Security approaches in e-cognocracy José Luis Salazar a, ⁎, Joan Josep Piles a , José Ruiz-Mas a , José María Moreno-Jiménez b a Grupo de Tecnología de las Comunicaciones, Universidad de Zaragoza, María de Luna, 1, 50018, Zaragoza, Spain b Grupo Decisión Multicriterio Zaragoza, Universidad de Zaragoza, Gran Vía, 2, 50005, Zaragoza, Spain abstract article info Article history: Received 31 January 2008 Received in revised form 23 March 2009 Accepted 23 January 2010 Available online 1 February 2010 Keywords: e-cognocracy e-voting Cryptography primitives Smart-cards Trusted third parties E-cognocracy is a democratic model focussed on the joint creation of Social Wisdom through the Internet by means of the extraction and diffusion of knowledge related with the scientific resolution of highly complex problems associated with public decision making. To this end, e-cognocracy allows for the consideration of several rounds during the resolution process. The linkability of votes, the intensity of preferences and the identification of the arguments that support choices, among other matters, require the design of a specific e-voting process the e-cognocracy, e-cognising. This paper presents various implementations of the technology, commencing with an initial proof of concept and going on to the use of smart cards to permit remote use of the system and influence the level of perceived confidence among users, eliminating the role of one of the confidence authorities formerly required to ensure appropriate system security. © 2010 Elsevier B.V. All rights reserved. 1. Introduction Philosophical, methodological and technological changes arising in what has come to be known as the Knowledge Society over the last twenty years are at the hear the generalised use of the Information and Communication Technologies (ICT) in Public Administration (e-Govern- ment). The rapid penetration of Internet in our lives offers wide scope for potential ICT applications of in both the private and public sectors. In the framework of e-Government, these applications range from straightfor- ward e-administration services (information transmission and simple task execution) to complex systems related with e-participation, including in electronic proposals voting (e-voting), the drafting of public policies (e-governance), debate between citizens and political represen- tatives (e-democracy) and, finally, the involvement of citizens in public decision making and the creation of a better society (e-cognocracy). Where the nature of these services requires anonymity, as in the case of electoral processes, the technology must provide an appropriate answer to the challenges posed by security issues. No less important, institutions must enhance the trust and perceived security of electoral systems [26] if they are to allow effective use of public services by the citizenry and by institutions to reach the goal of a better society. Our aim is to create a true “Social Wisdom”. Then, we cannot ignore the fundamental role of citizen involvement or the need to encourage active participation in the process. This means avoiding the creation of technological barriers that might undermine the citizen's decision to take part. It is therefore not enough to implement a valid e-cognocracy system, and care must be taken to ensure that the application does not ringfence availability and usability. Interfaces and standards play a key role in this area. On the one hand, then, it is necessary to adapt the communication interface for the system in line with user needs and facilitate secure access without foregoing any of the essential requirements (security, anonymity, confidentiality, etc.) for any electronic voting technology, or more specifically in this case, for an e-cognising consultation. The two key requirements may be resolved using smart cards, which provide portability and the necessary computational resources. On the other, the cryptographic tools must not represent a barrier for the user. The goal, then, is to ensure that implementation is as far as possible compatible with existing standards and, where necessary, to create new standards that are capable of adaptation as efficiently and transparently as possible. The linkability of votes, the intensity of preferences and the identification of the arguments that support choices are just some of the characteristics of e-cognising [17]. These features require the design of specific e-voting requirements, which we will address in the following sections [21]. Following this brief Introduction, the paper is structured as follows. Section 2 includes some background material about e-cognocracy and e-voting requirements from the point of view of security. Section 3 presents the initial approach (proof of concept) we have proposed to address requirements of e-cognocracy. Section 4 gives a second approach for the widespread implementation of the service and deployment of the system. Section 5 describes the third approach with a proposal for the security of the e-voting system by means of a new cryptographic operator and details of the implementation. Finally, Section 6 sets out our final considerations and research tasks within this project. Computer Standards & Interfaces 32 (2010) 256–265 ⁎ Corresponding author. E-mail addresses: jsalazar@unizar.es (J.L. Salazar), jpiles@unizar.es (J.J. Piles), jruiz@unizar.es (J. Ruiz-Mas), moreno@unizar.es (J.M. Moreno-Jiménez). 0920-5489/$ – see front matter © 2010 Elsevier B.V. All rights reserved. doi:10.1016/j.csi.2010.01.004 Contents lists available at ScienceDirect Computer Standards & Interfaces journal homepage: www.elsevier.com/locate/csi