University of Twente Student Theses


Dutch e-voting opportunities. Risk assessment framework based on attacker resources.

Verbij, Ruud Paul (2014) Dutch e-voting opportunities. Risk assessment framework based on attacker resources.

[img] PDF
Abstract:The state-of-art on e-voting research and publications does not fulfill the needs in feeding the current e-voting debates in the Netherlands. Whereas most of the scientific literature is focused on highly theoretical environments in which e-voting schemes operate, the majority of the more practical research does not provide for quantified and practical results in a realistic setting. This research, however, fills this gap by establishing a quantified framework for reviewing and objectively comparing e-voting schemes in practice. The proposed framework in this research first establishes an exhaustive list of all possible attacks on the e-voting scheme, beyond initial traditional research into the protocol, the cryptography and the implementation. Subsequently, the framework addresses each of these identified attacks in terms of effort for the attacker: how much time and money does an attacker need to pull off the attack? Thereafter the attacks are categorized according to the Dutch requirements for voting schemes, after which they can be compared to either a baseline proposed by politics or to other schemes. The final step of the framework helps in mitigating the attack vectors and assessing the impact of differences in implementation details of these schemes. As the framework is circular, all steps can be repeated to allow for a thorough analysis and mitigation of potential risks. This thesis also presents a limited case analysis on the Estonian evoting scheme in order to show how the framework can be used in practice. Results already show astonishing attacks, by means of which it would only cost $40,000 to get one seat in the Estonian parliament. Both the framework and the case analysis have been validated by three professionals in the discipline of IT Security; e-voting research; and the Dutch voting practice. While a few improvement points were identified, the framework is considered to be a strong method for realistic risk identification in e-voting schemes. Quantifying these risks in terms of effort for an attacker allows for effective risk management and strong mitigation strategies based on cost-benefit considerations. Especially the adaptive attacker model, the modular approach and the ability to test the effectiveness of implementation details are very well received. As a conclusion, this framework provides for an effective and structured additional research method when deciding to adopt e-voting for elections. Furthermore, this research fuels the current debate about e-voting in the Netherlands, thereby reaching the initial goal of this research.
Item Type:Essay (Master)
KPMG, Amstelveen, The Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science, 89 political science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page