IEEE Access (Jan 2024)
A Methodology for Vulnerability Assessment and Threat Modelling of an e-Voting Platform Based on Ethereum Blockchain
Abstract
Despite the growing role of information and communication technology (ICT) in public administration, paper ballots still dominate elections, especially in Italy. Electronic voting has had limited success worldwide, largely due to security and manipulation concerns. The COVID-19 pandemic has reignited interest in remote e-voting for safe participation while social distancing, though security remains a critical issue. Embracing electronic voting is essential to safeguard rights, improve resource efficiency, and promote digital citizenship. Accordingly, to address security concerns in e-voting, this research emphasizes the importance of security and legal measures. The study is based on ISO15408 (Common Criteria) certification process, a framework for independent security evaluations. The paper proposes a methodology that combines legal and technical requirements for e-voting security assessments, focusing on BPMN processes to model scenarios. The methodology has been applied to a common Ethereum smart contract, focusing on the e-voting process. A detailed analysis of a Solidity e-voting smart contract reveals its vulnerabilities and limitations. The research also produces a BPMN representation of an e-voting scenario, aligning logical behaviour with smart contract implementation. The aim is to bridge the gap between legal and technical aspects of e-voting, enhancing security and transparency.
Keywords
