01-09-2014, 11:50 AM
In traditional elections, a voter usually goes to the voting stations. After direct person-person verification with some IDs, the voter is allowed to vote. The voter is then given a ballot which allows a single vote. Once the ballot is used, it cannot be used again. However, this ballot must also be anonymous. The ballot must identify the voter as being permitted to vote, but not reveal their actual identity, and the voter must also be given assurances of this. Traditional polling methods trust a lot of parties during the election. The current methods require an attacker interact directly with the voting process to disrupt it. There is a greater chance of getting caught as there will be physical evidence in the traditional polling.
On the other end, internet is harder to control and manage the security as Network and internet related attacks are more difficult to trace. In the traditional polling, you know who is in the election room. Also with the internet or network related voting, from all around the world you will have attackers, not only by the few people in the room [3]. Figure 1 shows the hierarchy of the voting schemes just discussed [17].
Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which each user will have a key that didn’t have to be kept secret. Having this public key will not inhibit the system’s secrecy as a message encrypted with the public key can be decrypted only with the corresponding private key. The private key is kept secret, while the public key may be widely distributed. The public and private keys are related mathematically. The private key cannot be practically derived from the public key [4]. The two main branches of public key cryptography are:
Public key encryption — a message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key. This is used to ensure confidentiality [4].
The problem with the public key encryption is the intruder can easily replace the private key with his when the sender requests the public key. This means the newly received public key will have the intruder’s private key and he can easily decrypt the message. To avoid this issue digital signature can be used.
Digital Signatures — a message signed with a sender's private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender signed it and that the message has not been tampered with. This is used to ensure authenticity [4].
On the other end, internet is harder to control and manage the security as Network and internet related attacks are more difficult to trace. In the traditional polling, you know who is in the election room. Also with the internet or network related voting, from all around the world you will have attackers, not only by the few people in the room [3]. Figure 1 shows the hierarchy of the voting schemes just discussed [17].
Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which each user will have a key that didn’t have to be kept secret. Having this public key will not inhibit the system’s secrecy as a message encrypted with the public key can be decrypted only with the corresponding private key. The private key is kept secret, while the public key may be widely distributed. The public and private keys are related mathematically. The private key cannot be practically derived from the public key [4]. The two main branches of public key cryptography are:
Public key encryption — a message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key. This is used to ensure confidentiality [4].
The problem with the public key encryption is the intruder can easily replace the private key with his when the sender requests the public key. This means the newly received public key will have the intruder’s private key and he can easily decrypt the message. To avoid this issue digital signature can be used.
Digital Signatures — a message signed with a sender's private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender signed it and that the message has not been tampered with. This is used to ensure authenticity [4].