Towards Trustworthy Online Voting ⋆ Ammar Alkassar 1 , Ahmad-Reza Sadeghi 2 , Stefan Schulz 2 , Melanie Volkamer 3 1 Sirrix AG alkassar@sirrix.de 2 Ruhr-Universit¨atBochum {sadeghi, schulz}@crypto.ruhr-uni-bochum.de 3 German Research Center for Artificial Intelligence volkamer@dfki.de Abstract. An increasing number of elections have been performed using Online Voting. Due to these experiences, the technical research topics have changed: While voting protocols have been well analysed in the past, now, the security and trustworthiness of the client platforms come to the fore. Malware could cause arbitrary damages regardless how secure the underlying voting scheme is. Moreover, corrupt voters can overcome the receipt-freeness of many protocols by manipulating their voting client (PC). Currently, the client side is mainly protected by organizational measures imposed on the voters, largely ignoring the issue of corrupt voters. However, since elections are the very basis of democracy, verifiable technical solutions are essential. Therefore, we examine the necessary properties of a trustworthy client which both protect the voters from malware and the voting system from corrupt voters. Our approach is based on Trusted Computing in combination with a secure operating system. We show that other existing voting protocols can be implemented on the top of our approach as well as a significantly simplified voting scheme by still retaining the required properties. 1 Introduction Recent remote online elections show that Online Voting is not only theoreti- cally discussed, but also applied in practice. Examples are the Estonian Local Government Council Election, the elections of the Gesellschaft f¨ ur Informatik in Germany (GI), the online referendum in Switzerland, and the 2006 ACM SIG election. Additionally, countries like the Netherlands and Austria plan to intro- duce Online Voting for people living abroad for the next national elections 4 . Nevertheless, people are still cautious about the introduction of Online Voting and we are far away from an employment in large. Online Voting System can be attacked in various ways: The attacker can either attack the end-user device, the communication or the voting servers. Let us assume that well established security functionalities are in place to prevent attacks to the communication and to the voting servers, because attacks to the communication are prevented by well known and analyzed voting protocols and the voting servers are protected from intruders over the network by using ⋆ A similar paper was accepted at the FEE 2006 workshop. 4 Information about all these elections can be found in [9].