A new secure Internet voting protocol using Java Card 3 technology and Java information flow concept

Recently, there has been a spate of interest in Internet voting systems because of advantages such as participation, efficiency, accuracy, and transparency. However, challenges for having a secure i-voting system are considerable. Unless these systems are designed and implemented carefully, citizens might lose their trust on the whole voting process. This paper introduces a novel online voting protocol, which satisfies the desired security requirements of i-voting as collusion resistance, fairness, coercion\bribery, and secure voting platform. Although Internet voting systems provide convenience for voters by requiring just a PC and an Internet connection, they might be subject to some drawbacks as PCs are very susceptible to malware and sophisticated attacks. To clarify, voter side insecure platform is one of the biggest challenges in Internet voting, which would breach voter’s privacy and also affect the integrity of election. In this paper, we present an alternative to the voters’ insecure PCs. Java Card 3 is the latest version of Java Card, which could be considered as voter’s portable secure Web server. It can obtain an IP address and communicate with other network nodes with hypertext transfer protocol secure (HTTPS). Therefore, regardless of utilizing a trusted device at the client side, end-to-end security is guaranteed. This means that Java Card 3 can resolve challenges, which are posed by insecurity of the vote casting PC. Furthermore, to enhance the security and guarantee the confidentiality and integrity of the data, which are stored in the card during the voting process, we have used Java information flow. An implementation of this protocol is proposed on the basis of Java Card 3 servlet container and Web server technology in which the card and electoral servers communicate on a machine-to-machine basis. Copyright © 2014 JohnWiley & Sons, Ltd.