A. Technical Field
The present invention generally relates to computer security and, more particularly, for methods of implementing secure elections using networked computers.
B. Detailed Background
Computers can be used in a variety of different ways to conduct an election. For example, computers can be used to read punch cards or other paper-based ballots, and computers can also be used directly at a polling site where voters cast their vote using a computer. Computers placed at a polling site can store the votes locally, or they can transmit votes electronically across a network to a computer at another location, where the votes can be subsequently stored and counted.
Using computers to conduct an election introduces a number of efficiencies into the process. For example, computers can be easier for disabled persons to use than traditional polling booths. Electronic ballots can be more accurate than paper ballots because computers can record votes with near-perfect accuracy, rather than having human beings trying to discern voter intent from a punchcard. Further, votes can be tabulated much more quickly by a computer than by human beings or mechanical devices.
On the other hand, computers are susceptible to certain vulnerabilities that cause some apprehension about their use in a process as critical as an election. For example, doubts can arise about the integrity of votes cast at a computer. Mechanisms must be in place to ensure that a vote counted in an election was indeed actually cast by a voter and not manipulated by an attacker. Even assuming no one intentionally interferes with the integrity of an election, voters may have doubts that their electronic votes were accurately recorded. These voters may fear that their votes were inadvertently counted for the wrong election choice.
Using networked, rather than stand-alone, computers to conduct an election can introduce even further efficiencies into the election process. By centralizing certain processing at a server and using distributed voting terminals to communicate votes to the central server over a network, it is possible to reduce the potential for fraud. For example, by using one central server to store votes in a physically secure environment, the server may be more trustworthy than a number of dispersed voting terminals that have been handled by a number of different individuals.
However, transmitting data across any network generally leads to some security concerns. In the case of an election, a computer masquerading as a legitimate voting terminal could be used to cast any number of fraudulent votes. Further, a computer with access to the network could conduct a “snooping” attack and monitor a voter's choices in a given election. An attacker could also conduct a “spoofing” attack by presenting a web page on a voting terminal that makes the attacker's computer appear to be a central voting server.
Given the privacy concerns and potential for fraud discussed above, it is desirable to provide a comprehensive system for implementing secure elections using computers. It is further desirable to allow voters in an online election using a central server to accurately identify communications from the server as coming from the server and not a spoofing attacker. It is further desirable to allow voters to transmit network traffic that identifies the voters' choices to the server, while preventing an attacker on the network from being able to discern the choices.