| End-to-End (E2E) voting systems provide cryptographic proof that the voter's intention is captured, cast, and tallied correctly. While E2E systems guarantee integrity independent of software, most E2E systems rely on software to provide confidentiality, availability, authentication, and access control; thus, end-to-end integrity is not end-to-end security.;Trustworthy Computing (TC) improves the security of software systems significantly. The Trusted Platform Module (TPM) protects secrets and enforces security policy in a self-contained cryptographic co-processor. Systems use TPMs to allocate security requirements not to untrustworthy software, but to tamper-resistant hardware, enabling applications such as digital rights management and secure computing platforms.;Our research found that adding TC to voting systems is possible, practical, and enhances privacy even in E2E systems by managing election secrets inside trustworthy hardware. We produced 4 major results: (1) Analysis of how TC can benefit E2E (2) Design that adds TPMs to Direct Recording Electronic (DRE) voting systems, binding ballots and votes, with software state, and enforcing election day policy (3) Design that enables voters to verify voting platform system integrity using common and inexpensive programmable smart cards (4) Two designs that add trustworthy receipt printers to the Scantegrity E2E voting system adding usability, security, and enabling alternative voter interfaces. |
