Voting in elections is the basis of democracy, but voting at polling stations may not be possible for all citizens. Remote (Internet) e-voting uses the voter's own equipment to cast votes, but is potentially vulnerable to many common attacks, which affect the election's integrity. Security can be improved by distributing vote processing over many web servers installed in tamper-resistant, secure environments, using the Smart Card Web Server (SCWS) on a mobile phone Subscriber Identity Module (SIM). A generic voting model is proposed, using a SIM/SCWS voting application with standardised Mobile Network Operator (MNO) management procedures to process the votes cast. E-voting systems Prêt à Voter and Estonian I-voting are used to illustrate the generic model. As the SCWS voting application is used in a distributed processing architecture, e-voting security is enhanced: to compromise an election, an attacker must target many individual mobile devices, rather than a centralised web server.
A Formal Security Model of a Smart Card Web Server
