This year, our CS294S project will be on electronic voting, which is
a topic of burning controversy right now in the U.S. and elsewhere.
Voting is an interesting and challenging application from a computer
security perspective, because of the conflicting goals of verifiable
accuracy and ballot secrecy. It is easy to check whether your bank
deposit was recorded properly -- just check your bank statement. But,
if we could do that with voting, voters could be intimidated by people
who could find out how they voted. Voters are not even supposed to be
able to prove how they voted to a third party, even voluntarily, to
Students in this class will design and build a more-or-less complete
voting system, including the server that prepares ballots, tallies
results, and generates reports, the system that authorizes individual
voters to vote, and the voting terminals that display the votes and
record them in the voting booth. Several real-world issues will be
addressed: New federal requirements for voting systems, high
reliability requirements, usability by people who are don't use the
equipment much (including the poll workers who have to set them up),
and accessibility by people with disabilities.
In addition, we will be explore a number of cutting-edge ideas that
are not used in existing voting systems, such as the use of trusted
computing standards to enhance security (instead of the usual
application of digital rights management) and appropriate use of
cryptography to protect electronic ballots from forgery.
The project will be divided into about modules. Students will sign up
in small groups to do design, specify, implement, and test their
modules, and then integrate, test, and demonstrate
the complete system.