e-cognocracy and its voting process
TRANSCRIPT
Available online at www.sciencedirect.com
ces 30 (2008) 124–131www.elsevier.com/locate/csi
Computer Standards & Interfa
E-cognocracy and its voting process
José Luis Salazar a,⁎, Joan Josep Piles a, José Ruíz a, José María Moreno-Jiménez b
a Grupo de Tecnología de las Comunicaciones, Universidad de Zaragoza, María de Luna, 1, 50018, Zaragoza, Spainb Grupo Decisión Multicriterio Zaragoza, Universidad de Zaragoza, Doctor Cerrada, 1-3, 50005, Zaragoza, Spain
Received 16 June 2006; received in revised form 17 May 2007; accepted 10 August 2007Available online 31 August 2007
Abstract
e-Cognocracy [J.M. Moreno-Jiménez, J.M. Polasek, e-Democracy and knowledge: a multicriteria framework for the new democratic era,Journal of Multicriteria Decision Analysis 12 (2003) 163–176 [15]; J.M. Moreno-Jiménez, J.M. Polasek, e-Cognocracy and the participation ofimmigrants in e-governance, TED Conference on e-government 2005. Electronic democracy: The challenge ahead, Schriftenreihe Informatik, vol.13, University Rudolf Trauner-Verlag, 2005, pp 18–26 [16]; G.E. Kersten, e-Democracy and participatory decision processes: lessons from e-negotiation experiments, Journal Multi-criteria Decision Analysis 12 (2003) 127–143 [13]] is a new democratic system that focuses on thecreation and social diffusion of the knowledge gained from the scientific resolution of highly complex problems associated with public decisionmaking. In this scenario, e-voting is not limited to the choice of a given political party, but to the extraction of the relevant knowledge.
Even though e-voting systems have been widely studied, some situations are still not covered by the conventional literature, and this makes itnecessary to consider certain variations to the main schema. In this paper, we will present one such lacuna (associated with e-cognocracy), and willexamine the changes required in conventional e-voting processes and their implications.© 2007 Elsevier B.V. All rights reserved.
Keywords: E-cognocracy; Voting; E-voting
1. Introduction
Citizens' involvement in their own government, or the lack of it,is the issue that has historically led to political change. Meanwhile,the consensus has generally been that it is desirable to achieve asmuch involvement as possible, which should be restricted only bywhat is practical for the smooth operation of the institutions.
This has usually been limited by citizens' access to the relevantinformation, which is bounded by the general level of educationand public knowledge of the facts. With the advent of computersin recent years, however, the information flowbetween people hasbeen steadily increasing. The Internet is responsible for a greatdeal of this new communication, and is now widely used by thevery citizens who will elect their leaders.
It is only natural, then, that technology has evolved toassimilate this new method of exchanging information into theclassical structure. Thus, electronic voting, or e-voting, was born.However, there have been no shifts in the paradigmof the decisionmaking process, although various proposals have been made.
⁎ Corresponding author.E-mail addresses: [email protected] (J.L. Salazar), [email protected] (J.J. Piles),
[email protected] (J. Ruíz), [email protected] (J.M. Moreno-Jiménez).
0920-5489/$ - see front matter © 2007 Elsevier B.V. All rights reserved.doi:10.1016/j.csi.2007.08.017
One of the main obstacles is the lack of technological meansto allow implementation. We present here one tool that couldhelp make a reality out of the novel ideas of e-cognocracy.
E-cognocracy focuses on the extraction of relevant knowl-edge, including the analysis of the individual and social learningderived from the scientific resolution of problems. This neworientation requires new technological features [14,19].
In Section 2 we will present some background material aboute-voting from two standpoints: e-cognocracy and security.Section 3 provides a description of our proposed voting system,as well as a proof that it satisfies the requirements for use in e-cognocracy. In Section 4 we offer details of the actualimplementation and deployment of the system. Finally, inSection 5 we provide the final considerations and outline futureresearch related with this project.
2. Related work
2.1. E-voting requirements for e-cognocracy
While Western societies have mainly opted for democracy intheir governance systems, there has been increasing discussionin recent years of a certain “democratic fallacy”, because
125J.L. Salazar et al. / Computer Standards & Interfaces 30 (2008) 124–131
representation no longer meets its initial end, which is of coursethe participation of the citizens in their own government. As aconsequence, many voices have been raised to demand greaterinvolvement in government [21]. One of the proposals made toimprove participation is e-cognocracy [15–17]. This is a newdemocratic system employed to create a new, more open,transparent, civilized and free society that is at the same timemore cohesive and connected, and more participative, equal andcaring.
E-cognocracy not only provides room for citizens to becomemore involved in government and resolves some of thelimitations of traditional democracy, but it also focuses on theprocess by which knowledge related with the scientific solutionof problems is created and socialised. To this end, it usesmulticriteria decision-making techniques as a methodologicaltool, turning the democratic system into a catalyst for thelearning that guides the cognitive process distinctive of livingbeings and employing the Internet as a communication support.
Among the many tools needed to fully develop e-cognocracy,we will focus on e-voting, as this is the first step needed to gatherthe information supplied by the citizens. Most known e-votingprocesses are limited to the technological aspects associated withthe choice of a given party. However, e-cognocracy focuses onthe extraction of relevant knowledge, including the analysis ofthe individual and social learning derived from the scientificresolution of the problem. This new orientation requires newtechnological features [14,19]. From the point of view of thevoting process, the key element introduced by e-cognocracy isthat votes are, or can be, linked. In a conventional voting system,whenever the citizenry is asked to take part in a decision-makingprocess, a voting process begins.
This process starts with an information gathering phase, inwhich each citizen is given the maximum possible informationfrom each of the interested parties (typically, political parties).This usually lasts for several weeks, in order to allow everycitizen obtain as much information as possible.
However, there is very little feedback (if any) from thecitizens who will participate in the ballot during this period.Some polls are indeed designed to provide an idea of currenttrend, but they affect a very small percentage of the electorate.This, in turn, leads to a loss of interest, as the only reallyimportant moment is the vote itself.
In order to establish the knowledge-seeking process, wedivide each ballot into several rounds. Each voter can cast a votein as many rounds as the voting process allows, but only onceeach round. After each round partial results are published, andmore information is provided to the citizens.
Only the last vote cast by the citizen is taken into account todetermine the final result of the ballot. However, the wholehistory of the various ballots is preserved. This is associatedwith the vote but not the voter in order to provide someinformation about the trail followed by each voter until s/hearrived at a final decision.
Individual trails are never published, as this could compro-mise the voter secrecy. For instance, one could be paid to votefirst A, then B, then C and finally D. As the number of roundsincreases, the number of possible combinations grows large
enough to provide relative certainty that only one personfollowed one given track. However, those trails reveal valuableinformation, which can help identify the reasons for changes inopinion (e.g. not only that people switched from A to B, but alsothat most people switched after a certain event).
2.2. E-voting security requirements
There are three paradigms for cryptographically secure ballots:
• Blind signatures [4]: The voters obtain certified, privacy-preserved ballots from the authorities. This paradigmrequires an anonymous channel between the voter and thetallying authorities to hide the user's identity when the ballotis held.
• Homomorphic encryption [6]: The ballots are encrypted andclassified. Schemes of this kind enable a fast tallyingprocess.
• Mix-net [3]: A recount authority moves and permutes theballots, while changing their representation.
One of the requirements for e-cognocracy is individualverifiability. A voting scheme has this property if voters canindependently verify that their own ballots have been countedcorrectly. If inaccuracies have found their way into the tally, itmust be possible to detect them and prove vote rigging.
However, the main property of our voting scenario is link-ability. This quality has been used in other e-voting schemes todetect double-voting. These schemes use group/ring signatures[5,20], while most existing schemes use signature sizes linearwith the signing group size, which makes them impractical forlarge-scale voting. The exception is [9], where a short linkablesignatures scheme is proposed with constant signature size.However, all of these schemes have a major drawback for ourrequirements: voters must know all of the eligible voters’ publickeys. It is more convenient for the voter to be able to vote onlywith his own credentials, without any further knowledge aboutthe rest of the eligible voters.
For these reasons, we have constructed an e-voting schemebased on [18] adding the linkability requirement.
2.3. Relevance to computer standards and interfaces
This paper examines the role of e-voting in the e-cognocracyprocess and investigates security standards with a view toexpanding its scope. Moreover, we describe the securityrequirements needed for e-cognocracy to be a secure and trustedprocess in terms of standard secure protocols. The workpresented is relevant to the general area of computer standardsand interfaces related to secure communications involved in ane-voting process.
On one hand, the paper discusses and makes use of blind signalgorithms [4] with RSA working with TLS [8], which aresupported with X.509 certificates [1] managed by Public KeyInfrastructure (PKI) standards, such as PKCS11 [22], PKCS12[23] and PKCS15 [24]. This allow us to use either software orhardware tokens to store the keys and certificates. We then
126 J.L. Salazar et al. / Computer Standards & Interfaces 30 (2008) 124–131
introduce the linkability requirement by means of vote tags [25].Moreover, implementation also depends heavily on the use ofstandards. For instance, the whole project is based on javatechnologies [10] allowing better integration of all parts of theproject. Finally, we use standarized cryptographic extensions[11,12].
On the other hand, the paper also describes our systemimplementation work. Since e-voting can be used in severalscenarios with different resources, typologies, cases, counting,etc., it is very difficult to create a standard. However, as thistechnology is not yet widely used, it is still possible to develop astandard to allow interoperability between different vendorsand solutions. This is also true in the special case of e-cognocracy, which depends on the public scenario resources.Our implementation work and specifications are detailed inSection 4.
In any case, the standards used are instrumental and areversatile enough to fit into the e-cognocracy scenario. Hence webelieve this model of standard adaptability will be of greatinterest for the readers.
3. Our e-voting system
Fig. 1 presents our e-voting system. The system consists ofthe definition of the actors' role, work stages (initialization,voting process, and recount) and the implementation of theclaiming time.
3.1. Characteristics of our e-voting system
Our e-voting system is born as a tool for e-cognocracy, and ithas the following properties, some of them shared with classice-voting systems [2,7]:
Fig. 1. System scheme: Ri, registration process; Vi, voting proc
3.1.1. Precision
• It shall not be possible for an unauthorized person to modifyany votes (that is, each voter can cast only his/her own vote).
• It shall not be possible to remove a valid vote from the finalcount.
• It shall not be possible to include an invalid vote in the finalcount.
3.1.2. Democracy
• Only registered voters shall be able to vote.• Each voter shall be able to vote only once in each round.
3.1.3. Privacy
• A voter shall not be linked to his/her vote.• A voter shall not be able to prove his/her vote.• Individual verifiability shall be assured.• Voters shall be able to verify that their vote has beencorrectly accounted.
3.1.4. Linkability
• Two votes from the same voter in different rounds of the votingshall be linked together, but not to the voter who cast them.
3.2. Actors in the voting process
3.2.1. Voter (V)Each voter must express his/her preferences in a multiple-
choice question format, ranking them numerically. The censusshall be constant for each round of the voting.
ess; V(R)I, re-run of voting process; Ci, counting process.
127J.L. Salazar et al. / Computer Standards & Interfaces 30 (2008) 124–131
3.2.2. Certification Authority (CA)The Certification Authority shall issue the public/private
keys and certificates for each actor involved in the process, andshall serve as Trusted Third Party with regard to the validationof certificates.
3.2.3. Database server for the Electoral AuthorityThe data shall be kept in a database at a secure location
without public access.
3.2.4. Recount server (R)The Recount server is the only entity allowed to decrypt the
votes. The Electoral Authority shall provide sufficient infor-mation to link votes from the same voter, but not to trace them tothe person who actually cast them.
3.2.5. Electoral Authority server (EA)The Electoral Authority shall keep track of the census,
validate the users in the voting process, and sign their votes asproof of voting. It shall also keep sufficient data about the votesto know the hash of the last vote from a voter (in order to linkthem for the Recount server) but without actually being able todecrypt them.
In this schema it is assumed that both the Electoral Authorityand the Recount server do not work together to break the systemand are trusted by each other, and by the users. However, this isa reasonable assumption for most cases.
3.3. Initialization
The first part of the voting process is the initialization of theactors involved. In order to maintain security, both the recountserver and the electoral authority shall receive a new key pair
Fig. 2. Voting process i
and certificate for each ballot. If desired, the keys for the voterscan also be reset, although this is not necessary.
3.3.1. CA InitializationThe CA shall initialize only once before the start of any
voting process. It shall do so using self-signing a certificate foritself and distributing it to the parties involved, so that suc-cessive certificates may be trusted by reference.
3.3.2. R's private key initializationThe Recount server must decrypt all the votes cast with its
private key. To avoid possible power abuses from a single owner ofthis key, it can be split into shares, so that a single person cannotgain access to the voting data without coordination and acceptance.
3.3.3. EA's private key initializationThe Electoral Authority shall receive a certificate and a key
pair allowing it to issue the blind signatures for each vote, whichshall be kept by each voter as a proof of voting. It shall generatea census with the public keys of the persons allowed to vote.
3.3.4. Voters' registryThe Certificate Authority shall issue a new certificate and
key pair to each voter who does not yet have one to includethem in the census.
3.4. Voting
Our proposed voting scheme initially defines some crypto-graphic primitives. The following stages then take place: the firstand subsequent voting rounds, vote-tallying and the claimingtime. The voting process for a general round is shown is shown inFig. 2.
n a general round.
128 J.L. Salazar et al. / Computer Standards & Interfaces 30 (2008) 124–131
3.4.1. Cryptographic primitivesThe following cryptographic primitives are used:
• H{·}: Hash Function• M1|M2: Concatenation of M1 and M2
• [M]BF: Blinded message of M with the blind factor BF. Wecan use the RSA blinded signature [4], explained below.
• Sx(·): Signature function from x• Ex(·): Public encrypting function for x
The RSA blinded signature consists of an RSA cryptosystemwith the (e, n)/d public/private key pair. Alice can ask Bob tosign message M, without Bob knowing that value. Then:
• Alice picks a random integer k, such that GCD (k, n)=1.• Alice computes M⁎=Mke (mod n) and sends it to Bob.• Bob signs M⁎, s⁎=(M⁎)d=Md(ke)d=Mdk (mod n) andsends it to Alice.
• Alice computes s= s⁎k−1 =Md (mod n) and verifies thesignature, checking se=M.
3.4.2. First voteVoter V, with his identifier IDV, and the Electoral Authority
(EA) identify each other, with their own certificates. Voter Vcasts his vote and attaches a field (lapso(1)) with a timestampfunction. This field will be used to know the round when thefirst vote M(1) was cast. Moreover, EA checks whether V hasvoted or not in that round.
If not, then V sends q pairs of messages to EA:
fSV H IDVjrand1ið Þ; lapso 1ð Þð Þ;SV H M 1ð Þjrand2ið Þ; lapso 1ð Þ½ �BFiÞg
i¼1; N ;q
�EA answers back the value j∈{1,…, q}, and V sends all of
the values BFi and rand1i such that i≠ j. EA then checkswhether the field lapso(1) is the same in all the messages. If theyare, EA informs V, and V sends:
ER M 1ð Þ; rand2j 1ð Þ;BFj 1ð Þ� �
:
Meanwhile, EA stores this value (related to the identity of V):
SAE H M 1ð Þjrand2j 1ð Þ� �
; lapso 1ð Þ� �BFj 1ð Þ� �
SAE H IDVjrand1j 1ð Þ� �
; lapso 1ð Þ� �And sends to R (via a secured channel):
ER M 1ð Þ; rand2j 1ð Þ;BFj 1ð Þ� �
;
SAE H M 1ð Þjrand2j 1ð Þ� �
; lapso 1ð Þ� �BFj 1ð Þh i
;
SAE H IDVjrand1j 1ð Þ� �
; lapso 1ð Þ� �8><>:
9>=>;
defining the “future linking value” of the vote as ER(M(1),rand2j(1), BFj(1)).
3.5. Rest of the rounds
When V wants to change his vote in round n, he builds a newvote M(n) and sends the following to EA:
fSV H IDVjrand1ið Þ; lapso nð Þð Þ;SV H M nð Þjrand2ið Þ; lapso nð Þ½ �BFi
� �gi¼1; N ;q
After checking that V has not voted in this round, EAanswers back with the value j∈{1,…, q}, and V sends all of thevalues BFi and rand1i such that i≠ j. With this information, EAchecks whether the field lapso(n) is the same in all of themessages. If they are, EA informs V, and V sends: ER(M(n),rand2j(n), BFj(n)).
EA receives the encrypted vote related to V's identity, andsends the following to R (via a secure channel):
ER M nð Þ; rand2j nð Þ;BFj nð Þ� �
;
SAE H M nð Þjrand2j nð Þ� �
; lapso nð Þ� �BFj nð Þh i
;
ER M n� 1ð Þ; rand2j n�1ð Þ;BFj n�1ð Þ� �
;
SAE H M n� 1ð Þjrand2j n�1ð Þ� �
; lapso n� 1ð Þ� �BFj n�1ð Þh i
SAE H IDVjrand1j nð Þ� �
; lapso nð Þ� �
8>>>>>>><>>>>>>>:
9>>>>>>>=>>>>>>>;
and stores the new information related to V:
ER M nð Þ; rand2j nð Þ;BFj nð Þ� �
;
SAE H M nð Þjrand2j nð Þ� �
; lapso nð Þ� �BFj nð Þ� �
;
SAE H IDVjrand1j nð Þ� �
; lapso nð Þ� �In this case, the “future linking value” becomes ER(M(n),
rand2j(n), BFj(n)), and we define the “past linking value” to beER(M(n−1), rand2j(n− 1), BFj(n− 1)).
When R receives the vote, it links it to the set of linked voteswhich have a “future linking value” equal to the “past linkingvalue” of the vote. The “future linking value” of the vote becomesthe “future linking value” of the set of the linked votes.
3.5.1. Vote-tallyingAt this point, all of the votes are split into different sets of
linked votes. Each set contains the votes of the same voter: onefirst vote and the rest.
The first vote is:
ER M 1ð Þ; rand2j 1ð Þ;BFj 1ð Þ� �
;
SAE H M 1ð Þjrand2j 1ð Þ� �
; lapso 1ð Þ� �BFj 1ð Þh i
;
SAE H IDVjrand1j 1ð Þ� �
; lapso 1ð Þ� �8><>:
9>=>;
R then decrypts the vote and obtains (M(1), rand2j(1), BFj(1)).Using BFj(1) it obtains the Electoral Authority signature SAE[(H(M(1)|rand2j(1)), lapso(1))] and checks the validity of the vote. If itis valid, it checks SAE(H(IDV|rand1j(1)), lapso(1)) and if this is
129J.L. Salazar et al. / Computer Standards & Interfaces 30 (2008) 124–131
valid too, it then certifies the valid vote with SR(H(IDV|rand1j(1)),lapso(1)).
The nth vote is :
ER M nð Þ; rand2j nð Þ;BFj nð Þ� �
;
SAE H M nð Þjrand2j nð Þ� �
; lapso nð Þ� �BFj nð Þh i
;
ER M n� 1ð Þ; rand2j n�1ð Þ;BFj n�1ð Þ� �
;
SAE H M n� 1ð Þjrand2j n�1ð Þ� �
; lapso n� 1ð Þ� �BFj n�1ð Þh i
SAE H IDVjrand1j nð Þ� �
; lapso nð Þ� �
8>>>>>>><>>>>>>>:
9>>>>>>>=>>>>>>>;
The valuesER M n� 1ð Þ; rand2j n�1ð Þ;BFj n�1ð Þ
� �;
SAE H M n� 1ð Þjrand2j n�1ð Þ� �
; lapso n� 1ð Þ� �BFj n�1ð Þh i( )
have
been used for linking immediately after checking against theprevious linked vote.We can then dispense with them. R decrypts{ER(M(n), rand2j(n), BFj(n))} and obtains (M(n), rand2j(n), BFj(n)).Using BFj(n) it obtains the Electoral Authority signature SAE[(H(M(n)|rand2j(n)), lapso(n))], and checks the validity of the vote. Ifit is valid, it checks SAE(H(IDV|rand1j(n)), lapso(n)) and if this isvalid too, it then certifies the valid vote with SR(H(IDV|rand1j(n)),lapso(n)).
3.5.2. ClaimingEA gives each voter his/her respective signed ticket (SAE(H
(IDV|rand1j(n)), lapso(n))). After the partial tallying, R shows alist with the values SR((H(IDV|rand1j(n)), lapso(n))), represent-ing the valid votes counted in that round. If a voter realizes thathis signed ticket is not in that list (that is signed by R), he canmake a claim with his signed ticket.
3.6. Proof of fitness for e-cognocracy
If it is to be used in the framework of e-cognocracy, ourvoting system must satisfy all of the conditions establishedabove.
3.6.1. Precision
• As each voter authenticates him/herself to EA, this implieshe/she must have knowledge of the private key, which willbe impossible to fake provided we use an adequate keylength.
• As each voter receives a signature for the ticket sent EA, anda list of those tickets is published prior to the recount, even ifR is compromised, the votes cannot be erased from theballot, as such an action would be challenged by the votersusing their tickets, which can be shown to exist in EA.
• Each vote is stored with a signature from EA. A vote cannotbe inserted even if R is compromised because it would benecessary to get a valid signature, and this is not possiblewithout the EA private key.
3.6.2. Democracy
• As the votes are not sent directly to R by the users, it is EA'sjob to ensure that the voter is properly included in the census.
• Likewise, EA will store the identity of the voters who havealready voted in each round to avoid duplicates.
3.6.3. Privacy
• All of the information provided to R consists of a cipheredvote, its blind signature, and a signed ticket. None of theseitems includes anything that could allow the individual whocast the vote to be traced.
• The only item a voter receives is his/her signed ticket. Theticket is generated randomly and has no relationshipwhatsoever with the actual content of the vote.
3.6.4. VerifiabilityEach time a vote is received, EA sends a signed ticket back to
the voter. Later, when the recount starts, the list of the ticketsfrom the votes cast is published. If a voter has a ticket that is notincluded in the list, s/he can use it to challenge EA and seewhether it has a copy. If EA has a copy, then the vote must becast again.
3.6.5. LinkabilityTogether with each vote, EA sends R the blind signature of
the last vote cast by the same person. At the time of the recount,R searches for the blind signature that matches the one includedwith the vote, and in this way it can reconstruct all the links,allowing it to trace a voter's voting history without actuallyrevealing his/her identity.
4. Implementation details
JAVA technologies were chosen to implement the e-votingprotocol both on the client side and on the server side. This hasseveral advantages:
• Better communication between the components involved.• More code reusability, as we can develop a series ofcryptographic libraries which will be used both by the clientand by the server software.
• Easy integration with browsers.
In order to minimize the number of configurations in whichthe client has to run, we decided to choose a standard webbrowser. In this case, we selected Mozilla Firefox as thebenchmark browser, because it has the advantage of being opensource, raising the feeling of transparency in the process.
The browser has been completed with some libraries (JSS)needed to access the client certificates stored in it from withinthe JAVA applet that is the client software. If those libraries arenot available, the user should manually add the client certificateand the CA to the JAVA application.
The application server used will depend on the availableinfrastructure at the moment of deployment. In our tests, weused Tomcat as the application server. It too is open source, andits capacity for this kind of systems is well proven.
It was decided to use MySQL as a backend to store the datarelated to the ballots (both the actual votes – ciphered and clear-text after the recount – and voting information — questionposed on the ballot, number of rounds, period of time for eachround, etc.).
130 J.L. Salazar et al. / Computer Standards & Interfaces 30 (2008) 124–131
As there are two different servers (Electoral Authority serverand Recount server), there could be two web and applicationservers, working with two different database servers. Nonethe-less, it might be advisable in the actual deployment to putboth applications in the same application and/or web server.Likewise, it could be desirable to use two databases in a singledatabase server. This would not be a problem, but it should betaken into account that the whole voting and recounting systemwould be broken should the server machine be compromised.
All communications between the client and the server will beboth authenticated and encrypted. To achieve these goals, it willbe necessary to set up an infrastructure allowing SSL and clientside certificates.
4.1. Deployment details
Our group deployed a test voting system. Nonetheless, anyfuture deployments should take into account that the specificdetails will depend on the available resources. This will bemuch more important if, as usually happens, the servers areshared with other applications. The implications for the securityof the system need to be studied on a case by case basis.
Regarding the choice of software, we used Apache as the webserver and Tomcat 5 as application server, both of them runningin LINUX i386 machines. As this was a proof of concept, thesystem load was expected to be very low. This allowed us toconsolidate both services (the Certificate Authority server andthe Recount server) within the same Tomcat instance. Likewise,both databases were stored in a single MYSQL server which wasrun on the same machine with Apache and Tomcat.
There are several options available to link Apache andTomcat. The simplest way is to run two independent serverslistening in different ports (in fact, it would be possible to havethem running in different machines, should the need arise).Nevertheless, we chose to use a tighter integration between thetwo using the JK Connector. This technology allows queriesthat would normally be answered by the Apache server to beredirected to the Tomcat application server in a way that istransparent for the user.
However, this choice makes the Tomcat application serverunaware of the underlying SSL layer, because the web serverforwards the request to the application server, but not theenvironment and security layer data. Even though the votingsystem cannot obtain the client certificate from the SSL layer,our protocol allows for the certificate to be sent by the client ifthe server is not able to retrieve it directly.
In order to generate the certificates needed, we also set up aCertificate Authority using OpenSSL.
5. Conclusions
We have studied the novel challenges that e-cognocracyposes for traditional voting. We have built an e-voting systemthat provides the means to gather the information neededtowards a more participative democracy.
As we have seen, the key to get the linkability of the votes isthe separation between the Electoral Authority, which can link
the chain of votes to the user but cannot know the contents ofeach vote, and the Recount server, which can link the votesbetween themselves and decrypt them, but is isolated from theinformation about each voter.
This is not a concern as long as both of them are trustedentities who will not work together to cheat the system.
We have also built and tested such a voting system, showingthat it is feasible and that its ease of use would allow widespreaduse without the need for any special technical background.
Our future work includes developing other technologicaltools needed for e-cognocracy. As e-voting provides the rawdata, there is still the need for a set of tools capable of linking theinformation obtained to the actual social phenomena that helpsto form the results obtained in the ballot. These tools includeonline forums where people can exchange ideas in a controlledway, and the tools needed to extract the relevant or prevalentopinions and match them against shifts in voter opinion.
Acknowledgements
The work has been partially funded under Research Projects“E-participation, security and knowledge democratization” (Ref.PM034/2007) and “Internet-based Complex Decision Making.Decisional Tools for e-cognocracy” (Ref. TSI2005-02511).
References
[1] C. Adams, S. Farrell, T. Kause, T. Mononen, Internet X.509 Public KeyInfrastructure Certificate Management Protocol (CMP). RFC 4210, Septem-ber 2005 On line: http://www.ietf.org/rfc/rfc4210.txt (visited on 5/16/2007).
[2] J. Benaloh, D. Tuinstra, Receipt-free secret-ballot elections (extendedabstract), in STOC'94, Proceedings of the twenty-sixth annual ACMsymposium on Theory of computing, ACM Press, 1994, pp. 544–553.
[3] D. Chaum, Untraceable Electronic Mail, Return Addresses, and DigitalPseudonyms, Communications of the Association for ComputingMachinery 24 (2) (1981) 84–88.
[4] D. Chaum, Blind signatures for untraceable payments, Advances inCryptology–Crypto'82, Lecture Notes in Computer Science, PlenumPress, New York, 1983, pp. 199–203.
[5] D. Chaum, E. van Heyst, Group signatures, Advances in Cryptology —EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547,Springer, Berlin, 1991, pp. 257–265.
[6] J.D. Cohen, M.J. Fischer, A robust and verifiable cryptographically secureelection scheme, Proceedings of 26th IEEE Symposium on Foundations ofComputer Science, IEEE Computer Society, Portland, 1985, pp. 372–382.
[7] L.F. Cranor, R.K. Cytron, Design and implementation of a practicalsecurity-conscious electronic polling system. Technical Report WUCS—96–02, Washington University, 1996.
[8] T. Dierks, E. Rescorla, The Transport Layer Security (TLS) Protocol.Version 1.1. RFC 4346, April 2006 On line: http://www.ietf.org/rfc/rfc4346.txt (visited on 5/16/2007).
[9] Y. Dodis, A. Kiayis, A. Nicolosi, V. Shoup, Anonymous identificationin adhoc groups, EUROCRYPT’ 2004, Lecture Notes in Computer Science,vol. 3027, Springer-Verlag, 2004, pp. 609–626.
[10] J. Gosling, B. Joy, G. Steele, G. Bracha, Java(TM) LanguageSpecification, The (3rd Edition) (Java (Addison–Wesley)), Addison–Wesley Professional, 2005.
[11] Java Cryptography Extension (JCE) Reference Guide: On line http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html (visited on5/16/2007).
[12] Java TM Cryptography Architecture: API Specification & Reference: Online http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html(visited on 5/16/2007).
131J.L. Salazar et al. / Computer Standards & Interfaces 30 (2008) 124–131
[13] G.E. Kersten, e-Democracy and participatory decision processes: lessonsfrom e-negotiation experiments, Journal of Multi-Criteria DecisionAnalysis 12 (2003) 127–143.
[14] A. Lotov, Internet tools for supporting of lay stakeholders in the frameworkof the democratic paradigm of environmental decision making, Journal ofMulti-Criteria Decision Analysis 12 (2003) 145–162.
[15] J.M. Moreno-Jiménez, J.M. Polasek, e-Democracy and knowledge: amulticriteria framework for the new democratic era, Journal of Multi-Criteria Decision Analysis 12 (2003) 163–176.
[16] J.M. Moreno-Jiménez, J.M. Polasek, e-Cognocracy and the participationof immigrants in e-governance, TED Conference on e-government 2005.Electronic democracy: The challenge ahead, Schriftenreihe Informatik,vol. 13, University Rudolf Trauner-Verlag, 2005, pp. 18–26.
[17] J.M. Moreno-Jiménez, E-cognocracia: Nueva Sociedad, Nueva Democra-cia, Estudios de Economía Aplicada 24 (1) (2006) 559–581.
[18] A. Riera, J. Rifà, J. Borrell, Efficient construction of vote-tags to allowopen objection to the tally in electronic elections, Information ProcessingLetters 75 (5) (2000) 211–215.
[19] D. Ríos-Insúa, J. Holgado, R. Moreno, Multicriteria e-Negotiation Systems fore-Democracy, Journal of Multi-Criteria Decision Analysis 12 (2003) 213–218.
[20] R. Rivest, A. Shamir, Y. Tauman, How to Leak a Secret, Advances inCryptology—ASIACRYPT 2001, Lecture Notes in Computer Science,vol. 2248, Springer, 2001, pp. 552–565.
[21] N. Roberts, Public Deliberation in an Age of Direct Citizen Participation,American Review of Public Administration 34 (4) (2004) 315–353.
[22] RSA Laboratories, PKCS 11 v2.20—Cryptographic Token InterfaceStandard, January 1994 On line ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf (visited on 5/16/2007).
[23] RSA Laboratories, PKCS 12 v1.0—Personal Information ExchangeSyntax, June 1999 On line ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf (visited on 5/16/2007).
[24] RSA Laboratories, PKCS 15 v1.1: Cryptographic Token InformationSyntax Standard, June 2000 On line ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-15/pkcs-15v1_1.pdf (visited on 4/12/2007).
[25] K. Sako, Electronic voting scheme allowing open objection to the tally,IEICE Fundamentals of Electronics, Communications and Computer E77-A (1994) 24–30.
José L. Salazar received the B.S. and Ph.D. degrees inMathematics from the University of Zaragoza, Spain, in1993 and 1999, respectively. Currently, he is aProfessor with the Department of Communicatonsand Electronic Engineering of the University ofZaragoza. He is a Member of the Aragón Institute ofEngineering Research (I3A). His research interestsinclude modern cryptography, theory and technology ofinformation security, electronic voting, and IP security.
Joan J. Piles is a Telecommunications Engineer who
graduated at the University of Zaragoza. He is currentlypursuing a Ph.D. in cryptography and network securityat the same university. His main areas of research arethe cryptographical tools needed for e-cognocracy ande-voting and the security in ad-hoc networks.José Ruiz received the Engineer of Telecommunica-
tions degree from the Universitat Politècnica deCatalunya, Spain, in 1991, and the Ph.D. degree fromthe University of Zaragoza (UZ) in 2001. He worked asa Software Engineer at the company TAO OpenSystems from 1992 to 1994. In 1994, he joined theCentro Politècnico Superior as an Assistant Professoruntil 2003 when he became an Associate Porfessor. Heis a Technical Coordinator of Telefónica Cathedra ofUZ and a Member of the Aragón Institute of (I3A). At present, his research activity lies in the area Engineering Researchof mobile networks with special emphasis on security, seamless roaming overheterogeneous networks, and the provision of quality service in the context ofhybrid mobile networks with heterogeneous traffic.
José Mariá Moreno-Jiménez received the degrees inmathematics and economics as well as the Ph.D. degreein appliedmathematics from theUniversity of Zaragoza.He is a Senior Lecturer of operations research in theFaculty of Economics and Business Administration ofthe University of Zaragoza, Spain. He is also the Chairof the ZaragozaMulticriteria DecisionMaking Group, aconsolidated research group of the Government ofAragón. His main fields of interest are multicriteriadecision making, environmental selection, and public
decision making (e-democracy and e-cognocracy). He has published more than
ic books and journals such as European Journal of 140 papers in scientifOperational Research, Group Decision and Negotiation, Omega, Journal ofMulti-Criteria Analysis, and Mathematical and Computer Modelling, amongothers.