e-voting in the Autonomous Province of Trento. ProVotE has been used in trials and elections with legal value in Italy. What we believe to be of interest is the approach we took for its development, which has been based on a participatory design for the definition of the voter interface, on the usage of formal methods and model checking for the validation of the core logic of the machine, on open source components, and on the formal analysis of some critical procedures related to the usage of the machine during the election.
Author Villafiorita, A.
Weldemariam, K.
Tiella, R.
Author_xml – sequence: 1
  givenname: A.
  surname: Villafiorita
  fullname: Villafiorita, A.
  organization: Center for Sci. & Technol. Res. (IRST), Found. Bruno Kessler (FBK), Trento, Italy
– sequence: 2
  givenname: K.
  surname: Weldemariam
  fullname: Weldemariam, K.
  organization: Dept. of Inf. Eng. & Comput. Sci., Univ. of Trento, Trento, Italy
– sequence: 3
  givenname: R.
  surname: Tiella
  fullname: Tiella, R.
  organization: Center for Sci. & Technol. Res. (IRST), Found. Bruno Kessler (FBK), Trento, Italy
BookMark eNpdkE1PwkAQhjcGEwH9AcbLxosXivvRrt0jQVASEzVgPW52t1MtabvYbUn49xYhHLzMV953MvMMUK9yFSB0TcmYUiLvV4v5cswIkV3goST8DPVpFIlAEEZ7p5ryCzTwfk1IGFIR99H7I2yhcJsSqmaE564udYETqPMst7rJXTXCukrxbKuL9q_HLusmeBYkrsmrL7zc-QZK_Jk33zhJ3iarS3Se6cLD1TEP0cd8tpo-By-vT4vp5CWwnIVNEPKIpxmVGTPaEJCSa8asYYKA7R5KmeQkFhYyFppIWAPmwXCaccOJTXXI-BDdHfZuavfTgm9UmXsLRaErcK1XsZAxl7xDMUS3_5Rr19ZVd5yKIxFLwYjoRPQgsrXzvoZMbeq81PVOUaL2iNUesdojVkfEnefm4MkB4KSPmOw4c_4L14t4AA
CODEN ITIFA6
CitedBy_id crossref_primary_10_1016_j_jss_2011_03_032
crossref_primary_10_1016_j_cose_2012_08_001
crossref_primary_10_1016_j_infsof_2012_04_008
crossref_primary_10_4018_jisp_2013040101
crossref_primary_10_1007_s12243_016_0525_8
crossref_primary_10_4018_jea_2012040102
crossref_primary_10_1016_j_jnca_2021_103165
crossref_primary_10_4018_IJSI_309731
crossref_primary_10_1016_j_jss_2011_01_064
crossref_primary_10_1145_3041041
crossref_primary_10_7763_IJIEE_2013_V3_295
Cites_doi 10.1109/CRISIS.2008.4757486
10.1145/1022594.1022623
10.1109/MSP.2008.62
10.1109/ARES.2006.56
10.1109/ARES.2007.124
10.1109/CEC-EEE.2007.42
10.1145/1297797.1297827
10.1109/MSP.2008.56
10.1145/1052220.1052288
10.1007/978-1-4615-0239-5_1
10.1007/978-3-540-77493-8_4
10.1109/DEXA.2003.1232067
10.1109/ICIW.2008.77
10.1145/195058.195407
10.1007/978-3-540-31987-0_14
10.1145/1294325.1294338
10.1007/978-3-540-30078-6_39
10.1109/WECWIS.2001.933922
10.1007/3-540-45657-0_29
10.1109/SECPRI.2004.1301313
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2009
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2009
DBID 97E
RIA
RIE
AAYXX
CITATION
7SC
7SP
7TB
8FD
FR3
JQ2
KR7
L7M
L~C
L~D
F28
DOI 10.1109/TIFS.2009.2034903
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005-present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE/IET Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Mechanical & Transportation Engineering Abstracts
Technology Research Database
Engineering Research Database
ProQuest Computer Science Collection
Civil Engineering Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
ANTE: Abstracts in New Technology & Engineering
DatabaseTitle CrossRef
Civil Engineering Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Mechanical & Transportation Engineering Abstracts
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Engineering Research Database
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
ANTE: Abstracts in New Technology & Engineering
DatabaseTitleList Civil Engineering Abstracts
Civil Engineering Abstracts
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE/IET Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Law
Computer Science
EISSN 1556-6021
EndPage 661
ExternalDocumentID 2291737251
10_1109_TIFS_2009_2034903
5290133
Genre orig-research
GroupedDBID 0R~
29I
4.4
5GY
5VS
6IK
97E
AAJGR
AASAJ
ABQJQ
ABVLG
ACGFS
ACIWK
AENEX
AETIX
AKJIK
ALMA_UNASSIGNED_HOLDINGS
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
EBS
EJD
HZ~
IFIPE
IPLJI
JAVBF
LAI
M43
O9-
OCL
P2P
PQQKQ
RIA
RIE
RIG
RNS
AAYXX
CITATION
7SC
7SP
7TB
8FD
FR3
JQ2
KR7
L7M
L~C
L~D
F28
ID FETCH-LOGICAL-c324t-4353df19f2bab0e993a22cb260ec109d293086cef24b56cbeb7b31f3b30cda423
IEDL.DBID RIE
ISSN 1556-6013
IngestDate Sat Aug 17 01:30:41 EDT 2024
Thu Oct 10 17:22:13 EDT 2024
Fri Aug 23 02:36:34 EDT 2024
Wed Jun 26 19:26:54 EDT 2024
IsPeerReviewed true
IsScholarly true
Issue 4
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c324t-4353df19f2bab0e993a22cb260ec109d293086cef24b56cbeb7b31f3b30cda423
Notes ObjectType-Article-2
SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 23
PQID 856896206
PQPubID 85506
PageCount 11
ParticipantIDs proquest_journals_856896206
crossref_primary_10_1109_TIFS_2009_2034903
ieee_primary_5290133
proquest_miscellaneous_869839390
PublicationCentury 2000
PublicationDate 2009-12-01
PublicationDateYYYYMMDD 2009-12-01
PublicationDate_xml – month: 12
  year: 2009
  text: 2009-12-01
  day: 01
PublicationDecade 2000
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle IEEE transactions on information forensics and security
PublicationTitleAbbrev TIFS
PublicationYear 2009
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref13
ref34
ref12
ref37
(ref23) 2001
ref36
ref14
myagmar (ref5) 2005
ref30
kremer (ref25) 2005; 3444
ref33
gamma (ref24) 1995
royce (ref17) 1970
(ref7) 0
oostveen (ref3) 2004
sastry (ref43) 2006
gardner (ref32) 2007
ref1
ref39
weldemariam (ref15) 2008
delaune (ref45) 2008
(ref8) 2004
cimatti (ref18) 2002
lambrinoudakis (ref2) 2003
xenakis (ref29) 2004
chaum (ref42) 2008
bishop (ref28) 2007; 50
fujioka (ref38) 1993
volkamer (ref31) 2007
ref46
sastry (ref26) 2007
yee (ref44) 2007
ref20
rivest (ref22) 2006
xia (ref41) 2008
buzzi (ref11) 2006
(ref6) 0
prosser (ref19) 2004
ref27
ray (ref40) 2001
ref9
ref4
(ref21) 2005; 5
bartel (ref16) 2008
balzarotti (ref35) 2008
caporusso (ref10) 2006; 86
References_xml – ident: ref14
  doi: 10.1109/CRISIS.2008.4757486
– start-page: 73
  year: 2004
  ident: ref3
  article-title: security as belief user's perceptions on the security of e-voting systems
  publication-title: Electronic Voting in Europe
  contributor:
    fullname: oostveen
– year: 2001
  ident: ref23
  publication-title: OMG Unified Modeling Language Specification
– start-page: 237
  year: 2008
  ident: ref35
  article-title: are your votes really counted? testing the security of real-world electronic voting systems
  publication-title: Proc Int Symp Software Testing and Analysis (ISSTA)
  contributor:
    fullname: balzarotti
– ident: ref9
  doi: 10.1145/1022594.1022623
– year: 2007
  ident: ref31
  article-title: independent audits of remote electronic votingdeveloping a common criteria protection profile
  publication-title: Proc EDEM 2007Elektronische Demokratie in sterreich
  contributor:
    fullname: volkamer
– ident: ref36
  doi: 10.1109/MSP.2008.62
– ident: ref1
  doi: 10.1109/ARES.2006.56
– start-page: 244
  year: 1993
  ident: ref38
  article-title: a practical secret voting scheme for large scale elections
  publication-title: Proc Workshop on the Theory and Application of Cryptographic Techniques (ASIACRYPT'92)
  contributor:
    fullname: fujioka
– ident: ref4
  doi: 10.1109/ARES.2007.124
– ident: ref27
  doi: 10.1109/CEC-EEE.2007.42
– start-page: 11
  year: 2007
  ident: ref32
  article-title: on the difficulty of validating voting machine software with software
  publication-title: Proc Usenix Accurate Electronic Voting Technology on Usenix/Accurate Electronic Voting Technology Workshop (EVT 07)
  contributor:
    fullname: gardner
– volume: 50
  start-page: 120
  year: 2007
  ident: ref28
  article-title: risks of e-voting
  publication-title: Commun ACM
  doi: 10.1145/1297797.1297827
  contributor:
    fullname: bishop
– ident: ref37
  doi: 10.1109/MSP.2008.56
– year: 2004
  ident: ref8
  publication-title: Legal Operational and Technical Standards for e-Voting
– ident: ref20
  doi: 10.1145/1052220.1052288
– ident: ref33
  doi: 10.1007/978-1-4615-0239-5_1
– volume: 5
  year: 2005
  ident: ref21
  publication-title: Procedural Security and Social Acceptance in E-Voting
– year: 1995
  ident: ref24
  publication-title: Design Patterns
  contributor:
    fullname: gamma
– ident: ref13
  doi: 10.1007/978-3-540-77493-8_4
– start-page: 467
  year: 2003
  ident: ref2
  article-title: electronic voting systems: security implications of the administrative workflow
  publication-title: Proc 14th Int l Workshop Database and Expert Systems Applications (Dexa 03)
  doi: 10.1109/DEXA.2003.1232067
  contributor:
    fullname: lambrinoudakis
– volume: 86
  start-page: 191
  year: 2006
  ident: ref10
  article-title: transition to electronic voting and citizen participation
  publication-title: Electronic Voting
  contributor:
    fullname: caporusso
– year: 2008
  ident: ref15
  article-title: modeling and analysis of procedural security in (e)voting: the trentino's approach and experiences
  publication-title: Proc USENIX/Accurate Electron Voting Technol on USENIX/Accurate Electron Voting Technol Workshop (EVT'08)
  contributor:
    fullname: weldemariam
– year: 0
  ident: ref7
  publication-title: 2005 Voluntary Voting System Guidelines
– year: 0
  ident: ref6
  publication-title: 2002 Voting System Standards
– year: 2006
  ident: ref22
  publication-title: On the Notion of Software Independence in Voting Systems
  contributor:
    fullname: rivest
– start-page: 94
  year: 2005
  ident: ref5
  article-title: threat modeling as a basis for security requirements
  publication-title: StorageSS '05 Proceedings of the 2005 ACM workshop on Storage security and survivability
  contributor:
    fullname: myagmar
– ident: ref46
  doi: 10.1109/ICIW.2008.77
– start-page: 1
  year: 2008
  ident: ref42
  article-title: scantegrity ii: end-to-end verifiability for optical scan election systems using invisible ink confirmation codes
  publication-title: Proc Conf Electronic Voting Technology (EVT'08)
  contributor:
    fullname: chaum
– ident: ref39
  doi: 10.1145/195058.195407
– year: 2008
  ident: ref16
  publication-title: XML Signature Syntax and Processing (Second Edition) w3c Recommendation
  contributor:
    fullname: bartel
– volume: 3444
  start-page: 186
  year: 2005
  ident: ref25
  article-title: analysis of an electronic voting protocol in the applied pi-calculus
  publication-title: Programming Languages and SystemsProc 14th Eur Symp Programming (ESOP'05)
  doi: 10.1007/978-3-540-31987-0_14
  contributor:
    fullname: kremer
– year: 2006
  ident: ref43
  article-title: designing voting machines for verification
  publication-title: Proc 15th Conf USENIX Security Symp (USENIX-SS'06)
  contributor:
    fullname: sastry
– ident: ref12
  doi: 10.1145/1294325.1294338
– year: 2008
  ident: ref45
  publication-title: Verifying Privacy-type Properties of Electronic Voting Protocols
  contributor:
    fullname: delaune
– ident: ref30
  doi: 10.1007/978-3-540-30078-6_39
– start-page: 5
  year: 2007
  ident: ref44
  article-title: extending prerendered-interface voting software to support accessibility and other ballot features
  publication-title: Proceedings of the 2nd USENIX/ACCURATE Electronic Voting Technology Workshop (EVT'07)
  contributor:
    fullname: yee
– start-page: 188
  year: 2001
  ident: ref40
  article-title: an anonymous electronic voting protocol for voting over the internet
  publication-title: Proc Third Int'l Workshop Advanced Issues of E-Commerce and Web-Based Information Systems (WECWIS '01)
  doi: 10.1109/WECWIS.2001.933922
  contributor:
    fullname: ray
– start-page: 116
  year: 2004
  ident: ref29
  article-title: levels of difficulty in introducing e-voting
  publication-title: EGOV
  contributor:
    fullname: xenakis
– start-page: 359
  year: 2002
  ident: ref18
  article-title: nusmv 2: an open source tool for symbolic model checking
  publication-title: Proc 14th Int Conf Computer-Aided Verification (CAV'02)
  doi: 10.1007/3-540-45657-0_29
  contributor:
    fullname: cimatti
– year: 2007
  ident: ref26
  publication-title: Verifying Security Properties in Electronic Voting Machines
  contributor:
    fullname: sastry
– year: 2006
  ident: ref11
  article-title: translating void and null ballots from paper to touchscreen
  publication-title: Proc Towards e-Democracy Participation Deliberation Communities
  contributor:
    fullname: buzzi
– start-page: 1
  year: 2008
  ident: ref41
  article-title: analysis, improvement and simplification of prt voter with paillier encryption
  publication-title: Proc Conf Electronic Voting Technology (EVT'08)
  contributor:
    fullname: xia
– start-page: 171
  year: 2004
  ident: ref19
  article-title: security assets in e-voting
  publication-title: Electronic Voting in Europe
  contributor:
    fullname: prosser
– start-page: 1
  year: 1970
  ident: ref17
  article-title: managing the development of large software systems
  publication-title: Proc IEEE WESCON
  contributor:
    fullname: royce
– ident: ref34
  doi: 10.1109/SECPRI.2004.1301313
SSID ssj0044168
Score 2.1292748
Snippet The use of new technologies to support voting has been and is the subject of great debate. Several people advocate the benefits it can bring-such as improved...
Several people advocate the benefits it can bring-such as improved speed and accuracy in counting, accessibility, voting from home-and as many are concerned...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Publisher
StartPage 651
SubjectTerms Design engineering
Development
E-voting
Elections
Electronic voting
electronic voting (e-voting)
Electronic voting systems
Electronics
Formal method
formal specification and verification
Formal verification
Law
Legal factors
Logic
Nominations and elections
Protection
ProVotE
Security
security assessment
Source code
Switches
Voters
Voting
Voting machines
Welding
Title Development, Formal Verification, and Evaluation of an E-Voting System With VVPAT
URI https://ieeexplore.ieee.org/document/5290133
https://www.proquest.com/docview/856896206
https://search.proquest.com/docview/869839390
Volume 4
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3fT9swED5RnsbDgAJa-TH5YU9TUxI7TuPHCrWCaUybKIW3KHbOAoESBKmQ-Os5J05VsT3sLXIsy_Kd7e98d98BfBMqRbIrGtegCWJS4UClCgOuZSwKqchwcQnOl7-S8-v4x6283YDhKhcGEZvgMxy5z8aXX1Rm6Z7KTqVz-gnRg95YqTZXqzt16VZv096kTAIyMoT3YEahOp1fzK5aZkru2Fi6-lj-DmqKqvx1EjfXy2wbLruJtVElD6NlrUfm7QNn4__OfAc-e5zJJq1i7MIGln3Y7mo4ML-l-7C1RkjYh97P_HUP_qxFEg3ZzKHaR7agLtY_8A1ZXhZsuiIKZ5WlFjYNFpWLomYtDTq7ua_v2GLxezLfh-vZdH52HvjSC4EhhFWT0KQobKQs17kOkUBMzrnRZPygoSUtCCSQLWTQ8ljLxGjUYy0iK7QITZETRDuAzbIq8Quw3DGeGatiYYt4jJhiZDWNrYsxtxbTAXzvhJE9tQwbWWOZhCpzknOFMlXmJTeAPbe4q45-XQdw1Ikv83vwJUtlkqqEh8kA2OovbR7nEclLrJbUJVEEEIUKD_897hF84r5eRBgdw2b9vMQTAiG1_tpo3ztYBNdN
link.rule.ids 315,783,787,799,27938,27939,55088
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1RT9swED5B9zD2MLYCWsfG_MATakpix2n8iKZWBVoEonS8RbFzFtOmZNpSTdqv3zlxKsT2wFvkWJblO9vf-e6-AzgWKkWyKxrXoAliUuFApQoDrmUsCqnIcHEJzourZHYXX9zL-y0YbnJhELEJPsOR-2x8-UVl1u6p7FQ6p58Q2_BCOlzRZmt15y7d623im5RJQGaG8D7MKFSny_PpbctNyR0fS1chy99CTVmVf87i5oKZ7sKim1obV_JttK71yPx5wtr43Lm_gdceabKzVjXewhaWfdjtqjgwv6n78OoRJWEftuf57z24eRRLNGRTh2u_sxV1sf6Jb8jysmCTDVU4qyy1sEmwqlwcNWuJ0NmXr_UDW62uz5b7cDedLD_PAl98ITCEsWoSmxSFjZTlOtchEozJOTeazB80tKQFwQSyhgxaHmuZGI16rEVkhRahKXICaQfQK6sS3wHLHeeZsSoWtojHiClGVtPYuhhzazEdwEknjOxHy7GRNbZJqDInOVcqU2VecgPYc4u76ejXdQCHnfgyvwt_ZalMUpXwMBkA2_yl7eN8InmJ1Zq6JIogolDh-_-P-wlezpaLeTY_v7o8hB3uq0eE0Qfo1T_X-JEgSa2PGk38C8aW2po
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Development%2C+Formal+Verification%2C+and+Evaluation+of+an+E-Voting+System+With+VVPAT&rft.jtitle=IEEE+transactions+on+information+forensics+and+security&rft.au=Villafiorita%2C+A.&rft.au=Weldemariam%2C+K.&rft.au=Tiella%2C+R.&rft.date=2009-12-01&rft.issn=1556-6013&rft.volume=4&rft.issue=4&rft.spage=651&rft.epage=661&rft_id=info:doi/10.1109%2FTIFS.2009.2034903&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TIFS_2009_2034903
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1556-6013&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1556-6013&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1556-6013&client=summon