Security goals for a secure e-voting system & mechanism for the same
The three Security Goals are
1. Confidentiality :-
- Pressuring authorized restrictions on information access & disclosure, including means for protecting privacy of voters
- No one ( not even election authorities or system administrators in charge of vote collection services must be able under circumstances to correct the value to the voters who have cast them.
- A loss of confidentiality is the unauthorized disclosure of information.
It includes following two concepts:
b. Privacy, i.e. only eligible voters can vote only one per voters counted.
- Guarding against improper information modification or destruction including ensuring information non-repudiation & authenticity
- The accuracy of election results is also essential. It must be impossible to add invalid ballots ( e.g. a fraudster voting in place of alistaining voter) or to delete or alter valid ballots.
- To keep intermediate results secret voted the election is completed ( unless required by the specific nature of the elections)
- Loss of integrity is the unauthorized modification or destruction of information. It includes two concepts
3. Availability :-
- Ensuring timely & reliable access to & use of information
- A loss of availability is the description of access to or use of information or an information systems.
- Assures that system works promptly & services are not denied to authorized users.
Thus the security goals for e-voting system must
Ensure that each vote is recorded & counted as intended, not manipulated or removed.
Ensure that no invalid vote are added.
Ensure that system operations are logged & audited without compromising voters privacy.
Enchipherment :- Hiding or covering the vote casted by the voter. that is, it provides confidentiality.
Data integrity:- A start checkvalue must be specified, one vote should be casted by a single voter & it should not be altered for that some checkvalue to be given to the voter that his vote is sealed & no modification must be done
Notarization :- It means a third party to control communication between two entities.
4.Access Control :- Use methods to prove that a voter has access right to the data response ovened by him.
Example: His voter id, voter card no etc.