Secure and Practical Online Elections via Voting Service Provider

Our paper deals with the question how remote e-voting can be put into practice in a secure and at the same time feasible way. We show that outsourcing the technical implementation of electronic elections to a Voting Service Provider (VSP) is one solution to this problem. Our concept can help election hosts to easily conduct electronic elections without having to take care of the necessary security precautions. Thus the election hosts can profit from the advantages of electronic elections with little effort. Thereby our concept may improve the cost-benefit balance of e-voting. Current remote e-voting schemes aim at a number of security objectives, e.g. anonymity, democracy or accuracy. However, this is not enough for providing secure online elections in practice. Beyond a secure e-voting protocol, there are many organizational and technical security requirements that have to be satisfied by the operational environment in which the scheme is implemented. For example, secure storage of key material, a Public Key Infrastructure or the secure delivery of voting equipment are often required but cannot be provided by the protocols themselves. We have investigated four state-of-the-art e-voting protocols in order to identify the organizational and technical requirements which these protocols need to be met in order to work correctly. Satisfying these requirements is a costly task which reduces the potential advantages of e-voting considerably. We introduce the concept of a VSP which carries out electronic elections as a trusted third party and is responsible for satisfying the organizational and technical requirements. We show which measures the VSP takes to meet these requirements. To establish trust in the VSP we propose a Common Criteria evaluation and a legal framework. Following this approach, we show that the VSP enables secure, cost-effective, and thus feasible online elections.