Abstract

Electronic voting holds the potential to increase voter participation and streamline election processes, but its broad use is limited by many challenges, e.g., ensuring system security and usability. One of the most difficult threats to counter is coercion; i.e., the ability to monitor and force voters' actions. This paper proposes a methodology to assess an e-voting system's resistance to coercion by gathering the security properties that an e-voting solution should offer from both academia and regulation, and adapting the Microsoft STRIDE and LINDDUN threats and the OWASP Risk Rating Technologies to the e-voting scenario.

Complementary Material

Download

Threat analysis table available here.
Slides.

Contributions

We propose a novel methodology for performing a threat analysis on e-voting systems. Our research includes the following contributions:

A mapping of the properties and principles identified by the Council of Europe to verifiable voting system properties from academic literature.
- A description of the properties that a secure e-voting system should satisfy is available here.
The adaptation of STRIDE methodology and LINDDUN framework to the e-voting scenario.
- A detailed Description of STRIDE and LINDDUN for E-Voting is available here.
The identification of the most relevant attackers for an e-voting system, with particular focus on the attacker that we call coercer.
- The list of attackers is available in the summary table of the Threat analysis here.
The tailoring of the likelihood factors of the OWASP Risk Rating method- ology to the e-voting scenario, together with new impact factors based on a new methodology to compute the risk.
- E-Voting adaptation of the Likelihood scale from the OWASP Risk Methodology available here.

Riccardo Longo

Majid Mollaeefar

Umberto Morelli

Chiara Spadafora

Alessandro Tomasi

Silvio Ranise

Abstract

Complementary Material

Download

Contributions

Involved People