Author: Joakim Gustavsson
The aim of this essay is to provide a complete system for conducting elections over the internet. The classical urn-based election model is examined and a set of scurity parameters identified that need to be replicated in the net-based election scheme in order to provide the same degree of security and anonymity as the classical model. Two main focus points are brought up: that of being able to securely verify one's identity over the internet, a core issue for conducting a fair election, and that of retaining voter anonymity within the system, in order to guarantee that no one will be able to associate a particular vote with a particular voter. These seemingly conflicting requirements are examined, and a solution is proposed based around a so called Mixnet as suggested by Park, Itoh and Kurosawa. In order for voter identity to be verified a template for a national infrastructure for public key cryptography is suggested based on work by Wang and Liu. Mixnet is integrated together with a cluster of vote storage servers and a voting application installed locally on the computers of every voter in order to create a complete system for net-based voting. The system is focused around heavy redundancy in order to be able to resist attempts against internal tampering. The final system is analyzed for security and ease-of-use against the only internet-based voting system currently being used internationally, namely the Estonian e-voting system, as presented in a master's thesis by Mägi. The proposed system is deemed to be more secure against internal tampering than the Estonian system, but also deemed significantly more complex and harder to implement.