A Model for E-voting Systems Evaluation Based on International Standards: Definition and Experimental Validation

In this work, we define a novel scheme for evaluating the compliance of e-voting system to technical standards. The ultimate goal of such a certification path should be guaranteeing that the tested system respects the expected outcome of an election, in terms of correctness of results, identification of voters, anonymity of ballots and other measurable properties. Two main contributions emerge in this field, each with different strengths and weaknesses. The EU Recommendation can be usefully adopted as a high-level guideline towards the intended result, but gives insufficient details for its implementation. The U.S.A. Voluntary Voting System Guidelines (VVSG) can provide the necessary concreteness to the operative side of the certification path, by means of the many associated field-tested procedures already available, but its parts are unclearly related to the big picture. In this work, we describe our attempt at taking the best of both worlds. We turned the EU Recommendation, a conceptually well-conceived, but not directly applicable document into a real testing and certification manual, by exploiting the experience and guidance provided by the more pragmatic, but less organized U.S.A. VVSG. The result of our work is an applied methodology which must be considered a first step towards an ambitious goal, yet it has been fully field-tested to certify a real e-voting system for official use, providing clear evidences of its usefulness and allowing to highlight directions for its improvement.