The Polyas Internet Voting Scheme as Applied for the GI 2011 Elections
5.6. Comparison of the Quantitative Security Models of the Original and the Extended Scheme
Election Settings. On the basis of the qualitative security models, the security of the original and the extended Polyas scheme are quantitatively assessed against the four prob-abilistic adversaries specified in Section 4.2.
Additionally, we construct a fifth adversary against which we expect the proposed ex-tension to be irrelevant. The adversary corresponds to the adversary of election setting 1, except that the fifth adversary possesses the capability VD with a probability of 0. The probabilistic adversaries considered for the quantitative evaluation of the original and the extended Polyas Internet voting scheme are shown in Table 5.3. Due to its Pareto domi-nance, we expect the extended scheme to satisfy all security requirements in all election settings at least as good as the original scheme.
Referring to the GI 2011 election, we consider a number of 20, 000 eligible voters and 3, 244 expected voters17.
Results. The results of the quantification process are provided in Tables 5.4, 5.5, 5.6 and 5.7, and are visualized in Figures 5.6, 5.7, 5.8, 5.9, 5.10. In addition to the satisfaction degrees, the tables contain the minimum and maximum theoretically possible satisfac-tion degrees for both schemes: a minimum (respectively maximum) satisfacsatisfac-tion degree corresponds to the quantitative evaluation of qualitative security models with the largest (respectively smallest) probability value for all adversarial capabilities.
The obtained results confirm our expectation: The quantitative security evaluation results of the extended scheme are at least as high as the results of the original scheme.
However, it turns out that the significance of the proposed extension varies with regard to the election settings.
Consider the results of the first election setting as baseline.
One can notice a significant increase in the difference between the satisfaction degrees of vote integrity once the adversary becomes stronger with regard to voting device corruption.
This significance stems from the fact that an adversary controlling the voters’ voting devices cannot undetectably violate vote integrity in the extension.
In contrast to the baseline setting, an adversary particularly strong with regard to service provider corruption impacts both schemes to approximately the same extent. This observation indicates that the proposed extension does not address vulnerabilities caused by service provider corruption. In fact, it can be noticed that the satisfaction degrees of
17Refer to https://www.gi.de/wir-ueber-uns/unsere-mitglieder.html and https://www.gi.de/
index.php?id=wahlen2011
100 5. The Polyas Internet Voting Scheme
both schemes do not drop significantly, i.e. risks caused by compromised service providers are not the most prevalent risks for both voting schemes.
If the adversary increases his capabilities with regard to influencing voters, one can notice significant decreases in the satisfaction degrees of fairness, vote secrecy, and eligi-bility in both schemes. These decreases indicate that voters that are to some extent under adversarial control pose a serious security vulnerability to the scheme. On the other side, one can notice that the difference between both schemes with regard to vote integrity remains more or less unchanged in comparison to the baseline setting. This indicates that the proposed extension does not address vulnerabilities caused by voters that are under adversarial control.
Eventually, if the adversary does not have the capability to compromise voting devices, the quantitative difference between the original and the extended Polyas scheme vanishes.
This observation is explained by the fact that the proposed extension targets specifically at this capability. Hence, the absence of this capability results in the fact that the difference in satisfaction degrees drops to 0.
5.7. Summary
With more than 2,2 millions cast online votes, the Polyas Internet voting scheme is one of the most established Internet voting schemes. Yet, the scheme unveils numerous short-comings.
To address the risk of vote integrity violations caused by compromised voting devices, we reviewed existing technical solutions. Considering the constraints given by the Common Criteria certification, we presented an extension of the Polyas Internet voting scheme. By providing voters with code sheets, the ballot box server gains the possibility to confirm a vote by returning the respective return codes to the voter. Given the fact that the voting device only learns the return codes for the vote that has been received by the ballot box server, the voting device can only obtain the return codes that the voter expects by forwarding the voter’s vote in an unaltered manner.
The qualitative security models show that the extended scheme Pareto dominates the original scheme. In the case of vote integrity, we were able to eliminate the need to trust the voting device, without imposing new assumptions on the adversary’s capabilities.
The Pareto dominance of the extended Polyas scheme makes a quantitative security evaluation for the comparison of the extended and the original scheme obsolete. In all possible election settings, satisfaction degrees of the extended scheme are larger or equal than the respective satisfaction degrees of the original scheme. Yet, when taking into account decision criteria beyond legally-founded security requirements for Internet voting schemes, the security improvements might become one among several criteria. We there-fore quantitatively evaluated both schemes within five election settings. The evaluation results show that the added value to the requirement vote integrity depends on the target
5.7. Summary 101
Figure 5.6: Polyas result: Election setting 1.
0,75
Figure 5.7: Polyas result: Election setting 2.
0,91
Figure 5.8: Polyas result: Election setting 3.
0,75
Figure 5.9: Polyas result: Election setting 4.
0,93
Figure 5.10: Polyas result: Election setting 5.
1025.ThePolyasInternetVotingScheme
Election Setting VD ONSP OFSP VO VI HCH
E1 U[0.01, 0.1] U[0.001, 0.002] U[0.0001, 0.0002] U[0.01, 0.1] U[0.01, 0.1] U[0.01, 0.1]
E2 U[0.1, 0.2] U[0.001, 0.002] U[0.0001, 0.0002] U[0.01, 0.1] U[0.01, 0.1] U[0.01, 0.1]
E3 U[0.01, 0.1] U[0.01, 0.02] U[0.001, 0.002] U[0.01, 0.1] U[0.01, 0.1] U[0.01, 0.1]
E4 U[0.01, 0.1] U[0.001, 0.002] U[0.0001, 0.0002] U[0.1, 0.2] U[0.1, 0.2] U[0.1, 0.2]
E5 U[0, 0] U[0.001, 0.002] U[0.0001, 0.0002] U[0.01, 0.1] U[0.01, 0.1] U[0.01, 0.1]
Table 5.3: Probabilistic adversaries considered for the quantitative evaluation of the original and extended Polyas scheme.
Requirement Ori. Polyas SD Ori. Polyas Min/Max SD Ext. Polyas SD Ext. Polyas Min/Max SD Eligibility 0.955435709 [0.912297378316, 0.992843571063] 0.955435709 [0.912297378316, 0.992843571063]
Fairness 0.939280721 [0.907360601091, 0.991610302379] 0.939280721 [0.907360601091, 0.991610302379]
DA Protection 0.9532711 [0.912292977530, 0.992842627116] 0.9532711 [0.912292977530, 0.992842627116]
Vote Secrecy 0.939283299 [0.907363978273, 0.991610852262] 0.939283299 [0.907363978273, 0.991610852262]
Vote Integrity 0.953271423 [0.912293377019, 0.992842712867] 0.998502195 [0.998000000000, 0.999000000000]
Table 5.4: Results of the quantitative security evaluation of the original and extended Polyas scheme within election setting 1.
Requirement Ori. Polyas SD Ori. Polyas Min/Max SD Ext. Polyas SD Ext. Polyas Min/Max SD Eligibility 0.953331026 [0.912297378316, 0.992843571063] 0.953331026 [0.912297378316, 0.992843571063]
Fairness 0.863296551 [0.817738026681, 0.912295378468] 0.863296551 [0.817738026681, 0.912295378468]
DA Protection 0.863308735 [0.817737487707, 0.912295178523] 0.863308735 [0.817737487707, 0.912295178523]
Vote Secrecy 0.863300222 [0.817743416421, 0.912297377915] 0.863300222 [0.817743416421, 0.912297377915]
Vote Integrity 0.851969229 [0.833560677883, 0.912295378468] 0.998487723 [0.998000000000, 0.999000000000]
Table 5.5: Results of the quantitative security evaluation of the original and extended Polyas scheme within election setting 2.
5.7.Summary103 Requirement Ori. Polyas SD Ori. Polyas Min/Max SD Ext. Polyas SD Ext. Polyas Min/Max SD
Eligibility 0.954865328 [0.912297219964, 0.992843554076] 0.954865328 [0.912297219964, 0.992843554076]
Fairness 0.938335715 [0.907330145537, 0.990000000000] 0.938335715 [0.907330145537, 0.990000000000]
DA Protection 0.952400304 [0.912252141433, 0.989010000000] 0.952400304 [0.912252141433, 0.989010000000]
Vote Secrecy 0.93837185 [0.907363308118, 0.991610797764] 0.93837185 [0.907363308118, 0.991610797764]
Vote Integrity 0.952556556 [0.912256679453, 0.990000000000] 0.984888738 [0.980000000000, 0.990000000000]
Table 5.6: Results of the quantitative security evaluation of the original and extended Polyas scheme within election setting 3.
Requirement Ori. Polyas SD Ori. Polyas Min/Max SD Ext. Polyas SD Ext. Polyas Min/Max SD Eligibility 0.86435605 [0.817743425062, 0.912297379517] 0.86435605 [0.817743425062, 0.912297379517]
Fairness 0.865989764 [0.817738026681, 0.912295378468] 0.865989764 [0.817738026681, 0.912295378468]
DA Protection 0.951977457 [0.912292977530, 0.992842627116] 0.951977457 [0.912292977530, 0.992842627116]
Vote Secrecy 0.865993359 [0.817743416421, 0.912297377915] 0.865993359 [0.817743416421, 0.912297377915]
Vote Integrity 0.951977703 [0.912293377019, 0.992842712867] 0.998505387 [0.998000000000, 0.999000000000]
Table 5.7: Results of the quantitative security evaluation of the original and extended Polyas scheme within election setting 4.
Requirement Ori. Polyas SD Ori. Polyas Min/Max SD Ext. Polyas SD Ext. Polyas Min/Max SD Eligibility 0.95384898 [0.912297378316, 0.992843571063] 0.95384898 [0.912297378316, 0.992843571063]
Fairness 0.952939981 [0.912293377019, 0.992842712867] 0.952939981 [0.912293377019, 0.992842712867]
DA Protection 0.998346268 [0.997800400000, 0.998900100000] 0.998346268 [0.997800400000, 0.998900100000]
Vote Secrecy 0.95294243 [0.912297371911, 0.994012368095] 0.95294243 [0.912297371911, 0.994012368095]
Vote Integrity 0.998496099 [0.998000000000, 0.999000000000] 0.998496099 [0.998000000000, 0.999000000000]
Table 5.8: Results of the quantitative security evaluation of the original and extended Polyas scheme within election setting 5.
104 5. The Polyas Internet Voting Scheme
election setting. The higher the relative risk of voting device corruption (in relation to other adversarial capabilities), the higher is the relevance of the proposed extension.