A SEMINAR REPORT

ON

“GLOBAL WIRELESS E-VOTING ”

SUBMITTED TO THE SAVITRIBAI PHULE PUNE UNIVERSITY,PUNE

In Partial Fulfillment of
T.E. Computer Engineering
T.E. Semester II

BY

Mr. Pushkar Girish Zagade

Exam Seat No: T120404321

UNDER THE GUIDANCE OF

PROF. ISHWAR KALBANDI

DEPARTMENT OF COMPUTER ENGINEERING

JSPM’s Jayawantrao Sawant College of Engineering
Hadapsar, Pune-028.
[2012-13]
 CERTIFICATE

DEPARTMENT OF COMPUTER ENGINEERING

JSPM’s Jayawantrao Sawant College of Engineering
Hadapsar, Pune-028.

This is to certify that the seminar report entitled

“GLOBAL WIRELESS E-VOTING ”
Submitted by
Mr. Pushkar Girish Zagade
Exam Seat No:T120404321

is bonafide work carried out under the supervision of Prof. ISHWAR

KALBANDI and it is submitted towards the partial fulfilment of the
requirement of Savitribai Phule Pune University,Pune.

(Prof. Ishwar Kalbandi) (Prof. N.B. Shardoor)

Internal Guide External Examiner

(Prof. A.S.Devare) (Prof. H.A.Hingoliwala)

Seminar Coordinator H.O.D.

( Dr.M.G.JADHAV )
Principal
Place:

Pune Date:
 Acknowledgments

It is our proud privilege and duty to acknowledge the kind of help and guidance

received from several people in preparation of this report. It would not have been possible

to prepare this report in this form without their valuable help, cooperation and guidance.

First and foremost, we wish to record our sincere gratitude to our beloved Principal,
Dr. M. D. Jadhav, Principal, Jayawantrao Sawant College Of Engineering ,Pune for
his constant support and encouragement in preparation of this report and for making
available library and laboratory facilities needed to prepare this report.

Our sincere thanks to Prof. H.A.Hingoliwala, Head, Department of Computer

Science and Engineering, JSCOE for his valuable suggestions and guidance
throughout the period of this report.

We express our sincere gratitude to our guide, Asst. Prof. Ishwar Kalbandi,
Depart-ment of Computer Science and Engineering, JSCOE, Pune for guiding us
in investiga-tions for this seminar and in carrying out experimental work. Our
numerous discussions with his were extremely helpful. We hold his in esteem for
guidance, encouragement and inspiration received from his.

The seminar on Global Wireless E-Voting was very helpful to us in giving the
necessary background information and inspiration in choosing this topic for the
seminar. Our sincere thanks to Prof. A.S.Devare , Seminar Coordinator for having
supported the work related to this project. Their contributions and technical
support in preparing this report are greatly acknowledged.

(Mr. Pushkar Girish Zagade)

Exam no: T120404321
Batch[2014-15]
 Abstract

With significant U.S. federal funds now available to replace outdated punch-
card and mechanical voting systems, municipalities and states throughout the
U.S. are adopting paperless electronic voting. systems from number of dif-ferent
vendors. We present a security analysis of the source code to one such machine
used in a significant share of the market. Our analysis shows that this voting
system is far below even the most minimal security standards appli-cable in other
contexts. We identify several problems including unauthorized privilege
escalation, incorrect use of cryptography, vulnerabilities to network threats, and
poor software development processes. We show that voters, with-out any insider
privileges, can cast unlimited votes without being detected by any mechanisms
within the voting terminal software. Furthermore, we show that even the most
serious of our outsider attacks could have been discovered and executed without
access to the source code. In the face of such attacks, the usual worries about
insider threats are not the only concerns; outsiders can do the damage. That
said, we demonstrate that the insider threat is also quite considerable, showing
that not only can an insider, such as a poll worker, mod-ify the votes, but that
insiders can also violate voter privacy and match votes with the voters who cast
them. We conclude that this voting system is unsuit-able for use in general
election. Any paperless electronic voting system might suffer similar flaws,
despite any certification it could have otherwise received. We suggest that the
best solutions are voting systems having a voter-verifiable audit trail,where
computerized voting system might print a paper ballot that can be read and
verified by the voter.
 Contents

Acknowledgement I
Abstract II
1 INTRODUCTION 1

1.1 E-VOTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 DISSERTATION PLAN 5
3 E-VOTING 6

3.1 VOTING IMPORTANCE . . . . . . . . . . . . . . . . . . . . . . . . 6

3.2 E-VOTING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.2.1 REQUIREMENTS IN E-VOTING . . . . . . . . . . . . . . . . 7

3.2.2 VOTING TECHNIQUE . . . . . . . . . . . . . . . . . . . . . 8

4 WORKING OF E-VOTING 10

4.1 WORKING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

4.1.1 GLOBAL WIRELESS EVOTING BLOCK DIAGRAM . . . . . . 10

4.1.2 DETAIL DIAGRAM OF VOTING MACHINE . . . . . . . . . . 11

4.1.3 EYE RETINA SCANNING . . . . . . . . . . . . . . . . . . . 11

4.1.4 WORKING OF WHOLE SYSTEM . . . . . . . . . . . . . . . 12

4.1.5 HURDLES IN THE PATH OF IMPLEMENTATION . . . . . . . 14

4.2 ADVANTAGES OF E-VOTING . . . . . . . . . . . . . . . . . . . . . 18

4.3 DISADVANTAGES OF E-VOTING . . . . . . . . . . . . . . . . . . . 19

III
 4.4 FEATURES OF E-VOTING . . . . . . . . . . . . . . . . . . . . . . . 20
5 CONCLUSION AND FUTURE SCOPE 22
BIBLIOGRAPHY 23
 Chapter 1
INTRODUCTION

1.1 E-VOTING

Elections allow the populace to choose their representatives and express their preferences

for how they will be governed. Naturally, the integrity of the election process is fundamen-

tal to the integrity of democracy itself. The election system must be sufficiently robust to

withstand variety of fraudulent behaviors and must be sufficiently transparent and com-

prehensible that voters and candidates can accept the results of an election. Unsurprisingly,

history is littered with examples of elections being manipulated in order to influence their

outcome.

The design of good voting system, whether electronic or using traditional paper bal-

lots or mechanical devices, must satisfy a number of sometimes competing criteria. The

anonymity of a voters ballot must be preserved, both to guarantee the voters safety when

voting against a malevolent candidate, and to guarantee that voters have no evidence that

proves which candidates received their votes. The existence of such evidence would allow

votes to be purchased by a candidate. The voting system must also be tamper-resistant to

thwart a wide range of attacks, including ballot stuffing by voters and incorrect tallying by

insiders.

1
 GLOBAL WIRELESS E-VOTING

Another factor, as shown by the so-called butterfly ballots in the Florida 2000 presiden-

tial election, is the importance of human factors. A voting system must be comprehensible

to and usable by the entire voting population, regardless of age, infirmity, or disability. Pro-

viding accessibility to such a diverse population is an important engineering problem and

one where, if other security is done well, electronic voting could be great
improvement

over current paper systems. Flaws in any of these aspects of voting system,
however, can

lead to indecisive or incorrect election results.

ELECTRONIC VOTING SYSTEMS. There have been several studies on using computer

technologies to improve elections [4, 5, 20, 21, 25]. These studies caution against the risks

of moving too quickly to adopt electronic voting machines because of the software engi-

neering challenges, insider threats, network vulnerabilities, and the challenges of auditing.

As result of the Florida 2000 presidential election, the inadequacies of widely-used punch

card voting systems have become well understood by the general population. Despite the

opposition of computer scientists, this has led to increasingly widespread adoption of direct

recording electronic (DRE) voting systems. DRE systems, generally speaking, completely

eliminate paper ballots from the voting process. As with traditional elections, voters go to

their home precinct and prove that they are allowed to vote there, perhaps by presenting an

ID card, although some states allow voters to cast votes without any identification at all.

After this, the voter is typically given a PIN, a smartcard, or some other token that allows

them to approach a voting terminal, enter the token, and then vote for their candidates of

choice. When the voters selection is complete, DRE systems will typically present a sum-

JSCOE,Dept.of Comp. Engg.2014-15 2

 GLOBAL WIRELESS E-VOTING

mary of the voters selections, giving them final chance to make changes.
Subsequent to

this, the ballot is cast and the voter is free to leave. The most fundamental problem with such

a voting system is that the entire election hinges on the correctness, robustness, and security

of the software within the voting terminal. Should that code have securityrelevant flaws, they

might be exploitable either by unscrupulous voters or by malicious insiders. Such insiders

include election officials, the developers of the voting system, and the developers of the em-

bedded operating system on which the voting system runs. If any party introduces flaws into

the voting system software or takes advantage of pre-existing flaws, then the results of the

election cannot be assured to accurately reflect the votes legally cast by the voters.

Although there has been cryptographic research on electronic voting , and there are new

approaches such as , currently the most viable solution for securing electronic voting ma-

chines is to introduce voter-verifiable audit trail [10, 20]. A DRE system with a printer

attachment, or even traditional optical scan system (e.g., one where a voter fills in a
printed

bubble next to their chosen candidates), will satisfy this requirement by having a piece of

paper for voters to read and verify that their intent is correct reflected. This paper is stored

in ballot boxes and is considered to be the primary record of a voters intent. If, for

some reason, the printed paper has some kind of error, it is considered to be a spoiled

ballot and can be mechanically destroyed, giving the voter the chance to vote again. As

a result, the correctness of any voting software no longer matters; either a voting terminal

prints correct ballots or it is taken out of service. If there is any discrepancy in the vote

tally, the paper ballots will be available to be recounted, either mechanically or by hand. (A

JSCOE,Dept.of Comp. Engg.2014-15 3

 GLOBAL WIRELESS E-VOTING

verifiable audit trail does not, by itself, address voter privacy concerns, ballot stuffing, or

numerous other attacks on elections.) CERTIFIED DRE SYSTEMS.

Many government entities have adopted paperless DRE systems without appearing to

have critically questioned the security claims made by the systems vendors. Until recently,

such systems have been dubiously certified for use without any public release of the anal-

yses behind these certifications, much less any release of the source code that might allow

independent third parties to perform their own analyses. Some vendors have claimed secu-

rity through obscurity as defense, despite the security communitys universally held belief

in the inadequacy of obscurity to provide meaningful protection

Indeed, the CVS source code repository for Diebolds AccuVote-TS DRE voting system

recently appeared on the Internet. This appearance, announced by Bev Harris and discussed

in her book, Black Box Voting , gives us a unique opportunity to analyze a widely used,

paperless DRE system and evaluate the manufacturers security claims. Jones discusses the

origins of this code in extensive detail . Diebolds voting systems are in use in 37 states, and

they are the second largest and the fastest growing vendor of electronic voting machines.

We only inspected unencrypted source code, focusing on the AVTSCE, or AccuVote-TS

version 4, tree in the CVS repository . This tree has entries dating from October 2000 and

culminates in an April 2002 snapshot of version 4.3.1 of the AccuVote-TS system. From

the comments in the CVS logs, the AccuVote-TS version 4 tree is an import of an earlier

AccuTouch-CE tree. We did not have source code to Diebolds GEMS back-end election

management system.

JSCOE,Dept.of Comp. Engg.2014-15 4

 Chapter 2
DISSERTATION PLAN

This topic is generally belongs to global wireless evoting.How we implement the e-voting

in world and how it is helpful. The Objective and Aim of this report is to improve voting

technique and avoid fraud in voting system.

This will help to solve social issues of voting. Considering the all disadvantages of the

present system,we proposed the sysyem Global Wireless Evoting. This system is Remote

secured system We can check eligibility We can vote from anywhere

5
 Chapter 3
E-VOTING

3.1 VOTING IMPORTANCE

Voting is one of the most critical features in our democratic process. By casting a vote

we hold previous politicians to account and express our hopes for the future. Of course

democracy is more than votes - it’s debate, letter writing, campaigning, consultation - but

the vote is how every single citizen can wield real and immediate power. In addition to pro-

viding for the orderly transfer of power, it also cements the citizens trust and confidence in

an organization or government when it operates efficiently. It’s incredibly important that ev-

eryone can vote without interference, safe in the knowledge that it will be counted. Through

the long history of democracy we have learnt that in the pursuit of power some groups are

willing to threaten voters to make sure they vote ’the right way’. But if the vote is secret

then there is no way for intimidators to know whether someone has voted for them or not -

threats become useless. So votes are a vital expression of the people’s power, which need to

be secret and restricted to only one per citizen.

3.2 E-VOTING

Electronic voting is a term used to describe any of several means of determining people’s

collective intent electronically. Electronic voting includes voting by kiosk, Internet, tele-

6
 GLOBAL WIRELESS E-VOTING

phone, punch card, and optical scan ballot (a.k. . mark-sense). Voting is done for many

reasons and in many situations, ranging from determining the next garden club officers to

determining the next leader of a country. Depending on the situation, voting

scheme will

be required to meet differing needs depending on the circumstances. One hopes that in this

way the voting process becomes faster, cheaper, more convenient, and also more secure.

3.2.1 REQUIREMENTS IN E-VOTING

A voting system should satisfy these requirements:

Eligibility and authentication only registered voters must be

admitted. Uniqueness no voter may cast his vote more than once.

Accuracy voting systems should record the votes correctly.

Verifiability and audit ability it should be possible to verify that all votes have been

correctly accounted for in the final tally, and there should be reliable and verifiably

authentic election records.

Secrecy no one should be able to determine how any individual voted.

Non-coerciability voters should not be able to prove to others how they

voted; other-wise vote selling and coercion would be facilitated.

Minimum skill requirement for voter

Minimal requirement of equipment

Minimum Time required for vote

JSCOE,Dept.of Comp. Engg.2014-15 7

 GLOBAL WIRELESS E-VOTING

3.2.2 VOTING TECHNIQUE

Raise Your Hand Or Raise Your Voice Or Put Stick in Box.

Election has been used to decide various questions for at least 2000 years. In an-

cient Greece, people voted by putting white or black stone in bucket. Early methods

including Shouting out Aye or Nay, raising hands or depositing objects to be counted.

Paper Ballot

The first Known use of the paper ballots in an election in the U.S. was in 1629 to

select church pastor.

1] Invented By

Australian paper ballot system was considered as a great innovation. Standardized

ballots are printed at government expenses, given to voter at polling places, and peo-

ple are required to vote and return the ballot on the spot. The Australian government

comes up with this procedure, which is now the most widely used system in the world.

2] Procedure for voting

The paper ballot system employs uniform official ballots of various stock weights on

which the names of all candidates and issues are printed. Voters record their choices,

in private; by marking the boxes next to the candidate or issue choice they select and

drop the voted ballot in a sealed ballot box.This maintain securacy.

JSCOE,Dept.of Comp. Engg.2014-15 8

 GLOBAL WIRELESS E-VOTING

3] Current Usage

As of 1996, paper ballots were still used by 1.7 percent of the registered voters in

the United States. They are used as the primary voting system in small commu-

nities and rural areas, and quite often for absentee balloting in other jurisdictions.

4] Problem with Paper Ballot System

It may take long time to get hand count under the current system. (Counting

Problem)

A small portion of the disabled may lose the ability to vote privately.

Paper ballot counting and recounting generates endless arguments about

whether the X crosses inside the square

JSCOE,Dept.of Comp. Engg.2014-15 9

 Chapter 4
WORKING OF E-VOTING

4.1 WORKING

4.1.1 GLOBAL WIRELESS EVOTING BLOCK DIAGRAM

Radio waves representing scanned retina pattern and vote to Mobile tower.

Radio waves representing scanned retina pattern and vote to remote server.

Acknowledgement (+ve or ve) from the server to mobile tower.

Acknowledgement (+ve or ve) from mobile tower to Interface device.

Ready signal if retina is scanned properly to voting machine. And if ve signal

then alert alarm will be activated.

10
 GLOBAL WIRELESS E-VOTING

Accepted vote is made to flow to the interface device.

4.1.2 DETAIL DIAGRAM OF VOTING MACHINE

The voting machine is actually a device which generate the different voltages for different

votes these voltages are fed to the (ADC) which is then converted to digital bits then can be

converted to radio waves.

4.1.3 EYE RETINA SCANNING

The eye retina machine be simple web cam or device which can capture the images

effectively .the captured image will be represented in the form of a matrix where each pixel

represents 24-bit (RGB, 8+8+8 format) let us see and understand Here for e.g.

JSCOE,Dept.of Comp. Engg.2014-15 11

 GLOBAL WIRELESS E-VOTING

Here the matrix pattern of this type of picture may be as

This is an electronic kit which converts the input digital signals such as (retina pattern

votes+ secure bits) to radio waves.

4.1.4 WORKING OF WHOLE SYSTEM

Whenever voters enter to voting booth then he will be instructed to directly look at retina

scanning machine at this time the machine scans the retina. once retina scanning properly

JSCOE,Dept.of Comp. Engg.2014-15 12

 GLOBAL WIRELESS E-VOTING

confirmed then it sent signal to the voting machine as to accept the vote it will be powered

on .then voter is made to vote. Now the whole data including the retina pattern is sent to

interfacing device which convert into radio waves of mobile frequency range and these radio

waves are sent to mobile tower and then to the remote server, where the authentication and

voters identification is stored into a secured database. The received data is first converted

into digital format from the radio waves through the interface device kept at the server

side, and then retina pattern and vote separated . Next the retina pattern is matched against

the existing database .If match is found then flag is check which indicates its voting status

i.e if the voter is not voted yet then +ve ack is send to the mobile tower and then to the

corresponding voting machine. This ack is recognized by the receiver kept at the voter side

and machine is made to scan next retina pattern and vote , otherwise if ve ack then alert

alarm is made to ring.

JSCOE,Dept.of Comp. Engg.2014-15 13

 GLOBAL WIRELESS E-VOTING

4.1.5 HURDLES IN THE PATH OF IMPLEMENTATION

There are several more issues that we have to consider along the Implementation such as

Security

Efficiency

Geographical Problems

Security

The radio waves of mobile frequency consist of Retina pattern and vote can be

Generated by means of external source .Thats why we need to provide some sot of

security to avoid this problem . One of the idea to solve this problem is CDMA

(which will be explained later ) and another technique is inserting security bits at

regular interval of time during the transmission of radio waves (Ex.2 msec) .At the

server side after the given interval (2 msec ) security bits are checked (ex 1001) .

In case of positive confirmation we can accept as valid vote, other wise simply re-

jected. Another problem is that one may trap the radio waves in between and can

determine the person and the vote, this may disclose the result of the election be-

fore the completion of the voting process. To avoid this problem we can go for

applying the efficient and complex encryption algorithm so that the transparency of

data can be hidden and the server side the encrypted data can be again decrypted

and original data can retrieved this make the trapping of wave meaningless .The en-

cryption algorithm can be termed as Key Complex Algorithm, which is as follows,

JSCOE,Dept.of Comp. Engg.2014-15 14

 GLOBAL WIRELESS E-VOTING

1] First it finds the length of the string.

2] Generate the random numbers equal to the length of the string.

3] Add the corresponding Characters from the given string and random values.

The final encrypted data is formed in such a way that the random data at the even

place and rest at odd place. This makes Decryption very easy. Simply subtract the

character at even place from odd place character.

JSCOE,Dept.of Comp. Engg.2014-15 15

 GLOBAL WIRELESS E-VOTING

Efficiency

Whenever the data which is sent from the voter (client) side, it is in the large

amount, this delays a bit a voting system and the data that is received at server side is

in the multiple access mode i.e more than one client is sending the data . To over come

this problem the following

1] Applying compression Algorithms at the Client and server side so that to decrease

the data transfer. Compression technique such as JPEG compression or any other

Compression.

2] Instead of using single server PC we will go for distributed Operating system envi-

ronment with multiple servers. This makes the job sharing and processing faster which

leads to fast responds in case of Multiple Access Environment.

3] To solve the concurrency problem in case of Multiple access environment we will

use CDMA technique which is as follow.

JSCOE,Dept.of Comp. Engg.2014-15 16

 GLOBAL WIRELESS E-VOTING

Here the key values are orthogonal to each other i. k1*k2=0 and k1*k1=1 i.e if any

tries to decode the information with any other key the data will be vanished as the

data will be in the form d1*k1. If you try to decode with K2 then effect will be as

d1*k1*k2=0. this will vanish the data .And if correct decoding key i. k1 is used

then decoding will be d1*k1*k1=d1. this decodes the data correctly. As

per the

controlling concurrency for multiple access the data from all the nodes is accepted as

k1*d1+k2*d2 +k3*d3+k4*d4.In this case if you want the data corresponding to the

second node then simply multiply the whole equation with the k2. This will give d2

as (k1*d1+k2*d2 +k3*d3+k4*d4)*k2=d2 . So by this we can show that any numbers

of nodes are allowed to send the data, the server will accept all the data and which

ever has to be extracted will be just multiplied with corresponding key. This gets the

corresponding data. Hence the concept of Multiple access.

Geographical problem

This is the problem regarding the area where technical facilities like mobile tower or

Internet service is not present. In this case will convert the vote and retina pattern into

the electrical information and pass it through the electrical conductors until we can

reach the area where the technical facilities like internet or mobile tower is available,

and if only internet facility is available is then we can convert this electrical informa-

tion to digital means and with these data using computers connected to internet we

can pass the vote and retina pattern. Here the eye scanner will be web cam.

JSCOE,Dept.of Comp. Engg.2014-15 17

 GLOBAL WIRELESS E-VOTING

4.2 ADVANTAGES OF E-VOTING

aster vote count and tabulation.

more accurate results as human error is excluded.

Efficient handling of complicated electoral systems formulae that require

laborious counting procedures.

Improved presentation of complicated ballot

papers. Increased convenience for voters.

Potentially increased participation and turnout, particularly with the use of

Internet voting.

More attuned to the needs of an increasingly mobile society.

Prevention of fraud in polling stations and during the transmission and

tabulation of results by reducing human intervention.

Increased accessibility, for example by audio ballot papers for blind voters,

with In-ternet voting as well for housebound voters and voters from abroad.

Possibility of multilingual user interfaces that can serve a multilingual

electorate better than paper ballots.

Reduction of spoilt ballot papers as voting systems can warn voters about any invalid

votes (although consideration should be given to ensuring that voters are able to cast

a blank vote should they so choose).

JSCOE,Dept.of Comp. Engg.2014-15 18

 GLOBAL WIRELESS E-VOTING

Potential long-term cost savings through savings in poll worker time, and

reduced costs for the production and distribution of ballot papers.

Cost savings by using Internet voting: global reach with very little logistical overhead.

No shipment costs, no delays in sending out material and receiving it back.

Compared to postal voting, Internet voting can reduce the incidence of vote-selling

and family voting by allowing multiple voting where only the last vote counts and

prevent manipulation with mail-in deadlines through direct control of voting times.

4.3 DISADVANTAGES OF E-VOTING

Lack of transparency.

Limited openness and understanding of the system for non-

experts. Lack of agreed standards for e-voting systems.

System certification required, but no widely agreed standards for certification.

Potential violation of the secrecy of the vote, especially in systems that

perform both voter authentication and vote casting.

Risk of manipulation by insiders with privileged access to the system or by

hackers from outside.

Possibility of fraud through largescale manipulation by a small group of insiders.

Increased costs for both purchasing and maintaining e-voting systems.

JSCOE,Dept.of Comp. Engg.2014-15 19

 GLOBAL WIRELESS E-VOTING

Increased infrastructure and environmental requirements, for example, with

regard to power supply, communication technology, temperature, humidity.

Increased security requirements for protecting the voting system during and

between elections including during transport, storage and maintenance.

Reduced level of control by the election administration because of high

vendor- and/or technologydependence.

Limited recount possibilities.

Need for additional voter education campaigns.

Possible conflict with the existing legal framework.

Possible lack of public trust in e-voting-based elections as a result of the weaknesses

above.

4.4 FEATURES OF E-VOTING

secured login procedure

Knowing nominees of respective

wards profiles can be modified

Nominees can post their vision

Casting vote is possibl only with authentication of voter

Inspection is performed on both voter and nominees

JSCOE,Dept.of Comp. Engg.2014-15 20

 GLOBAL WIRELESS E-VOTING

Suspected user can be reported against

Abused user can be verified and blocked if necessary

JSCOE,Dept.of Comp. Engg.2014-15 21

 Chapter 5
CONCLUSION AND FUTURE SCOPE

This paper describes some of the technological activities we have been carrying out within

the ProVotE project, which has the goal of introducing -voting systems for the next provin-

cial elections.

We believe that transition to new technologies, especially in a country which is particu-

larly cautious towards new technologies in the polling stations requires a multi-disciplinary

approach that allows to take into account not only the usability requirements of the voters,

but also those non-functional requirements that help guaranteeing security and build trust on

the new voting machines.

The technological actions described above, together with the sociological, communica-

tion, and normative actions planned for the second phase will gradually broaden the size

of experimentations to the whole province, allowing for a smooth introduction of e-voting

systems in the province of Trento.

22
 Bibliography

[1] M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message

authen-tication. In N. Koblitz, editor, Advances in Cryptology CRYPTO 96,

volume 1109 of Lecture Notes in Computer Science, pages 115. Springer-

Verlag, Berlin Germany, Aug. 1996.

[2] M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A concrete security treatment of

symmetric encryption. In Proceedings of the 38th Annual Symposium on Foundations

of Computer Science, pages 394403. IEEE Computer Society Press, 1997.

[3] M. Bellare and C. Namprempre. Authenticated encryption: Relations among

notions and analysis of the generic composition paradigm. In T. Okamoto, editor,

Advances in Cryptology ASIACRYPT 2000, volume 1976 of Lecture Notes in

Computer Science, pages 531545. Springer-Verlag, Berlin Germany, Dec. 2000.

[4] A. Kerckhoffs. La Cryptographie Militaire. Libraire Militaire de L. Baudoin

and Cie, Paris, 1883.

[5] H. Krawczyk. The order of encryption and authentication for protecting commu-

nications (or: How secure is SSL?). In J. Kilian, editor, Advances in Cryptology

CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 310331.

Springer-Verlag, Berlin Germany, 2001.

23
 [6] R. Mercuri. Electronic Vote Tabulation Checks and Balances. PhD thesis,

University of Pennsylvania, Philadelphia, PA, Oct. 2000.

[7] National Science Foundation. Report on the National Workshop on Internet

Voting: Issues and Research Agenda, Mar. 2001.

http://news.findlaw.com/cnn/docs/voting/ nsfe-voterprt.pdf.

[8] NBS. Data encryption standard, January 1977. Federal Information

Processing Stan-dards Publication 46.

[9] J. Nechvatal, E. Barker, L. Bassham, W. Burr, M. Dworkin, J. Foti, and E. Roback.

Report on the Development of the Advanced Encryption Standard (AES), Oct. 2000.

[10] RABA Innovative Solution Cell. Trusted Agent Report: Diebold AccuVote-TS

Voting System, Jan. 2004.

[11] A. D. Rubin. Security considerations for remote electronic voting.

Communications of the ACM, 45(12):3944, Dec. 2002.

[12] B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code

in C. John Wiley and Sons, New York, second edition, 1996.

[13] Science Applications International Corporation. Risk Assessment Re-

port: Diebold AccuVote-TS Voting System and Processes, Sept. 2003.

http://www.dbm.maryland.gov/SBE.
[14] D. L. Dill, R. Mercuri, P. G. Neumann, and D. S. Wallach. Fre-quently Asked

Questions about DRE Voting Systems, Feb. 2003.

http://www.verifiedvoting.org/drefaq.asp.

[15] Federal Election Commission. Voting System Standards, 2001.

http://fecweb1.fec.gov/ pages/vss/vss.html.

[16] J. Gilmore, editor. Cracking DES: Secrets of Encryption Research, Wiretap

Politics and Chip Design. OReilly, July 1998.

[17] D. Gritzalis, editor. Secure Electronic Voting. Springer-Verlag, Berlin

Germany, 2003.

[18] B. Harris. Black Box Voting: Vote Tampering in the 21st Century. Elon

House/Plan Nine, July 2003.

[19] T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone:

A safe dialect of C. In USENIX Annual Technical Conference, June 2002.

[20] D. W. Jones. Problems with Voting Systems and the Applicable Standards,

May 2001. Testimony before the U.S. House of Representatives Committee

on Science, http://www.cs.uiowa.edu/ jones/voting/congress.html.