Security Analysis of the Geneva E-Voting System

The Swiss democracy, which is a direct democracy, carries out up to five referenda a year. This causes that 95 % of the Geneva voters use postal voting instead of going to the polling station. In 2001 the Cantons of Geneva, Neuchâtel and Zurich decided to start pilot projects in electronic voting (e-voting). Although the Canton of Geneva published more and more information about their system, an independent security analysis about it has neither been conducted nor published. This paper analyzes the system based on the available information and identifies vulnerable points at the components and on the communication channel between them. At each vulnerable point, we analyze whether the security requirements from the Swiss state chancellery which are based on the requirements of free, equal and secret elections, are violated. If an obvious solution for a security problem exists, it will also be illustrated. Two main problems are the security of the client-PC and the Internet connection of this PC. The system does not try to solve the trusted platform problem and it is not possible to solve it without introducing additional components.