VoteBox: A tamper-evident, verifiable voting machine
Sandler, Daniel R.
Wallach, Dan S.
Doctor of Philosophy
This thesis details the design and implementation of V OTEBOX, a new software platform for building and evaluating secure and reliable electronic voting machines. Current electronic voting systems have experienced many high-profile software, hardware, and usability failures in real elections. Recent research has revealed systemic flaws in commercial voting systems that can cause malfunctions, lose votes, and possibly even allow outsiders to influence the outcome of a national election. These failures and flaws cast doubt on the accuracy of elections conducted with electronic systems and threaten to undermine public trust in the electoral system. While some consequently argue for total abandonment of electronic voting, VOTEBOX shows how a combination of security, distributed systems, and cryptographic principles can yield trustworthy and usable voting systems. It employs a pre-rendered user interface to reduce the size of the runtime system that must be absolutely trusted. VOTE BOX machines keep secure logs of essential election events, allowing credible audits during or after the election; they are connected using the Auditorium, a novel peer-to-peer network that replicates and intertwines secure logs in order to survive failure, attack, and poll worker error. While the election is ongoing, any voter may choose to challenge a VOTEB OX to immediately produce cryptographic proof that it will correctly and faithfully cast ballots. This work uniquely demonstrates how these disparate approaches can be used in concert to increase assurance in a voting system; the resulting design also offers a number of pragmatic benefits that can help reduce the frequency and impact of poll worker or voter errors. VOTEBOX is a model for new implementations, but its component techniques can be practically applied to existing systems. VOTEBOX ideas should therefore find their way into commercial electronic voting machines as well as other problem domains in which tamper-evidence, robustness, and verifiability are crucial.
Computer science; Applied sciences