Helios Voting

Helios Voting
Type of site
 Open-source voting system
Founder(s) Ben Adida
Website https://heliosvoting.org/
Written in JavaScript, HTML, python
server
Written in Python
License Apache License 2.0 [1]
client
Written in JavaScript
License GNU GPL 3+ [2]

Helios Voting is an online open-source voting system written by Ben Adida.[3][4] Its browser is written in both JavaScript and HTML language, while the server is written in python language.[5] The Ballot Preparation System (BPS) is used to guide voters through the ballot and record voters’ choices.[6][7] The process to create the ballot and process votes are based on Benaloh's Simple Verifiable Voting Protocol and Benaloh's challenge.[8][6]

This web-based platform is accessible to the general public. Users can vote in elections and have the ability to create an election poll. Anyone from the general public is able to cast a ballot; however, in order for the final vote to be accounted for, their identification must be verified. Helios uses ballot secrecy and homomorphic encryption to protect the identity of the voter.[9]

Creating an Election

A user must create a Helios account in order to create an election. Users create an account by registering with an email address, their name, and a password. Upon registration, a link is, then, sent to the registered email address allowing the user to finalize the activation of their account. The administrator, user who created the election, then, chooses the time period that the election is open and also have the ability to edit the entire content of the election.[6] Multiple candidates can be listed in the election.[10] Once the event is created, the Helios Voting platform provides a public key for the creator (administrator) of the election. The administrator can now edit and create their ballot in any way they want at any given time. They also have the ability to control who is able to vote in the election by adding and removing voters at their own preference.[6]

Voting Process

A voter creates a Helios Voting account using their name, email address, and a random password generated by the platform itself. The voter selects an election to vote in and begins the voting process. The voter, then, submits their ballot, and the BPS in Helios Voting encrypts the voter’s choices’ as a ciphertext.[6]

Voters have the option to either audit (review the process utilized in the encryption) or seal (encrypt) their votes in the ballot. The voter, who chooses to audit, have the opportunity to review the displayed ciphertext to verify that the Helios Voting platform correctly saved their votess. Upon review of their ballot, they are able to submit their current choices or seal their ballots using a different ciphertext. The voter, who chooses to seal their ballot, automatically publishes their ciphertext onto the platform without reviewing their votes.[6][11]

The voter's identity is authenticated and, their vote is, then, accounted for. All votes are posted to the online bulletin board displayed with either a voter name or a voter ID number. The bulletin board is accessible for the general public to view.[6]

After an election ends, the system shuffles the ballots and encrypts all the votes making them publicly accessible for voters to audit.[12] Auditing allows voters to ensure their exact vote was posted successful on the bulletin board. After a certain time period allocated for auditing comes to an end, the system tallies all the ballots. An auditor can, then further, download the entire election to verify its authenticity. The votes are verified when there are enough auditors to ensure that the votes are tallied correctly.[6]

Helios Users

The platform is intended to be utilized at low-coercive, small scale environments such as university student governments.

The platform was utilized for student governments at Princeton University and Universite Catholique de Louvain.[13] The Universite catholique de Louvain with 25,000 eligible voters used Helios’ voting system in March 2009 to elect its university president.[14] Helios has been utilized to elect new board directors at the International Association for Cryptographic Research in 2010, 2011, and 2012.[10]

Security Weakness

The creator first prioritizes the integrity of the election ensuring the accuracy of ballots, and then, voter privacy. Research has identified loopholes in its security because replaying a users’ selection of candidates will reveal their vote.[9] Through studies, researchers have discovered vulnerability of Helios to cyberattacks. The cyberattack discovered as an attack against privacy in the case that the attacker can resubmit a voter’s vote without being noticed.[10]

Researchers have identified a major security breach called a cross-site scripting attack, and alerted Helios to fix problem. The cross-site script attacks works when the voter unknowingly clicks a specific link created by the attacker leading to the Helios sever, allowing the attacker to steal the voter’s information.[5]

A corrupt router will cause the voting system to display a success message to the voter. The vote is not accounted for on the server’s end because it was interrupted.[15]

A hacked election administrator account allows attacker(s) full control to the election.[15]

Security Defenses

Helios's server records all of the votes once it is submitted to the platform and leaves a trace of verified votes even in the event of a security breach making the system corrupt.[9] The integrity of the ballots are ensured by many trustees and the Helios server itself. Auditors verify votes in the event of a breach. In the event that the Helios ballot becomes corrupt by displaying choices that in reality accounts for other candidates, the Ballot Encyrption Verification program is able to counter the attack. The Ballot Encryption Verification program is audited by auditors before voting is enabled on the server.[6]

References

  1. https://github.com/benadida/helios-server/blob/master/LICENSE
  2. https://github.com/benadida/helios-booth
  3. Kwon, Soonhak; Yun, Aaram (2016-03-09). Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. Springer. pp. 195, 199. ISBN 9783319308401.
  4. Hao, Feng; Ryan, Peter Y. A. (2016-11-30). Real-World Electronic Voting: Design, Analysis and Deployment. CRC Press. p. 355. ISBN 9781498714716.
  5. 1 2 Backes, Michael; Hammer, Christian; Pfaff, David; Skoruppa, Malte. "Implementation-level analysis of the JavaScript helios voting client". Retrieved 2018-03-15.
  6. 1 2 3 4 5 6 7 8 9 Adida, Ben. "Helios: Web-based Open-Audit Voting" (PDF). Retrieved 2018-03-15.
  7. Thomson, Iain (June 16, 2017). "Worried about election hacking? There's a technology fix – Helios". The Register. Retrieved 2018-04-25.
  8. Karayumak, Faith; Kauer, Michaela; Olembo, Maina M.; Volk, Tobias; Volkamer, Melanie. "User study of the improved Helios voting system interfaces". Retrieved 2018-03-15.
  9. 1 2 3 Cortier, Veronique; Smyth, Ben. "Attacking and fixing Helios: An analysis of ballot secrecy". Retrieved 2018-03-15.
  10. 1 2 3 Cortier, Veronique; Galindo, David; Glondu, Stephane; Izabachene, Malika. "Distributed ElGamal a la Pedersen – Application to Helios". Retrieved 2018-03-15.
  11. Greenberg, Andy. "For the Next Election, Don't Recount the Vote. Encrypt It". WIRED. Retrieved 2018-04-25.
  12. Kwon, Soonhak; Yun, Aaram (2016-03-09). Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. Springer. pp. 195, 199. ISBN 9783319308401.
  13. Karayumak, Faith; Olembo, Maina M.; Kauer, Michaela; Volkamer, Melanie. "Usability Analysis of Helios – An Open Source Verifiable Remote Electronic Voting System" (PDF). Retrieved 2018-03-15.
  14. Adida, Ben; Marneffe, Olivier de; Pereira, Olivier; Quisquater, Jean-Jacques. "Electing a University President using Open-Audit Voting:Analysis of real-world use of Helios" (PDF). Retrieved 2018-03-15.
  15. 1 2 Orion. "Security Review: Helios Online Voting". Retrieved 2018-04-25.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.