Spencer Chen, Saurav Das, and Willem Wyndham awarded second in Kaspersky Lab Cyber Security Case Study
Junior computer science majors Spencer Chen and Saurav Das teamed together with first year PhD student Willem Wyndham to compete in the Kaspersky Lab Cyber Security Case Study. Chen, Das, and Wyndham represented the Maryland Cybersecurity Center. Kaspersky labs invted students from all over the world to submit a proposal in order to solve a cyber security issue. Kaspersky Lab chose their Chen, Das, and Wynham's proposal as one of the three best. The team was awarded $5,000.00 for their second place finish. The students were challenged to come up with a technical solution to the problems inherent in digital voting.
The team presented a solution that included a "new electronic voting system that employs blockchain technologies along with cryptographic techniques to obtain verifiable results while still retaining voter privacy. At a high-level, a vote is encrypted and the a proof of the vote is sent to a public blockchain from an electronic polling station. A centralized authority then decrypts all the votes and posts the tally along with a proof that the reported results are correct and the voter can check that their vote was cast."
The full challenge was as follows:
Technology has the potential to change everything it touches. But can it play a greater positive role in democracy and the way people make the most important decisions about the future of their countries? Digital voting brings up a new frontier of challenges: from guaranteeing the anonymity of the voters to the prevention of fraud, all the while needing to ensure the security of the voting system itself. One small vulnerability or oversight could very well change the course of a nation’s history.
Blockchain technology could hold the key to a solution for securing digital voting systems. However, there are issues that need to be addressed before we can rely on this technology to seal our fate. Your job is to design a blockchain-compliant system for digital voting that addresses the following security challenges to provide a reliable digital platform for democracy. We recommend that you provide a working proof of concept.
Privacy and the ability to check votes
How will your digital voting system ensure voter privacy? How will you guarantee that each voter is unique and can still test how their vote was tallied?
Voting under duress
Since voting may no longer occur in a secure space, how will you mitigate the risk of voting under duress? Will your solution pose performance issues or present new abuse potential? If so, how will you address these?
Availability of interim results
Where countries may legally prohibit the publication of interim results, how will your digital voting system ensure that data cannot be seen until the end of the voting process?
How will you handle undecided voters or those who wish to abstain? How can you ensure that these ‘blank’ votes aren’t being used to fraudulently support a candidate?
Once the votes have been counted, there is always the possibility that voters will contest the election. What mechanism is in place to address these claims?
The Department welcomes comments, suggestions and corrections. Send email to editor [at] cs.umd.edu.